Home | History | Annotate | Download | only in doc

Lines Matching full:session

244       derivation function (see Section 4.3), providing "session keys"
249       refresh the session keys, which limits the amount of ciphertext
362               MKI identifies the master key from which the session
390    SRTP uses two types of keys: session keys and master keys.  By a
391    "session key", we mean a key which is used directly in a
394    management protocol) from which session keys are derived in a
468       session keys for encryption, and message authentication.
473    *  a master salt, to be used in the key derivation of session keys.
480       be a power of 2 simplifies the session-key derivation
490       to-one correspondence with the SRTP session key on which the
508    the key derivation) are used but the session key(s) MUST NOT be so
521    several SRTP streams within a given RTP session, identified by their
524    master and session keys).  In such cases, just as in the normal
538    session keys, data for the Initialization Vector (IV) formation, etc.
545    Recall that an RTP session for each participant is defined [RFC3550]
547    plus a port pair for RTP and RTCP), and that a multimedia session is
549    multimedia session could include an audio RTP session, a video RTP
550    session, and a text RTP session.
582    when multiple SRTP streams, forming part of one single RTP session,
607    4. Determine the session keys and session salt (if they are used by
609       master salt, key_derivation_rate, and session key-lengths in the
615       the session encryption key and the session salt (if used) found in
634       algorithm indicated in the cryptographic context, and the session
657    4. Determine the session keys, and session salt (if used by the
659       salt, key_derivation_rate and session key-lengths in the
670       indicated in the cryptographic context, and the session
677       the cryptographic context, the session encryption key and salt (if
708    When the session starts, the sender side MUST set the rollover
724    and s_l values.  At the setup of the session, the ROC MUST be set to
725    zero.  Receivers joining an on-going session MUST be given the
749    for SRTP packets for the session), the receiver MUST use v to
764    with a given (master or session) key, the sender MUST NOT send any
1060    *  k_e is the session encryption key
1062    *  k_s is the session salting key
1068    The distinct session keys and salts for SRTP/SRTCP are by default
1163    SRTP packet index i, and the SRTP session salting key k_s, as below.
1172    distinct SRTP streams within the same RTP session, see the security
1177    SHALL be replaced by the SRTCP encryption session key and salt.
1223    default sizes for session key and salt as AES counter mode.
1323    i.e., the session salting key, appended by the binary pattern 0101..
1348    RTP session, see Section 9.1.
1394    *  k_a is the session message authentication key
1400    The distinct session authentication keys for SRTP/SRTCP are by
1420    the session authentication key and M as specified above, i.e.,
1439    implementations MUST use the SRTP key derivation to generate session
1441    of the session, there is no need for extra communication between the
1447                +-----------+ master  +--------+ session encr_key
1449                | key mgmt  |-------->|  key   | session auth_key
1451                | rekey)    |-------->|        | session salt_key
1464    session keys.  The value of "key_derivation_rate" MUST be kept fixed
1467    Interoperable SRTP implementations MAY also derive session salting
1518    The session keys and salt SHALL now be derived using:
1558    the definitions in Section 4.3.1 when applying session key derivation
1607    lengths SHALL be 128-bit for the session encryption key (n_e).  The
1608    default session salt key-length (n_s) SHALL be 112 bits.
1615    authentication code.  The default session authentication key-length
1628    method for generating session keys.  The default master salt length
1677    derives all the necessary session keys (via the first, mandatory
1683    single fixed session key.  If the attacker was able to collect a
1684    large amount of ciphertext for a certain session key, he might be
1689    session key does not compromise other session keys derived from the
1691    a certain session key, is anyway not able to have access to messages
1692    secured under previous and later session keys (derived from the same
1694    the session keys derived from it.)
1717    The derived session salting key used in the encryption, has been
1844    key management systems that service SRTP session.
1857    session.
1859    First, sharing between SRTP streams belonging to the same RTP session
1863    streams belonging to the same RTP session.  See Section 9.1 for
1870    one RTP session MAY share master keys (as they do by default).
1894 session.
1932    to limit its use when the RTP session is a simple unidirectional or
1957    SRTP/SRTCP packets that are sent under each given master/session key
2019      n_e (encr session key length)     128                128
2020      n_a (auth session key length)     160                160
2023      n_s (session salt key length)     112                112
2078    be shared across streams belonging to the same RTP session by the
2083    same RTP session that share the same master key.  RTP itself provides
2085    session.  Thus, temporary collisions could lead to temporary two-time
2090    be used in the session as negotiation parameters, proactively
2101    the same RTP session, but it is RECOMMENDED that each SSRC have its
2105    participant to leave the SRTP session as it is a sign of malfunction.
2148    MUST keep packet counts.  However, when the session keys for related
2155    keys MUST NOT be used again), or the session MUST be terminated.  If
2157    updated the master or session key prior to sending 2^48 SRTP (or 2^31
2180    within the same RTP session (Section 9.1), although the above bounds
2186    a fixed session key, and made available to an attacker for analysis,
2190    distinct session keys, and both the distinctness of IV and of the
2191    session keys are (for the pre-defined transforms) dependent on the
2195    that of the master key, even if the derived session key is
2197    the session authentication key is 160 bits, but the master key by
2329    an adversary stores packets then replays them later in the session,
2458    Consider one bi-directional RTP stream, as one RTP session.  It is
2462    the following session keys (according to the provided security
2475    require simultaneous storage of several session keys, if storage is
2479    multiple RTP sessions, where each session would have a distinct
2494    Given a single RTP session, one possibility is that the receivers
2504    the sender does not need to store too many session keys (each SRTCP
2505    stream might otherwise have a different session key at a given point
2525    session) that share the master key, the upper limit of 2^48 SRTP
2545    removed during a multicast RTP session), or for pure cryptographic
2557    join and leave the session at any time, there may be packet loss and
2598    - If multiple SRTP streams in the same RTP session share the same
2609    by higher-level control protocols, such as the Session Description
2758    [KEYMGT]  Arrko, J., et al., "Key Management Extensions for Session
2811    [SDMS]    Andreasen, F., Baugher, M. and D. Wing, "Session
2941     Session Key:      2B7E151628AED2A6ABF7158809CF4F3C
2945     Session Salt:     F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000 (already shifted)
2976    cipher, which requires a 16 octet session encryption key and a 14
2977    octet session salt, and an authentication function which requires a
2978    94-octet session authentication key.  These values are called the