Using Sip Identity To Prevent Man-In-The-Middle Attacks On Zrtp

In this paper we present an architecture and associated protocol extensions for securing the media stream of a VoIP session. We make use of ZRTP [1] which is a key agreement protocol that allows two parties to agree upon a secret session key over the media path. Because ZRTP is based on the popular Diffic-Hellmann key exchange mechanism [2] it is inherently vulnerable to man-in-the-middle (MITM) attacks. Although ZRTP offers a mechanism for the prevention of MITM attacks, a sophisticated attacker might be able to launch a successful attack in certain scenarios.We describe an approach that provides authentic cryptographic parameters for ZRTP without sacrificing the independence from a user-level Public Key Infrastructure (PKI). We propose to use the mechanisms provided by RFC 4474 (SIP Identity) [3] to ensure the identity of the parties involved in an ZRTP key exchange.