Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017.

Published byNiilo Korpela Modified over 5 years ago

Similar presentations

Presentation on theme: "SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017."— Presentation transcript:

1 SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017

2 PoP – Scenario #1 – Terminate PoP & Originate SHAKEN
SP-A Analytics PoP SHAKEN PoP AS PoP VS STI AS STI VS SP-B SP-C SP-D SP-Z

3 PoP – Scenario #2 – PoP E2E … SP-A Analytics PoP SP-B SP-C SP-D SP-Z
AS PoP VS SP-B SP-C SP-D SP-Z

4 PoP – Scenario #3 – PoP & SHAKEN
SP-A Analytics PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z STI AS STI VS SHAKEN

5 PoP – Scenario #1 - Performance
Originating SP must process PoP identity header and factor results into attestation in SHAKEN = No impact on terminating SP SP-A Analytics PoP SHAKEN PoP AS PoP VS STI AS STI VS SP-B SP-C SP-D SP-Z + Originating SP can cache PoP certificates and refresh every time call is made from their customer PBx to any destination.

6 PoP – Scenario #2 – Performance – Local Cache
+ = Originating SP does not need to do anything. Terminating SP processes PoP identity header with complexity comparable to SHAKEN identity header. SP-A Analytics PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z - Terminating SP could cache PoP certificates but can only refresh every time call is made from a given customer PBx to a given VS function.

7 PoP – Scenario #2 – Performance – SP Cache
+ = Originating SP does not need to do anything. Terminating SP processes PoP identity header with complexity comparable to SHAKEN identity header. SP-A Analytics Cache PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z = - Terminating SP could provide a centralized cache for PoP certificates and refresh every time call is made from a given customer PBx to any VS function within the terminating SP network.

8 PoP – Scenario #3 - Performance
Challenges caching PoP certificates. Terminating SP must also process PoP identity header with complexity comparable to SHAKEN identity header. SP-A Analytics PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z STI AS STI VS SHAKEN = = Terminating SP processes SHAKEN identity header. Originating SP generates normal SHAKEN identity header.

9 PoP – Scenario #1 - Traceback
Traceback to the source of the “problem” (i.e., SP-A and enterprise) is complicated by having to go to SP-B and correlate SHAKEN origid with PoP certificate. SP-A - Analytics PoP SHAKEN PoP AS PoP VS STI AS STI VS SP-B SP-C SP-D SP-Z Does knowing that SP-B originated the call onto the network add any value? =

10 PoP – Scenario #2 - Traceback
Traceback points directly to the SP that issued the PoP certificate and then to the enterprise. + SP-A Analytics PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z = “Originating SP” role is equivalent to intermediate (transit) providers. -

11 PoP – Scenario #3 - Traceback
Traceback points directly to the SP that issued the PoP certificate and then to the enterprise. + SP-A Analytics PoP PoP AS PoP VS SP-B SP-C SP-D SP-Z STI AS STI VS SHAKEN = Traceback also points to the SP that originated the call onto the network. Is this information useful?

12 Conclusions Allowing PoP Identity headers to go end-to-end does add some new responsibilities on the terminating SP: They must support PoP Identity headers Caching public certs is less efficient than for standard SHAKEN Centralized caching for all calls to terminating SP improves efficiency Terminating PoP Identity headers at the originating SP does not improve traceback, and may even complicate traceback. If PoP certs go end-to-end, the originating SP could add a second, SHAKEN Identity header if they needed to (e.g., if terminating SP could not verify PoP Identity header). Important to verify that allowing PoP Identity headers to go end-to-end does not cause problems for other use cases (e.g., NS/EP).

Download ppt "SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017."

Similar presentations

Interoperability. So the real question: What does your enterprise strategy need to include to take advantage of cloud based services?

Interoperability. So the real question: What does your enterprise strategy need to include to take advantage of cloud based services?
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.
1.3 Properties of Numbers 8/24/16. Common Core State Standards Interpret complicated expressions by viewing one or more of their parts as a single entity.

1.3 Properties of Numbers 8/24/16. Common Core State Standards Interpret complicated expressions by viewing one or more of their parts as a single entity.
Shelter Employee Engagement & Development Survey

Shelter Employee Engagement & Development Survey
Timeline – Standards & Requirements

Timeline – Standards & Requirements
IP Transition: Testbeds

IP Transition: Testbeds
Status Update -- ATIS Robocalling and Caller ID Initiatives

Status Update -- ATIS Robocalling and Caller ID Initiatives
STI Interworking with SIP-PBXs

STI Interworking with SIP-PBXs
TN Proof-of-Possession and Number Portability

TN Proof-of-Possession and Number Portability
Apprenticeship Standard

Apprenticeship Standard
SHAKEN Governance Authority Next Steps

SHAKEN Governance Authority Next Steps
Timeline - ATIS Involvement

Timeline - ATIS Involvement
Status Update -- ATIS Robocalling and Caller ID Initiatives

Status Update -- ATIS Robocalling and Caller ID Initiatives
Stateless Combinational Logic and State Circuits

Stateless Combinational Logic and State Circuits
IP Router-Alert Considerations and usage

IP Router-Alert Considerations and usage
SHAKEN Governance Authority Criteria

SHAKEN Governance Authority Criteria
The Domain Policy DDDS Application

The Domain Policy DDDS Application
EE 107 Fall 2017 Lecture 7 Serial Buses – I2C Direct Memory Access

EE 107 Fall 2017 Lecture 7 Serial Buses – I2C Direct Memory Access
Chris Wendt, David Hancock (Comcast)

Chris Wendt, David Hancock (Comcast)

Similar presentations

Ads by Google