On Saturday, I gave a presentation and demo of ZRTP at Hackfest 2013, organized by the Washington University in St. Louis chapter of ACM (Association of Computing Machinery) .
A group of about 60 undergrads had gathered in Urbauer 211 to learn about hacking and try it out. I gave a short presentation about ZRTP, the media path keying protocol for SRTP invented by Phil Zimmermann.
I was fortunate to serve as the editor of the ZRTP specification, which was published as RFC 6189 two years ago. I showed how ZRTP allows users to detect the presence of a MitM (Man in the Middle) attacker by checking the Short Authentication String.
Here is a PDF of my presentation.
Then I used the Jitsi open source voice, video, & chat application to demo ZRTP. Emil Ivov, founder and chief developer at Jitsi answered my ZRTP call, and we checked the SAS. The sequence of steps used to secure the voice & video session is shown in this animated GIF.
Afterwards, I gave away a copy of Counting from Zero, my technothriller that incorporates elements of ZRTP, hacking, exploits, and zero-day attacks.
We then spent the rest of the afternoon playing with Metasploit on an isolated network of virtual Windows machines. It was an interesting day. Just like at IETF meetings, the biggest excitement of the afternoon was when the cookies arrived!
Perhaps at next year’s session, we can try out VoIP hacking tools such as SIPvicious!