1. Pervasive Pixels Network Services
Angelos Keromytis
Jason Nieh
Henning Schulzrinne
Dept. of Computer Science
Columbia University

2. Pervasive Pixels - NSF site visit
Overview
Enabling interactive communications
mobility
user creation of services
event notification
interaction with legacy telephone system
Access control and privacy
System monitoring and management
Pervasive Pixels - NSF site visit
11/28/2018

3. Pervasive Pixels integrates...
Chime for cooperation on a spatial communications metaphor
CINEMA for
unified synchronous & asynchronous communications
interoperation with telephone system
Virtual Display System Architecture for application sharing
KX for system monitoring
Pervasive Pixels - NSF site visit
11/28/2018

4. Pervasive Pixels - NSF site visit
Mobility
today: terminal mobility = same terminal, different networks
Pervasive Pixels:
personal mobility = same person, different terminals (seq. & parallel), different sessions
session mobility = move on-going sessions between terminals
e.g., mobile PDA and public display
Pervasive Pixels - NSF site visit
11/28/2018

5. User creation of services
control reachability:
how, by whom, when, where, what format
classical telecom: carrier provides small menu of services
CINEMA: user-created services
cgi (web-like scripting)
CPL (XML rule set)
Java servlets
active (application-layer) networks – filters installed remotely
Pervasive Pixels - NSF site visit
11/28/2018

6. Pervasive Pixels - NSF site visit
Event notification
Fundamental abstraction
but only approximated in Internet today:
– asynchronous delivery
web – “pull’’ (poll) only
presence – people events only
In Pervasive Pixels, pursuing several models:
Siena-based content filtering
SIP-based inter-domain notification
working on IETF standardization (SIMPLE)
Pervasive Pixels - NSF site visit
11/28/2018

7. Interaction with legacy telephone system
Need to be able to interwork with
cell & landline phones
combinations of PSTN and Internet connectivity, e.g.,
video, collaboration, status via laptop (Internet),
audio via phone
Will use departmental PBX + gateway
Pervasive Pixels - NSF site visit
11/28/2018

8. CINEMA – Columbia Internet Extensible Multimedia Architecture
CINEMA = set of servers and services that support Session Initiation Protocol (SIP)
Internet standard co-developed by PI
services:
audio/video conferencing
unified messaging
conference recording
VoiceXML voice control interface for interaction via phone
protocol conversion H SIP
Pervasive Pixels - NSF site visit
11/28/2018

9. Pervasive Pixels - NSF site visit
CINEMA components
Cisco 7960
MySQL
user database
sipconf
rtspd
LDAP server
plug'n'sip
conferencing
RTSP
server
media
(MCU)
server
wireless
sipd
802.11b
RTSP
proxy/redirect server
unified
messaging
Pingtel
server
Nortel
Cisco
sipum
Meridian
2600
VoiceXML
PBX T1
server T1
SIP
sipvxml
PhoneJack interface
sipc
SIP-H.323
converter
sip-h323
Pervasive Pixels - NSF site visit
11/28/2018

10. Virtual display system architecture
serve applications across a network
X11, Citrix, SunRay: static
cross-platform, application-independent
adaptive applications
bandwidth availability
end-system compute power
proxy services
integration with conferencing
Pervasive Pixels - NSF site visit
11/28/2018

11. System monitoring and management
Kinesthetics eXtreme (KX)
monitor interplay of Pervasive Pixel components
using Siena event notification systems
Pervasive Pixels - NSF site visit
11/28/2018

12. Pervasive Pixels - NSF site visit
Security
Mechanisms:
Security of communications: standard security protocols (SSL, IPsec)
Security of stored data: NFS over IPsec, DisCFS
Privacy (presence, other information)
Physical access control: swipe card readers, proximity badges
Pervasive Pixels - NSF site visit
11/28/2018

13. Security – authentication
multiple authentication and identification mechanism:
swipe card
fingerprint
i-button ring
IR/RF badge
radio location
Pervasive Pixels - NSF site visit
11/28/2018

14. Pervasive Pixels - NSF site visit
Security
With mechanisms in place, we need policies to control them
Ease of configuration
Flexibility
Pervasive Pixels - NSF site visit
11/28/2018

15. Pervasive Pixels - NSF site visit
Trust management (TM)
Application-independent mechanism for specifying and evaluating application-specific policies
Policies can be expressed in terms of credentials (certificates with additional information)
KeyNote is an instance of a TM system
Efficient policy compliance checking
Delegation inherent in the system -> decentralized management
Pervasive Pixels - NSF site visit
11/28/2018

16. Pervasive Pixels - NSF site visit
Sample KeyNote Policy
Authorizer: "POLICY"
Licensees: Henning (public key)
Conditions: app_domain == "web access control" &&
date >= " " && date <= " " &&
web_server == " &&
url ~= "^/people/hgs/.*" &&
(encryption_algorithm == "3DES" ||
encryption_algorithm == "AES") -> "permit";
Pervasive Pixels - NSF site visit
11/28/2018

17. Sample KeyNote credential
Authorizer: Henning (public key)
Licensees: Kathy (public key)
Conditions: app_domain == "web access control" &&
date >= " && date <= " &&
web_server == " &&
url = "/people/hgs/for_kathy.html" -> "permit";
Signature: Signer by Henning's public key
Pervasive Pixels - NSF site visit
11/28/2018

18. Access control with KeyNote
Embedded in IPsec (IKE), SSL (module for Apache)
part of the DARPA-funded STRONGMAN project
work in progress on DisCFS
fine-grained access control on remote files using credentials
Used for server-based or P2P file sharing
Extensible to other applications/protocols (e.g., interacting users in virtual worlds, privacy considerations)
Abstraction layer on top of KeyNote to make configuration easier for end-users
Pervasive Pixels - NSF site visit
11/28/2018

19. On-going work in security
Integration between KeyNote and CPL
Token- and biometrics-based credentials
i-button
fingerprint recognition
voice recognition
IR+RF badges
Pervasive Pixels - NSF site visit
11/28/2018