19

I'm looking for options for securing UDP traffic (mainly real-time video) on a wireless network (802.11). Any suggestions apart from Datagram Transport Layer Security (DTLS)?

Thanks.

Soumya Simanta
  • 11,523
  • 24
  • 106
  • 161
  • @Justin Ethier wpa is easy to break (http://www.renderlab.net/projects/WPA-tables/). – rook Jun 04 '10 at 17:12
  • @The Rook: Just use a strong key? Anything with a weak password is typically easy to break. – L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳ Jun 04 '10 at 18:13
  • @Longpoke they are using a dictionary attack, but its not a silver bullet. TLS/SSL/DTLS is more secure than wpa. – rook Jun 04 '10 at 18:15
  • 1
    @The Rook: WPA2 with EAP/RSN is just another transport security framework, it has useless legacy / weakened-for-laws modes and a few vulnerabilities here and there just like SSL/TLS do. WPA2 will be as secure as you want it to be, and should be more efficient since it's on a lower OSI layer. Of course this is only good if you trust all the peers on the wireless network or made sure ARP spoofing/ICMP redirect/DNS hijacking and all the other magic is fixed. – L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳ Jun 04 '10 at 22:49
  • @Longpoke You hit the nail on the head with MITM, i think that trusting everyone on the lan isn't realistic. But, actually wep/wpa is layer 2 not layer 4. Also both wpa and wpa2 are vulnerable to the same dictionary attack, its has to do with the handshake. As a consequence you have to sit around until someone authenticates, but after that it should break in a few minutes. With ssl you can authenticate with a certificate which stops a dictionary attack. – rook Jun 04 '10 at 23:03
  • @The Rook, with WPA2 EAP/RSN you can use certs as well, in fact, EAP-TLS exists, as well as tons of other methods. – L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳ Jun 04 '10 at 23:42
  • @Longpoke cool i didn't know that, that is the way to go. I know some corporate networks force their users to use a vpn in order to get outside of that network segment. – rook Jun 04 '10 at 23:55
  • @Soumya Simanta I am wondering what's wrong with DTLS for you. Quite a powerful protocol. – Eugene Mayevski 'Callback Sep 05 '10 at 20:47

4 Answers4

4

You must be more clear about the attacks you are trying to defend against. For instance if your only concern is spoofing then you can use a Diffie–Hellman key exchange to transfer a secret between 2 parties. Then this secret can be used to generate an Message Authentication Code for each packet.

If you need any more protection I strongly recommend using DTLS. It should be noted that all TLS/SSL connections can be resumed so you can cut down on the number of handshakes. Also, certificates are free.

rook
  • 66,304
  • 38
  • 162
  • 239
  • A DH Key exchange would be vulnerable to an active MITM attack and you couldn't rely on it to authenticate packets. – Chris Clark Jul 20 '10 at 11:47
  • @Chris Clark you are correct, this is why ssl also uses asymmetric crypto. – rook Jul 20 '10 at 15:37
  • You'd probably need to do the key exchange under TCP, where you could assert the server is what it claims to be as well as it could make sure you are who you claim to be. From then on, UDP should be fine. – rbanffy May 11 '18 at 12:24
3

Are you trying to wrap an existing application or writing your own? What client server setup do you have? Do you want to prevent snooping or tampering?

I am assuming here that you

  • are developing an application
  • are trying to prevent snooping
  • have access to client and server.

The simple approach is to use any off the self strong encryption. To prevent tampering use any signing algorithm with a private/public key scheme. You can use the same key pair for encryption and authentication.

The drawback of this approach is that it is on layer 7 and you have to do most of the work on your own. On the other hand, DTLS is a viable option...

rbanffy
  • 2,319
  • 1
  • 16
  • 27
rioki
  • 5,988
  • 5
  • 32
  • 55
1

Have you considered IPSEC? This article provides some good guidance on when and when not to use it.

Community
  • 1
  • 1
Andrew Strong
  • 4,303
  • 2
  • 24
  • 26
0

You can look into ssh with port forwarding. That comes at the cost of maintaining a TCP connection over which the UDP traffic can be secured.

Amardeep AC9MF
  • 18,464
  • 5
  • 40
  • 50
  • We want to avoid using any TCP connections because of the ad hoc nature of the network. – Soumya Simanta Jun 04 '10 at 14:37
  • Depending on your key exchange requirements, it might be as simple as using blowfish over each UDP packet's payload with a shared key. It is lightweight and doesn't load the CPU much on either end. – Amardeep AC9MF Jun 04 '10 at 14:41
  • 1
    First of all blowfish is old, twofish is the next version. Also block ciphers are difficult to properly implement . At that point why not use dtls's twofish implementation? – rook Jun 04 '10 at 18:27
  • @Rook - can you recommend an open source implementation of dtls's twofish ? I want to run this on Android. – Soumya Simanta Jun 05 '10 at 01:49