1 / 13

SIP : OpenSER in an academic environment

SIP.edu : OpenSER in an academic environment. OpenSER SUMMIT - VON – Berlin 2006. Agenda. Introduction INRIA The SIP.edu project SIP.edu at INRIA Access control with RADIUS Expected limitations and problems Future improvements. INRIA.

trung
Télécharger la présentation

SIP : OpenSER in an academic environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006

  2. Agenda • Introduction • INRIA • The SIP.edu project • SIP.edu at INRIA • Access control with RADIUS • Expected limitations and problems • Future improvements

  3. INRIA • French National Institute for Research in Computer Science and Control • Fundamental and applied research in various fields • Networking • Multimedia • Software security • Modeling living structures and mechanisms • 5000 people in 6 locations

  4. The SIP.edu project • Started in late 2003, from an Internet2 organization initiative • Aims to connect academic institutions with SIP • Two prerequisites • A user e-mail to phone number mapping mechanism • SIP address ~= email address • Integrate with an existing PBX to make non-SIP phones reachable • Not necessarily IP enabled • More than 250,000 people reachable • MIT, Harvard University, Yale, ..

  5. SIP.edu : target architecture

  6. SIP.edu at INRIA • DNS SRV records to our SIP proxy • SIP proxy : OpenSER version 1.0.1 • Directory : OpenLDAP • Gathers the information for all INRIA members • SIP PBX gateway : Asterisk + Cisco router • 12 channels to the existing PBX • PBX : TENOVIS

  7. SIP.edu at INRIA : the picture

  8. Available services • “sip:first.last@inria.fr” URIs that map with regular E.164 extensions at INRIA • Accessible to anyone from the Internet • “sip:0123456789@inria.fr” URIs, to call external E.164 extensions • Restricted to INRIA’s members • RADIUS based access control

  9. Sample call flow to a numeric extension • To initiate a call to PSTN extension 0123456789, Alice types “sip:0123456789@inria.fr" into her SIP user agent (UA); • DNS SRV query • Sent to INRIA’s SIP proxy • The proxy detects a numeric extension, and triggers the RADIUS authentication process • The proxy re-writes the INVITE to INVITE sip:0123456789@asterisk.inria.fr, which it sends to the Asterisk server; • Asterisk rings extension 0123456789 through the PSTN gateway and PBX.

  10. SIP and RADIUS : user password storage • Two alternatives • Clear text format • Insecure • Regular authentication database cannot be used • Digest-HA1: MD5(username:realm:password) • User password is kept opaque to the admin • Stored information is still sensitive • Regular authentication database cannot be used

  11. The key role of OpenSER • Call processing logic • Not that easy to handle but powerful • Modular software architecture • Many database/protocols connectors • RADIUS, SQL, Jabber, .. • External scripting integration • In our SIP.edu architecture, the LDAP information retrieval process is a shell script launched by OpenSER

  12. Expected limitations and problems • NAT issues • SPIT (SPam over IP Telephony) • Use inter-domain TLS? OpenSER already addresses those issues

  13. Future improvements • Enable RADIUS authorization by implementing group checking • Integrate with our Jabber based IM - presence solution Already possible with OpenSER

More Related