|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VoIP over IPsec
On Tue, 18 Feb 2003, Stephen Sprunk wrote: > > In fact, a method to encrypt small parcels of data efficiently is > > well-known for decades. It is called "stream cypher" (surprise). > > Besides LFSR-based and other stream cyphers, any block cypher > > can be used in this mode. Its application to RTP is trivial and > > straight-forward. Just leave sequence number in clear text, so that > > position in the stream is recoverable in case of packet loss. > Most stream modes are chained in some way to intentionally disrupt > decryption if part of the ciphertext is missing; That would be CBC mode (where the output of one block becomes part of the input for the next) and I don't think this effect is a feature. At least, certainly not a desirable one because now we need a relatively large initialization vector in each encrypted packet. (It would of course be possible to negotiate some random data in advance from which the IVs can be taken in a way that is linked to the counter so the IV doesn't have to be included in the packet.) A stream cipher generates a random-looking data stream against which the payload is XORed. If you miss some payload you can still generate the data stream for the missing part and start XORing again for the data you have, as long as you exactly know how much is missing. This would be trivial to implement in IPsec with a fixed packet length because the anti-replay counter tells you the number of packets that were transmitted in the clear.
|