Presentation is loading. Please wait.

Presentation is loading. Please wait.

RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli.

Published byLauren Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli."— Presentation transcript:

1 RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli

2 What is RELOAD? Evolved from dSIP Implemented protocol Security mechanism NAT traversal support Multiple DHT algorithms

3 Overview Lightweight, extensible Fast routing Lightweight header TLV (based on STUN) used in body Minimal assumptions in base protocol  Method range reserved for DHT algorithms  Attribute range reserved for DHT and security NAT traversal support for applications (Open/Tunnel)

4 Pluggable DHTs Base protocol does not specify which DHT, two written: Chord Bamboo Must provide: isResponsible(ID) Build routing table DHT-specific attributes and methods

5 Message Structure Fixed header Version compatibility State machine Route based on fixed length and offset Body: attributes TLV-encoded Can occur multiple times “Types” can be recursive Fragmentation supported

6 Header Key Points: Nothing else needed to route Two lines confirm compatibility Method and TID for routing and processing 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | R | E | L | O | 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |F|L| | | TTL | Routing |R|F|x x x x x x x x x x x x x x| | | |A|R| | | | |G|G| | 8 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |E| | | | | |X| Version | DHT | Hash | Security | |P| | | | | 12 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R| | | |/| Method | Length | |r| | | 16 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Destination ID | | | 36 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Source ID | | | 56 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Transaction ID | 64 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Overlay | 68 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

7 Message Attributes and Types Body consists entirely of TLV attributes Nested attributes are allowed Peer-Info contains Peer-ID, Name, and IP- Port information Same structures used for different attributes Both Source-Info and Redirect use the Peer-Info structure

8 Using Signatures Three forms of security None, HMAC, Certificates Signatures are used to Ensure end-to-end message integrity Ensure integrity of components  no transitive trust Signature applies to all previous attributes at the same level or below entire message single Peer-Info

9 What Signatures Protect Certificates granted on enrollment Authorize a range of PeerIDs Authorize particular resources Signatures remain with peer and resource data A subversive peer Cannot choose PeerID Can drop messages Can return Not Found Can return unexpired but replaced registrations Most attacks handled by replication and parallel searches

10 What a message looks like Version: 0x01 Method: 0x11 DHT: 0x0 Security: 0x03 Hash: 0x0 Source ID: 463ac413c4 Destination ID: a6c5927a45 -------Attributes------- SOURCE-INFO: PEER-ID: 463ac413c4 PEER-IP-PORT: 10.4.1.2:5060 PEER-CERT: 23d634... PEER-EXPIRATION: 300 PEER-SIGNATURE: TIMESTAMP: 946702799 DIGEST: 00acf2… … RESOURCE: RESOURCE-INFO.KEY: alice@example.com RESOURCE-INFO.BODY: RESOURCE-INFO.BODY.ENTRY: sip:alice@10.4.1.2:5060 RESOURCE-INFO.BODY.EXPIRATION: 300 RESOURCE-INFO.BODY.PARAMETER: RESOURCE-INFO.BODY.PARAMETER.KEY: type RESOURCE-INFO.BODY.PARAMETER.OP: 0x1 RESOURCE-INFO.BODY.PARAMETER.VALUE: voice RESOURCE-INFO.BODY.PEER-INFO: PEER-ID: 463AC413C4 RESOURCE-INFO.BODY.SIGNATURE: TIMESTAMP: 946702799 DIGEST: 3037e... RESOURCE-INFO.BODY RESOURCE-INFO.BODY.ENTRY: mailto:alice@example.com RESOURCE-INFO.BODY.EXPIRATION: 24000 RESOURCE-INFO.BODY.PARAMETER: RESOURCE-INFO.BODY.PARAMETER.KEY: type RESOURCE-INFO.BODY.PARAMETER.OP: 0x1 RESOURCE-INFO.BODY.PARAMETER.VALUE: voicemail RESOURCE-INFO.BODY.SIGNATURE: TIMESTAMP: 946702799 DIGEST: 5f271b1... RESOURCE-INFO.BODY RESOURCE-INFO.BODY.CERTIFICATE: 23d634... SIGNATURE TIMESTAMP: 946702799 DIGEST: f7a155b0…

11 NAT Traversal TRANSPORT-OPEN Use overlay for control connection for ICE SDP determines type of connection  open to other encodings TRANSPORT-TUNNEL Route messages across overlay SIP, RELOAD, etc Solution for peers joining from behind NATs and secured client protocol

12 Peer-Info PEER-INFO: PEER-ID PEER-NAME PEER-IP-PORT PEER-EXPIRATION PEER-CERTIFICATE PEER-SIGNATURE

13 Resource-Info RESOURCE-INFO: KEY BODY  ENTRY  PARAMETER  EXPIRATION  SIGNATURE  PEER-INFO  CERTIFICATE

Download ppt "RELOAD draft-bryan-p2psip-reload-01 draft-lowekamp-p2psip-reload-security-01 Bruce Lowekamp David Bryan Jim Deverick Marcia Zangrilli."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs)
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
Kademlia: A Peer-to-peer Information System Based on the XOR Metric.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
Draft-bryan-sipping-p2p David Bryan IETF 63, Paris August 3, 2005.

Draft-bryan-sipping-p2p David Bryan IETF 63, Paris August 3, 2005.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 K. Salah Module 5.2: Internet Protocol CO vs. CL protocols IP Features –Fragmentation –Routing IP Datagram Format IPv6.

1 K. Salah Module 5.2: Internet Protocol CO vs. CL protocols IP Features –Fragmentation –Routing IP Datagram Format IPv6.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.

Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.

Similar presentations

Ads by Google