Secure Videoconferencing - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Secure Videoconferencing

Description:

No resource discovery need to already know address of gatekeeper ... White Pages Lookup: Look me up in UAB electronic phonebook, ... book (white pages) ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 16
Provided by: gem4
Category:

less

Transcript and Presenter's Notes

Title: Secure Videoconferencing


1
Secure Videoconferencing
  • Jill Gemmill, UAB

2
Room for ImprovementVideoconferencing
applications today
  • No resource discovery need to already know
    address of gatekeeper/proxy, target, gateway
  • Non-existent or unreliable authentication (who is
    calling?)
  • No authorization (all users have same access)
  • No security (eavesdropping)

3
Goal for Video Middleware
  • Develop Middleware Strategies and Prototype
    Working Code for
  • FEDERATED (No Root Authority multiple policy)
  • SECURE (Authenticated Users Ability to apply
    Usage policies no eavesdropping)
  • VIDEOCONFERENCING (H.323 and SIP) Services

4
Who?
  • VidMid-VC
  • Internet2 and ViDe
  • I2 MACE (Middleware Architecture Committee for
    Education)
  • Vendor representatives
  • International Organizations (SURFnet)

5
Desirable Outcomes
  • Perform directory lookup to find person and
    locate dialing information
  • Automatic configuration of underlying resources
  • Make use of existing authoritative directories of
    people/resources
  • Leverage authentication for encryption
  • Role-based authorization decisions
  • Work with established H.323 and SIP protocol
    standards

6
commObject Directory Object Class
  • commObject communications Object Class
  • Standardized schema for use in LDAP Directories
  • Puts configuration information in a well-known
    location

7
commObject (now ITU-T H.350)
commObject commUniqueId commOwner
commPrivate h323Identity h323IdentityGKDomain
h323Identityh323-ID h323IdentitydialedDigits
h323Identityemail-ID h323IdentityURL-ID
h323Identitytransport-ID h323IdentitypartyNumber
h323IdentitymobileUIM h323IdentityUid
h323IdentityPassword h323IdentityCertificate
h323IdentityEndpointType
Enterprise Directory inetOrgPerson name
address telephone email organization
organizational unit commURI RFC 1274
userPassword
8
commObject can be used for
  • White Pages Lookup Look me up in UAB electronic
    phonebook, find my Phone, E-mail AND VC dialing
    information
  • Management Push configuration down to
    endpoint/user agent
  • Authentication based on authoritative enterprise
    sources at home institution
  • Encryption

9
Security Mechanisms
  • SIP
  • End-to-end mechanisms
  • Basic authentication
  • Digest authentication
  • Message body encryption using S/MIME
  • Hop-by-hop mechanisms
  • Transport Layer Security (TLS)
  • IP Security (IPSec)
  • The SIPS URI schema
  • H.323/H.235
  • Annex D - Baseline Security Profile
  • Hop-by-hop processing
  • Password based security
  • Annex E - Signature Security Profile
  • Certificate Based Security (PKI)

10
Non-Standard CredentialStorage
Videoconferencing Credentials
H.323
SIP
UserNameJillPasswordXYZ
UserNameJillPasswordXYZ
PROXY
Gatekeeper
UserNameJillPasswordXYZ
OK
UserNameJillPasswordXYZ
OK
UserAgent
End Point
UserNameJillPasswordXYZ
UserNameJillPasswordXYZ
11
commObject Credential Storage
Videoconferencing Credentials
UserNameJillPasswordXYZ
Gatekeeper
commObj
UserNameJillPasswordXYZ
OK
UserNameJillPasswordXYZ
UserNameJillPasswordXYZ
End Point
12
Enterprise Authentication with CommObject
Videoconferencing Credentials
UserNameJillPasswordXYZ
Gatekeeper
LDAPcommObj
Enterprise Credentials
UserNameJillPasswordXYZ
OK
UserNameJillPasswordXYZ
UserNameJillPasswordXYZ
LDAPPerson
End Point
OK
EntIDJGemmillPassword54321
EntIDJGemmillPassword54321
13
Summary Directory enabled videoconferencing
provides
  • Global video address book (white pages)
  • Improved management tools for VC service
    operators (no more walking to desktops or giving
    phone instructions)
  • Universities already have directories of their
    faculty/staff/students, often used to
    authenticate use them!
  • Role based authz faculty can schedule the MCU
    800-500 students at other times
  • Leverage LDAP-aware components for enterprise
    authn identity credentials can unlock
    application credentials
  • Prototype software coming soon

14
Acknowledgement
  • This material is based upon work supported by the
    National Science Foundation under Grant No.
    0222710 June 2002-May 2004
  • Any opinions, findings, and conclusions or
    recommendations expressed in this material are
    those of the author(s) and do not necessarily
    reflect the views of the National Science
    Foundation

15
National Science Foundation Middleware Initiative
(NMI)http//www.nsf-middleware.org/
  • NMI Directory schema
  • commObject object class
  • eduPerson, eduOrg object classes
  • Best Practices LDAP Recipe
  • Software
  • Pubcookie (intra-realm authentication
  • Shibboleth (inter-realm authorization)
  • OpenSAML (attribute queries/assertions)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure Videoconferencing" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!