Secure Real-time Transport Protocol (SRTP) provides confidentiality, authentication, integrity and replay protection for secure media transport in VoIP. However, the overhead of HMAC-SHA1 incurred per packet makes SRTP susceptible to flooding based Denial-of-Service attack. In this paper, we present a class of schemes to increase the DoS tolerance in SRTP. The central idea is to add a light-weight authentication mechanism on top of SRTP. This mechanism is used to efficiently discard illegitimate packets early on in the face of a DoS attack. Analysis shows that substantially larger traffic flood can be handled with the proposed enhancements.
展开▼
