[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec for IP Telephony

To: "'Scott Cadzow'" <Scott.Cadzow@etsi.fr>, "'Stephen Kent'" <kent@bbn.com>, "Costantini, Frank " <Frank.Costantini@ccmail.l-3com.com>
Subject: RE: IPSec for IP Telephony
From: Bob Doud <bdoud@ire-ma.com>
Date: Tue, 30 Mar 1999 12:24:35 -0500
Cc: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

Actually, I think you would find that the main reason that digital
radio systems use a stream cipher is not for latency reasons
but rather for error propagation concerns.  When you use a
block cipher such as DES in either CBC or CFB mode, you cause
a propagation of a single-bit channel error into 1 or two
blocks worth of errors upon decryption.  This would be totally
unacceptable over a radio link where you tend to get spurious
errors here and there.

I know of at least one company who does digital radio with DES
running in the OFB mode, which makes it essentially a stream
cipher.

Bob Doud
IRE Secure Solutions, Inc.


-----Original Message-----
From:	Scott Cadzow [SMTP:Scott.Cadzow@etsi.fr]
Sent:	Tuesday, March 30, 1999 2:20 AM
To:	'Stephen Kent'; Costantini, Frank 
Cc:	ipsec@lists.tislabs.com
Subject:	RE: IPSec for IP Telephony

Note that most digital radio telephone systems (DECT, GSM, TETRA) use
streaming ciphers for link encryption, the analysis of each showing that
block ciphers by having potential to induce delay are unacceptable to
maintain QoS. If we extend the TDMA models of such systems to general packet
mode speech then I believe the same conclusions will be reached - stream
cipher is preferred. The derivation of a Time Variant Parameter is however
for further study in IP telephony.

Regards,

Scott

-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com]
Sent: Tuesday, March 30, 1999 1:10 AM
To: Costantini, Frank 
Cc: ipsec@lists.tislabs.com
Subject: RE: IPSec for IP Telephony


Frank,

We have had a number of other, optional, algorithms defined for IPsec. A
stream cipher would be fine, so long as it carries an IV to deal with
dropped or re-ordered packets.  Also, note that ESP usually employs
authentication, in the form of HMAC, which would introduce latency as well.
if one omits authentication, and uses a stream cipher of the sort you
describe, than an attacker could modify packets with complete control,
which might be a concern.

Steve

Prev by Date: Re: 3DES with 40-bit key?
Next by Date: IPSec - Mobile IP users...
Prev by thread: Re: IPSec for IP Telephony
Next by thread: Re: IPSec for IP Telephony
Index(es):
- Main
- Thread