RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli.

Slides:



Advertisements
Similar presentations
Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Advertisements

Virtual Private Networks (VPNs)
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPv4 - The Internet Protocol Version 4
Kademlia: A Peer-to-peer Information System Based on the XOR Metric.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
Draft-bryan-sipping-p2p David Bryan IETF 63, Paris August 3, 2005.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 K. Salah Module 5.2: Internet Protocol CO vs. CL protocols IP Features –Fragmentation –Routing IP Datagram Format IPv6.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 5 The Network Layer.
IP Addressing: introduction
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Chapter 8 Web Security.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
1 CMPT 471 Networking II ICMP © Janice Regan, 2012.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
David A. Bryan, PPSP Workshop, Beijing, China, June 17th and 18th 2010 Tracker Protocol Proposal.
PPSP Tracker Protocol draft-gu-ppsp-tracker-protocol PPSP WG IETF 82 Taipei Rui Cruz (presenter) Mário Nunes, Yingjie Gu, Jinwei Xia, David Bryan, João.
P2PSIP Charter Proposal Many people helped write this charter…
NAT Traversal Speaker: Chin-Chang Chang Date:
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Border Gateway Protocol
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
The HIP-HOP proposal draft-matthews-p2psip-hip-hop-00 Philip Matthews
Problems in using HIP for P2PSIP Philip Matthews Avaya
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
Requirements for Peer protocol draft-jiang-p2psip-peer-protocol-requirement-00.txt Jiang XingFeng (Johnson) P2PSIP WG, IETF #68.
The NAT Traversal Problem in P2PSIP Bruce Lowekamp (SIPeerior) Philip Matthews (Avaya)
Network Security Celia Li Computer Science and Engineering York University.
The eXtensible Peer Protocol (XPP) Emil Ivov - Enrico Marocco –
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
Draft-ietf-p2psip-base-08 Cullen Jennings Bruce Lowekamp Eric Rescorla Salman Baset Henning Schulzrinne March 25, 2010.
Doc.: Submission February 5, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
ID-LOC Proposal Philip Matthews Eric Cooper Alan Johnston Avaya With contributions from Cullen Jennings, David Bryan, and Bruce Lowekamp.
Peer-to-Peer Protocol (P2PP) Salman Baset, Henning Schulzrinne Columbia University.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.
IPv4 IPv4 The Internet Protocol version 4 (IPv4) is the delivery mechanism used by the TCP/IP protocols. Datagram Fragmentation Checksum Options Topics.
CDNI URI Signing (draft-leung-cdni-uri-signing-01) CDNI Working Group IETF 85 Atlanta, Georgia November 8, 2012 Kent Leung
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
IP - The Internet Protocol
IP - The Internet Protocol
Peer-to-Peer Protocol (P2PP)
OAuth Design Team Call 11th February 2013.
Jiang XingFeng (Johnson) P2PSIP WG, IETF #68
draft-bryan-sipping-p2p
Today: Distributed File Systems
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Kademlia: A Peer-to-peer Information System Based on the XOR Metric
Presentation transcript:

RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli

What is RELOAD? Evolved from dSIP Implemented protocol Security mechanism NAT traversal support Multiple DHT algorithms

Overview Lightweight, extensible Fast routing Lightweight header TLV (based on STUN) used in body Minimal assumptions in base protocol  Method range reserved for DHT algorithms  Attribute range reserved for DHT and security NAT traversal support for applications (Open/Tunnel)

Pluggable DHTs Base protocol does not specify which DHT, two written: Chord Bamboo Must provide: isResponsible(ID) Build routing table DHT-specific attributes and methods

Message Structure Fixed header Version compatibility State machine Route based on fixed length and offset Body: attributes TLV-encoded Can occur multiple times “Types” can be recursive Fragmentation supported

Header Key Points: Nothing else needed to route Two lines confirm compatibility Method and TID for routing and processing | R | E | L | O | | | |F|L| | | TTL | Routing |R|F|x x x x x x x x x x x x x x| | | |A|R| | | | |G|G| | |E| | | | | |X| Version | DHT | Hash | Security | |P| | | | | |R| | | |/| Method | Length | |r| | | | | | Destination ID | | | | | | Source ID | | | | Transaction ID | | Overlay |

Message Attributes and Types Body consists entirely of TLV attributes Nested attributes are allowed Peer-Info contains Peer-ID, Name, and IP- Port information Same structures used for different attributes Both Source-Info and Redirect use the Peer-Info structure

Using Signatures Three forms of security None, HMAC, Certificates Signatures are used to Ensure end-to-end message integrity Ensure integrity of components  no transitive trust Signature applies to all previous attributes at the same level or below entire message single Peer-Info

What Signatures Protect Certificates granted on enrollment Authorize a range of PeerIDs Authorize particular resources Signatures remain with peer and resource data A subversive peer Cannot choose PeerID Can drop messages Can return Not Found Can return unexpired but replaced registrations Most attacks handled by replication and parallel searches

What a message looks like Version: 0x01 Method: 0x11 DHT: 0x0 Security: 0x03 Hash: 0x0 Source ID: 463ac413c4 Destination ID: a6c5927a Attributes SOURCE-INFO: PEER-ID: 463ac413c4 PEER-IP-PORT: :5060 PEER-CERT: 23d PEER-EXPIRATION: 300 PEER-SIGNATURE: TIMESTAMP: DIGEST: 00acf2… … RESOURCE: RESOURCE-INFO.KEY: RESOURCE-INFO.BODY: RESOURCE-INFO.BODY.ENTRY: RESOURCE-INFO.BODY.EXPIRATION: 300 RESOURCE-INFO.BODY.PARAMETER: RESOURCE-INFO.BODY.PARAMETER.KEY: type RESOURCE-INFO.BODY.PARAMETER.OP: 0x1 RESOURCE-INFO.BODY.PARAMETER.VALUE: voice RESOURCE-INFO.BODY.PEER-INFO: PEER-ID: 463AC413C4 RESOURCE-INFO.BODY.SIGNATURE: TIMESTAMP: DIGEST: 3037e... RESOURCE-INFO.BODY RESOURCE-INFO.BODY.ENTRY: RESOURCE-INFO.BODY.EXPIRATION: RESOURCE-INFO.BODY.PARAMETER: RESOURCE-INFO.BODY.PARAMETER.KEY: type RESOURCE-INFO.BODY.PARAMETER.OP: 0x1 RESOURCE-INFO.BODY.PARAMETER.VALUE: voic RESOURCE-INFO.BODY.SIGNATURE: TIMESTAMP: DIGEST: 5f271b1... RESOURCE-INFO.BODY RESOURCE-INFO.BODY.CERTIFICATE: 23d SIGNATURE TIMESTAMP: DIGEST: f7a155b0…

NAT Traversal TRANSPORT-OPEN Use overlay for control connection for ICE SDP determines type of connection  open to other encodings TRANSPORT-TUNNEL Route messages across overlay SIP, RELOAD, etc Solution for peers joining from behind NATs and secured client protocol

Peer-Info PEER-INFO: PEER-ID PEER-NAME PEER-IP-PORT PEER-EXPIRATION PEER-CERTIFICATE PEER-SIGNATURE

Resource-Info RESOURCE-INFO: KEY BODY  ENTRY  PARAMETER  EXPIRATION  SIGNATURE  PEER-INFO  CERTIFICATE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.