Presentation is loading. Please wait.

Presentation is loading. Please wait.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Published byJaden Bruce Modified over 10 years ago

Similar presentations

Presentation on theme: "Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of."— Presentation transcript:

1 Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of Technology March 25, 2003 ViDe 5 th Workshop

2 Caltech Proprietary Outline VRVS view on videoconferencing security VRVS view on videoconferencing security Security features in VRVS 3.0 and future Security features in VRVS 3.0 and future

3 Caltech Proprietary VRVS View of Videoconferencing Security A. Network level security (support videoconferencing over firewall, NAT) B. Global collaboration session security (user authentication/ authorization, media encryption)

4 Caltech Proprietary Current Industrial Solution Full Proxy Full Proxy Proxy IP call into 2 different call, private network call proxy and proxy call public network Application Level Gateways (ALG) Application Level Gateways (ALG) Programmed firewall with knowledge on specific IP protocol such as H.323 and SIP DMZ MCU DMZ MCU MCU in demilitarized zone Problem : very complex to implement and not scalable Problem : very complex to implement and not scalable

5 Caltech Proprietary VRVS Proposed Solution Allow any videoconferencing clients behind firewall/NAT to join world wide session Allow any videoconferencing clients behind firewall/NAT to join world wide session Highly scalable Highly scalable Easy or zero configuration for end user Easy or zero configuration for end user Minimize the influence on real-time performance Minimize the influence on real-time performance

6 Caltech Proprietary Security Features in VRVS 3.0 Network Security: Many VRVS reflectors are installed behind firewall or in DMZ Many VRVS reflectors are installed behind firewall or in DMZ Solution for private network with highest security firewall by initializing TCP connection from inside Solution for private network with highest security firewall by initializing TCP connection from inside Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Solution for host behind NAT Solution for host behind NAT

7 Caltech Proprietary Session security: User authentication : Each VRVS user need to registered with username/password linked to email. User authentication : Each VRVS user need to registered with username/password linked to email. Password is encrypted during transfer and within DB. Password is encrypted during transfer and within DB. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Community level access control. Community level access control. Password protected Virtual Room. Password protected Virtual Room. Monitoring and enable/disable connected host. Monitoring and enable/disable connected host. All the participants in current session are list. All the participants in current session are list. Security Features in VRVS 3.0

8 Caltech Proprietary Proposed and Ongoing VRVS Security R&D To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Certificates on VRVS registered users Certificates on VRVS registered users Assign VRVS registered users with more delicate access control level on network resource Assign VRVS registered users with more delicate access control level on network resource

Download ppt "Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of."

Similar presentations

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Caltech Proprietary VRVS 3.0 and VRVS AG GATEWAY Connect to AG Virtual Venues through VRVS from Anywhere World-Wide VRVS 3.0 and VRVS AG GATEWAY Connect.

Caltech Proprietary VRVS 3.0 and VRVS AG GATEWAY Connect to AG Virtual Venues through VRVS from Anywhere World-Wide VRVS 3.0 and VRVS AG GATEWAY Connect.
June 4, 2002TERENA, Networking Conference Global Platform for Rich Media Conferencing and Collaboration Gregory DENIS California Institute of Technology.

June 4, 2002TERENA, Networking Conference Global Platform for Rich Media Conferencing and Collaboration Gregory DENIS California Institute of Technology.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
Chapter 12 Network Security.

Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Similar presentations

Ads by Google