Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Published byMorgan Gordon Modified over 10 years ago

Similar presentations

Presentation on theme: "Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address."— Presentation transcript:

1 Secure Videoconferencing Jill Gemmill, UAB

2 Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address of gatekeeper/proxy, target, gateway No resource discovery – need to already know address of gatekeeper/proxy, target, gateway Non-existent or unreliable authentication (who is calling?) Non-existent or unreliable authentication (who is calling?) No authorization (all users have same access) No authorization (all users have same access) No security (eavesdropping) No security (eavesdropping)

3 Goal for Video Middleware Develop Middleware Strategies and Prototype Working Code for Develop Middleware Strategies and Prototype Working Code for FEDERATED (No Root Authority; multiple policy) FEDERATED (No Root Authority; multiple policy) SECURE (Authenticated Users; Ability to apply Usage policies; no eavesdropping) SECURE (Authenticated Users; Ability to apply Usage policies; no eavesdropping) VIDEOCONFERENCING (H.323 and SIP) Services VIDEOCONFERENCING (H.323 and SIP) Services

4 Who? VidMid-VC VidMid-VC Internet2 and ViDe Internet2 and ViDe I2 MACE (Middleware Architecture Committee for Education) I2 MACE (Middleware Architecture Committee for Education) Vendor representatives Vendor representatives International Organizations (SURFnet) International Organizations (SURFnet)

5 Desirable Outcomes 1.Perform directory lookup to find person and locate dialing information 2. Automatic configuration of underlying resources 3.Make use of existing authoritative directories of people/resources 4.Leverage authentication for encryption 5.Role-based authorization decisions 6.Work with established H.323 and SIP protocol standards

6 commObject: Directory Object Class commObject : communications Object Class commObject : communications Object Class Standardized schema for use in LDAP Directories Standardized schema for use in LDAP Directories Puts configuration information in a well- known location Puts configuration information in a well- known location

7 commObject (now ITU-T H.350) commObject commUniqueId commUniqueId commOwner commOwner commPrivate commPrivateh323Identity h323IdentityGKDomain h323IdentityGKDomain h323Identityh323-ID h323Identityh323-ID h323IdentitydialedDigits h323IdentitydialedDigits h323Identityemail-ID h323Identityemail-ID h323IdentityURL-ID h323IdentityURL-ID h323Identitytransport-ID h323Identitytransport-ID h323IdentitypartyNumber h323IdentitypartyNumber h323IdentitymobileUIM h323IdentitymobileUIM h323IdentityUid h323IdentityUid h323IdentityPassword h323IdentityPassword h323IdentityCertificate h323IdentityCertificate h323IdentityEndpointType h323IdentityEndpointType Enterprise Directory inetOrgPerson name address telephone email organization organizational unit commURI RFC 1274 userPassword

8 commObject can be used for: 1.White Pages Lookup: Look me up in UAB electronic phonebook, find my Phone, E- mail AND VC dialing information 2.Management: Push configuration down to endpoint/user agent 3.Authentication based on authoritative enterprise sources at home institution 4.Encryption

9 Security Mechanisms H.323/H.235 Annex D - Baseline Security Profile Annex D - Baseline Security Profile Hop-by-hop processing Hop-by-hop processing Password based security Password based security Annex E - Signature Security Profile Annex E - Signature Security Profile Certificate Based Security (PKI) Certificate Based Security (PKI) SIP End-to-end mechanisms End-to-end mechanisms Basic authentication Basic authentication Digest authentication Digest authentication Message body encryption using S/MIME Message body encryption using S/MIME Hop-by-hop mechanisms Hop-by-hop mechanisms Transport Layer Security (TLS) Transport Layer Security (TLS) IP Security (IPSec) IP Security (IPSec) The SIPS URI schema The SIPS URI schema

10 Non-Standard Credential Storage End Point Gatekeeper UserName=Jill Password=XYZ OK UserAgent PROXY UserName=Jill Password=XYZ OK H.323SIP Videoconferencing Credentials

11 commObject Credential Storage End Point Gatekeeper UserName=Jill Password=XYZ OK commObj UserName=Jill Password=XYZ Videoconferencing Credentials

12 Enterprise Authentication with CommObject End Point Gatekeeper UserName=Jill Password=XYZ OK LDAP commObj UserName=Jill Password=XYZ LDAP Person Videoconferencing Credentials EntID=JGemmill Password=54321 Enterprise Credentials EntID=JGemmill Password=54321 OK

13 Summary – Directory enabled videoconferencing provides 1.Global video address book (white pages) 2.Improved management tools for VC service operators (no more walking to desktops or giving phone instructions) 3.Universities already have directories of their faculty/staff/students, often used to authenticate – use them! 4.Role based authz: faculty can schedule the MCU 8:00-5:00; students at other times 5.Leverage LDAP-aware components for enterprise authn; identity credentials can unlock application credentials 6.Prototype software coming soon

14 Acknowledgement This material is based upon work supported by the National Science Foundation under Grant No. 0222710 June 2002-May 2004 This material is based upon work supported by the National Science Foundation under Grant No. 0222710 June 2002-May 2004 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation

15 National Science Foundation Middleware Initiative (NMI) http://www.nsf-middleware.org/ NMI Directory schema NMI Directory schema commObject object class commObject object class eduPerson, eduOrg object classes eduPerson, eduOrg object classes Best Practices: LDAP Recipe Best Practices: LDAP Recipe Software: Software: Pubcookie (intra-realm authentication Pubcookie (intra-realm authentication Shibboleth (inter-realm authorization) Shibboleth (inter-realm authorization) OpenSAML (attribute queries/assertions) OpenSAML (attribute queries/assertions)

Download ppt "Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Vidmid-vc: Middleware for Video Conferencing Services

Vidmid-vc: Middleware for Video Conferencing Services
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
CGUsipClientv1.1: Architecture and Demonstration Tarun Abhichandani Research Associate Network Convergence Lab Claremont Graduate University Claremont,

CGUsipClientv1.1: Architecture and Demonstration Tarun Abhichandani Research Associate Network Convergence Lab Claremont Graduate University Claremont,
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones Ken Klingenstein Director, Internet2 Middleware Initiative, Co-PI, NSF Middleware.

Internet2 Middleware and the NSF Middleware Initiative: Meeting Milestones Ken Klingenstein Director, Internet2 Middleware Initiative, Co-PI, NSF Middleware.
Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
19 July 2005UAB-IBM Life Sciences Mtg, Hawthorne Center UAB IT Academic Computing David L Shealy, Director Jill Gemmill, Asst. Director John-Paul Robinson,

19 July 2005UAB-IBM Life Sciences Mtg, Hawthorne Center UAB IT Academic Computing David L Shealy, Director Jill Gemmill, Asst. Director John-Paul Robinson,
Jill Gemmill 2004 H.350 (ITU-T Recommendation H.350 Directory Services Architecture for Multimedia) What and Why? Egon Verharen, SURFnet Jill Gemmill,

Jill Gemmill 2004 H.350 (ITU-T Recommendation H.350 Directory Services Architecture for Multimedia) What and Why? Egon Verharen, SURFnet Jill Gemmill,
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Real Time Communications Protocols and Applications Tyler Johnson Acting Director Telecommunications R&D.

Real Time Communications Protocols and Applications Tyler Johnson Acting Director Telecommunications R&D.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science 909-607-4651;

1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science ;
CGU SIP VC Client: Design, Architecture & Demo Dr. Samir Chatterjee Network Convergence Laboratory School of Information Science Claremont Graduate University.

CGU SIP VC Client: Design, Architecture & Demo Dr. Samir Chatterjee Network Convergence Laboratory School of Information Science Claremont Graduate University.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Similar presentations

Ads by Google