Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 14 / Issue 5

available in:   PDF (372 kB) PS (658 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-014-05-0673


Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP

Martin Petraschek (ftw (Telecommunications Research Center Vienna), Austria)

Thomas Hoeher (ftw (Telecommunications Research Center Vienna), Austria)

Oliver Jung (ftw (Telecommunications Research Center Vienna), Austria)

Helmut Hlavacs

Wilfried Gansterer

Abstract: ZRTP is a protocol designed to set up a shared secret between two communication parties which is subsequently used to secure the media stream (i.e. the audio data) of a VoIP connection. It uses Diffie-Hellman (DH) key exchange to agree upon a session key, which is inherently vulnerable to active Man-in-the-Middle (MitM) attacks. Therefore ZRTP introduces some proven methods to detect such attacks. The most important measure is a so called Short Authentication String (SAS). This is a set of characters that is derived essentially from the public values of the Diffie-Hellman key exchange and displayed to the end users for reading out and comparing over the phone. If the SAS on the caller's and the callee's side match, there is a high probability that no MitM attack is going on. Furthermore, ZRTP offers a form of key continuity by caching key material from previous sessions for use in the next call. In order to prevent that a MitM can manipulate the Diffie-Hellman key exchange in such a way that both partners get the same SAS although different shared keys were negotiated, ZRTP uses hash commitment for the public DH value.

Despite these measures a Relay Attack (also known as Mafia Fraud Attack or Chess Grandmaster Attack) is still possible. We present a practical implementation of such an attack and discuss its characteristics and limitations, and show that the attack works only in certain scenarios.

Keywords: Man-in-the-Middle-Attack, ZRTP, security

Categories: K.6.5