Overview
ZRTP is a key agreement protocol, which performs the Diffie-Hellman key exchange between two end points in a VoIP (Voice over Internet Protocol) telephony call, based on the RTP (Real-time Transport Protocol) media stream.On March 5, 2006, Phil Zimmermann, Alan Johnston and Jon Callas submitted the ZRTP to the Internet Engineering Task Force (IETF).
It was developed by Phil Zimmermann, with the help from Colin Plumb and Zooko Wilcox-O’Hearn.
D-H algorithm is used to avoid an overhead of certificate management or Public key infrastructure or any other prior setup. Signaling protocol such as SIP (Session Initiation Protocol) is used to establish RTP media stream. ZRTP uses the Secure Real-time Transport Protocol (SRTP) and the Diffie-Hellman Key exchange for encryption of data.
Authentication
ZRTP uses media path for key agreement, which ensures that media keys are accepted directly by the sender and the receiver. These media keys are not visible to intermediate signaling device, which is important to ensure call confidentially. ZRTP provides the second layer of authentication against MITM attack.
ZRTP uses Short Authentication String (SAS) to authenticate the key exchange between two parties. The SAS is a cryptographic hash of some D-H values, which are displayed as word-pair on the user interface. A 16-bit SAS provides the MITM attackers only one chance out of 65,536 of not being detected. The SAS value is read on both ends over the voice communication, if it does not match then MITM attack is detected otherwise the connection is secure.
Implementation
ZRTP is implemented on –
• Mobile networks – like Symbian and Windows mobile phones.
• Traditional telephony – like ISDN, GSM, UMTS etc. networks.
• PBX and Gateway.
Terms related to ZRTP
Cryptography – It is the practice and study of hiding information.
Cipher – It is the art of protecting information by encrypting it.
D-H or Diffie-Hellman key exchange – It is a cryptographic protocol, which is used to establish a secret key between two parties over an insecure communication channel.
Key – In encryption, a key specifies the transformation of plaintext into cipertext, and vice-versa during decryption. A key is a part of data (or information) that determines the functional output of a cryptographic algorithm.
Key agreement protocol – According to this protocol, two or more parties can agree on a key, such that both will influence the output.
Man-in-the-middle attack (MITM) – It is a method of eavesdropping (secretly listening to a private conversation of others without their consent) on encrypted communications.