A / V / Text encryption methods

Hi All!

I am looking for real-time encryption methods/protocols for streaming
A / V / Text data. I plan to build an app similar to Skype and since
Skype doesn't really reveal much about its security architecture, I'm
looking for ingenious solutions. Any suggestions/help would be
welcome.


From whatever research I did about Skype, I found the following
things:

Skype has implemented majority of its encryption modules by itself and
which are built to comply with standards but applied in their own
ingenious ways such as the AES block cipher, the RSA public-key
cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash
function, and the RC4 stream cipher.

It uses 256-bit encryption in order to actively encrypt the data in
each Skype call or instant message. Skype uses 1024 bit RSA to
negotiate symmetric AES keys. User public keys are certified by the
Skype server at login using 1536 or 2048-bit RSA certificates.
The key size used for signing here is 1536-2048, which is
significantly greater than 1024-bit keys that are a global norm.

It has also set up its own CA for authentication. On first usage, a
client contacts Skype's master server which issues a certificate from
its indigenous CA.

Besides the above cryptographic algorithms, Skype has also implemented
its own proprietary key-exchange protocol which it uses for key
exchange. I guess they have borrowed most of the features of SSL and
implemented it according to their needs besides "fixing" its need for
a connection-oriented protocol.




I guess we could also have the same functionality using IPSec in
"transport" mode and creating a indigenous CA.. I DO NOT PLAN TO USE
VPNs, so using "tunnel" mode is out of question...

The question is, can we use IPSec to secure UDP data communication??
If yes, HOW?? (since using TCP to transport A / V data would cause
huge "delays".. So SSL is also out of question...)




Also, I'm looking for suitable forums/IRC channels to discuss the
topic more. Could the people here suggest me some???

Regards,
D3|\||\|!$

D3|\\||\\|!$

"D3|\\||\\|!$" <> writes:
> The question is, can we use IPSec to secure UDP data communication??
> If yes, HOW?? (since using TCP to transport A / V data would cause
> huge "delays".. So SSL is also out of question...)

IPSec supports udp natively, I thought. There is also a version of
TLS for UDP. See: http://tools.ietf.org/html/rfc4347

Paul Rubin

On Jan 8, 5:04*pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> "D3|\\||\\|!$" <e.kaba...@gmail.com> writes:
> > The question is, can we use IPSec to secure UDP data communication??
> > If yes, HOW?? (since using TCP to transport A / V data would cause
> > huge "delays".. So SSL is also out of question...)
>
> IPSec supports udp natively, I thought. *There is also a version of
> TLS for UDP. *See: *http://tools.ietf.org/html/rfc4347

Yes! Figured that out...

DTLS supports UDP as well as DCCP "payload".. But I don't know much
about it though... Am already exploring on it - would like more
suggestions regarding the "design" aspect of the whole thing...

D3|\\||\\|!$

[alt.comp.virus removed from newsgroups line: my news provider is
refusing to accept the message because it's so massively crossposted.]

Paul Rubin <http> wrote:
> IPSec supports udp natively, I thought.

IPsec (lowercase `s') works at the IP level, either by inserting an
additional header between the IP header and the next-layer protocol, or
by encapsulating an entire IP packet. It can therefore carry any
protocol based on IP, including TCP, UDP, ICMP, and others.

Use the `tunnel mode' (which does indeed encapsulate the entire packet);
`transport mode' fails to protect the integrity of the outer IP header.

-- [mdw]

Mark Wooding