h.235 authentication, integrity and encryption adi regev sr. director sales engineering &...
TRANSCRIPT
![Page 1: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/1.jpg)
H.235Authentication, Integrity and Encryption
Adi RegevSr. DirectorSales Engineering &Customer Support
![Page 2: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/2.jpg)
2
OverviewOverviewH.235H.235
![Page 3: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/3.jpg)
3
H.235 Annex DH.235 Annex D
Baseline Security Profile (H.323V4 Scope)
Provides Authentication or/and Integrity
Hop-by-hop processing
Password based security
Shared Secret-Key
Digest (Hashing) Algorithm - HMAC-SHA1-96
![Page 4: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/4.jpg)
4
(Voice) Encryption Security Profile (Voice) Encryption Security Profile
Applicable for any RTP Stream
Depends on (part of) H.235 Annex D
Uses DH (Diffie-Hellman) secret key for session keys distribution
Mechanism for Session-Key update and synchronization
Encryption Algorithms - DES, Triple DES, RC2
Anti-Spamming protection
![Page 5: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/5.jpg)
5
H.235 Annex EH.235 Annex E
Provides Authentication or/and Integrity
Signature Profile – Public Key Infrastructure (PKI)
Certificate Based Security
Scalable - applicable for “Global” IP Telephony
Hop-by-Hop and End-to-End security
Digest Algorithms - MD5 or SHA1 signatures
![Page 6: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/6.jpg)
6
H.235v3 Annex FH.235v3 Annex F
Hybrid Security Profile
Uses Annex E signatures (when required)
Uses Annex D otherwise
More secure than Annex D
More lightweight than Annex E
Scalable - Applicable for “Global” IP telephony
![Page 7: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/7.jpg)
7
StatusStatusH.235H.235
![Page 8: H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support](https://reader036.vdocuments.site/reader036/viewer/2022082700/55149ab6550346ea6e8b56d1/html5/thumbnails/8.jpg)
8
H.235 StatusH.235 Status
The Good News…
RADVISION ECS supports H.235 Annex D (Basic Profile) Authentication and Integrity
On the roadmap - Encryption and Annex E
The Bad News…
No Multimedia Endpoints (to date) support H.235
Some are working on it or provide proprietary authentication
Workarounds exists – Pre-Defining EP’s, Using LDAP for authentication, etc.