LbyV and LbyR Henning Schulzrinne. Definition LbyR –Consumers (recipients) of location information resolves URL and obtains location value LbyV –Target.

Slides:

Advertisements

Similar presentations

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

Advertisements

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.

SIP Security Matt Hsu.

Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.

SIMPLEStone – A presence server performance benchmarking standard SIMPLEStone – A presence server performance benchmarking standard Presented by Vishal.

ORBIT NSF site visit - July 14, Location-based Services & data propagation in ORBIT Henning Schulzrinne Dept. of Computer Science.

Agenda Introduction to 3GPP Introduction to SIP IP Multimedia Subsystem Service Routing in IMS Implementation Conclusions.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

4 August 2005draft-burger-simple-imdn-011 Instant Message Delivery Notification (IMDN) for Presence and Instant Messaging (CPIM) Messages draft-burger-simple-imdn-01.

Location Hiding: Problem Statement, Requirements, (and Solutions?) Richard Barnes IETF 71, Philadelphia, PA, USA.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

-framework Brian Rosen. -11 version deals with IESG comments All comment resolved one way or another One open issue – spec(t)

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

MESSAGE ORIENTED MODEL (MOM). Slide 2CITE 4420 Message Oriented Model Message-Oriented Model (MOM)

1 Location Hiding Henning Schulzrinne Laura Liess Hannes Tschofenig.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

Presented By Team Netgeeks SIP Session Initiation Protocol.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept

1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.

November 2006IETF67 - GEOPRIV1 A Location Reference Event Package for the Session Initiation Protocol (SIP) draft-schulzrinne-geopriv-locationref-00 Henning.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.

IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?

KAIS T AO2P: Ad Hoc On-Demand Position- Based Private Routing Protocol IEEE Transactions on Mobile Computing Vol.4, No. 3, May 2005 Xiaoxin Wu

I know SIP works, but why does it not work with _____________? Ensuring Interoperability Sean Rivers 2/1/2011.

Chapter 9 Networking & Distributed Security (Part C)

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

CCSDS Security Working Group Application Layer Security Discussion Mike Pajevski NASA/JPL October 2008.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece

RFC3261 (Almost) Robert Sparks. SIPiT 10 2 Status of the New SIP RFC Passed IETF Last Call In the RFC Editor queue Author’s 48 hours review imminent IMPORTANT:

A Lightweight Scheme for Securely and Reliably Locating SIP Users Lei Kong Vijay A. Balasubramaniyan Mustaque Ahamad.

W3C Workshop on Languages for Privacy Policy Negotiation and Semantics- Driven Enforcement Report Hannes Tschofenig IETF 67, San Diego, November 2006.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

BGP Validation Russ White Rule11.us.

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

ECRIT - IETF 62 (March 2005) - Minneapolis 1 Requirements for Emergency Calling draft-schulzrinne-sipping-emergency-req-01 draft-ietf-sipping-sos-01 Henning.

RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-03 Henning Schulzrinne March 2007 IETF68 - GEOPRIV.

Security Services for

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-03 Henning Schulzrinne March 2007 IETF68 - GEOPRIV.

BINDing URIs to SIP AORs

Presentation transcript:

LbyV and LbyR Henning Schulzrinne

Definition LbyR –Consumers (recipients) of location information resolves URL and obtains location value LbyV –Target (or proxy) inserts & delivers location value to all or some consumers in signaling path LbyV-plain: as-is –accessibility the same as carrying protocol (say, SIP) LbyV-SMIME: encapsulated in S/MIME –Targeted to one (logical) receiver

Scenarios LIS V or R LoST V V or R

Issues Insertion Updates if target moving Size/overhead Mid-stream insertion Privacy policies Reliability Security –Encryption –Integrity

Insertion LbyV –Can be inserted by end system –Can be inserted by proxy Via data: URL in header LbyR –Same Via header addition Same issues for privacy policies

Privacy policies Whenever LO is generated by third party, unclear how in-band privacy policies are configured –generator may not know intended use (pizza delivery vs. emergency call) Issue for LbyR or LbyV proxy-insertion –may be solvable by configuration mechanism

Updates for moving targets LbyV –Target has to push (UPDATE, re-INVITE) But it knows when location has changed significantly May be difficult if inserted by proxy LbyR –Receiver polls LIS or subscribes to LIS or target Polling: may not know when location is changing

Reliability LbyR –Recipient needs protocol transaction to get LO –Thus, two points of failure Impact on reliability depends on relative failure probabilities of the two parts LbyV –“fate sharing”: no signaling without location –Thus, one point of failure

Overhead LIS likely close to target Details depend on assumptions –Cost of one hop is constant or distance-dependent LbyR: Each retrieval one additional protocol exchange –With headers, TCP setup, TLS, as applicable LbyV: –Additional LO in message

Access control LbyR –Anybody who has access to reference –Unless desired recipient has a security relationship with LIS AND rule maker can access authorization upload policies to LIS LbyV –Anybody who has access to value –Unless Target can encrypt value for recipient –Single target: S/MIME, encrypted with recipient’s public key