Options for securing UDP Traffic

Question

I'm looking for options for securing UDP traffic (mainly real-time video) on a wireless network (802.11). Any suggestions apart from Datagram Transport Layer Security (DTLS)?

Thanks.

Answer 1

Are you trying to wrap an existing application or writing your own? What client server setup do you have? Do you want to prevent snooping or tampering?

I am assuming here that you

• are developing an application
• are trying to prevent snooping
• have access to client and server.

The simple approach is to use any off the self strong encryption. To prevent tampering use any signing algorithm with a private/public key scheme. You can use the same key pair for encryption and authentication.

The drawback of this approach is that it is on layer 7 and you have to do most of the work on your own. On the other hand, DTLS is a viable option...

Answer 2

Have you considered IPSEC? This article provides some good guidance on when and when not to use it.

Answer 3

You must be more clear about the attacks you are trying to defend against. For instance if your only concern is spoofing then you can use a Diffie–Hellman key exchange to transfer a secret between 2 parties. Then this secret can be used to generate an Message Authentication Code for each packet.

If you need any more protection I strongly recommend using DTLS. It should be noted that all TLS/SSL connections can be resumed so you can cut down on the number of handshakes. Also, certificates are free.

Answer 4

You can look into ssh with port forwarding. That comes at the cost of maintaining a TCP connection over which the UDP traffic can be secured.