Questions on H.235

Aseem Agarwal aseem at TRILLIUM.COM
Wed Sep 8 14:50:53 EDT 1999


Hi
  i have the following questions about H.235 procedures:


   The Diffie Hellman exchange as depicted in Fig 1/H.235 is as follows:


  EP                                                                    GK

     ClrTkn(Dh_a, Time_a) CryptoTkn[(genId_a, time_a,Dh_a)Sign_a]
  ---------------------------------------------------------------------->


     ClrTkn(Dh_b, Random_b, Time_a) CryptoTkn[{genId_a,Time_b,Dh_b}Sign_b]
                                               -------
  <-----------------------------------------------------------------------

_____________________________________________________________________________


     ClrTkn[{(genId_b XOR Random_b XOR (x)}EHD-secret)]
              -------
  ---------------------------------------------------------------------->


     ClrTkn[ (genId_a, Random_b) ]
  <-----------------------------------------------------------------------


1.In the phase II procedure above, how does the EP know about genId_b ?
  I feel that the genId in cryptoToken in phase I message from GK to EP
  (second line in the diagram) should have genId_b and not genId_a. Is my
  understanding correct ?

2.As applied to RAS protocol in H.323 context, for a non subscription
  based authentication case:

  Dh_a and Dh_b have public keys for EP and Gk respectively.

  (x) is requestSeqNum.
  genId_b has gkId in GCF.

  What does genId_a have in GRQ ?

  The above exchange is NOT immune to man-in-the-middle attacks. A third
  party can easily snoop in and find out Dh_a, Dh_b, GkId and
  IntegrityMechanism algorithms as these are passed un-ecrypted in
  GRQ-GCF exchange. How is this authentication procedure any different
  from just passing a GK assigned dynamic identifier (e.g. EndPointId)
  in all messages to the GK ??

  How is this procedure affected if the EP knows Gk's id apriori
  (through provisioning or out of band methods as in manual discovery)?

3. H.235 also mentions that this procedures may be used on the call
   signalling channel as well. The scope of the Key generated as a
   result of this procedure is not clearly specified. Is this key used
   for encryption on the call control channel or is it valid only for
   call signalling channel ?

   Any pointers would be appreciated.

   thanks,
   aseem at trillium.com



More information about the sg16-avd mailing list