Enhancing ZRTP by using Computational Puzzles

In this paper we present and discuss a new approach for securing multimedia communication, which is based on three innovations. The first innovation is the integration of a challenge-response scheme for enhancing the Diffie-Hellman based ZRTP protocol. When being called, a callee must present the result of a computational puzzle (a “token”) within a short amount of time. A Man-in-the-Middle (MitM) would not be able to compute such a token within the required time, and thus fail to get into the media path. The scheme works best in situations when ZRTP is most vulnerable to so-called Mafia Attacks, i.e., if both caller and callee do not know each other. The second innovation complements the first one on those occasions where the above scheme may fail. The call is delayed for a certain amount of time which depends on the agreed session key. Since during a MitM attack two different keys (and thus waiting times) exist, caller and callee would not start their call at the same time and the MitM attack would fail. The third innovation is in the definition of a new computational puzzle which forms the basis of the challenge-response scheme. We propose a computational puzzle which is based on computing selected eigenvectors of real symmetric matrices. In contrast to existing puzzles, the one we propose does not rely on a shared secret, can be validated quickly, and existing solution methods exhibit limited scalability so that the threat from attacks based on massively parallel computing resources can be controlled.