1 / 9

Secure VoIP Architectural Review and Requirements Discussion

This joint meeting by Fred Baker and Rohan Mahy, co-chairs of IEPREP and SIPPING, reviews SIP Architecture focusing on proxies, user agents, policy issues, PSTN integration, security, authentication, and privacy requirements amidst evolving VoIP network challenges and assumptions.

wsuper
Télécharger la présentation

Secure VoIP Architectural Review and Requirements Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIPPING - IEPREP Joint Meeting Fred Baker - IEPREP co-chair Rohan Mahy - SIPPING co-chair

  2. SIP Architecture review • Proxies are call stateless -- in the Internet proxies don’t have any linkage with QoS, or call counting • Proxies are fast -- standardizing prioritization inside a proxy has questionable value (implementation specific) • User Agents (Gateways, Phones, Media Servers) are responsible for requesting priority or preemption and “doing the right thing” (ex: preempting focus, requesting QoS) when receiving it

  3. Making a call in a hybrid network PSTN “Internet” Issues: Policy in call acceptance: call waiting, preemption (SIP) Policy in bandwidth admission preferential reservation of bandwidth (RSVP) Exchange with PSTN: encoding and values PSTN

  4. SIP-to-PSTN security requirements for prioritized access to PSTN resources Henning Schulzrinne Columbia University

  5. Security requirements • End-to-end strong authentication and authorization of caller • not just theft of service, but system stability/performance issue • Intermediate (proxy?) authentication • delegate responsibility • not all VoIP gateways may be authentication-capable (many aren't) • Need to authorize any assertion of priority and authenticate the originator

  6. Security requirements • Cross-domain • IP endpoint may be in different admin. domain than gateway • Require secrets not to be pre-installed • useability from any device • Authentication of PSTN gateway • desirable; required?

  7. Privacy requirements • Call content • very likely  separate docs • Signaling (resource and/or call setup) • reveals communication relationships • cannot rely on hop-by-hop • Fact of IEPREP call • sensitivity likely same (or lower) as call signaling

  8. Other open requirements questions • Call routing based on support of resource priority • support of specific IEPREP namespace? • SIP URI of gateway enough? • or "call # using FOO priority service"  no need to know gateway address • avoid two-stage dialing • Caller needs to discover support for namespaces • may require different authentication

  9. System assumptions • What do we assume about the IP side? • purpose-built: require certain capabilities (signaling, resource reservation, security, ...) • any network: use SIP application on standard platform or plug in own SIP phone • no network changes • firewalls  may not allow protocols beyond SIP and RTP • any SIP (pay) phone • no modifications to SIP phone • not much beyond two-stage dialing possible?

More Related