Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET.

Published byCathleen Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET."— Presentation transcript:

1 Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET

2 Contents  Videoconferencing practices  Problematic points  Security standards  Current techniques in H.323  Future developments in H.323

3 Video conferencing worlds  H.323  SIP  MBONE  other: VRVS, AG, proprietary VC s/w

4 The importance of videoconference security  identity  confidentiality  trust

5 Current practices  authentication assumed, but rarely examined  ad hoc authentication solutions  point-to-point vs. multi-party call practices

6 Requirements for videoconferencing security  endpoint authentication  call signaling security  media encryption

7 Problematic points  telephony-world preconceptions  people vs. endpoints  room-based systems  users vs. executives  multi-party conferences  multi-domain conferences

8 Conferencing: a three-step process  endpoint registration (authentication)  dialing (authorization)  media exchange

9 Protocols involved in H.323 conferencing  H.225 - RAS (UDP): Registration, Admission, Status  H.225 - Q.931 (TCP): Call Signaling (Setup & Termination)  H.245 (TCP): Call Control (Capabilities, Preferences, Channel Opening and Flow Control)  RTP (UDP): media streams

10 Security standards for videoconferencing:  H.323 - H.235  shared secret - symmetric (Annex D)  certificates - assymetric (Annex E)  secure media streams - S/RTP (Annex G)  SIP  SSL Digest Authentication  S/MIME media

11 Current security options in H.323 H.235 not widely supported by endpoints. What options are we left with?  Identification by IP and alias  IPSec  other tricks

12 Current authentication techniques in H.323  point-to-point conferences (registration)  IP and alias authentication  web enhanced methods  multi-party conferences (calling)  generated target number  central calling

13 Security in H.323: the Gatekeeper  H.235  Cisco MCM: user/password piggy-back  Radvision ECS: predefined endpoints  GNU GK: predefined endpoints, Q.931 signaling filters

14 Security in H.323: Gatekeeper backends  Gatekeeper APIs (SNMP or proprietary)  Cisco GKAPI  Radvision ECS API (SNMP-based H.348?)  Radius  Cisco MCM  GNU GK  DBMS  Radvision ECS  GNU GK  LDAP  Radvision ECS  GNU GK

15 Security in H.323: web integration of backends  web-based flexible custom interfaces  SSL enabled  allow user control of IP and aliases  allow scheduling and reservation of resources (an added benefit)

16 Current problems in H.323  securing registration of multiple aliases is difficult  ad-hoc authentication techniques do not accommodate all endpoints  mobility is hindered  firewall/NAT traversal is difficult  media stream protection is lacking

17 Future developments in H.323 security  H.350:  LDAP authentication  LDAP endpoint setup  H.235:  wider support in products  certificate support  media stream encryption

18 Links and References  Internet2 - 2003 fall MM: securing video Internet2 - 2003 fall MM: securing video  The TERENA IP Telephony CookbookIP Telephony Cookbook  The VIDE VideoConf CookBook  The VIDE Development Initiative The VIDE Development Initiative  Internet2 - Video Middleware (VidMid)  Internet2 - VC SiteCoordinatorsTrainingSiteCoordinatorsTraining  Internet2 - VidMid H.350 Internet2 - VidMid H.350  Packetizer References Packetizer References

19 Questions ?

20 The END!

Download ppt "Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET."

Similar presentations

Vidmid-vc: Middleware for Video Conferencing Services

Vidmid-vc: Middleware for Video Conferencing Services
H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support.

H.235 Authentication, Integrity and Encryption Adi Regev Sr. Director Sales Engineering & Customer Support.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Gatekeepers Gabe Moulton The Ohio State University Internet2 Commons Site Coordinator Training March 22, 2004 Indianapolis, Indiana.

Gatekeepers Gabe Moulton The Ohio State University Internet2 Commons Site Coordinator Training March 22, 2004 Indianapolis, Indiana.
Gatekeepers Soh Hock Heng National University of Singapore Internet2 Commons Site Coordinator Training December 3, 2003 National Univesity of Singapore.

Gatekeepers Soh Hock Heng National University of Singapore Internet2 Commons Site Coordinator Training December 3, 2003 National Univesity of Singapore.
H.323 Gatekeepers Lucent Technologies - elemedia.

H.323 Gatekeepers Lucent Technologies - elemedia.
H. 323 Chapter 4.

H. 323 Chapter 4.
A Presentation on H.323 Deepak Bote. Email, IM, blog…

A Presentation on H.323 Deepak Bote. , IM, blog…
Video Conferencing Global Dialing Scheme (GDS) Zeeshan Aamir.

Video Conferencing Global Dialing Scheme (GDS) Zeeshan Aamir.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.

H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H.323 4. Terminal.

Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.

VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

Similar presentations

Ads by Google