Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download SIP over identifier/locator splitted next generation - DCA
Document related concepts
Net neutrality law wikipedia , lookup
Wireless security wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
Zero-configuration networking wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
SIP over an Identifier/Locator splitted Next Generation Internet architecture Christian Esteve Rothenberg, Walter Wong, Fábio L. Verdi, Maurício F. Magalhães School of Electrical and Computer Engineering (FEEC) State University of Campinas (UNICAMP), Brazil ICACT08 Phoenix Park, South Korea, 18/02/2008 Introduction • Current Internet architecture presents some limitations to the natural deployment of new services: – Mobility/Multi-homing – Network heterogeneity “Patches” approach: NAT, IPSec, Mobile IP,etc. – Embedded Security • Existing applications like SIP demand security, mobility support, and operation over IPv4 and IPv6. 18/02/2008 ICACT08 Many SIP add-ons: ALG, SBC, TLS , SRTP, S/MIME,etc. 2 Introduction • Main issue: IP semantic overload – Transport layer: IP is an identifier (naming) IP – Network layer: IP is a locator (addressing) • Consequences SIP HTTP SDP Legacy DNS applications RTP … – Lack of a stable identifier for S T U C end-to-end communication C D T P P P – Mobility/Multihoming ID Host Identifier – Heterogeneity IP IPv4 IPv6 Network locator – Security • Solution Ethernet … Network – Identifier/locator separation ATM technology WLAN SONET • HIP, IETF RRG LISP, NodeID 18/02/2008 ICACT08 3 Introduction Identifier/locator separation • Introduction of an identification layer between the network and transport layers (as in HIP) • Identifiers are 32-bit (128-bit in IPv6) flat (topology-free), persistent and unique node IDs <IP:port>src <IP:port>des Protocol Application Application socket socket <ID:port>src <ID:port>dest Protocol Identifier Static binding Dynamic binding IP = 10.1.1.2 10.1.1.1 18/02/2008 locator locator ICACT08 IP = 10.1.2.3 10.1.1.1 10.1.1.2 4 Background Next Generation Internet Architecture Proposal • Originally inspired by the NodeID architecture – Global, flat, cryptographic node Identifiers (as in HIP) – Host FQDN assumed • Extended with Domain IDs (DID) – Scalability (!) • Routing on flat IDs (DID/NID) – Different to HIP (!) 18/02/2008 ICACT08 5 Contribution Functionalities of our NGI Framework 1: • • • • • • • Name Resolution Mobility Internal modules Control plane Multi-homing Mobility DHT Client Flat Routing Gw Msg Srv RVS Client Security Mgr DHCP Client Security Heterogeneity Legacy Applications Support DHT External Modules RVS DNS DHCP Legacy appl. support DNS Filter Handler Identification layer ID Packet Security Handler Mapper Security DB Flat routing Peer Routing Cache Network 1 W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A can e.g., SIP Framework forHow Mobility and an Flat existing Addressing application in Heterogeneouslike Domains", In 25º Brazilianoperate Symposiumwith of Computer Networks and Distributed Systems, SBRC 2007. and benefit from our NGI Architecture? 18/02/2008 ICACT08 6 Scenario under evaluation FQDN1 (hostname1.sth.atlanta.com) NID1 (32-bit) UA1 (sip:[email protected]) sip_proxy1.atlanta.com (1) DNS (2) INVITE sip:[email protected] To: sip:[email protected] From: sip:[email protected] Contact: FQDN1 o= FQDN1 c= NID1 … RVS P1 DNS Domain1 atlanta.com (5) DR DHT (3) RVS DHT DR Internet Core (IPv4) DHT (4) UA2 (sip:[email protected]) NID2 (32-bit) FQDN2 (hostname2.sth.biloxi.com) 18/02/2008 Domain2 biloxi.com P2 sip_proxy2.biloxi.com ICACT08 7 Transparent naming global, unique local Hostnames • FQDN can be assumed as global FQDN name space for all hosts Resolution() SIP URI NID Locator – Enabled by the unique and user Hash() @ global-scope NIDs Network domain Address • SIP RFC 3261 RECOMMENDS Node Identity use of FQDN form names Name resolution Legacy appl. support • SIP UA DNS requests (gethostbyname(), SIP SRV) intercepted DNS Filter Handler • NIDs returned to the SIP application as typical IP addreses. Transparent architecture features Flat routing Peer • The architecture handles the dynamic locator binding, Routing Cache security associations, flat routing, etc. Identification layer (32 / 128 bits) Private Key 18/02/2008 ICACT08 Packet Handler Public Key ID Mapper Security (IPv4 / IPv6) Security DB 8 Transparency Source address = source NID Destination address = dest NID IP UDP Payload Legacy SIP & RTP packets Src <NID, DID> Dst <NID, DID> NIH NID Header Network 18/02/2008 IP UDP ICACT08 Payload Payload 9 Security • Embedded on the identification layer (HIP-like) – NIDs are cryptographic hashes of public keys – Enables nodes to self-claim their identities – Authentication based on public key infrastructure (PKI) • Provides single secure channel between peers – For all communications, all applications HDR, CERT, nonce HDR, {CERT, DHB, nonce}, sig A 18/02/2008 HDR, {DHA}, sig. ICACT08 B 10 Mobility • • • • Periodic locator updates in the Rendezvous Server Mobility event transparent to applications (SIP clients) TCP connections survived network reconfigurations RTP stream “seamless” recovered W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applicationswith (AINA), Japan, March 2008 10 experiments, RVS Update every 3s and G.729 (20ms) coded RTP payload. 18/02/2008 ICACT08 11 Performance • Signaling overhead – Extra interactions required – SIP session establishment time difference negligible in our testbed environment • VoIP bandwidth overhead – Comparable to other security schemes – Header compression possible ES P /A H ID H 18/02/2008 ICACT08 12 Related Work • Next Generation Internet architectures – FARA, i3, TRIAD, ROFL, DONA – Node Identity Internetworking Architecture (NodeID), draft-schuetz-nid-arch-00, Sep. 07 • ID/Loc separation – HIP, IETF RRG (LISP, NERD, etc.) – ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Jan. 07 • Interactions of HIP with SIP – P2PSIP, SHIP, draft-tschofenig-hiprg-host-identities, Jun. 07 18/02/2008 ICACT08 13 Future Work • DID/NID flat routing approach – Scalability – Domain mobility (Submitted paper) • Security model (HIP inspired) – Comparison to related work on security (Paper in progress) • Enhanced name resolution mechanims (DHT-based) – DID router resolution in the Internet Core • Extend our framework towards a data-oriented / content-centric paradigm 18/02/2008 ICACT08 14 Conclusion • Framework to instantiate NGI proposals • ID/Loc separation implementable – Validated the claim of existing application support – Contribution towards a Next Generation Internet arch. • Benefits from ID/Loc adoption: – Native network mobility support • Transparent to applications – Native security based on the identification layer • E2E single secure channel – Operation over heterogeneous realms (IPv4/IPv6) • Affordable overhead (signaling, BW, computation) 18/02/2008 ICACT08 15 Thank you! Questions? 18/02/2008 ICACT08 16 Backup 18/02/2008 ICACT08 17 References • • • • • • • • J. F. Shoch, "Inter-Network Naming, Addressing, and Routing." In Proceedings of IEEE COMPCON, Fall, 1979. J. Chiappa, "Endpoints and Endpoint Names: A Proposed Enhancement to the Internet Architecture", [Online]. Available: http://users.exis.net/~jnc/tech/endpoints.txt, 1999. R. Jain, “Internet 3.0: Ten Problems with Current Internet Architecture and Solutions for the Next Generation,” Military Communications Conference MILCOM, Washington, DC, October 23-25, 2006. I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, "Internet Indirection Infrastructure," In Proceedings of SIGCOMM 2002. M. Caesar, K. Lakshminarayana and et al. “ROFL: Routing on Flat Labels”. In Proceedings of SIGCOMM 2006. B. Ahlgren, J. Arkko, L. Eggert and J. Rajahalme. “A Node Identity Internetworking Architecture”. In Proceedings of the IEEE INFOCOM 2006 Global Internet Workshop, Spain, 2006. P. Nikander. "Implications of Identifier / Locator Split", Helsinki University of Technology (TKK) NETS 1a morning coffee, Dec. 2004. D. Farinacci et al. “Locator/ID Separation Protocol (LISP)”. IETF Draft, draft-farinacci-lisp-02 (work in progress), July 2007. ITU-T, “Separation of IP into identifier and locator in NGN”, Draft Recommendation Y.ipsplit, Beijing, China, 8-12 January 2007. 18/02/2008 ICACT08 18 References • • • • • • • • S. Schuetz, R. Winter, L. Burness, P. Eardley and B. Ahlgren, "Node Identity Internetworking Architecture", IETF Internet-Draft draft-schuetz-nid-arch-00 (work in progress), September 2007. W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, "A Framework for Mobility and Flat Addressing in Heterogeneous Domains", In 25º Brazilian Symposium of Computer Networks and Distributed Systems 2007, SBRC 2007, Brazil May 2007. W. Wong, R. Pasquini, R. Villaça, L. de Paula, F. L. Verdi and M. F. Magalhães, “An Architecture for Mobility Support in a Next Generation Internet”, In IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA), Japan, March 2008 J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002 R. Moskowitz and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006. B. Ahlgren, L. Eggert, B. Ohlman, J. Rajahalme, and A. Schieder, “Names, addresses and identities in ambient networks”. 1st ACM Workshop on Dynamic interconnection of Networks, September 2005 J. Rosenberg and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC 3263, June 2002. M. Handley, V. Jacobson and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006. 18/02/2008 ICACT08 19 References • • • • • • • • J. Y. H. So, J. Wang, and D. Jones, "SHIP Mobility Management Hybrid SIP-HIP Scheme," In Proceedings of Sixth SNPD/SAWN International Conference, USA, 2005. H. Tschofenig, J. Ott, H. Schulzrinne, T.Henderson, and G. Camarillo, "Interaction between SIP and HIP", draft-tschofenig-hiprg-host-identities (work in process), Internet-Draft, IETF, June 2007 D. Geneiatakis et al. "Survey of Security Vulnerabilities in Session Initiation Protocol", IEEE Communications Surveys and Tutorials, vol. 8 (3), IEEE Press, 2006, pp. 68–81. H. Schulzrinne and E. Wedlund, “Application Layer Mobility using SIP”, ACM Mobile Computing and Communications Review, vol. 4,, July 2000. D. Le, X. Fu and D. Hogrefe, “A Review of Mobility Support Paradigms for the Internet”, IEEE Communications Surveys and Tutorials, Jan 2006. A. Botta, A. Dainotti and A. Pescapè, "Multi-protocol and multi-platform traffic generation and measurement", INFOCOM 2007 DEMO Session, May 2007, Anchorage (Alaska, USA). Open SIP Express Router, [Online]. Available: http://www.openser.org/ SIPp, traffic generator, [Online]. Available 18/02/2008 ICACT08 20 Architecture DHT External Modules RVS DNS DHCP Legacy appl. support Internal modules Filter Control plane Mobility DHT Client Gw Msg Srv RVS Client Security Mgr DHCP Client DNS Handler Identification layer Packet Handler ID Mapper Security Security DB Flat routing Routing 18/02/2008 ICACT08 Rede Peer Cache 21
