Presentation is loading. Please wait.

Presentation is loading. Please wait.

P2P SIP Names & Security Cullen Jennings

Published byAshlie Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "P2P SIP Names & Security Cullen Jennings"— Presentation transcript:

1 P2P SIP Names & Security Cullen Jennings fluffy@cisco.com

2 Security Trade Offs Certain other features, or convenience of operation, make users willing to accept reduced security –Better than nothing principle Certain ideas that work in small groups of friends completely fail before they meet any size that would be considered “successful”

3 Threat Models No idea what to put here - will need work –Run in my home? –Run on the internet? –Protect from neighbor? from me? wireless to front yard? –Protect what? –Used for playing games and no one cares if works? –Used by emergency workers? –Skype claims to have surprisingly strong security? Is it P2P? What are the devices? What is the information they exchange? Who might be able to intercept/tamper with it? How much would users or attackers care?

4 Security Concerns Who am I talking to When people want to talk to me, do they reach me Can other people listen to my call Can people discover who I call and when Do I know who is calling me Can I call someone without revealing who I am Denial of service Who can cancel my name Do I know I am talking to same person as previous call SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM

5 Names Some properties a namespace might have: –Names are unique –Can know who is authorized to use a name –Don’t require a central registry –Delegation of portions of namespace –Size of namespace –Free/Cheap in the monetary sense Pick any few :-)

6 Names, Routes & Translation What is a name: –An identifier that some object asserts that it goes by. The name is persistent over some time span. –Ex: email address, telephone number, “number” in DHT What is a routable address: –An address that is routable in the context of a particular network element. – Ex: IP address What is a translation: –lookup from name to another name or routable address –Ex: DHT

7 Example Namespaces DNS –unique, central, delegated, cheap –authorization via web certs Email addresses –sub delegation of DNS IP Addresses –unique (mostly), admin delegate + DHCP E.164 Telephone numbers –unique, non central, delegated, not cheap –authorization hard –somewhat limited size

8 P2P Names & Translation Self assigned identifiers as names –Can “ask” if they are unique –Can’t “guarantee” that they are unique Translation –all examples here translate to IP –A few approaches Translation with DHT Translation with broadcast table Security Properties –Bad: identity, integrity, privacy, DoS, name stealing, Spam –Good: uh, ah, not much Other properties –Good: operations and management

9 P2P as a DNS Replacement (Hint: I suspect this is not a good idea) There are some use cases when DNS is not reachable Many of these cases can be solved with local discovery approaches –Ex: (multicast, zeroconf, rendezvous, SrvLoc)

10 The BAD news So far, no way to simultaneously achieve both: –no central name authority –stop names from being stolen by other users This will somewhat constrain the security properties of various solutions

11 The GOOD news Got lemons, Make lemonade Anonymous Communications –Anonymous communications can be anonymous –SIP has not practically solved how to deploy media and signaling Anonymization Distributed media relay –P2P style distributed media relays do not require names principle

Download ppt "P2P SIP Names & Security Cullen Jennings"

Similar presentations

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.

1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Applications: History to Future Why end-to-end shouldn’t be dead Pete Resnick Protocol standards bonehead Qualcomm Technologies, Inc.

Applications: History to Future Why end-to-end shouldn’t be dead Pete Resnick Protocol standards bonehead Qualcomm Technologies, Inc.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.

IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604.

Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.

IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
How the Internet Works Jon Crowcroft,

How the Internet Works Jon Crowcroft,
E-Safety Quiz Keeping safe online! A guide for parents & children.

E-Safety Quiz Keeping safe online! A guide for parents & children.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
Internet Safety.

Internet Safety.
Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.

Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Addressing Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Addressing Networking for Home and Small Businesses – Chapter.

Similar presentations

Ads by Google