Presentation is loading. Please wait.

Presentation is loading. Please wait. : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006.

Similar presentations

Presentation on theme: " : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006."— Presentation transcript:

1 : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006

2 Agenda Introduction  INRIA  The project at INRIA  Access control with RADIUS Expected limitations and problems Future improvements

3 INRIA French National Institute for Research in Computer Science and Control Fundamental and applied research in various fields  Networking  Multimedia  Software security  Modeling living structures and mechanisms 5000 people in 6 locations

4 The project Started in late 2003, from an Internet2 organization initiative Aims to connect academic institutions with SIP Two prerequisites  A user e-mail to phone number mapping mechanism SIP address ~= email address  Integrate with an existing PBX to make non-SIP phones reachable Not necessarily IP enabled More than 250,000 people reachable  MIT, Harvard University, Yale,..

5 : target architecture

6 at INRIA DNS SRV records to our SIP proxy SIP proxy : OpenSER version 1.0.1 Directory : OpenLDAP  Gathers the information for all INRIA members SIP PBX gateway : Asterisk + Cisco router  12 channels to the existing PBX PBX : TENOVIS

7 at INRIA : the picture

8 Available services “” URIs that map with regular E.164 extensions at INRIA  Accessible to anyone from the Internet “” URIs, to call external E.164 extensions  Restricted to INRIA’s members RADIUS based access control

9 Sample call flow to a numeric extension To initiate a call to PSTN extension 0123456789, Alice types “ " into her SIP user agent (UA);  DNS SRV query  Sent to INRIA’s SIP proxy The proxy detects a numeric extension, and triggers the RADIUS authentication process The proxy re-writes the INVITE to INVITE, which it sends to the Asterisk server; Asterisk rings extension 0123456789 through the PSTN gateway and PBX.

10 SIP and RADIUS : user password storage Two alternatives  Clear text format Insecure Regular authentication database cannot be used  Digest-HA1: MD5(username:realm:password) User password is kept opaque to the admin Stored information is still sensitive Regular authentication database cannot be used

11 The key role of OpenSER Call processing logic  Not that easy to handle but powerful Modular software architecture Many database/protocols connectors  RADIUS, SQL, Jabber,.. External scripting integration  In our architecture, the LDAP information retrieval process is a shell script launched by OpenSER

12 Expected limitations and problems NAT issues SPIT (SPam over IP Telephony)  Use inter-domain TLS? OpenSER already addresses those issues

13 Future improvements Enable RADIUS authorization by implementing group checking Integrate with our Jabber based IM - presence solution Already possible with OpenSER

Download ppt " : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006."

Similar presentations

Ads by Google