MIKEY

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For other meanings, see Mikey (disambiguation).

Multimedia Internet KEYing (MIKEY) is a key management protocol that is intended for use with real-time applications. It can specifically be used to set up encryption keys for multimedia sessions that are secured using SRTP.

MIKEY was first defined in RFC 3830. Additional MIKEY modes have been defined in RFC 4650, RFC 4738, RFC 6043, RFC 6267 and RFC 6509.

Basic Key Transport and Exchange Methods[edit]

MIKEY supports eight different methods to set up a Common Secret (to be used as e.g. a session key or a session KEK):

  • Pre-Shared Key (PSK): This is the most efficient way to handle the transport of the Common Secret, since only symmetric encryption is used and only a small amount of data has to be exchanged. However, an individual key has to be shared with every single peer, which leads to scalability problems for larger user groups.
  • Public-Key: The Common Secret is exchanged with the help of public key encryption. In larger systems, this requires a PKI to handle the secure distribution of public keys.
  • Diffie-Hellman: A Diffie-Hellman key exchange is used to set up the Common Secret. This method has a higher resource consumption (both computation time and bandwidth) than the previous ones, but has the advantage of providing perfect forward secrecy. Also, it can be used without any PKI.
  • DH-HMAC (HMAC-Authenticated Diffie-Hellman): This is a light-weight version of Diffie-Hellman MIKEY: instead of certificates and RSA signatures it uses HMAC to authenticate the two parts to one another. DH-HMAC is defined in RFC 4650.
  • RSA-R (Reverse RSA): The Common Secret is exchanged with the help of public key encryption in a way that doesn't require any PKI: the initiator sends its public RSA key to the responder, which responds by selecting the Common Secret and then send it back to the initiator encrypted with the initiator's public key. RSA-R is defined in RFC 4738.
  • TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). MIKEY-TICKET is defined in RFC 6043.
  • IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). MIKEY-IBAKE is defined in RFC 6267.
  • SAKKE: Sakai-Kasahara Key Encryption in Multimedia Internet KEYing (MIKEY). This is another Identity-Based Authenticated Key Exchange method. MIKEY-SAKKE is defined in RFC 6509.

See also[edit]