1 / 25

RTP Real-Time Transport Protocol

RTP Real-Time Transport Protocol. Patrick Burke Craig Webb. Outline. Introduction RTP Network Stack Design Goals 2 Protocols in 1 RTP Packet Format RTCP Packet Format Vulnerabilities. Intro / What is RTP?. RFC 3550/3551 (obsoletes RFC 1889/1890) End-to-end delivery for real-time data

rooney-carey
Download Presentation

RTP Real-Time Transport Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RTPReal-Time Transport Protocol Patrick Burke Craig Webb

  2. Outline • Introduction • RTP Network Stack • Design Goals • 2 Protocols in 1 • RTP Packet Format • RTCP Packet Format • Vulnerabilities

  3. Intro / What is RTP? • RFC 3550/3551 (obsoletes RFC 1889/1890) • End-to-end delivery for real-time data • Video/audio conferencing • Simulations • VOIP • Provides functions to support loss, out-of-order, jitter, source/payload identification, rate control

  4. RTP Network Stack • Closely coupled with the transport layer (usually UDP)

  5. Design Goals / What it does... • Lightweight - specification and implementation • Flexible - provide mechanism, don’t dictate algorithms • Protocol-neutral - UDP/IP, ST-II, IPX... • Scalable - unicast, multicast 2 to O(107) • Separate data and control - RTP / RTCP • Separate packets for different media types • Support for encryption

  6. Design Goals / What it doesn’t do... • Ensure timely delivery • Ensure quality-of-service • Prevent out-of-order delivery Provides mechanisms for detecting/measuring these but relies on Transport layer and/or Application. Example: Relies on UDP checksum service.

  7. Separate data and control (Two protocols - consecutive UDP ports) • RTP • encapsulates data • adds sequencing, timestamp, source identification • RTCP (RTP Control Protocol) • provides control information • QoS feedback

  8. RTP packet header

  9. RTP packet header • Version - currently 2 • Padding - used in encryption • Extension - used in some implementations • CSRC count - number of contributing source indentifiers (maximum of 15) • Marker - significant events, defined by implementation (i.e. frame boundaries) • Payload type - audio/video encoding method • SSRC - synchronization source, randomly generated at start of session (no 2 SSRC within the same RTP session can have the same identifier)

  10. RTP Packet Header • Sequence number • Initial value is random, • Increment by 1 each RTP packet sent • Loss detection • Out-of-order detection • Timestamp • Used for synchronization • Allows for QoS feedback (jitter calculations) • Rate adaptation

  11. RTP mixers and translators • Mixer • several media streams to one new stream • becomes the new SSRC • Translator • converts data encoding

  12. RTCP packet types • SR - sender report, transmission and reception statistics from active members • RR - receiver report, reception statistics from non-active members • SDES - source description items, CNAME (user@host) plus any other pertinent info • BYE - end of participation • APP - application-specific functions

  13. RTCP packet • Each RTCP packet begins with a fixed part followed by structured elements of variable length (must end on a 32 bit boundary). • Stackable within 1 UDP packet.

  14. RTCP packet • Periodically sent from: • Transmitting terminal to receiving terminal • Receiving terminal to transmitting terminal • Main functions are: • Rate control • Membership identification • QoS tracking

  15. Issues and Vulnerabilities • Theoretical Vulnerabilities • Security Philosophy • Documented Vulnerabilities

  16. Theoretical Vulnerabilities • RTP is a relative new-comer • RFC 1889 approved in 1996 • RFC 3550 approved in 2003 • Functionally identical with 1880 • Updates to rules and algorithms governing how the protocol is to be used • Widely used, but few documented exploitations documented to date

  17. Theoretical Vulnerabilities • Theoretically vulnerable to common transportation-layer weaknesses: • Denial of Service • SSRC assumption by unauthorized user • Packet injection • Fake content inserted before real • QoS Bandwidth Attack • Embedded encryption breakable • Sometimes KEY transmitted in the clear

  18. Security Philosophy • Network “attacks” hard to recognize without specific knowledge of application • Targeted communication is high-speed • Audio/Visual Communicaiton • Multicast Communication • Authentication & Encryption, where required, are implemented at lower layers • RTCP statistics are available to help • “Physician, heal thyself”

  19. Documented Vulnerabilities • Total of 24 patents found referencing RTP • Only 2 directly relate to RTP • 6,856,613 – Throttling audio packets to processing capacity • 6,728,265 – Controlling frame transmission rate • Remainder merely mention RTP as a recommended or suggested transport method

  20. Documented Vulnerabilities • Only 3 documented CERT vulnerabilities • VU#460350 – Apple Quicktime Streaming Server • There is an error in the way Quicktime parses “DESCRIBE requests containing specially crafted User-Agent fields. An attacker could exploit this vulnerability by sending a DESCRIBE request with an overly large User-Agent field.” • Legitimate users would be blocked from streamed content • Apple released a patch for this condition

  21. Documented Vulnerabilities • CERT vulnerabilities (continued) • VU#148564 – Apple Quicktime Streaming Server • Includes a utility called MP3Broadcaster which contains an integer overflow which may be exploited to cause a DoS attack. • No practical solution known by CERT • Must be prevented by disabling unauthenticated remote broadcasts

  22. Documented Vulnerabilities • CERT vulnerabilities (continued) • VU#934932 – RealNetworks Helix Universal Server 9 • Contains buffer overflow protection in two plug-in modules which has allowed remote attackers to execute arbitrary code causing the Server to crash • No practical solution known by CERT • Must be prevented by removing the associated plug-ins: vsrcplin and vsrc3260

  23. References • http://www/cs/columbia.edu/~hgs/rtp/faq.html • http://www.kb.cert.org/vuls • Kurose & Ross, Computer Networking, 2003

  24. Questions • What is the main purpose of RTP? • End-to-end delivery for real-time data • Video/audio conferencing • Simulations • VOIP • What is the purpose of RTCP? • Provide RTP control information and QoS feedback

  25. Questions • Why does RTP rely on the applications to provide security measures? • Targeted communication is high-speed (Audio/Visual and Multicast) making recognition of an attack without specific application knowledge difficult.

More Related