The Use of AES-192 and AES-256 in Secure RTP
RFC 6188
Internet Engineering Task Force (IETF) D. McGrew
Request for Comments: 6188 Cisco Systems, Inc.
Category: Standards Track March 2011
ISSN: 2070-1721
The Use of AES-192 and AES-256 in Secure RTP
Abstract
This memo describes the use of the Advanced Encryption Standard (AES)
with 192- and 256-bit keys within the Secure RTP (SRTP) protocol. It
details counter mode encryption for SRTP and Secure Realtime
Transport Control Protocol (SRTCP) and a new SRTP Key Derivation
Function (KDF) for AES-192 and AES-256.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6188.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
McGrew Standards Track [Page 1]
RFC 6188 SRTP AES-192 and AES-256 March 2011
Table of Contents
1. Introduction ....................................................3
1.1. Conventions Used in This Document ..........................3
2. AES-192 and AES-256 Encryption ..................................3
3. The AES_192_CM_PRF and AES_256_CM_PRF Key Derivation Functions ..4
3.1. Usage Requirements .........................................5
4. Crypto Suites ...................................................6
5. IANA Considerations .............................................9
6. Security Considerations .........................................9
7. Test Cases .....................................................10
7.1. AES-256-CM Test Cases .....................................10
7.2. AES_256_CM_PRF Test Cases .................................11
7.3. AES-192-CM Test Cases .....................................13
7.4. AES_192_CM_PRF Test Cases .................................13
8. Acknowledgements ...............................................15
9. References .....................................................15
9.1. Normative References ......................................15
9.2. Informative References ....................................15
McGrew Standards Track [Page 2]
RFC 6188 SRTP AES-192 and AES-256 March 2011
1. Introduction
This memo describes the use of the Advanced Encryption Standard (AES)
[FIPS197] with 192- and 256-bit keys within the Secure RTP (SRTP)
protocol [RFC3711]. Below, those block ciphers are referred to as
AES-192 and AES-256, respectively, and the use of AES with a 128-bit
key is referred to as AES-128. This document describes counter mode
encryption for SRTP and SRTCP and appropriate SRTP key derivation
functions for AES-192 and AES-256. It also defines new crypto suites
that use these new functions.
While AES-128 is widely regarded as more than adequately secure, some
users may be motivated to adopt AES-192 or AES-256 due to a perceived
need to pursue a highly conservative security strategy. For
instance, the Suite B profile requires AES-256 for the protection of
TOP SECRET information [suiteB]. (Note that while the AES-192 and
AES-256 encryption methods defined in this document use Suite B
algorithms, the crypto suites in this document use the HMAC-SHA-1
algorithm, which is not included in Suite B.) See Section 6 for more
discussion of security issues.
The crypto functions described in this document are an addition to,
and not a replacement for, the crypto functions defined in [RFC3711].
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Show full document text