Security is always one of the most important aspects of communication. Security leaks may damage personal or corporate properties like intellectual property, business secrets, personal privacy, account credentials, etc. In IMS (IP Multimedia Subsystem), communication security is usually realized by using secured media streams.
SRTP (Secure Real-Time Transfer Protocol) is commonly used as media transport protocol to secure the RTP/RTCP (Real-Time Transfer Protocol/Real-Time Transfer Control Protocol) media streams between a UE (User Equipment) and aMGw (Media GateWay). However, SRTP does not provide key management functionality, but instead depends on external key management functions to exchange secret master keys, and to negotiate the algorithms and parameters for use with those keys. DTLS-SRTP (Datagram Transport Layer Security—Secure Real-Time Transfer Protocol) is an ideal combination which provides the performance and encryption flexibility benefits of SRTP using DTLS-integrated key and association management. DTLS keying happens on the media path, independent of any out-of-band signalling channel.
For DTLS-SRTP, the DTLS handshake between UE and MGw is used to negotiate and agree keying material, algorithms, and parameters for SRTP. However, DTLS needs certificate fingerprints from both MGw and UE. DTLS certificate fingerprints and setup attributes are exchanged via SDP (Session Description Protocol) Offer/Answer between the UE and a Control Server or SBC (Session Border Controller). The UE fingerprint and setup attributes are provided to the MGw over an ITU-T H.248 protocol. In the return direction, the MGw fingerprint and setup attributes are provided to the CONTROL SERVER over the ITU-T H.248 protocol and are then forwarded to the UE. Once certificate fingerprints and setup attributes are successfully exchanged, DTLS negotiation can be initiated in order to start the SRTP based secured media stream.
In addition to the security handshake required when a UE accesses a network to initiate a communications session, a security handshake is also required to enable a secure connection to be set up between an MGw and a UE receiving the set-up request. Such an arrangement is illustrated in FIG. 1, which is a schematic diagram of a section of a network (1) in which a UE receives a communication session set-up request. The network comprises a UE (2), which communicates with a control server or Session Border Controller (SBC) (3) in the signalling domain (8) and with a Media Gateway, MGw (4), in the user or media domain (7). Signalling (9) from the Control Server is transmitted to the IP Media Subsystem (IMS) Core (5).
Typically, the Session Initiation protocol is used for signalling (8, 9), but other signalling methods may be used, such as H323. The Control Server (3) controls the MGw, by means of a signalling link (10). Typically, the H248 protocol is used. A remote party (6) may connect with the IMS in order to establish a communication session with UE (2).
FIG. 2 is a signalling diagram which shows a method of establishing an SRTP communication session using a DTLS-SRTP handshake procedure. The session setup starts with a connection setup request message (11), typically a Session Initiation Protocol (SIP) INVITE message, which includes in Session Description Protocol (SDP) format a request for a secure connection based on Datagram Transport Layer Securit-Secure Real Time Protocols (DTLS-SRTP) handshake procedure. The setup request is received at the Control Server (3), which creates a message, typically using the H248 protocol to signal to the MGw that the establishment of a media session is required (12). This message is received by the MGw(4) and the MGw responds typically with an ADD reply (13). This response contains the MGw fingerprint. The fingerprint is received by the Control Server (3) and then forwarded (14) to the UE (2). The UE responds (15) with a message containing its own fingerprint (15). Typically this message is in SDP format. The UE fingerprint is typically transferred to the MGw in an H248 Modify message (16). The MGw responds with a reply (17). At this stage, both the UE and the MGw have each other's fingerprints. The handshake procedure (19) now takes place, in which certificates are provided and validated using the fingerprints. Once the handshake is completed, an SRTP session (20) is set up.
In practice DTLS negotiation takes some time to complete, prolonging the overall session set-up time. In a typical IMS system, DTLS negotiation may take up to several seconds, leading to a very bad user experience and potentially harming the operator's reputation.