Download presentation
Presentation is loading. Please wait.
Published byJaden Bruce Modified over 11 years ago
1
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of Technology March 25, 2003 ViDe 5 th Workshop
2
Caltech Proprietary Outline VRVS view on videoconferencing security VRVS view on videoconferencing security Security features in VRVS 3.0 and future Security features in VRVS 3.0 and future
3
Caltech Proprietary VRVS View of Videoconferencing Security A. Network level security (support videoconferencing over firewall, NAT) B. Global collaboration session security (user authentication/ authorization, media encryption)
4
Caltech Proprietary Current Industrial Solution Full Proxy Full Proxy Proxy IP call into 2 different call, private network call proxy and proxy call public network Application Level Gateways (ALG) Application Level Gateways (ALG) Programmed firewall with knowledge on specific IP protocol such as H.323 and SIP DMZ MCU DMZ MCU MCU in demilitarized zone Problem : very complex to implement and not scalable Problem : very complex to implement and not scalable
5
Caltech Proprietary VRVS Proposed Solution Allow any videoconferencing clients behind firewall/NAT to join world wide session Allow any videoconferencing clients behind firewall/NAT to join world wide session Highly scalable Highly scalable Easy or zero configuration for end user Easy or zero configuration for end user Minimize the influence on real-time performance Minimize the influence on real-time performance
6
Caltech Proprietary Security Features in VRVS 3.0 Network Security: Many VRVS reflectors are installed behind firewall or in DMZ Many VRVS reflectors are installed behind firewall or in DMZ Solution for private network with highest security firewall by initializing TCP connection from inside Solution for private network with highest security firewall by initializing TCP connection from inside Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Solution for host behind NAT Solution for host behind NAT
7
Caltech Proprietary Session security: User authentication : Each VRVS user need to registered with username/password linked to email. User authentication : Each VRVS user need to registered with username/password linked to email. Password is encrypted during transfer and within DB. Password is encrypted during transfer and within DB. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Community level access control. Community level access control. Password protected Virtual Room. Password protected Virtual Room. Monitoring and enable/disable connected host. Monitoring and enable/disable connected host. All the participants in current session are list. All the participants in current session are list. Security Features in VRVS 3.0
8
Caltech Proprietary Proposed and Ongoing VRVS Security R&D To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Certificates on VRVS registered users Certificates on VRVS registered users Assign VRVS registered users with more delicate access control level on network resource Assign VRVS registered users with more delicate access control level on network resource
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.