Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.

Slides:

Advertisements

Similar presentations

SIP, Presence and Instant Messaging

Advertisements

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

Fall IM 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Omniran TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN

1 PERFORMANCE COMPARISON OF VERTICAL HANDOVER STRATEGIES FOR PSDR HETEROGENEOUS NETWORK 學生 : 鄭宗建學號 :

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Session Initiation Protocol (SIP) By: Zhixin Chen.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Host Identity Protocol

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.

Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

Page 1 SIP header reduction for supporting delay sensitive applications draft-akhtar-sipping-header-reduction-00.txt draft-akhtar-sipping-3g-static-dictionary-00.txt.

Application-Layer Mobility Using SIP Henning Schulzrinne, Elin Wedlund Mobile Computing and Communications Review, Volume 4, Number 3 Presenter: 許啟裕 Date:

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

Omar A. Abouabdalla Network Research Group (USM) SIP – Functionality and Structure of the Protocol SIP – Functionality and Structure of the Protocol By.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

MOBILITY Beyond Third Generation Cellular Feb

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Interactive Connectivity Establishment : ICE

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

SIP-H.323 Interworking Group RRR-1 IETF-48 SIP-H.323 Interworking Requirements draft-agrawal-sip-h323-interworking-reqs-00.txt Hemant.

An Analysis of XMPP Security Team “Vision” Chris Nelson Ashwin Kulkarni Nitin Khatri Taulant Haka Yong Chen CMPE 209 Spring 2009.

August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.

An Introduction to Mobile IPv4

AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.

Michael G. Williams, Jeremey Barrett 1 Intro to Mobi-D Host based mobility.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 Scalability of a Mobile Cloud Management System Roberto Bifulco* Marcus Brunner** Roberto Canonico* Peer Hasselmeyer** Faisal Mir** * Università di Napoli.

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

DMET 602: Networks and Media Lab Amr El Mougy Yasmeen EssamAlaa Tarek.

1 Personal Mobility Management for SIP-based VoIP Services 王讚彬國立台中教育大學資訊工程學系

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

IP Telephony (VoIP).

DMET 602: Networks and Media Lab

Session Initiation Protocol (SIP)

Debashish Purkayastha, Dirk Trossen, Akbar Rahman

DMET 602: Networks and Media Lab

Introduction to Network Security

Presentation transcript:

Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz

Overview Charging LI SIP and HIP; How can one improve the other? HIT creation, bootstrapping and distribution HIP associations DNS Choice of Access Technologies Open Issues

Charging Issues HIP has P2P semantics NO’s need flexible charging models: –On/off-line charging –Volume and/or time based charging Problem/Restriction: –It arises when an E2E encrypted tunnel exists between end-hosts –Charging function can not apply different policies based for example on different media type. –Hence, for existing and future services only volume or time based charging can be applied. Potential Solution(s): –Break the e2e security association and terminate it at a network sub-element where the CF may be applied –CF to obtain/poses the keys of the sessions established. (Scalability issues) –Accept this as a de-facto standard and apply only volume/time based charging –Introduce a kind of HIP signalling that indicates the service/media type

Lawful Intercept National laws define local intercept requirements. The base requirement would be for the interceptor to be in the path of the HIP exchange, as well as on the data path. Issues/Problems similar to charging Potential solution: –Accept the breakage of e2e security –Keys known by the operator Though, if keys are owned (generated) by the user (device) the NO may not be liable for the communication

How HIP could improve SIP Open issue whether HIP actually improves the operation of SIP Currently only one-level mapping between SIP URI to IP address (static or dynamic) If HIP present then –SIP URI to HI –HI to IP address The mapping in the case of HIP could be performed: –Either through a two-level mapping (one DNS search for the mapping between URI and HI and an additional search for the HIT-IP mapping). This may require 2 DNS requests in the network and introduces additional delay for the delivery of the response. –Or through a one-level mapping where the DNS search returns both the HIT and the IP address. This technique requires additional storage space in the DNS server in order to be able to store the naming and addressing information in the same infrastructure. The work in IETF is focusing on this solution. It is clear that the use of HIP increases the needed time for DNS resolution and modifies the requirements for the DNS infrastructure.

How HIP could improve SIP (cont.) HIP could be used to setup the IPsec security associations, but the response time increases due to the processing for the HIP base exchange. SIP can offer terminal mobility through the re-registration with the home registrar prior to a call. For mobility support in the middle of a call, the moving terminal sends a re-INVITE message either directly to the correspondent host or via the SIP proxies. In order to shield the handover from security threats, SIP uses authentication or public key cryptography. The main constraint of SIP mobility is the inability of TCP to support session mobility. Even if a mechanism like M-TCP is used in order for mobility to be supported, the required time for the handover to be performed is considered high. HIP inherently provides mobility support to the higher layers without requiring optional SIP features. Hence, Even though HIP does not offer any specific advantages to SIP session mobility, it provides mobility support to all higher layer protocols (SIP, HIP, HTTP, etc.) through a unified environment and doesn't leave this issue to be handled at higher layers which usually results in slower custom solutions.

How HIP could improve SIP (cont.) SIP extensions enable SIP connectivity between hosts behind NATs and firewalls. Finally, it is evident that HIP does not offer clear benefits since most of its features are supported through SIP extensions. On the other hand, HIP provides solutions to all these issues not only to the SIP protocol but to all higher layer protocols with slightly improved security.

How SIP could improve HIP How to trustfully obtain a HIT? –Avoid using opportunistic mode Can use SIP signalling methods –Include HIT in SIP Invite/Ack (extend SDP field) –Part of the Presence information –Other… Possible use of SIP proxy/registrar as HIP rendezvous server

HIT creation, bootstrapping and distribution HI’s can be created by the end device –Limits its use by an operator HI’s can be either public or anonymous –Public offers also some authentication principals –Anonymous offers privacy HI’s can be short term or long term (static) –Short term offer some privacy

HI’s associations: The Possibilities Association with the most common entities –This is not an exhaustive list Binding of HI with either/and: –Device/User Terminal –Network Interface –Person/User –Session –SIM

HI’s associations: The Proposal Bind the HI with the device. Associate the device with SIM, FQDN/SIP URI, IP address etc. Maintain the semantics of HIP HI

Logical Association Actor (Legal entity) User Level Descriptor User readable Device Physical Entity Network point of attachment Locator Identifier Host ID End-point Identifier 8 8

Use of DNS in a HIP architecture Main issue is for Mobility (well Known) Problem: If mobility factor is high and the end-host needs to update the binding between HI and Locator. One Possible Solution: Use of Dynamic DNS Outcome: Still this is inefficient.

Free choice of Access Network Person Equipment Number IP Service Service of i/fs addr Provider User ----> UE1 ---> i/f1 ----> IP addr1 -> SP1 (e.g. Voice) | +-> UE2 +--> i/f1 ----> IP addr1 -> SP2 (e.g. Surveillance) | +--> i/f2 ----> IP addr2 -> SP2 (e.g. Emergency) | +-> UE3 +--> i/f1 ----> IP addr1 -> SP1 (e.g. Voice) | +--> i/f2 ----> IP addr2 -> SP1 (e.g. WWW) | +--> i/f3 ----> IP addr3 -> SP1 (e.g. Intranet) | +-> UE4 +--> i/f1 ----> IP addr1 -> SP3 (e.g. Gaming) +--> i/f2 ----> IP addr2 -> SP4 (e.g. TV/Video)

Free choice of Access Network (cont.) Benefits are: –Split of Identifier and Locator enabling binding in a higher layer –Storage of HI and HIT in a secure network element (HLR/AuC) with binding to IMSI for authentication/authorisation of user as well as the introduction of multihoming and better delivery of services based on Access Network capabilities (e.g. QoS). Open Issues –Handover between different NP and SP –Handover between 2 UE’s –Binding between different elements

Open Issues Binding associations between HI (HIT) and other identifiers (locators) within a Network Operator and Service Provider networks Charging/LI Mobility and DNS Bootstrapping/distribution and privacy concerns. How do we proceed further?

Thank You