1. P2P Networking for Consumer Electronics (CE) Devices November 12, 2005 Eunsoo Shim Greg Perkins Panasonic Digital Networking Laboratory P2P SIP Ad-hoc Meeting IETF64, Vancouver

2. 2 P2P Networking for CE Devices CE devices have been converted to digital and connected to networks. Connecting Consumer Electronics devices with P2P networking Handset (cellular, WiFi), Digital Camera, Camcorder, Personal Video Recorder, Digital TV, Set-top Box, PC,… CE devices Portable/Wireless/Battery-Powered or Static Limited Computing Power Heterogeneous Various applications VoIP Presence & Instant Messaging P2P Video Multicast Content sharing (photos, video clips, MP3 files) … P2P network scenarios Ad-hoc (emergency, conferences, events,..) Home Enterprise, Campus Global SIP UA (User Agent) SIP UA SIP or PSTN

3. 3 P2P-SIP for CE P2P Networking P2P SIP --- a key component for VoIP, Presence & Instant Messaging, P2P Video Multicast, etc. Requirements for SIP-based Peer-to-Peer Internet Telephony ( draft-baset-sipping-p2preq-00.txt ) Collaboration with Salman, Henning (Columbia University) and Kishore (Avaya Labs) Investigating use of Chord for P2P SIP Reason for focusing on Chord for now --- well known and understood Other overlay mechanisms are under consideration (e.g. Pastry) Difficult to single out “THE DHT” Requirements --- Simplicity, Robustness against Churning Points of investigation for P2P SIP Architecture Support of portable/wireless devices (high churn rate) Lightweight protocol for small resource-limited devices Security DHT pluggability

4. 4 Need for P2P SIP Standards CE manufacturers are reluctant to add proprietary protocols into their products. Downloading software into CE devices is not a common feature yet. Users own products of diverse manufacturers.

5. 5 CE P2P Security versus User Demands What users want: Anonymous identity and Privacy protection Simple security interfaces (or the security just ‘works’) Access to services 99+% of the time Long battery life Good device performance (minimal wait times) These user demands can be fulfilled but they strongly contend with standard security solutions because: Security typically asks for ‘strong identities’ because it helps strengthens many security tasks Identities that are somehow tied to a real-world identity Complex management of secret keys and security policies A single security solution for all types of P2P networks is unlikely but the user cannot be expected to manage multiple security systems Security protocols are often computationally intensive (sometimes needlessly, since ‘canned’ solutions often use the strongest cryptography available) and these protocols are often susceptible to computational DoS attacks which can quickly drain the battery of a resource limited CE device.

6. 6 Implications for P2P-SIP Not all peers are created equal: To provide good security in a DHT like Chord, various checks and (probably) a PKI are needed. Such cryptographic methods will overburden many CE devices (either their CPU/RAM, battery life or both). So, Can devices be part of DHT without supporting heavyweight security algorithms? or Perhaps these devices can use the DHT without supporting it? The P2P identifier should contain a 8-16 bit ‘type of peer’ field Could be useful beyond security Binding peer identity to some ‘real-world identity’ makes for a ‘strong identity’ that cannot be easily whitewashed, which helps P2P security methods immensely. A potential new method of doing this anonymously should be supported, along with other forthcoming HW auth & attestation methods for device identification: Shane Balfe, et. all, “Trusted Computing: Providing Security in P2P Networks” Security should be a ‘feature’ enhancement, not a burden. Therefore, security solutions should not be seen as ‘all-or-nothing’ but instead as ‘best effort’ DHT Ring This concept has been discussed in order to reduce the problem of churn. So arguments supporting this type of P2P overlay can be made from both sides. (better for the DHT and better for peers that have limited capabilities) Of course, the question of ‘fair use’ will need to be addressed.