Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Issue 14
Issue 15
Issue 16
Issue 17
Issue 18
Issue 19
Issue 20
Issue 21
Issue 22
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 14 / Issue 5

available in:   PDF (372 kB) PS (658 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-014-05-0673

 

Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP

Martin Petraschek (ftw (Telecommunications Research Center Vienna), Austria)

Thomas Hoeher (ftw (Telecommunications Research Center Vienna), Austria)

Oliver Jung (ftw (Telecommunications Research Center Vienna), Austria)

Helmut Hlavacs

Wilfried Gansterer

Abstract: ZRTP is a protocol designed to set up a shared secret between two communication parties which is subsequently used to secure the media stream (i.e. the audio data) of a VoIP connection. It uses Diffie-Hellman (DH) key exchange to agree upon a session key, which is inherently vulnerable to active Man-in-the-Middle (MitM) attacks. Therefore ZRTP introduces some proven methods to detect such attacks. The most important measure is a so called Short Authentication String (SAS). This is a set of characters that is derived essentially from the public values of the Diffie-Hellman key exchange and displayed to the end users for reading out and comparing over the phone. If the SAS on the caller's and the callee's side match, there is a high probability that no MitM attack is going on. Furthermore, ZRTP offers a form of key continuity by caching key material from previous sessions for use in the next call. In order to prevent that a MitM can manipulate the Diffie-Hellman key exchange in such a way that both partners get the same SAS although different shared keys were negotiated, ZRTP uses hash commitment for the public DH value.

Despite these measures a Relay Attack (also known as Mafia Fraud Attack or Chess Grandmaster Attack) is still possible. We present a practical implementation of such an attack and discuss its characteristics and limitations, and show that the attack works only in certain scenarios.

Keywords: Man-in-the-Middle-Attack, ZRTP, security

Categories: K.6.5