SlideShare una empresa de Scribd logo

Opportunities and Challenges for Authenticated Identities within VoIP

Descargar como PPT, PDF
Warren Bent
Warren Bent

John Nix 4/7/09 pesentation at IIT VoIP Roundtable

TecnologíaEmpresariales
1 de 24
Opportunities and Challenges for Authenticated Identities within VoIP Call Control John Nix VP, Technology Development InCharge Systems, Inc. April 7, 2008
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How are Endpoints Authenticated Today? Orig. Device Proxy Server Corresponding Node Proxy Server Corresponding Node INVITE INVITE "200 OK" "200 OK" "200 OK" Media Public Internet NAT/FW NAT/FW Communications Service INVITE "Bob"
How are Endpoints Authenticated Today (cont)? ,[object Object],[object Object],[object Object],[object Object],[object Object]
How are Endpoints Authenticated Today (cont.)?
How are Endpoints Authenticated Today (cont.)?
Benefits / Drawbacks of Current Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More Drawbacks of Current Authentication ,[object Object],[object Object],[object Object],[object Object]
Significant Complexity of Firewall Rules for a Peering Federation Enterprise A.1.a Proxy Server 1 Proxy Server 2 Proxy Server 3 Peering Federation Level 1 Service Providers Level 2 Service Providers Level 3 Enterprises / End Users Note: Any time a proxy server or SBC is moved, changed, added, or deleted, then all firewall rules needs to be updated Service Provider A Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider B Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider C Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider A.1 Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider A.2 Proxy Server 1 Proxy Server 2 Proxy Server 3 Enterprise A.1.b Proxy Server 1 Proxy Server 2 Proxy Server 3
Alternative to Firewall Rules - Open but Calls require a Prefix ,[object Object],[object Object],[object Object],[object Object]
Proposed Solution for Authentication and Identity - IETF RFC 4474 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Verified Identity Using IETF RFC 4474
Example Public Key - Used to Verify Signature
Signing & Verification Internet End-point or originating operator signs INVITE Peering / Transport Federation Validates signed INVITE and routes accordingly Terminating IP net / gateway validates signed INVITE and delivers call User / Server validates INVITE, blocks SPIT … Example Signing & Remote Validation Validation Service or local application. Uses public-certificate from locally provisioned or remote repository Signing Service or local application. Uses private key SS7 VoIP SIP X
Authenticated Identities Simplify Peering Security enhanced while eliminating firewall rules ! ,[object Object],[object Object],[object Object],[object Object],[object Object],Without Signed Messages Internet X Peer.-Fed. SS7 PSTN SIP X 6 * Provisioning Interfaces Signed Messages Save Internet X Peer.-Fed. SS7 PSTN SIP X ICS Sign Validate
Example Message Flow Through Peering Federation Terminating Service Provider Originating Service Provider Proxy Server Proxy Server Authenticate Identity Management Authenticate Identity Management Peering Fabric Certificate Authority Authentication Proxy Peering Fabric UA / Service Provider Requests Key CA Returns Public Key and Certificate UA Sends Invite to Termination Point Client Decrypts Certificate Sign with CA Private Key User Agent User Agent
A "Holy Grail" of VoIP - Direct Communication, Likely Requiring IPv6 CN Firewall Corresponding Node IP Address Public Internet MN FW First Media Stream Second Media Stream RTCP Stream 1 RTCP Stream 2 Mobile Network [2008:0db8::1455:57cd]:12345 2008:0db8::1455:57cd [2008:0db8::1455:57cd]:12345 [2008:0db8::1455:57cd]:12346 [2008:0db8::1455:57cd]:12346 [2008:0db8::1455:57cd]:12345 [1ab2:034f::ccdd:4e8b]:22334 [1ab2:034f::ccdd:4e8b]:22334 1ab2:034f::ccdd:4e8b [2008:0db8::1455:57cd]:12346 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22335 [2008:0db8::1455:57cd]:12346 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22334 [2008:0db8::1455:57cd]:12345 [1ab2:034f::ccdd:4e8b]:22334 Signaling (via DNS/Enum) [2008:0db8::1455:57cd]:5060 [2008:0db8::1455:57cd]:5060 [1ab2:034f::ccdd:4e8b]:5060 [1ab2:034f::ccdd:4e8b]:5060
Summary of Benefits of RFC 4474 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenges for RFC 4474 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Example "Support" Systems Required to Deploy RFC 4474 on a Wide Scale ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Back Office Functions Supported User Applications Management, Provisioning, Auditing, Information Repository ICS Provisioning Signing Services Validation Services Peering-Fed. Provision Authorize Orig.- / Term.- Svc. Provider Sign, Authorize Enterprises Direct Peering Encryption End - User Sign, SPAM SMS, Encryption Real Time Hosting or User Services
Key Assumption for IETF RFC 4474 ,[object Object]
One of Many "Real-World" Call Flows 3725 IP-IP BICS Go2Call Radius Go2Call Database Asterisk 01 Asterisk 02 Asterisk 03 VoIP Phone NAT ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Another "Real World" Issue - Caller ID and "Display Name" on Cisco Gateways ,[object Object],[object Object],[object Object]
Need for a Reference System - Solve "Real World" Issues and Revise RFC ,[object Object],[object Object],[object Object],[object Object]

Recomendados

#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowCisco DevNet
 
AnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksAnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksEyeball Networks
 
All about routers
All about routersAll about routers
All about routersagwanna
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
PLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPROIDEA
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotFNian
 

Recomendados

#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowCisco DevNet
 
AnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksAnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksEyeball Networks
 
All about routers
All about routersAll about routers
All about routersagwanna
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
PLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPLNOG14: Application Centric Infrastructure Introduction - Nick Martin
PLNOG14: Application Centric Infrastructure Introduction - Nick MartinPROIDEA
 
E Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotE Snet Authentication Fabric Pilot
E Snet Authentication Fabric PilotFNian
 
Juniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetJuniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetShaikh Danial
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallIT Tech
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
MPP Phone Roadmap
MPP Phone RoadmapMPP Phone Roadmap
MPP Phone RoadmapCisco Canada
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmatCisco Canada
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressBangladesh Network Operators Group
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlowAuditor
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
SailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebAppsSailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebAppsEduardo Pelegri-Llopart
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for EducationColloqueRISQ
 
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4Vuz Dở Hơi
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking PointMUK Extreme
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5MarketingArrowECS_CZ
 
Dalton Jim
Dalton JimDalton Jim
Dalton JimCarl Ford
 
Introduction To SIP
Introduction To SIPIntroduction To SIP
Introduction To SIPChris McAndrew
 

Más contenido relacionado

La actualidad más candente

Juniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetJuniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetShaikh Danial
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallIT Tech
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmatCisco Canada
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlowAuditor
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
SailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebAppsSailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebAppsEduardo Pelegri-Llopart
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for EducationColloqueRISQ
 
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4Vuz Dở Hơi
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking PointMUK Extreme
 

La actualidad más candente (19)

Juniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheetJuniper ssg5-ssg20-datasheet
Juniper ssg5-ssg20-datasheet
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewall
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
MPP Phone Roadmap
MPP Phone RoadmapMPP Phone Roadmap
MPP Phone Roadmap
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmat
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
 
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
 
SailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebAppsSailFin - Adding Presence and Voice to WebApps
SailFin - Adding Presence and Voice to WebApps
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for Education
 
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
 
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking Point
 

Similar a Opportunities and Challenges for Authenticated Identities within VoIP

1 Vo Ip Overview
1 Vo Ip Overview1 Vo Ip Overview
1 Vo Ip OverviewMayank Vora
 
1 Vo I P Overview
1 Vo I P Overview1 Vo I P Overview
1 Vo I P OverviewMayank Vora
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterbigwalker
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficShain Singh
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdfLilminow
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterPaulo Freitas
 
RGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxRGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxVeenitTomar2
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 

Similar a Opportunities and Challenges for Authenticated Identities within VoIP (20)

Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5
 
Dalton Jim
Dalton JimDalton Jim
Dalton Jim
 
Introduction To SIP
Introduction To SIPIntroduction To SIP
Introduction To SIP
 
1 Vo Ip Overview
1 Vo Ip Overview1 Vo Ip Overview
1 Vo Ip Overview
 
1 Vo I P Overview
1 Vo I P Overview1 Vo I P Overview
1 Vo I P Overview
 
Voip security
Voip securityVoip security
Voip security
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
Vo ip sip
Vo ip sipVo ip sip
Vo ip sip
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
 
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
2019_USA RSAConference_stir-shake-n-sip-to-stop-robocalling.pdf
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Vpn
Vpn Vpn
Vpn
 
Testing
TestingTesting
Testing
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
 
IP and VoIP Fundamentals
IP and VoIP FundamentalsIP and VoIP Fundamentals
IP and VoIP Fundamentals
 
RGNet Ver.1.0.pptx
RGNet Ver.1.0.pptxRGNet Ver.1.0.pptx
RGNet Ver.1.0.pptx
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Opportunities and Challenges for Authenticated Identities within VoIP

  • 1. Opportunities and Challenges for Authenticated Identities within VoIP Call Control John Nix VP, Technology Development InCharge Systems, Inc. April 7, 2008
  • 2.
  • 3. How are Endpoints Authenticated Today? Orig. Device Proxy Server Corresponding Node Proxy Server Corresponding Node INVITE INVITE "200 OK" "200 OK" "200 OK" Media Public Internet NAT/FW NAT/FW Communications Service INVITE "Bob"
  • 4.
  • 5. How are Endpoints Authenticated Today (cont.)?
  • 6. How are Endpoints Authenticated Today (cont.)?
  • 7.
  • 8.
  • 9. Significant Complexity of Firewall Rules for a Peering Federation Enterprise A.1.a Proxy Server 1 Proxy Server 2 Proxy Server 3 Peering Federation Level 1 Service Providers Level 2 Service Providers Level 3 Enterprises / End Users Note: Any time a proxy server or SBC is moved, changed, added, or deleted, then all firewall rules needs to be updated Service Provider A Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider B Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider C Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider A.1 Proxy Server 1 Proxy Server 2 Proxy Server 3 Service Provider A.2 Proxy Server 1 Proxy Server 2 Proxy Server 3 Enterprise A.1.b Proxy Server 1 Proxy Server 2 Proxy Server 3
  • 10.
  • 11.
  • 12. Verified Identity Using IETF RFC 4474
  • 13. Example Public Key - Used to Verify Signature
  • 14. Signing & Verification Internet End-point or originating operator signs INVITE Peering / Transport Federation Validates signed INVITE and routes accordingly Terminating IP net / gateway validates signed INVITE and delivers call User / Server validates INVITE, blocks SPIT … Example Signing & Remote Validation Validation Service or local application. Uses public-certificate from locally provisioned or remote repository Signing Service or local application. Uses private key SS7 VoIP SIP X
  • 15.
  • 16. Example Message Flow Through Peering Federation Terminating Service Provider Originating Service Provider Proxy Server Proxy Server Authenticate Identity Management Authenticate Identity Management Peering Fabric Certificate Authority Authentication Proxy Peering Fabric UA / Service Provider Requests Key CA Returns Public Key and Certificate UA Sends Invite to Termination Point Client Decrypts Certificate Sign with CA Private Key User Agent User Agent
  • 17. A "Holy Grail" of VoIP - Direct Communication, Likely Requiring IPv6 CN Firewall Corresponding Node IP Address Public Internet MN FW First Media Stream Second Media Stream RTCP Stream 1 RTCP Stream 2 Mobile Network [2008:0db8::1455:57cd]:12345 2008:0db8::1455:57cd [2008:0db8::1455:57cd]:12345 [2008:0db8::1455:57cd]:12346 [2008:0db8::1455:57cd]:12346 [2008:0db8::1455:57cd]:12345 [1ab2:034f::ccdd:4e8b]:22334 [1ab2:034f::ccdd:4e8b]:22334 1ab2:034f::ccdd:4e8b [2008:0db8::1455:57cd]:12346 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22335 [2008:0db8::1455:57cd]:12346 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22335 [1ab2:034f::ccdd:4e8b]:22334 [2008:0db8::1455:57cd]:12345 [1ab2:034f::ccdd:4e8b]:22334 Signaling (via DNS/Enum) [2008:0db8::1455:57cd]:5060 [2008:0db8::1455:57cd]:5060 [1ab2:034f::ccdd:4e8b]:5060 [1ab2:034f::ccdd:4e8b]:5060
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.