Lines Matching refs:authentication
35 can provide confidentiality, message authentication, and replay
128 can provide confidentiality, message authentication, and replay
132 SRTP provides a framework for encryption and message authentication
143 encryption, a keyed-hash based function for message authentication,
179 authentication" and "authentication tag" as is common practice, even
182 authentication.
268 SRTP does to RTP. SRTCP message authentication is MANDATORY and
311 | : authentication tag (RECOMMENDED) : |
344 message authentication is not used [V02]. Each specification for a
347 authentication codes define their own padding, so this default does
348 not apply to authentication transforms.
350 The OPTIONAL MKI and the RECOMMENDED authentication tag are the only
366 authentication tag is used to carry message authentication
370 authentication are applied, encryption SHALL be applied
371 before authentication on the sender side and conversely on
372 the receiver side. The authentication tag provides
373 authentication of the RTP header and payload, and it
386 cryptographic transform (e.g., encryption or message authentication),
406 context independently of the particular encryption or authentication
424 since message authentication is RECOMMENDED,
429 * an identifier for the message authentication algorithm,
432 authentication and replay protection are provided), containing
460 session keys for encryption, and message authentication.
526 All encryption, authentication/integrity, and key derivation
610 7. For message authentication, compute the authentication tag for the
612 This step uses the current rollover counter, the authentication
624 authentication key found in Step 4. Append the authentication tag
651 5. For message authentication and replay protection, first check if
657 Next, perform verification of the authentication tag, using the
658 rollover counter from Step 2, the authentication algorithm
660 authentication key from Step 4. If the result is "AUTHENTICATION
684 8. When present, remove the MKI and authentication tag fields from
693 authentication (Section 4.2), and for the key derivation (Section
764 message authentication is not present, neither the initialization of
803 re-injected into the network. When message authentication is
832 authentication tag) and one optional field (the MKI) to the RTCP
883 | : authentication tag : |
931 The authentication tag is used to carry message
932 authentication data.
975 * The pre-defined SRTCP authentication tag is specified as in
978 authentication transform and related parameters (e.g., key size)
987 Message authentication for RTCP is REQUIRED, as it is the control
997 that will be added by SRTCP (index, E-bit, authentication tag, and
1021 octets, and upper bounded depending on MKI and the authentication tag
1026 While there are numerous encryption and message authentication
1047 non-negative integer, specified by the message authentication code
1093 message authentication code, in which case the keystream used for
1105 may still need to be computed for packet authentication, in which
1313 which we call implicit header authentication (IHA), see Section 9.5.
1369 * AUTH_ALG is the authentication algorithm
1370 * k_a is the session message authentication key
1371 * n_a is the bit-length of the authentication key
1372 * n_tag is the bit-length of the output authentication tag
1376 The distinct session authentication keys for SRTP/SRTCP are by
1382 We describe the process of computing authentication tags as follows.
1384 SRTP receiver verifies a message/authentication tag pair by computing
1385 a new authentication tag over M using the selected algorithm and key,
1393 The pre-defined authentication transform for SRTP is HMAC-SHA1
1396 the session authentication key and M as specified above, i.e.,
1411 Regardless of the encryption or message authentication transform that
1496 - k_a (SRTP message authentication): <label> = 0x01, n = n_a.
1537 SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
1587 authentication code. The default session authentication key-length
1588 (n_a) SHALL be 160 bits, the default authentication tag length
1644 encryption keys and salts, SRTP and SRTCP authentication keys), but
1696 functions, suitable for message authentication in the Wegman-Carter
1701 No authentication transforms are currently provided in SRTP other
1709 authentication are provided together. However, in group scenarios
1712 against a member impersonating another. Data origin authentication
1716 specify these technologies. Thus SRTP data origin authentication in
1721 offer this form of authentication in the pre-defined packet-integrity
1725 authentication in case the RTP payload and/or the RTP header are
1745 As shown in Figure 1, the authentication tag is RECOMMENDED in SRTP.
1746 A full 80-bit authentication-tag SHOULD be used, but a shorter tag or
1747 even a zero-length tag (i.e., no message authentication) MAY be used
1751 1. Strong authentication can be impractical in environments where
1763 strong authentication would impose nearly fifty percent
1768 expansion due to the authentication tag. This is the case for
1779 32-bit message authentication tag. The likelihood of any given
1800 for short or zero-length authentication tags. Section 9.5.1
1801 discusses the risks of weak or no message authentication, and section
1840 Note that message authentication also has a dependency on SSRC
2158 considerably longer. With the pre-defined authentication transform,
2159 the session authentication key is 160 bits, but the master key by
2225 or a message authentication code with equivalent strength. Secure
2226 RTP SHOULD NOT be used without message authentication, except under
2229 provide message authentication. SRTCP MUST NOT be used with weak (or
2230 NULL) authentication.
2232 SRTP MAY be used with weak authentication (e.g., a 32-bit
2233 authentication tag), or with no authentication (the NULL
2234 authentication algorithm). These options allow SRTP to be used to
2237 * weak or null authentication is an acceptable security risk, and
2238 * it is impractical to provide strong message authentication.
2248 both conditions MUST hold in order for weak or null authentication to
2250 authentication options need to be considered by a security audit
2254 Weak authentication is acceptable when the RTP application is such
2259 authentication tag MUST ensure that only a negligible fraction of the
2266 Weak or null authentication MAY be acceptable when it is unlikely
2281 Weak or null authentication MUST NOT be used when the RTP application
2288 Null authentication MUST NOT be used when a replay attack, in which
2305 non-null authentication is REQUIRED in order to defeat it.
2309 authentication MUST NOT be used.
2314 authentication, it is important to keep in mind the following attacks
2315 which are possible when no message authentication algorithm is used.
2322 absence of message authentication, the RTP application will have
2341 authentication when a data forwarding or access control decision is
2359 message authentication, it should be verified that the application
2374 The IV formation of the f8-mode gives implicit authentication (IHA)
2375 of the RTP header, even when message authentication is not used.
2379 message authentication, it may be useful for some applications.
2388 SRTP authentication) SHALL be signaled out of band.
2925 octet session salt, and an authentication function which requires a
2926 94-octet session authentication key. These values are called the
2994 CM is generated as above, but using the authentication key label.