Secure Peering with AsteriskTM - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Secure Peering with AsteriskTM

Description:

Secure Peering with AsteriskTM. Jim.Dalton_at_TransNexus.com. VON.x San ... lists are ... OSP enabled H323 proxy. www.TransNexus.com. Free OSP server download ... – PowerPoint PPT presentation

Number of Views:69
Avg rating:3.0/5.0
Slides: 22
Provided by: jimda52
Category:

less

Transcript and Presenter's Notes

Title: Secure Peering with AsteriskTM


1
Secure Peering with AsteriskTM
VON.x San Jose, CA March 2008
Jim.Dalton_at_TransNexus.com
2
What is Secure Peering?
  • Secure Peer to Peer VoIP based on a shared Public
    Key Infrastructure (PKI)

Peering Server
Branch Office
Internet
Headquarters
Manufacturing
Sales Office
Call Center
Sales Office
3
Establishing PKI Security Services
Asterisk
Certificate Authority (CA) for Peer to
Peer Authorization (OSP Server)
Client Device requests public-key and certificate
from CA
CA sends its public key and its certificate
Client Device sends certificate request to CA
CA returns signed certificate
4
Benefits of secure multi-lateral peering
  • Efficient peer to peer communications eliminates
    signaling bottlenecks
  • Access control is greatly simplified
  • IP access lists are eliminated
  • Asymmetric key management is simpler and more
    secure than shared secrets (passwords)
  • Eliminates complexity of many peer to peer
    interconnect agreements

5
Examples of Secure Peering
  • Enterprise VoIP VPN
  • Wholesale Inter-Carrier VoIP Services
  • Tiered Peering
  • Dundi Settlement Clearinghouse

6
Enterprise VoIP Network
  • Requirements

1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting 4.
Autonomous local operation 5. Minimum bandwidth
1. Centralized routing
1. Centralized routing 2. Secure inter-office
access control
1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting
1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting 4.
Autonomous local operation
2. Secure inter-office access control
4. Autonomous local operation
3. Centralized accounting
5. Minimum bandwidth
1. Centralized routing


Branch Office
Internet
Headquarters
Manufacturing
Sales Office
Call Center
7
Enterprise VoIP VPN
  • Secure peering architecture provides VoIP VPN

1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting 4.
Autonomous local operation 5. Minimum bandwidth
1. Centralized routing
1. Centralized routing 2. Secure inter-office
access control
1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting
1. Centralized routing 2. Secure inter-office
access control 3. Centralized accounting 4.
Autonomous local operation
Peering Server
Branch Office
Internet
Headquarters
Manufacturing
Sales Office
Call Center
2. Route Authorization
3. SIP INVITE with Token
4. CDR collection
1. Enrollment
8
Wholesale Inter-Carrier Services
  • Challenge How to manage interconnect access and
    billing among thousands of ITSP peers

Internet
9
Wholesale Inter-Carrier Services
  • Conventional solution is to route all calls via a
    softswitch or session border controller.

Internet
10
Wholesale Inter-Carrier Services
  • Secure peering is more scalable, more reliable,
    better QoS, less bandwidth, lower cost.

Peering Server
Route Lookup
Internet
11
Wholesale Inter-Carrier Services
  • Call Detail Collection from both the source and
    destination eliminates settlement disputes

Peering Server
Internet
12
Tiered Peering
  • Secure peering among multiple peering networks.

Peering Server
Peering Server
Internet
Purple Peering Network
Yellow Peering Network
13
Tiered Peering CDR Reporting
  • Top tier peering networks receive Call Detail
    Records from both source and destination peers.

Peering Server
Peering Server
Internet
Purple Peering Network
Yellow Peering Network
14
DUNDi
  • Distributed Universal Number Discovery
  • Based on General Peering Agreement
  • No Settlement

15
DUNDi Clearinghouse
  • DUNDi nodes enroll with CA
  • DUNDi nodes enroll with CA
  • Route and rate discovery with DUNDi
  • DUNDi nodes enroll with CA
  • Route and rate discovery with DUNDi
  • Source submits route rate to clearinghouse for
    digitally signed token

rate / minute?
2 / minute!
16
DUNDi Clearinghouse
  • SIP INVITE includes signed token

SIP INVITE with token
  • Destination validates token and rate
  • CDRs sent to clearinghouse

17
DUNDi Clearinghouse

  • Clearinghouse performs settlement billing

18
Details of Secure Peering
  • ETSI OSP protocol defines standardized messages
    for the secure exchange IP based sessions.
  • An OSP server is a web server
  • Message Formats
  • Multipurpose Internet Mail Extensions (MIME)
  • eXtensible Markup Language (XML)
  • Secure MIME
  • Communication Protocols

19
OSP Message Example
HTTP/1.1 200 OK Server IP address of OSP
server Date Thu, 12 May 2005 183259
GMT Connection Keep-Alive Keep-Alive
timeout3600, max5000 Content-Length
1996 Content-Type text/plain lt?xml
version'1.0'?gt ltMessage messageId'11703738491'
random'21655'gt ltAuthorizationResponse
componentId'11703738490'gt ltTimestampgt2005-05-12T1
83259Zlt/Timestampgt ltTransactionIdgt47850982870685
43017lt/TransactionIdgt ltDestinationgt ltCallId
encoding'base64'gtMTExNTkxOTE3Ny45lt/CallIdgt
ltDestinationInfo type'e164'gtCalled
Numberlt/DestinationInfogt ltDestinationSignalAddr
essgtIP AddressPortlt/DestinationSignalAddressgt
HTTP Header
OSP Message
20
OSP Message Example (cont.)
Unique Transaction ID per call
ltAuthorizationResponse componentId'11703738490'gt
ltTimestampgt2005-05-12T183259Zlt/Timestampgt ltTrans
actionIdgt4785098287068543017lt/TransactionIdgt ltDest
inationgt ltCallId encoding'base64'gtMTExNTkxOTE3
Ny45lt/CallIdgt ltDestinationInfo
type'e164'gtCalled Numberlt/DestinationInfogt
ltDestinationSignalAddressgtIP Address
Portlt/DestinationSignalAddressgt
ltUsageDetailgt ltAmountgt14400lt/Amountgt
ltUnitgtslt/Unitgt lt/UsageDetailgt
ltValidAftergt2005-05-12T182759Zlt/ValidAftergt
ltValidUntilgt2005-05-12T183759Zlt/ValidUntilgt
ltDestinationProtocolgtsiplt/DestinationProtocolgt
ltSourceInfo type'e164'gtCalling
Numberlt/SourceInfogt ltToken encoding'base64'gt
Vj0xCnI9MjE2NTUKYz0KQz03Nzc3Nzc3Nzc3Cmk9TVRFeE5U
a3hPVEUzTnk0NQphPT IwMDUtMDUtMTJUMTg6Mjc6NTlaCn
U9MjAwNS0wNS0xMlQxODozNzo1OVoKST00Nz
Call ID from source device
Called Number may be translated
Call authorized for 14440 seconds
IP Address of Called Number
Call authorized to start in 10 minute window
Protocol may be SIP, H323, IAX,
Digital signature of token ensures non-repudiation
21
Tools for Secure Peering
  • www.Asterisk.org
  • Asterisk includes OSP client
  • www.SourceForge.net
  • osp-toolkit (client)
  • RAMS OSP Server
  • www.vovida.org
  • OpenOSP Server (based on Apache)
  • www.iptel.org
  • SIP Express Router supports OSP
  • www.OpenSER.org
  • OpenSER SIP proxy supports OSP
  • www.voxgratia.org
  • OSP enabled H323 proxy
  • www.TransNexus.com
  • Free OSP server download
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure Peering with AsteriskTM" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!