For other meanings, see Mikey.
Multimedia Internet KEYing (MIKEY) is a key management protocol that is intended for use with real-time applications. It can specifically be used to set up encryption keys for multimedia sessions that are secured using SRTP.
MIKEY is defined in RFC 3830.
Basic Key Transport and Exchange Methods
MIKEY supports five different methods to set up a Common Secret (to be used as e.g. a session key or a session KEK):
- Pre-Shared Key (PSK): This is the most efficient way to handle the transport of the Common Secret, since only symmetric encryption is used and only a small amount of data has to be exchanged. However, an individual key has to be shared with every single peer, which leads to scalability problems for larger user groups.
- Public-Key: The Common Secret is exchanged with the help of public key encryption. In larger systems, this requires a PKI to handle the secure distribution of public keys.
- Diffie-Hellman: A Diffie-Hellman key exchange is used to set up the Common Secret. This method has a higher resource consumption (both computation time and bandwidth) than the previous ones, but has the advantage of providing perfect forward secrecy. Also, it can be used without any PKI.
- DH-HMAC (HMAC-Authenticated Diffie-Hellman): This is a light-weight version of Diffie-Hellman MIKEY: instead of certificates and RSA signatures it uses HMAC to authenticate the two parts to one another. DH-HMAC is defined in RFC 4650.
- RSA-R (Reverse RSA): The Common Secret is exchanged with the help of public key encryption in a way that doesn't require any PKI: the initiator sends its public RSA key to the responder, which responds by selecting the Common Secret and then send it back to the initiator encrypted with the initiator's public key. RSA-R is defined in RFC 4738.
See also
- ZRTP - an alternative to MIKEY as cryptographic key-agreement protocol for SRTP
- SDES Session Description Protocol Security Descriptions for Media Streams
- Key-agreement protocol
- Internet Key Exchange (IKE): Another key management protocol
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
