The Camellia Algorithm and Its Use wiht the Secure Real-time Transport Protocol(SRTP)
NTT Software Corporation
+81-45-212-9803+81-45-212-9800kanno.satoru@po.ntts.co.jp
NTT
+81-422-59-3456+81-422-59-4015 kanda.masayuki@lab.ntt.co.jp
AVT
Network Working GroupBlock CipherSecurityCamelliaSRTPCTR
This document describes the use of the Camellia
block cipher algorithm in the Secure Real-time Transport Protocol (SRTP) for providing
confidentiality for the Real-time Transport Protocol (RTP) traffic
and for the control traffic for RTP, the Real-time Transport Control
Protocol (RTCP).
This document describes the use of the Camellia
block cipher algorithm in the Secure Real-time Transport Protocol (SRTP)
for providing confidentiality for the Real-time Transport Protocol
(RTP) traffic and for the control traffic for RTP, the
Real-time Transport Control Protocol (RTCP) .
Camellia is a symmetric cipher with a Feistel structure. Camellia
was developed jointly by NTT and Mitsubishi Electric Corporation in
2000. It was designed to withstand all known cryptanalytic attacks,
and it has been scrutinized by worldwide cryptographic experts.
Camellia is suitable for implementation in software and hardware,
offering encryption speed in software and hardware implementations
that is comparable to Advanced
Encryption Standard (AES) .
Camellia supports 128-bit block size and 128-, 192-, and 256-bit key
lengths, i.e., the same interface specifications as the AES.
Therefore, it is easy to implement Camellia based algorithms by replacing the AES block
of AES based algorithms with a Camellia block.
Camellia already has been adopted by the IETF and other international standardization
organizations; in particular, the IETF has published specifications for the use of
Camellia with IPsec ,
TLS , S/MIME and
XML Security .
Camellia is one of the three ISO/IEC international standard
128-bit block ciphers (Camellia, AES, and SEED).
Camellia was selected as a recommended cryptographic
primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and
Encryption) project and was included in the list of
cryptographic techniques for Japanese e-Government systems that was
selected by the Japanese CRYPTREC (Cryptography Research and Evaluation
Committees) .
Since optimized source code is provided under several open source licenses
, Camellia is also adopted by several open source projects (OpenSSL, GnuTLS, FreeBSD, and Linux).
Camellia is also adopted by Mozilla and Camellia is ready for use with Firefox 3.0 released in June 2008.
The algorithm specification and object identifiers are described in .
The Camellia web site contains a wealth of information
about Camellia, including detailed specification, security analysis,
performance figures, reference implementation, optimized implementation, test vectors(TV), and intellectual property information.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" that
appear in this document are to be interpreted as described in .
All symmetric block cipher algorithms share common characteristics
and valuables, including mode, key size, weak keys, and block size.
Camellia algorithm is specified as well as AES, those relations are following:
The default transforms also are mandatory-to-implement transforms in
SRTP. Of course, "mandatory-to-implement" does not imply "mandatory-
to-use". Table 1 summarizes the pre-defined transforms. The default
values below are valid for the pre-defined transforms.
Table 1: Mandatory-to-implement and default transforms in
SRTP and SRTCP.
At the time of writing this document, there are no known weak keys
for Camellia.
Also, No security problem has been found on Camellia. Camellia is
secure against all known attacks including Differential cryptanalysis, linear
cryptanalysis, and related key attacks.
The security considerations in RFC 5289
apply to this document as well.
RFC 4568 defines SRTP "crypto suites";
In order to allow SDP to signal the use of the algorithms defined in
this document, IANA will register the following crypto suites into
the subregistry for SRTP crypto suites under the SRTP transport of
the SDP Security Descriptions:
&RFC4568;
&RFC3711;
&RFC3550;
&RFC2119;
&RFC3713;
&RFC4312;
&RFC3657;
&RFC4051;
&RFC4132;
Advanced Encryption Standard (AES)National Institute of Standards and TechnologyInformation technology - Security techniques - Encryption algorithms - Part 3: Block ciphersInternational Organization for StandardizationThe NESSIE project (New European Schemes for Signatures, Integrity and Encryption) Cryptography Research and Evaluation CommitteesInformation-technology Promotion Agency (IPA)JapanCamellia open source softwareCamellia web site