P2P-SIP Using an External P2P network (DHT)

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.

Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.

Outline for today Structured overlay as infrastructures Survey of design solutions Analysis of designs.

10/31/2007cs6221 Internet Indirection Infrastructure ( i3 ) Paper By Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Sharma Sonesh Sharma.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Projects Overview Andrea Forte Fast L3 handoff Passive DAD (pDAD) Cooperative Roaming (CR) Highly congested IEEE networks – Measurements.

Wide-area cooperative storage with CFS

1 Presence Architecture and Flow Diagrams Date-1 st Nov 2005.

Peer-to-peer approaches for SIP Henning Schulzrinne Dept. of Computer Science Columbia University.

A Public DHT Service Sean Rhea, Brighten Godfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and Harlan Yu UC Berkeley and.

Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.

 CHAPTER 2  Understanding the Pieces of Cisco Unified Communication.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

148 Sidevõrgud IRT 0020 loeng nov Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.

1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.

November 2006IETF67 - GEOPRIV1 A Location Reference Event Package for the Session Initiation Protocol (SIP) draft-schulzrinne-geopriv-locationref-00 Henning.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services BY Sai kamal neeli AVINASH THOTA.

Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.

Interactive Connectivity Establishment : ICE

SIP-Based or DHT-Based? November 12, 2005 Eunsoo Shim Panasonic Digital Networking Laboratory P2P SIP Ad-hoc Meeting IETF64, Vancouver.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.

Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.

HIP-Based NAT Traversal in P2P-Environments

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

Key management issues in PGP

A Case Study in Building Layered DHT Applications

Troubleshooting Tools

Internet Indirection Infrastructure (i3)

Building Distributed Educational Applications using P2P

Peer to peer Internet telephony challenges, status and trend

N-Tier Architecture.

Zueyong Zhu† and J. William Atwood‡

IT443 – Network Security Administration Instructor: Bo Sheng

Peer-to-peer Internet telephony using SIP

Cluster Communications

LOCSER + HIP draft-hautakorpi-p2psip-peer-protocol-00

THE STEPS TO MANAGE THE GRID

CHAPTER 3 Architectures for Distributed Systems

Session Initiation Protocol (SIP)

Server-to-Client Remote Access and DirectAccess

Providing Secure Storage on the Internet

Peer-to-Peer Protocol (P2PP)

Design Unit 26 Design a small or home office network

Goals Introduce the Windows Server 2003 family of operating systems

Chapter 3: Operating-System Structures

Introduction to Databases Transparencies

Building Peer-to-Peer Systems with Chord, a Distributed Lookup Service

Internet Indirection Infrastructure

Kundan Singh [please remove this page after merging]

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

MORE ON ARCHITECTURES The main reasons for using an architecture are maintainability and performance. We want to structure the software into reasonably.

Designing IIS Security (IIS – Internet Information Service)

A Scalable Peer-to-peer Lookup Service for Internet Applications

Announcements You need to register separately for the class mailing list and online paper review system. Do it now so that we can work out any “bugs”.

DHCP: Dynamic Host Configuration Protocol

Peer-to-Peer Networks

Message Passing Systems

Presentation transcript:

P2P-SIP Using an External P2P network (DHT) Data model Treat DHT as database Service model Join DHT to provide service [5] bob 192.1.2.3 bob [3] [1] [2] [1] [3] DHT DHT Service node (128.3.4.5) [4] There are two approaches to do the P2P-SIP operations. In the data model, the DHT is treated as a database with put, get, remove API, and performs all operations using this. In the service model, the every P2P-SIP node joins the DHT as a service node and serves as registrar, proxy, presence agent and STUN/TURN server for other nodes. It uses lookup, join and leave API. It is possible to layer them on one another: data model on top of service model is straight forward. Additionally OpenDHT shows that service model on top of data model is also possible using the ReDiR interface. [2] [5] alice alice [1] join(128.3.4.5) [2] lookup(H(bob)) gives 128.3.4.5 [3] REGISTER sip:bob to 128.3.4.5 [4] lookup(H(bob)) gives 128.3.4.5 [5] INVITE sip:bob to 128.3.4.5 [1] put(k,192.1.2.3), k is H(bob) [2] get(k) gives 192.1.2.3 [3] INVITE sip:bob to 192.1.2.3

P2P-SIP Logical Operations Contact management put (user id, signed contact) Key storage User certificates and private configurations Presence put (subscribee id, signed encrypted subscriber id) Composition needs service model Offline message put (recipient, signed encrypted message) NAT and firewall traversal STUN and TURN server discovery needs service model P2P-SIP design consists of many logical operations. The contact management deals with storing and retrieving user contacts as in SIP location service. The contacts are signed by the user on put and verified on get before making a call. Key storage deals with storing the certificate and encrypted private key of the user. The caller uses this certificate to verify. Presence deals with the subscribers updating the watcher list of the given subscribee such that only he can read the identifiers of the subscribers. Similarly, offline message deals with putting the signed and encrypted messages for the recipient such that only he can read and delete it. For NAT and firewall traversal, it provides P2P service discovery of a STUN or TURN server.

P2P-SIP Implementation in SIPc OpenDHT Trusted nodes Robust Fast enough (<1s) Identity protection Certificate-based SIP id == email P2P for Calls, IM, presence, offline message, STUN server discovery and name search We have implemented P2P-SIP in our multimedia collaboration client, sipc, using OpenDHT running on Planetlab with about 200 nodes. The advantage of using an externally managed DHT is that we can trust to some extent that the nodes are not malicious and perform the DHT operations (get/put) correctly. Thus the security problem is mostly avoided. The identity protection is provided using a well known CA such as ours which gives out the certificate to the user for her email address, so that the user can securely use her email address as the SIP identifier in P2P-SIP. The implementation includes the P2P modes for calls, IM, presence, offline message storage, STUN server discovery and name search (find the user identifier for “Firstname Lastname”) OpenDHT is robust and fast enough for our needs. Lookups on an average take less than a second. We implemented redundancy and failover so that if one OpenDHT node is unavailable it uses another randomly choosen closer node.

P2P-SIP What is OpenDHT? Service model, unlike earlier library of Chord/CAN DHT accessed on SunRPC & XML-RPC Easy deployment and maintenance 200-300 Bamboo DHT nodes on PlanetLab Public DHT service running since April 2004 Many existing applications: i3, CFS, Ostream, HIP,… DHT API (server side on Bamboo nodes) Put(key,value,H(secret),ttl) where H is SHA1 Get(key)=>(value,H(secret),remaining-ttl) Remove(key,H(value),secret,ttl) ReDiR API (client side for lookup/join/leave) Can build anycast, multicast, range search using this Fair resource (disk) allocation among clients (IP addr) OpenDHT.org and Sean Rhea’s SIGCOMM paper has more information. OpenDHT is a public DHT service developed by MIT. Unlike earlier approaches of application building which incorporated various DHTs such as Chord/CAN/Pastry as a library in the application, they provide a separate DHT service. The service is accessed using RPC and avoids maintenance by the application as the DHT maintenance is done independently. The community of developers using OpenDHT is continuously growing with about 12 applications deployed by Aug 2005. Providing a DHT service involves (1) writing a DHT with generic and flexible interface (get/put/anycast/multicast) (2) sharing among public applications and clients means need to be fair in terms of CPU and disk. OpenDHT has a client side API for lookup/join so that application and provide any service beyond using get/put for data storage. Fair allocation requires use of a TTL, and quota per client (IP address). Their novel approach makes sure that disk is always available for new put. One problem is that DHCP users with new IP address get more share whereas NAT users with single IP have lower share.