This Recommendation describes enhancements within the framework of the H.3xx-Series Recommendations to incorporate security services such as Authentication and Privacy (data encryption). The proposed scheme is applicable to both simple point-to-point and multipoint conferences for any terminals which utilize Recommendation H.245 as a control protocol. For example, H.323 systems operate over packet-based networks which do not provide a guaranteed quality of service. For the same technical reasons that the base network does not provide QOS, the network does not provide a secure service. Secure real-time communication over insecure networks generally involves two major areas of concern - authentication and privacy. This Recommendation describes the security infrastructure and specific privacy techniques to be employed by the H.3xx-Series of multimedia terminals. This Recommendation will cover areas of concern for interactive conferencing. These areas include, but are not strictly limited to, authentication and privacy of all real-time media streams that are exchanged in the conference. This Recommendation provides the protocol and algorithms needed between the H.323 entities. This Recommendation utilizes the general facilities supported in Recommendation H.245 and as such, any standard which operates in conjunction with this control protocol may use this security framework. It is expected that, wherever possible, other H-Series terminals may interoperate and directly utilize the methods described in this Recommendation. This Recommendation will not initially provide for complete implementation in all areas, and will specifically highlight endpoint authentication and media privacy. This Recommendation includes the ability to negotiate services and functionality in a generic manner, and to be selective concerning cryptographic techniques and capabilities utilized. The specific manner in which they are used relates to systems capabilities, application requirements and specific security policy constraints. This Recommendation supports varied cryptographic algorithms, with varied options appropriate for different purposes; e. g. key lengths. Certain cryptographic algorithms may be allocated to specific security services (e. g. one for fast media stream encryption and another for signalling encryption). It should also be noted that some of the available cryptographic algorithms or mechanisms may be reserved for export or other national issues (e. g. with restricted key lengths). This Recommendation supports signalling of well-known algorithms in addition to signalling non-standardized or proprietary cryptographic algorithms. There are no specifically mandated algorithms; however, it is strongly suggested that endpoints support as many of the applicable algorithms as possible in order to achieve interoperability. This parallels the concept that the support of Recommendation H.245 does not guarantee the interoperability between two entities' codecs.
Số hiệu tiêu chuẩn
ITU-T H.235
Tên tiêu chuẩn
Security and encryption for H-Series (H.323 and other H.245-based) multimedia terminals
Ngày phát hành
1998-02-00
Từ khóa
Authenticity tests * Coding * Communication networks * Communications * Data security * Data transfer * Multimedia * Telecommunication * Telecommunications * Terminal devices