VidMid- VC 12 October 2015 Federated Secure Internet Conferencing Thread Work In Progress.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Security Controls and Systems in E-Commerce
Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Welcome to the CardSaver VoIP Billing & Call Management Demonstration © 2004, Parwan Electronics Corporation.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
H. 323 Chapter 4.
TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By Adam Balla & Wachiu Siu
Internet, Intranet and Extranets
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Charles James Director Microsoft Alliance EMEA Polycom Microsoft UC Innovation Partner of the Year.
Chapter 15 The Third Component: Powerful Networks.
CS 268: Future Internet Architectures Ion Stoica May 1, 2006.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.
CS 268: Future Internet Architectures Ion Stoica May 6, 2003.
1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.
SIP-based Application Development SIP International 2004.
Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
Secure Electronic Transaction (SET)
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
70-411: Administering Windows Server 2012
Security Planning and Administrative Delegation Lesson 6.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Vidmid VC working group: Scenarios & workplan Egon Verharen, SURFnet.
The Digital Revolution and The Global E-Marketplace Chapter 25 Matakuliah: J0474 International Marketing Tahun: 2009.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
SIP Directions at Microsoft Gurdeep Singh Pall General Manager Live Communications Group Microsoft Corporation SIP Conference Paris, Jan 21 st 2004.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Advanced research and education networking in the United States: the Internet2 experience Heather Boyles Director, Member and Partner Relations Internet2.
1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Shibboleth for Middle Schools James Burger -
Remote / Conferencing Tools – ILP Training. CONFIDENTIAL Virtual Meeting Audio Conferencing Web Conferencing Video Conferencing Virtual meetings use advanced.
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
0 What Does SIP Bring to Your Customer Experience ? Extend VoIP and IP Contact Center values through support of SIP o Media and location independent support.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Electronic Banking & Security Electronic Banking & Security.
7-May-02SIP/SIPPING Interim Meeting1 Application Interaction Requirements Draft-culpepper-app-interact-reqs-01.txt.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
IP Telephony (VoIP).
Class Notes Overview of Internet Session B
Data and Applications Security Developments and Directions
Tailor slide to customer industry/pain points
Goals Introduce the Windows Server 2003 family of operating systems
Module 2 OBJECTIVE 14: Compare various security mechanisms.
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

VidMid- VC 12 October 2015 Federated Secure Internet Conferencing Thread Work In Progress

VidMid- VC Work Plan Use Case Creation Use Cases Standardized in SDOs Year 1 Q1 Year 1 Q2 Year 1 Q3 Year 1 Q4 Year 2 Q1 Year 2 Q2 Year 2 Q3 Year 2 Q4 Requirements Creation Requirements Standardized in SDOs Campus Bid Package Secure Conferencing ForumSecure Conferencing Outreach Federated Secure Internet Conferencing Thread Project Timeline

VidMid- VC Scenario 1. Free and Unfettered Access to Multiple Service Providers  A conferencing service provider operates an advanced multipoint conferencing gateway that allows customers to conduct high quality video conference calls while sharing computer presentations. The service provider has standing contracts with several universities to allow access to any user in those universities. The service provider also has contracts with other universities whose contracts stipulate that only faculty and staff, but not students, have access to the service. In addition, the service provider allows anyone on the Internet to access its service even if it does not have a pre-existing account or contract, provided the caller includes a credit card number when making the call. The service provider only provides conferencing services. It does not provide call server, signaling or directory services; it is assumed that customers already have access to these services through their home institution or some other commercial provider.

VidMid- VC Scenario 2. User Identification Across Multiple Networks  A worker is involved in a demanding project and cannot be interrupted, but is expecting an important call from a customer at another company. The worker uses an H.323 video device, but the customer uses SIP IP telephones. The worker receives a call and before answering sees that the call is 1) from an individual in the expected company, 2) the name and address of the customer, and 3) that the customer’s identity is vouched for by both the company itself and a large, well known public certificate authority. The work decides to accept the call. Later in the day, the customer calls again, but this time from a cell phone. The same identification information appears and the call is accepted.

VidMid- VC Scenario 3. Multipoint Authentication with Guest Access  A project team manager is hosting a conference call. The manager views a web interface to the conference bridge. As team members dial into the conference bridge, their credentials appear on the manager’s screen. He approves all but one of the calls, which appears to be from an unauthorized source. Later in the call, one of the team members is asked to bring a guest speaker into the call. The guest dials into the call, and the moderator sees that the guest’s credentials match the person identified by the team member, so the guest is allowed into the call.

VidMid- VC Scenario 4. No Access to Advanced Middleware  A local elementary school initiates a program with a local farmer to have a video conference every week in which the students discuss what is happening at the farm a the particular time of year. The farmer agrees and both he and the school go the local electronics store and purchase a consumer grade video conferencing appliance. The first time the farmer calls the school, his identity appears on the screen, but indicates no other authority vouches for him. Privacy is very important at the school, so the teacher answers the call privately. When she sees that it is indeed the farmer, she presses a ‘SAVE FAVORITES’ button on her appliance so that the next time the farmer calls his call come straight through.

VidMid- VC Scenario 5. Limited bandwidth, Processing and Memory  The trustees of a major corporation are meeting in the corporate board room at the company’s headquarters. The board room is outfitted with the latest high end secure conferencing equipment. One of the trustees is not present because of a travel schedule conflict, but is available to dial into the conference using his PDA from the airport’s public wireless Internet. He calls into the board room, his credentials are displayed there, and the call is accepted.

VidMid- VC Design Goals

VidMid- VC End to end security  The architecture must support the ability of an entity (e.g. a caller) to identify itself to the final destination (e.g. the called party) and any network entity along the path (such as a call server or gateway).

VidMid- VC Support federated trust models  The architecture must be able to recognize and react to the existence of other institutions within its federation, as well as institutions in other federations.

VidMid- VC Globally scalable  It is not sufficient that the architecture scales very high. It must be capable of scaling globally. This implies that many complex and autonomous networks, users, domains and federations exist without any a priori knowledge of one another, and can react to one another in meaningful ways. It is not sufficient to require an overarching administrative or technical infrastructure.

VidMid- VC Support for privacy  The architecture must be capable of securely exchanging encryption keys and passing them to the underlying conferencing protocols for encryption of media streams and call signaling messages. It is not the responsibility of the federated architecture to perform the actual encryption.

VidMid- VC Minimal impact on conferencing protocol  The architecture should be able to be implemented with minimal changes to an existing protocol. Ideally, a simple protocol extension should be all that is required to support the federated approach. This will be an aid to acceptance in the marketplace. This requirement suggests the importance of decoupling the security mechanism from the endpoint itself. This allows for the creation of robust security mechanism independent of endpoint constraints. Thus, the security mechanisms are free to implement the federated architecture of their choice, and the task then becomes on of ‘associating’ an authentication event with a particular conferencing event.

VidMid- VC Ability to span multiple protocols  The architecture must fully support authentication and key exchanges across multiple protocols and gateways, an area that has been problematic with existing approaches. The decoupling notion described above will be an aid in accomplishing this goal.

VidMid- VC Scalable from individual users to large service provider networks  The architecture should scale in such a way that large service providers can utilize extensive middleware servers, attribute authorities, directory servers and other infrastructure necessary to administer very large and secure services. At the same time, the architecture should not prevent the very simplest of applications, in which an individual user can make a secure call to another individual user, with no access to advanced middleware and without benefit of a service provider. This requirement is essential to ensure broad deployment.

VidMid- VC Low latency  The architecture should not introduce unacceptable delays into the call setup or call signaling process.

VidMid- VC Adjustable confidence levels  The architecture should allow for varying security requirements. For example, a call to hotel concierge may require a very low level of security, while a call involving military secrets may involve an extremely high degree of security. The architecture should allow for these varying requirements without system reconfiguration.

VidMid- VC Support flexible UI approaches for credential management and authorization  The architecture should not dictate a particular user interface and should support multiple methods of credential management. For example, it should be open to locally stored credentials, credentials stored on a smart card or smart device, credentials stored on the network such as in an H.350 directory, or even biometric interfaces including retinal scans and voice recognition.

VidMid- VC Working Model Call Signaling Media Remote Security Channel Authentication Service Local Security Channel Authorization Service Internet Security Agent 1 VC Endpoint 1 Security Agent 2 VC Endpoint 2 Gateway SIP Realm H.323 Realm Authorization Service Authentication Service Realm 1 FEDERATION A FEDERATION B ABC Credential Authority 5678 Credential Authority XYZ Credential Authority Authentication Service Realm 2 Authentication Service Realm 3 Authentication Service Realm 4

VidMid- VC Call Flow NAT Problem

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.