Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Issue 14
Issue 15
Issue 16
Issue 17
Issue 18
Issue 19
Issue 20
Issue 21
Issue 22
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 14 / Issue 5

available in:   PDF (245 kB) PS (513 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-014-05-0693

 

Enhancing ZRTP by using Computational Puzzles

Helmut Hlavacs (University of Vienna, Austria)

Wilfried Gansterer (University of Vienna, Austria)

Hannes Schabauer (University of Vienna, Austria)

Joachim Zottl (University of Vienna, Austria)

Martin Petraschek (ftw (Telecommunications Research Center Vienna), Austria)

Thomas Hoeher (ftw (Telecommunications Research Center Vienna), Austria)

Oliver Jung (ftw (Telecommunications Research Center Vienna), Austria)

Abstract: In this paper we present and discuss a new approach for securing multimedia communication, which is based on three innovations. The first innovation is the integration of a challenge-response scheme for enhancing the Diffie-Hellman based ZRTP protocol. When being called, a callee must present the result of a computational puzzle (a "token") within a short amount of time. A Man-in-the-Middle (MitM) would not be able to compute such a token within the required time, and thus fail to get into the media path. The scheme works best in situations when ZRTP is most vulnerable to so-called Mafia Attacks, i.e., if both caller and callee do not know each other.

The second innovation complements the first one on those occasions where the above scheme may fail. The call is delayed for a certain amount of time which depends on the agreed session key. Since during a MitM attack two different keys (and thus waiting times) exist, caller and callee would not start their call at the same time and the MitM attack would fail.

The third innovation is in the definition of a new computational puzzle which forms the basis of the challenge-response scheme. We propose a computational puzzle which is based on computing selected eigenvectors of real symmetric matrices. In contrast to existing puzzles, the one we propose does not rely on a shared secret, can be validated quickly, and existing solution methods exhibit limited scalability so that the threat from attacks based on massively parallel computing resources can be controlled.

Keywords: SRTP, VoIP, ZRTP, call delay, challenge-response, computational puzzle, eigenvectors

Categories: C.2.0, K.6.5