idnits 2.17.1 draft-ietf-avtcore-aria-sdes-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (May 29, 2015) is 3254 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-avtcore-aria-srtp-07 ** Downref: Normative reference to an Informational draft: draft-ietf-avtcore-aria-srtp (ref. 'I-D.ietf-avtcore-aria-srtp') Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 AVTCore W. Kim 3 Internet-Draft J. Lee 4 Intended status: Standards Track J. Park 5 Expires: November 30, 2015 D. Kwon 6 NSRI 7 May 29, 2015 9 The Addition of SRTP crypto suites based on the ARIA algorithms to the 10 SDP Security Descriptions 11 draft-ietf-avtcore-aria-sdes-00 13 Abstract 15 This document defines SRTP crypto suites based on the ARIA block 16 cipher algorithm for use with the Session Description Protocol (SDP) 17 security descriptions. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on November 30, 2015. 36 Copyright Notice 38 Copyright (c) 2015 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. ARIA . . . . . . . . . . . . . . . . . . . . . . . . . . 2 55 1.2. SRTP Crypto Suites . . . . . . . . . . . . . . . . . . . 2 56 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Patameters . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 59 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 60 4.1. Normative References . . . . . . . . . . . . . . . . . . 7 61 4.2. Informative References . . . . . . . . . . . . . . . . . 8 62 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 64 1. Introduction 66 This document defines Secure Real-time Transport Protocol (SRTP) 67 [RFC3711] crypto suites based on the the ARIA [RFC5794] block cipher 68 algorithm for use with the SDP Security Descriptions attributes 69 [RFC4568]. 71 1.1. ARIA 73 ARIA is a general-purpose block cipher algorithm developed by Korean 74 cryptographers in 2003. It is an iterated block cipher with 128-, 75 192-, and 256-bit keys and encrypts 128-bit blocks in 12, 14, and 16 76 rounds, depending on the key size. It is secure and suitable for 77 most software and hardware implementations on 32-bit and 8-bit 78 processors. It was established as a Korean standard block cipher 79 algorithm in 2004 [ARIAKS] and has been widely used in Korea, 80 especially for government-to-public services. It was included in 81 PKCS #11 in 2007 [ARIAPKCS]. The algorithm specification and object 82 identifiers are described in [RFC5794]. 84 1.2. SRTP Crypto Suites 86 The transforms based on ARIA and the correspoding SRTP protection 87 profiles for DTLS-SRTP are defined in [I-D.ietf-avtcore-aria-srtp]. 88 The SDP Security Descriptions [RFC4568] crypto suites corresponding 89 to ARIA transforms [I-D.ietf-avtcore-aria-srtp] are sets as shown in 90 Table 1. 92 +---------------------------+-----------------+------------------+ 93 | Name | Enc. Key Length | Auth. Tag Length | 94 +---------------------------+-----------------+------------------+ 95 | ARIA_128_CTR_HMAC_SHA1_80 | 16 octets | 10 octets | 96 | ARIA_128_CTR_HMAC_SHA1_32 | 16 octets | 4 octets | 97 | ARIA_192_CTR_HMAC_SHA1_80 | 24 octets | 10 octets | 98 | ARIA_192_CTR_HMAC_SHA1_32 | 24 octets | 4 octets | 99 | ARIA_256_CTR_HMAC_SHA1_80 | 32 octets | 10 octets | 100 | ARIA_256_CTR_HMAC_SHA1_32 | 32 octets | 4 octets | 101 | AEAD_ARIA_128_GCM | 16 octets | 16 octets | 102 | AEAD_ARIA_256_GCM | 32 octets | 16 octets | 103 | AEAD_ARIA_128_GCM_8 | 16 octets | 8 octets | 104 +---------------------------+-----------------+------------------+ 106 Table 1: ARIA Crypto Suites for SRTP 108 1.3. Terminology 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in [RFC2119]. 114 2. Patameters 116 The parameters in each crypto suite listed in Table 1 are described 117 for use with the SDP Security Descriptions attributes [RFC4568]. 119 +---------------------------------+------------------+ 120 | Parameter | Value | 121 +---------------------------------+------------------+ 122 | Master key length | 128 bits | 123 | Master salt length | 112 bits | 124 | Key Derivation Function | ARIA_128_CTR_PRF | 125 | Default key lifetime | 2^31 packets | 126 | Cipher (for SRTP and SRTCP) | ARIA_128_CTR | 127 | SRTP authentication function | HMAC-SHA1 | 128 | SRTP authentication key length | 160 bits | 129 | SRTP authentication tag length | 80 bits | 130 | SRTCP authentication function | HMAC-SHA1 | 131 | SRTCP authentication key length | 160 bits | 132 | SRTCP authentication tag length | 80 bits | 133 +---------------------------------+------------------+ 135 Table 2: The ARIA_128_CTR_HMAC_SHA1_80 Crypto Suite 137 +---------------------------------+------------------+ 138 | Parameter | Value | 139 +---------------------------------+------------------+ 140 | Master key length | 128 bits | 141 | Master salt length | 112 bits | 142 | Key Derivation Function | ARIA_128_CTR_PRF | 143 | Default key lifetime | 2^31 packets | 144 | Cipher (for SRTP and SRTCP) | ARIA_128_CTR | 145 | SRTP authentication function | HMAC-SHA1 | 146 | SRTP authentication key length | 160 bits | 147 | SRTP authentication tag length | 32 bits | 148 | SRTCP authentication function | HMAC-SHA1 | 149 | SRTCP authentication key length | 160 bits | 150 | SRTCP authentication tag length | 80 bits | 151 +---------------------------------+------------------+ 153 Table 3: The ARIA_128_CTR_HMAC_SHA1_32 Crypto Suite 155 +---------------------------------+------------------+ 156 | Parameter | Value | 157 +---------------------------------+------------------+ 158 | Master key length | 192 bits | 159 | Master salt length | 112 bits | 160 | Key Derivation Function | ARIA_192_CTR_PRF | 161 | Default key lifetime | 2^31 packets | 162 | Cipher (for SRTP and SRTCP) | ARIA_192_CTR | 163 | SRTP authentication function | HMAC-SHA1 | 164 | SRTP authentication key length | 160 bits | 165 | SRTP authentication tag length | 80 bits | 166 | SRTCP authentication function | HMAC-SHA1 | 167 | SRTCP authentication key length | 160 bits | 168 | SRTCP authentication tag length | 80 bits | 169 +---------------------------------+------------------+ 171 Table 4: The ARIA_192_CTR_HMAC_SHA1_80 Crypto Suite 173 +---------------------------------+------------------+ 174 | Parameter | Value | 175 +---------------------------------+------------------+ 176 | Master key length | 192 bits | 177 | Master salt length | 112 bits | 178 | Key Derivation Function | ARIA_192_CTR_PRF | 179 | Default key lifetime | 2^31 packets | 180 | Cipher (for SRTP and SRTCP) | ARIA_192_CTR | 181 | SRTP authentication function | HMAC-SHA1 | 182 | SRTP authentication key length | 160 bits | 183 | SRTP authentication tag length | 32 bits | 184 | SRTCP authentication function | HMAC-SHA1 | 185 | SRTCP authentication key length | 160 bits | 186 | SRTCP authentication tag length | 80 bits | 187 +---------------------------------+------------------+ 189 Table 5: The ARIA_192_CTR_HMAC_SHA1_32 Crypto Suite 191 +---------------------------------+------------------+ 192 | Parameter | Value | 193 +---------------------------------+------------------+ 194 | Master key length | 256 bits | 195 | Master salt length | 112 bits | 196 | Key Derivation Function | ARIA_256_CTR_PRF | 197 | Default key lifetime | 2^31 packets | 198 | Cipher (for SRTP and SRTCP) | ARIA_256_CTR | 199 | SRTP authentication function | HMAC-SHA1 | 200 | SRTP authentication key length | 160 bits | 201 | SRTP authentication tag length | 80 bits | 202 | SRTCP authentication function | HMAC-SHA1 | 203 | SRTCP authentication key length | 160 bits | 204 | SRTCP authentication tag length | 80 bits | 205 +---------------------------------+------------------+ 207 Table 6: The ARIA_256_CTR_HMAC_SHA1_80 Crypto Suite 209 +---------------------------------+------------------+ 210 | Parameter | Value | 211 +---------------------------------+------------------+ 212 | Master key length | 256 bits | 213 | Master salt length | 112 bits | 214 | Key Derivation Function | ARIA_256_CTR_PRF | 215 | Default key lifetime | 2^31 packets | 216 | Cipher (for SRTP and SRTCP) | ARIA_256_CTR | 217 | SRTP authentication function | HMAC-SHA1 | 218 | SRTP authentication key length | 160 bits | 219 | SRTP authentication tag length | 32 bits | 220 | SRTCP authentication function | HMAC-SHA1 | 221 | SRTCP authentication key length | 160 bits | 222 | SRTCP authentication tag length | 80 bits | 223 +---------------------------------+------------------+ 225 Table 7: The ARIA_256_CTR_HMAC_SHA1_32 Crypto Suite 227 +--------------------------------+-------------------+ 228 | Parameter | Value | 229 +--------------------------------+-------------------+ 230 | Master key length | 128 bits | 231 | Master salt length | 96 bits | 232 | Key Derivation Function | ARIA_128_CTR_PRF | 233 | Default key lifetime (SRTP) | 2^48 packets | 234 | Default key lifetime (SRTCP) | 2^31 packets | 235 | Cipher (for SRTP and SRTCP) | AEAD_ARIA_128_GCM | 236 | AEAD authentication tag length | 128 bits | 237 +--------------------------------+-------------------+ 239 Table 8: The AEAD_ARIA_128_GCM Crypto Suite 241 +--------------------------------+-------------------+ 242 | Parameter | Value | 243 +--------------------------------+-------------------+ 244 | Master key length | 256 bits | 245 | Master salt length | 96 bits | 246 | Key Derivation Function | ARIA_256_CTR_PRF | 247 | Default key lifetime (SRTP) | 2^48 packets | 248 | Default key lifetime (SRTCP) | 2^31 packets | 249 | Cipher (for SRTP and SRTCP) | AEAD_ARIA_256_GCM | 250 | AEAD authentication tag length | 128 bits | 251 +--------------------------------+-------------------+ 253 Table 9: The AEAD_ARIA_256_GCM Crypto Suite 255 +--------------------------------+---------------------+ 256 | Parameter | Value | 257 +--------------------------------+---------------------+ 258 | Master key length | 128 bits | 259 | Master salt length | 96 bits | 260 | Key Derivation Function | ARIA_128_CTR_PRF | 261 | Default key lifetime (SRTP) | 2^48 packets | 262 | Default key lifetime (SRTCP) | 2^31 packets | 263 | Cipher (for SRTP and SRTCP) | AEAD_ARIA_128_GCM_8 | 264 | AEAD authentication tag length | 64 bits | 265 +--------------------------------+---------------------+ 267 Table 10: The AEAD_ARIA_128_GCM_8 Crypto Suite 269 3. IANA Considerations 271 SDP Security Descriptions [RFC4568] defines SRTP "crypto suites". In 272 order to allow SDP to signal the use of the algorithms defined in 273 this document, IANA is requested to add the below crypto suites to 274 the "SRTP Crypto Suite Registrations" created by [RFC4568], at time 275 of writing located on the following IANA page: 276 http://www.iana.org/assignments/sdp-security-descriptions/ . 278 srtp-crypto-suite-ext = "ARIA_128_CTR_HMAC_SHA1_80"/ 279 "ARIA_128_CTR_HMAC_SHA1_32"/ 280 "ARIA_192_CTR_HMAC_SHA1_80"/ 281 "ARIA_192_CTR_HMAC_SHA1_32"/ 282 "ARIA_256_CTR_HMAC_SHA1_80"/ 283 "ARIA_256_CTR_HMAC_SHA1_32"/ 284 "AEAD_ARIA_128_GCM" / 285 "AEAD_ARIA_256_GCM" / 286 "AEAD_ARIA_128_GCM_8" / 287 srtp-crypto-suite-ext 289 4. References 291 4.1. Normative References 293 [I-D.ietf-avtcore-aria-srtp] 294 Kim, W., Lee, J., Kim, D., Park, J., and D. Kwon, "The 295 ARIA Algorithm and Its Use with the Secure Real-time 296 Transport Protocol(SRTP)", draft-ietf-avtcore-aria-srtp-07 297 (work in progress), September 2014. 299 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 300 Requirement Levels", BCP 14, RFC 2119, March 1997. 302 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 303 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 304 RFC 3711, March 2004. 306 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 307 Description Protocol (SDP) Security Descriptions for Media 308 Streams", RFC 4568, July 2006. 310 4.2. Informative References 312 [ARIAKS] Korean Agency for Technology and Standards, "128 bit block 313 encryption algorithm ARIA - Part 1: General (in Korean)", 314 KS X 1213-1:2009, December 2009. 316 [ARIAPKCS] 317 RSA Laboratories, "Additional PKCS #11 Mechanisms", PKCS 318 #11 v2.20 Amendment 3 Revision 1, January 2007. 320 [RFC5794] Lee, J., Lee, J., Kim, J., Kwon, D., and C. Kim, "A 321 Description of the ARIA Encryption Algorithm", RFC 5794, 322 March 2010. 324 Authors' Addresses 326 Woo-Hwan Kim 327 National Security Research Institute 328 P.O.Box 1, Yuseong 329 Daejeon 305-350 330 Korea 332 EMail: whkim5@ensec.re.kr 334 Jungkeun Lee 335 National Security Research Institute 336 P.O.Box 1, Yuseong 337 Daejeon 305-350 338 Korea 340 EMail: jklee@ensec.re.kr 341 Je-Hong Park 342 National Security Research Institute 343 P.O.Box 1, Yuseong 344 Daejeon 305-350 345 Korea 347 EMail: jhpark@ensec.re.kr 349 Daesung Kwon 350 National Security Research Institute 351 P.O.Box 1, Yuseong 352 Daejeon 305-350 353 Korea 355 EMail: ds_kwon@ensec.re.kr