1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Scheduling in Web Server Clusters CS 260 LECTURE 3 From: IBM Technical Report.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.

CAPANINA Multimedia Applications Demo Specifications for Trial 1 Milan Lalovic Wireless Networks, BT Exact.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 25 Multimedia.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

Streaming Video over the Internet: Approaches and Directions Dapeng Wu, Yiwei Thomas Hou et al. Presented by: Abhishek Gupta

UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.

Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.

Quality of Service in IN-home digital networks Alina Albu 7 November 2003.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

LYU9802 Quality of Service in Wired/Wireless Communication Networks: Techniques and Evaluation Supervisor: Dr. Michael R. Lyu Marker: Dr. W.K. Kan Wan.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Protocols and Quality of Service CP4022 – Lecture 4.

Operating Systems Operating System Support for Continuous Media.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Multimedia Communications

Multimedia Communications Student: Blidaru Catalina Elena.

Investigation of Media Streaming Service in Secure Access Network Binod Vaidya Institute of Engineering Tribhuvan University Nepal

Computer Networking Quality-of-Service (QoS) Dr Sandra I. Woolley.

Integrated Services Advanced Multimedia University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot December 2010 December 2010.

End-to-end QoE Optimization Through Overlay Network Deployment Bart De Vleeschauwer, Filip De Turck, Bart Dhoedt and Piet Demeester Ghent University -

© 2006 Cisco Systems, Inc. All rights reserved. 3.3: Selecting an Appropriate QoS Policy Model.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.

VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.

Support Services & IP Multimedia Subsystem (IMS)

IntServ Introduction and Experience. Disclaimer Intent was to have an IntServ expert do this but due to scheduling conflicts and snafus that didn’t happen.

Chapter 5: Summary r principles behind data link layer services: m error detection, correction m multiple access protocols m link layer addressing, ARP.

1 How Streaming Media Works Bilguun Ginjbaatar IT 665 Nov 14, 2006.

Multimedia Over IP: RTP, RTCP, RTSP “Computer Science” Department of Informatics Athens University of Economics and Business Λουκάς Ελευθέριος.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 5: Configuring Access for Remote Clients and Networks.

A semi autonomic infrastructure to manage non functional properties of a service Pierre de Leusse Panos Periorellis Paul Watson Theo Dimitrakos UK e-Science.

MP 2: Audio/ Video Streaming

RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson.

Real Time Protocol (RTP) 김 준

Objectives Functionalities and services Architecture and software technologies Potential Applications –Link to research problems.

L.R.He, B.M.G. Cheetham Mobile Systems Architecture Group, Department of Computer Science, University of Manchester, Oxford Rd, M13 9PL, U.K.

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Applicazione del paradigma Diffserv per il controllo della QoS in reti IP: aspetti teorici e sperimentali Stefano Salsano Università di Roma “La Sapienza”

Streaming Media Control n The protocol components of the streaming n RTP/RTCP n RVSP n Real-Time Streaming Protocol (RTSP)

QuickTime The Joy of Streaming!. QuickTime Streaming Server Allows for real time delivery of media over a network. intranet internet Content can be prerecorded.

07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.

A Utility-based Approach to Scheduling Multimedia Streams in P2P Systems Fang Chen Computer Science Dept. University of California, Riverside

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Integration of QoS-enabled Distributed Object Computing Middleware for Developing Next- Generation Distributed Applications By Krishnamurthy et Al. Presented.

CSE5803 Advanced Internet Protocols and Applications (14) Introduction Developed in recent years, for low cost phone calls (long distance in particular).

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Network Security Introduction

Chapter 6 outline r 6.1 Multimedia Networking Applications r 6.2 Streaming stored audio and video m RTSP r 6.3 Real-time, Interactive Multimedia: Internet.

1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.

Summer School on Telecommunications Lappeenranta August Calypso: System Components and Tools for Media Distribution over Broadband Networks Calypso:

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Multimedia Communication Systems Techniques, Standards, and Networks Chapter 4 Distributed Multimedia Systems.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-00.

Virtual Private Networks

Chapter 25 Multimedia TCP/IP Protocol Suite

Design Unit 26 Design a small or home office network

By Krishnamurthy et Al. Presented by David Girsault

Quality-aware Middleware

Presentation transcript:

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001

2 Contents  Introduction  Research question  Technology overview  Design  Demonstrator  Evaluation  Conclusions & recommendations  Questions

3 Internet Introduction  Trends in multimedia delivery Increase in available multimedia content on the Internet: multimedia streaming Commercial multimedia services Quality cannot be guaranteed on the Internet: best-effort service Increasing interest in security ▬► Quality of Service ? ?  Context QuAM (Quality Aware Middleware)  Assignment Integrate security

4 Research question  How can security be integrated in a quality aware multimedia delivery platform that supports performance guarantees? What types of security? How to extend QuAM?

5 Technology overview (1/4)- Quality of service  best-effort quality cannot be guaranteed for overloaded network  performance QoS bandwidth reservation guarantees quality security QoS QoS is the run-time non-functional characteristics of a distributed system  QoS mechanisms realize performance and security aspects

6 Technology overview (2/4) - Performance  Performance QoS aspects: Bandwidth Latency Jitter  QoS mechanism: RSVP Admission control Claim of resources reservation no reservation

7 Technology overview (3/4) - Security  Security types Confidentiality Integrity Authenticity Authorization Visibility (anonimity) Availability  Secure network protocol needed Proprietary protocols IPsec Currently mainly used for VPNs (static configuration) But we need dynamic created secure links, because # Changing relationships # Control of resources

8 Technology overview (4/4) - Security & performance interactions  Security and performance conflict: RSVP cannot reserve bandwidth for IPsec flows Encryption costs computing capacity  However, solutions exist: RSVP support for IPsec data flows Resource management IPsec + reservation no reservation

9 Design (1/2) - Layers QoS support for multimedia delivery MM Applications Middleware Network & hosts Object RSVP IPsec QuAM

10 Client Design (2/2) - QuAM Architecture Media Consumer Media Producer Server Coordinator IPsecRSVP RSVP IPsec + RSVP support for IPsec data flows Resource agent

11 Demonstrator  The demonstrator is an example application created on top of the implementation.  The middleware is able to setup a secure path with resource reservations.  The user can select his quality of service without being aware of the underlying technologies.  Routers have been extended to support the combination of IPsec and RSVP.

12 Evaluation (1/3)  Requirements Confidentiality and integrity protection with authentication have to be supported for the multimedia data on the network. Performance (bandwidth) guarantees have to be supported. Performance enforcement may not be affected by security.  Evaluation Performance Network # RSVP Server CPU load # Admission function Security analysis CC (Common Criteria for Information Technology Security Evaluation)

13 Evaluation (2/3) - Performance  First step to model CPU usage CPU load is propertional to bandwidth requirements Different encryption algorithms have different requirements Admission function ∑ bw type ·c type ≤ Cap

14 Evaluation (3/3) - Security Client Router QuAM server running e.g.: middleware / webserver MM Server MM data (e.g. RTP protocol) 2MM control (e.g. RTSP) 3MM delivery quality feedback (e.g. RTCP) 4Resource reservation protocol (e.g. RSVP) 5Middleware communication (e.g. CORBA)  CC: Protection Profile TOE (Target of Evaluation) Assumptions Threats Objectives

15 Conclusions  Some security types can be succesfully offered to applications.  Low-level mechanisms are required to enforce QoS. These may interact however. The design and implementation take this into account.  Achievements Implementation of RFC 2247 (RSVP support for IPsec data flows) Reported and fixed various bugs for the RSVP daemon and the FreeBSD IPsec implementation.

16 Recommendations  Use of open standards and protocols  Security analysis: towards overall security  Support for authentication, authorization and billing  Resource modelling

17 Questions