Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Published byHollie Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001."— Presentation transcript:

1 1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001

2 2 Contents  Introduction  Research question  Technology overview  Design  Demonstrator  Evaluation  Conclusions & recommendations  Questions

3 3 Internet Introduction  Trends in multimedia delivery ­ Increase in available multimedia content on the Internet: multimedia streaming ­ Commercial multimedia services ­ Quality cannot be guaranteed on the Internet: best-effort service ­ Increasing interest in security ▬► Quality of Service ? ?  Context ­ QuAM (Quality Aware Middleware)  Assignment ­ Integrate security

4 4 Research question  How can security be integrated in a quality aware multimedia delivery platform that supports performance guarantees? ­ What types of security? ­ How to extend QuAM?

5 5 Technology overview (1/4)- Quality of service  best-effort ­ quality cannot be guaranteed for overloaded network  performance QoS ­ bandwidth reservation guarantees quality ­ security QoS QoS is the run-time non-functional characteristics of a distributed system  QoS mechanisms realize performance and security aspects

6 6 Technology overview (2/4) - Performance  Performance QoS aspects: ­ Bandwidth ­ Latency ­ Jitter  QoS mechanism: RSVP ­ Admission control ­ Claim of resources reservation no reservation

7 7 Technology overview (3/4) - Security  Security types ­ Confidentiality ­ Integrity ­ Authenticity ­ Authorization ­ Visibility (anonimity) ­ Availability  Secure network protocol needed ­ Proprietary protocols ­ IPsec Currently mainly used for VPNs (static configuration) But we need dynamic created secure links, because # Changing relationships # Control of resources

8 8 Technology overview (4/4) - Security & performance interactions  Security and performance conflict: ­ RSVP cannot reserve bandwidth for IPsec flows ­ Encryption costs computing capacity  However, solutions exist: ­ RSVP support for IPsec data flows ­ Resource management IPsec + reservation no reservation

9 9 Design (1/2) - Layers QoS support for multimedia delivery MM Applications Middleware Network & hosts Object RSVP IPsec QuAM

10 10 Client Design (2/2) - QuAM Architecture Media Consumer Media Producer Server Coordinator IPsecRSVP RSVP IPsec + RSVP support for IPsec data flows Resource agent

11 11 Demonstrator  The demonstrator is an example application created on top of the implementation.  The middleware is able to setup a secure path with resource reservations.  The user can select his quality of service without being aware of the underlying technologies.  Routers have been extended to support the combination of IPsec and RSVP.

12 12 Evaluation (1/3)  Requirements ­ Confidentiality and integrity protection with authentication have to be supported for the multimedia data on the network. ­ Performance (bandwidth) guarantees have to be supported. ­ Performance enforcement may not be affected by security.  Evaluation ­ Performance Network # RSVP Server CPU load # Admission function ­ Security analysis CC (Common Criteria for Information Technology Security Evaluation)

13 13 Evaluation (2/3) - Performance  First step to model CPU usage ­ CPU load is propertional to bandwidth requirements ­ Different encryption algorithms have different requirements ­ Admission function ∑ bw type ·c type ≤ Cap

14 14 Evaluation (3/3) - Security Client Router QuAM server running e.g.: middleware / webserver MM Server 1234512345 5 5 1MM data (e.g. RTP protocol) 2MM control (e.g. RTSP) 3MM delivery quality feedback (e.g. RTCP) 4Resource reservation protocol (e.g. RSVP) 5Middleware communication (e.g. CORBA)  CC: Protection Profile ­ TOE (Target of Evaluation) ­ Assumptions ­ Threats ­ Objectives

15 15 Conclusions  Some security types can be succesfully offered to applications.  Low-level mechanisms are required to enforce QoS. These may interact however. The design and implementation take this into account.  Achievements ­ Implementation of RFC 2247 (RSVP support for IPsec data flows) ­ Reported and fixed various bugs for the RSVP daemon and the FreeBSD IPsec implementation.

16 16 Recommendations  Use of open standards and protocols  Security analysis: towards overall security  Support for authentication, authorization and billing  Resource modelling

17 17 Questions

Download ppt "1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Scheduling in Web Server Clusters CS 260 LECTURE 3 From: IBM Technical Report.

Scheduling in Web Server Clusters CS 260 LECTURE 3 From: IBM Technical Report.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.
CAPANINA Multimedia Applications Demo Specifications for Trial 1 Milan Lalovic Wireless Networks, BT Exact.

CAPANINA Multimedia Applications Demo Specifications for Trial 1 Milan Lalovic Wireless Networks, BT Exact.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.

All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 25 Multimedia.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 25 Multimedia.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Streaming Video over the Internet: Approaches and Directions Dapeng Wu, Yiwei Thomas Hou et al. Presented by: Abhishek Gupta

Streaming Video over the Internet: Approaches and Directions Dapeng Wu, Yiwei Thomas Hou et al. Presented by: Abhishek Gupta
UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.

UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.
Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.

Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.
Quality of Service in IN-home digital networks Alina Albu 7 November 2003.

Quality of Service in IN-home digital networks Alina Albu 7 November 2003.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
LYU9802 Quality of Service in Wired/Wireless Communication Networks: Techniques and Evaluation Supervisor: Dr. Michael R. Lyu Marker: Dr. W.K. Kan Wan.

LYU9802 Quality of Service in Wired/Wireless Communication Networks: Techniques and Evaluation Supervisor: Dr. Michael R. Lyu Marker: Dr. W.K. Kan Wan.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Protocols and Quality of Service CP4022 – Lecture 4.

Protocols and Quality of Service CP4022 – Lecture 4.
Operating Systems Operating System Support for Continuous Media.

Operating Systems Operating System Support for Continuous Media.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Similar presentations

Ads by Google