Options for securing UDP Traffic

I'm looking for options for securing开发者_如何学JAVA UDP traffic (mainly real-time video) on a wireless network (802.11). Any suggestions apart from Datagram Transport Layer Security (DTLS)?

Thanks.

You must be more clear about the attacks you are trying to defend against. For instance if your only concern is spoofing then you can use a Diffie–Hellman key exchange to transfer a secret between 2 parties. Then this secret can be used to generate an Message Authentication Code for each packet.

If you need any more protection I strongly recommend using DTLS. It should be noted that all TLS/SSL connections can be resumed so you can cut down on the number of handshakes. Also, certificates are free.

Are you trying to wrap an existing application or writing your own? What client server setup do you have? Do you want to prevent snooping or tampering?

I am assuming here that you

• are developing an application
• are trying to prevent snooping
• have access to client and server.

The simple approach is to use any off the self strong encryption. To prevent tampering use any signing algorithm with a private/public key scheme. You can use the same key pair for encryption and authentication.

The drawback of this approach is that it is on layer 7 and you have to do most of the work on your own. On the other hand, DTLS is a viable option...

Have you considered IPSEC? This article provides some good guidance on when and when not to use it.

You can look into ssh with port forwarding. That comes at the cost of maintaining a TCP connection over which the UDP traffic can be secured.