Presentation is loading. Please wait.

Presentation is loading. Please wait.

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Published byKeenan Caulfield Modified over 9 years ago

Similar presentations

Presentation on theme: "Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla."— Presentation transcript:

1 Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla

2 Key Ideas Security Framework NAT Traversal Extensibility Usage Models Pluggable DHT Forwarding Layer Multiple P2P Networks

3 Security Framework Two types of threats –Storage Attackers discard, modify, or alter data Attackers fill up the network with data Attackers overwrite data from other users –Routing Attackers discard messages Attackers misroute messages

4 Storage Security Authorization –Each locus/type pair is bound to a set of certificates valid for writing to that pair –Binding is defined by the usage Distributed Quota –Defined by usage Correctness –Integrity protection via signature –Timestamps for replay attacks

5 Routing Security Central Enrollment Server –Peer ID selected by enrollment server Help mitigate Eclipse –Rate limiting at enrollment server Help mitigate Sybil –Public/Private keys selected by UA, only public key disclosed to server All direct connections Mutual TLS authed

6 NAT Traversal CONNECT method used to establish transport layer connections for –ASP itself –SIP –Other things CONNECT and its response implement ICE –ICE usage defined in some detail Peers can act as STUN and TURN servers –Central STUN server used during bootstap –Users use central stun to guess at whether they are natted or not –If they can act as STUN or TURN, write into one of N different seeds, defined by size of DHT and density of STUN/TURN servers

7 Extensibility New attributes and commands –BGP-style treatment fields (mustUnderstand, mustReflect) for attributes Upgrading DHT entirely –Run parallel rings –Synchronize complete switchover through enrollment server over period of months

8 Usage Model Each usage defines a set of types –Each type defines Data structure (single value, set, dictionary, etc.) Access controls Size limits How to form seed Merging rules SIP Usage (AOR to contact mappin) Certificate Usage STUN Usage TURN Usage

9 Forwarding Layer Binary protocol Requests can be forward based on routing header only Label stacks –For responses: Via stack containing list of locally meaningful connection identifiers –For requests: Anonymity

10 Label Stacks: Responses 12345 PeerID: 5 Dst: Src: 1b 2c 1a 2a 2b 3c3a 3b 4c4a 4b 5a 5b PeerID: 5 Cxn: 2a PeerID: 5 Cxn: 3a Cxn: 2a PeerID: 5 Cxn: 3a Cxn: 2a Cxn: 4a Cxn: 3a Cxn: 2a Cxn: 4a Dst: Src: Request Response Cxn: 3a Cxn: 2a PeerID: 1

Download ppt "Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.

PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.

More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Similar presentations

Ads by Google