NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0279:  Ciphersuites for SRTP

Publication Date
2018.01.03

Protection Profiles
EP_SBC_V1.1, EP_VVOIP_V1.0

Other References
FCS_SRTP_EXT.1.2

Issue Description

The SBC and VVoIP EPs currently only include a single ciphersuite for use in SRTP. NSS customers would like the list of allowable ciphersuites expanded.

Resolution

Updated 03/29/2018 to add AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568.

FCS_SRTP_EXT.1.2 is modified as follows:

FCS_SRTP_EXT.1.2  The TSF shall implement SDES-SRTP supporting the following ciphersuites [selection:

·         AES_CM_128_HMAC_SHA1_80, in accordance with RFC 4568,

·         AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568,

·         AES_256_CM_HMAC_SHA1_80, in accordance with RFC 6188,

·         AES_256_CM_HMAC_SHA1_32, in accordance with RFC 6188,

·         AEAD_AES_128_GCM, in accordance with RFC7714,

·         AEAD_AES_256_GCM, in accordance with RFC 7714].

Application Note: This requirement specifies that the SRTP session that will be used to carry the VoIP traffic will be keyed according to an SDES dialogue using one of the identified ciphersuites. The ST author should select any/all ciphersuites supported.

No change to the Assurance Activities is needed.

Justification

The additional ciphersuites included allow more flexibility and provide support for greater key lengths.

 
 
Site Map              Contact Us              Home