Download presentation
Presentation is loading. Please wait.
Published byHollie Jacobs Modified over 8 years ago
1
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001
2
2 Contents Introduction Research question Technology overview Design Demonstrator Evaluation Conclusions & recommendations Questions
3
3 Internet Introduction Trends in multimedia delivery Increase in available multimedia content on the Internet: multimedia streaming Commercial multimedia services Quality cannot be guaranteed on the Internet: best-effort service Increasing interest in security ▬► Quality of Service ? ? Context QuAM (Quality Aware Middleware) Assignment Integrate security
4
4 Research question How can security be integrated in a quality aware multimedia delivery platform that supports performance guarantees? What types of security? How to extend QuAM?
5
5 Technology overview (1/4)- Quality of service best-effort quality cannot be guaranteed for overloaded network performance QoS bandwidth reservation guarantees quality security QoS QoS is the run-time non-functional characteristics of a distributed system QoS mechanisms realize performance and security aspects
6
6 Technology overview (2/4) - Performance Performance QoS aspects: Bandwidth Latency Jitter QoS mechanism: RSVP Admission control Claim of resources reservation no reservation
7
7 Technology overview (3/4) - Security Security types Confidentiality Integrity Authenticity Authorization Visibility (anonimity) Availability Secure network protocol needed Proprietary protocols IPsec Currently mainly used for VPNs (static configuration) But we need dynamic created secure links, because # Changing relationships # Control of resources
8
8 Technology overview (4/4) - Security & performance interactions Security and performance conflict: RSVP cannot reserve bandwidth for IPsec flows Encryption costs computing capacity However, solutions exist: RSVP support for IPsec data flows Resource management IPsec + reservation no reservation
9
9 Design (1/2) - Layers QoS support for multimedia delivery MM Applications Middleware Network & hosts Object RSVP IPsec QuAM
10
10 Client Design (2/2) - QuAM Architecture Media Consumer Media Producer Server Coordinator IPsecRSVP RSVP IPsec + RSVP support for IPsec data flows Resource agent
11
11 Demonstrator The demonstrator is an example application created on top of the implementation. The middleware is able to setup a secure path with resource reservations. The user can select his quality of service without being aware of the underlying technologies. Routers have been extended to support the combination of IPsec and RSVP.
12
12 Evaluation (1/3) Requirements Confidentiality and integrity protection with authentication have to be supported for the multimedia data on the network. Performance (bandwidth) guarantees have to be supported. Performance enforcement may not be affected by security. Evaluation Performance Network # RSVP Server CPU load # Admission function Security analysis CC (Common Criteria for Information Technology Security Evaluation)
13
13 Evaluation (2/3) - Performance First step to model CPU usage CPU load is propertional to bandwidth requirements Different encryption algorithms have different requirements Admission function ∑ bw type ·c type ≤ Cap
14
14 Evaluation (3/3) - Security Client Router QuAM server running e.g.: middleware / webserver MM Server 1234512345 5 5 1MM data (e.g. RTP protocol) 2MM control (e.g. RTSP) 3MM delivery quality feedback (e.g. RTCP) 4Resource reservation protocol (e.g. RSVP) 5Middleware communication (e.g. CORBA) CC: Protection Profile TOE (Target of Evaluation) Assumptions Threats Objectives
15
15 Conclusions Some security types can be succesfully offered to applications. Low-level mechanisms are required to enforce QoS. These may interact however. The design and implementation take this into account. Achievements Implementation of RFC 2247 (RSVP support for IPsec data flows) Reported and fixed various bugs for the RSVP daemon and the FreeBSD IPsec implementation.
16
16 Recommendations Use of open standards and protocols Security analysis: towards overall security Support for authentication, authorization and billing Resource modelling
17
17 Questions
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.