Home | History | Annotate | Download | only in doc

Lines Matching full:authentication

35    can provide confidentiality, message authentication, and replay
69        4.2.  Message Authentication and Integrity . . . . . . . . . . 25
77        5.2.  Message Authentication/Integrity: HMAC-SHA1. . . . . . . 29
84        7.4.  Data Origin Authentication Considerations. . . . . . . . 31
85        7.5.  Short and Zero-length Message Authentication . . . . . . 32
96              9.5.1. Risks of Weak or Null Message Authentication. . . 42
97              9.5.2.  Implicit Header Authentication . . . . . . . . . 43
130    can provide confidentiality, message authentication, and replay
134    SRTP provides a framework for encryption and message authentication
145    encryption, a keyed-hash based function for message authentication,
182    authentication" and "authentication tag" as is common practice, even
185    authentication.
272    SRTP does to RTP.  SRTCP message authentication is MANDATORY and
316    | :                 authentication tag (RECOMMENDED)              : |
350    message authentication is not used [V02].  Each specification for a
353    authentication codes define their own padding, so this default does
354    not apply to authentication transforms.
356    The OPTIONAL MKI and the RECOMMENDED authentication tag are the only
371       Authentication tag: configurable length, RECOMMENDED.  The
372               authentication tag is used to carry message authentication
376               authentication are applied, encryption SHALL be applied
377               before authentication on the sender side and conversely on
378               the receiver side.  The authentication tag provides
379               authentication of the RTP header and payload, and it
392    cryptographic transform (e.g., encryption or message authentication),
413    context independently of the particular encryption or authentication
431       since message authentication is RECOMMENDED,
436    *  an identifier for the message authentication algorithm,
439       authentication and replay protection are provided), containing
468       session keys for encryption, and message authentication.
535    All encryption, authentication/integrity, and key derivation
620    7. For message authentication, compute the authentication tag for the
622       This step uses the current rollover counter, the authentication
635       authentication key found in Step 4.  Append the authentication tag
662    5. For message authentication and replay protection, first check if
668       Next, perform verification of the authentication tag, using the
669       rollover counter from Step 2, the authentication algorithm
671       authentication key from Step 4.  If the result is "AUTHENTICATION
696    8. When present, remove the MKI and authentication tag fields from
705    authentication (Section 4.2), and for the key derivation (Section
777    message authentication is not present, neither the initialization of
817    re-injected into the network.  When message authentication is
846    authentication tag) and one optional field (the MKI) to the RTCP
898    | :                     authentication tag                        : |
946    Authentication Tag: configurable length, REQUIRED
947             The authentication tag is used to carry message
948             authentication data.
992    *  The pre-defined SRTCP authentication tag is specified as in
995       authentication transform and related parameters (e.g., key size)
1004    Message authentication for RTCP is REQUIRED, as it is the control
1014       that will be added by SRTCP (index, E-bit, authentication tag, and
1039    octets, and upper bounded depending on MKI and the authentication tag
1044    While there are numerous encryption and message authentication
1065       non-negative integer, specified by the message authentication code
1112    message authentication code, in which case the keystream used for
1124    may still need to be computed for packet authentication, in which
1336    which we call implicit header authentication (IHA), see Section 9.5.
1382 4.2.  Message Authentication and Integrity
1393    *  AUTH_ALG is the authentication algorithm
1394    *  k_a is the session message authentication key
1395    *  n_a is the bit-length of the authentication key
1396    *  n_tag is the bit-length of the output authentication tag
1400    The distinct session authentication keys for SRTP/SRTCP are by
1406    We describe the process of computing authentication tags as follows.
1408    SRTP receiver verifies a message/authentication tag pair by computing
1409    a new authentication tag over M using the selected algorithm and key,
1412    otherwise, it is invalid and the error audit message "AUTHENTICATION
1417    The pre-defined authentication transform for SRTP is HMAC-SHA1
1420    the session authentication key and M as specified above, i.e.,
1436    Regardless of the encryption or message authentication transform that
1522    - k_a (SRTP message authentication): <label> = 0x01, n = n_a.
1564    SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
1612 5.2.  Message Authentication/Integrity: HMAC-SHA1
1615    authentication code.  The default session authentication key-length
1616    (n_a) SHALL be 160 bits, the default authentication tag length
1673    encryption keys and salts, SRTP and SRTCP authentication keys), but
1726    functions, suitable for message authentication in the Wegman-Carter
1731    No authentication transforms are currently provided in SRTP other
1736 7.4.  Data Origin Authentication Considerations
1739    authentication are provided together.  However, in group scenarios
1742    against a member impersonating another.  Data origin authentication
1746    specify these technologies.  Thus SRTP data origin authentication in
1751    offer this form of authentication in the pre-defined packet-integrity
1755    authentication in case the RTP payload and/or the RTP header are
1774 7.5.  Short and Zero-length Message Authentication
1776    As shown in Figure 1, the authentication tag is RECOMMENDED in SRTP.
1777    A full 80-bit authentication-tag SHOULD be used, but a shorter tag or
1778    even a zero-length tag (i.e., no message authentication) MAY be used
1782       1. Strong authentication can be impractical in environments where
1794          strong authentication would impose nearly fifty percent
1797       2. Authentication is impractical for applications that use data
1799          expansion due to the authentication tag.  This is the case for
1810    32-bit message authentication tag.  The likelihood of any given
1832    for short or zero-length authentication tags.  Section 9.5.1
1833    discusses the risks of weak or no message authentication, and section
1872    Note that message authentication also has a dependency on SSRC
2196    considerably longer.  With the pre-defined authentication transform,
2197    the session authentication key is 160 bits, but the master key by
2264    or a message authentication code with equivalent strength.  Secure
2265    RTP SHOULD NOT be used without message authentication, except under
2268    provide message authentication.  SRTCP MUST NOT be used with weak (or
2269    NULL) authentication.
2271    SRTP MAY be used with weak authentication (e.g., a 32-bit
2272    authentication tag), or with no authentication (the NULL
2273    authentication algorithm).  These options allow SRTP to be used to
2276     * weak or null authentication is an acceptable security risk, and
2277     * it is impractical to provide strong message authentication.
2288    both conditions MUST hold in order for weak or null authentication to
2290    authentication options need to be considered by a security audit
2294    Weak authentication is acceptable when the RTP application is such
2299    authentication tag MUST ensure that only a negligible fraction of the
2306    Weak or null authentication MAY be acceptable when it is unlikely
2321    Weak or null authentication MUST NOT be used when the RTP application
2328    Null authentication MUST NOT be used when a replay attack, in which
2346    non-null authentication is REQUIRED in order to defeat it.
2350    authentication MUST NOT be used.
2352 9.5.1.  Risks of Weak or Null Message Authentication
2355    authentication, it is important to keep in mind the following attacks
2356    which are possible when no message authentication algorithm is used.
2363    absence of message authentication, the RTP application will have
2382    authentication when a data forwarding or access control decision is
2401    message authentication, it should be verified that the application
2414 9.5.2.  Implicit Header Authentication
2416    The IV formation of the f8-mode gives implicit authentication (IHA)
2417    of the RTP header, even when message authentication is not used.
2421    message authentication, it may be useful for some applications.
2430    SRTP authentication) SHALL be signaled out of band.
2653              Hashing for Message Authentication", RFC 2104, February
2776              and Secure Source Authentication for Multicast", in Proc.
2781              Authentication and Signing of Multicast Streams over Lossy
2823              Their Use in Authentication and Set Equality", JCSS 22,
2977    octet session salt, and an authentication function which requires a
2978    94-octet session authentication key.  These values are called the
3047    CM is generated as above, but using the authentication key label.