Implementation of encryption key sharing algorithms

There is no need to say how extremely important security is for all communication over the Internet. Encryption of RTP flows can be realized with SRTP, that has been recently implemented in SIP Communicator. This implementation provides two mechanisms: authentication and encryption of RTP packets.

How the SRTP protocol stack performs such operation against plain RTP packets is defined by a set of parameters: the algorithm used by encryption and authentication, the master encryption key and master salting key used to derivate concrete session keys.

It would be self-defeating to not secure these cryptographic keys and parameters at least as well as the data are secured. SRTP thus rely on a separate key management system to securely establish these keys and parameters before the initiation of the communication. Such key management protocols provide authenticated key establishment (AKE) procedures to authenticate the identity of each endpoint and protect them against man-in-the-middle, reflection/replay, connection hijacking, and denial-of-service attacks.

SIP Communicator currently lacks the implementation of such a key management system, which makes its SRTP implementation unusable. The first step of the project would be to overview the existing key management protocols, and select the one that best fits to SIP Communicator. Then, the student would think about how to integrate it in the current SIP Communicator architecture. An implementation or modifications to an existing implementation would then complete the work for this project.

References:
The Secure Real-time Transport Protocol (SRTP)
http://tools.ietf.org/html/rfc3711

Other Jitsi GSoC Projects
http://gsoc.jitsi.org

Jitsi Developer Documentation
http://www.jitsi.org/index.php/Documentation/DeveloperDocumentation

The official Jitsi website
http://www.jitsi.org