6

I'm currently working on a penetration test about DTLS-SRTP strengths and weaknesses. But I'm stuck on an eavesdropping test using Wireshark.

Yes, it's protected by SRTP, but:

  1. What's DTLS actually doing/working on the media channel?
  2. What are other attack methods (apart from the eavesdropping) that can be tested on such a secured channel (to prove it works, or alternatively to prove it still has flaws)?

Specifically I'm doing it in WebRTC communications, and I'm ignoring other location's security aspects, except in the media transfer channel.

Anders
  • 64,406
  • 24
  • 178
  • 215
alsterisk
  • 61
  • 1
  • For (1), have you read [RFC 5764](https://tools.ietf.org/html/rfc5764)? – Lekensteyn Jul 05 '15 at 13:36
  • Might interest you: Hot off the press RFC drafts: *DTLS-SRTP Handling in Session Initiation Protocol (SIP) Back-to-Back User Agents B2BUAs*: [draft-ietf-straw-b2bua-dtls-srtp-07](https://tools.ietf.org/html/draft-ietf-straw-b2bua-dtls-srtp-07), *Terminology related to TLS and DTLS*: [draft-guballa-tls-terminology-02.txt](https://tools.ietf.org/html/draft-guballa-tls-terminology-02). – StackzOfZtuff Sep 16 '15 at 07:40

1 Answers1

2

What kind of attack methods are you looking for? I remember it has a memory leak in the DTLS-SRTP extension parsing code. Which makes OpenSSL vulnerable to DoS attacks (for more read CVE-2014-3513).

But I suggest reading RFC 5764 and see if that answers any of your questions.

Can also recommend "Prateek Gupta, Vitaly Shmatikov (2006) Security Analysis of Voice-over-IP Protocols"

Zardox
  • 51
  • 6