Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006.

Similar presentations


Presentation on theme: "SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006."— Presentation transcript:

1 SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006

2 Agenda Introduction  INRIA  The SIP.edu project SIP.edu at INRIA  Access control with RADIUS Expected limitations and problems Future improvements

3 INRIA French National Institute for Research in Computer Science and Control Fundamental and applied research in various fields  Networking  Multimedia  Software security  Modeling living structures and mechanisms 5000 people in 6 locations

4 The SIP.edu project Started in late 2003, from an Internet2 organization initiative Aims to connect academic institutions with SIP Two prerequisites  A user to phone number mapping mechanism SIP address ~= address  Integrate with an existing PBX to make non-SIP phones reachable Not necessarily IP enabled More than 250,000 people reachable  MIT, Harvard University, Yale,..

5 SIP.edu : target architecture

6 SIP.edu at INRIA DNS SRV records to our SIP proxy SIP proxy : OpenSER version Directory : OpenLDAP  Gathers the information for all INRIA members SIP PBX gateway : Asterisk + Cisco router  12 channels to the existing PBX PBX : TENOVIS

7 SIP.edu at INRIA : the picture

8 Available services URIs that map with regular E.164 extensions at INRIA  Accessible to anyone from the Internet URIs, to call external E.164 extensions  Restricted to INRIA’s members RADIUS based access control

9 Sample call flow to a numeric extension To initiate a call to PSTN extension , Alice types “ " into her SIP user agent (UA);  DNS SRV query  Sent to INRIA’s SIP proxy The proxy detects a numeric extension, and triggers the RADIUS authentication process The proxy re-writes the INVITE to INVITE which it sends to the Asterisk server; Asterisk rings extension through the PSTN gateway and PBX.

10 SIP and RADIUS : user password storage Two alternatives  Clear text format Insecure Regular authentication database cannot be used  Digest-HA1: MD5(username:realm:password) User password is kept opaque to the admin Stored information is still sensitive Regular authentication database cannot be used

11 The key role of OpenSER Call processing logic  Not that easy to handle but powerful Modular software architecture Many database/protocols connectors  RADIUS, SQL, Jabber,.. External scripting integration  In our SIP.edu architecture, the LDAP information retrieval process is a shell script launched by OpenSER

12 Expected limitations and problems NAT issues SPIT (SPam over IP Telephony)  Use inter-domain TLS? OpenSER already addresses those issues

13 Future improvements Enable RADIUS authorization by implementing group checking Integrate with our Jabber based IM - presence solution Already possible with OpenSER


Download ppt "SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006."

Similar presentations


Ads by Google