Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
PPSP Tracker Protocol draft-gu-ppsp-tracker-protocol PPSP WG IETF 82 Taipei Rui Cruz (presenter) Mário Nunes, Yingjie Gu, Jinwei Xia, David Bryan, João.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker : Wenping Zhang date :
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
The HIP-HOP proposal draft-matthews-p2psip-hip-hop-00 Philip Matthews
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
SIP Connection Reuse Efficiency Rohan Mahy—Airespace
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services BY Sai kamal neeli AVINASH THOTA.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.
Interactive Connectivity Establishment : ICE
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli.
ID-LOC Proposal Philip Matthews Eric Cooper Alan Johnston Avaya With contributions from Cullen Jennings, David Bryan, and Bruce Lowekamp.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
1 Example security systems n Kerberos n Secure shell.
SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
1 Authentication Celia Li Computer Science and Engineering York University.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
HIP-Based NAT Traversal in P2P-Environments
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
IT443 – Network Security Administration Instructor: Bo Sheng
Jonathan Rosenberg dynamicsoft
Cryptography and Network Security
Prepared By : Pina Chhatrala
Authentication Applications
Understand Networking Services
P2P-SIP Using an External P2P network (DHT)
* Essential Network Security Book Slides.
Peer-to-Peer Protocol (P2PP)
Securing the CASP Protocol
draft-bryan-sipping-p2p
Presentation transcript:

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla

Key Ideas Security Framework NAT Traversal Extensibility Usage Models Pluggable DHT Forwarding Layer Multiple P2P Networks

Security Framework Two types of threats –Storage Attackers discard, modify, or alter data Attackers fill up the network with data Attackers overwrite data from other users –Routing Attackers discard messages Attackers misroute messages

Storage Security Authorization –Each locus/type pair is bound to a set of certificates valid for writing to that pair –Binding is defined by the usage Distributed Quota –Defined by usage Correctness –Integrity protection via signature –Timestamps for replay attacks

Routing Security Central Enrollment Server –Peer ID selected by enrollment server Help mitigate Eclipse –Rate limiting at enrollment server Help mitigate Sybil –Public/Private keys selected by UA, only public key disclosed to server All direct connections Mutual TLS authed

NAT Traversal CONNECT method used to establish transport layer connections for –ASP itself –SIP –Other things CONNECT and its response implement ICE –ICE usage defined in some detail Peers can act as STUN and TURN servers –Central STUN server used during bootstap –Users use central stun to guess at whether they are natted or not –If they can act as STUN or TURN, write into one of N different seeds, defined by size of DHT and density of STUN/TURN servers

Extensibility New attributes and commands –BGP-style treatment fields (mustUnderstand, mustReflect) for attributes Upgrading DHT entirely –Run parallel rings –Synchronize complete switchover through enrollment server over period of months

Usage Model Each usage defines a set of types –Each type defines Data structure (single value, set, dictionary, etc.) Access controls Size limits How to form seed Merging rules SIP Usage (AOR to contact mappin) Certificate Usage STUN Usage TURN Usage

Forwarding Layer Binary protocol Requests can be forward based on routing header only Label stacks –For responses: Via stack containing list of locally meaningful connection identifiers –For requests: Anonymity

Label Stacks: Responses PeerID: 5 Dst: Src: 1b 2c 1a 2a 2b 3c3a 3b 4c4a 4b 5a 5b PeerID: 5 Cxn: 2a PeerID: 5 Cxn: 3a Cxn: 2a PeerID: 5 Cxn: 3a Cxn: 2a Cxn: 4a Cxn: 3a Cxn: 2a Cxn: 4a Dst: Src: Request Response Cxn: 3a Cxn: 2a PeerID: 1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.