Developing Secure, Multi-lateral Peer to Peer SIP Applications - PowerPoint PPT Presentation

1 / 16

About This Presentation

Title:

Developing Secure, Multi-lateral Peer to Peer SIP Applications

Description:

Developing Secure, Multi-lateral. Peer to Peer SIP Applications. Jim.Dalton_at_TransNexus.com ... Inter-domain Access control. Accounting ... – PowerPoint PPT presentation

Number of Views:36

Avg rating:3.0/5.0

Slides: 17

Provided by: jimd165

Category:

more less

Transcript and Presenter's Notes

Title: Developing Secure, Multi-lateral Peer to Peer SIP Applications

1
Developing Secure, Multi-lateralPeer to Peer SIP
Applications
VoIP Developer Conference 4 Aug 2004 San Jose
Jim.Dalton_at_TransNexus.com
2
Market Problem
Terminating Domain ?
Routing
Access Control
Accounting
Originating Domain
PSTN
Settlement
call
Ethernet Switch
Router
PSTN
PSTN
Internet or IP Network
PSTN
Service Provider POP
3
Current Status

ENUM provides a solution for peer to peer route
discovery
But how to handle?
Inter-domain Access control
Accounting
Backwards compatibility with Operational Support
Systems for H.323 networks
Evolution to new services

4
Solution Open Settlement Protocol

Open Settlement Protocol (OSP)
Global standard for inter-domain transaction
authorization and usage reporting.
Developed by ETSI in 1998, now in version 4.1.1
Based on existing standards
Uses Asymmetric Public Key Infrastructure (PKI)
services for non-repudiation of transactions
Broad support Cisco, Alcatel, Radvision,
UTStarcom, Mediaring, ISDN Communications, Veraz,
Vovida, Asterisk
Protocol Independent
Works with SIP, H.323, SMS, MMS

5
Details on OSP

Message Formats
Multipurpose Internet Mail Extensions (MIME)
eXtensible Markup Language (XML)
Secure MIME
Communication Protocols

6
OSP Message Example
7
Overview I - How OSP Works

Route discovery
Inter-domain access control

8
Overview II - How OSP Works

CDR collection

9
The Basics of Public-key Cryptosystems
Security services between parties rely on the
exchange of public keys and security of
corresponding private keys.

Critical Points
Public / Private keys used for encryption /
decryption and digital signatures
Public keys are public easy to distribute
A digital certificate signed by a trusted 3rd
party ensures the public-key is legitimate
Digital signatures provide data integrity,
authentication and non-repudiation
Certificates may be chained from a root authority

10
Establishing PKI Security Services
Certificate Authority for Peer to
Peer Authorization (OSP Server)
SIP Device
Client Device requests public-key and certificate
from CA
CA sends its public key and its certificate
Client Device sends certificate request to CA
CA returns signed certificate
11
Source Peer Authentication
OSP Server
IP Network
Carrier A

Routing request to OSP Server is digitally signed
with VoIP devices private key.
OSP server verifies client signature with
clients public key to authenticate routing
request.

12
Inter-Domain Access Control
OSP Server
Authorization Token
IP Network
Domain A
Domain B

OSP Server digitally signs authorization token
Authorization token included in SIP Invite
Domain B has no trusted relationship with Domain
A, but verifies digital signature with CA public
key
Carrier can retain digital signature for
non-repudiation

13
Authorization Token

Destination
IP address, domain name, sip uri, tel uri, E164,
trunk group
Destination Protocol
SIP, Q931, H323-LRQ
Transaction ID
Service Type, Bandwidth, Number of Channels
Call ID, Session ID, MultiSession ID
Valid after Valid Until
Authorized amount
Seconds, packets, bytes, pages, call, session
Authority URL

14
Secure Accounting

Domains A and B encrypt CDRs with CA public key
OSP Server decrypts CDR with CA private key
For auditing, OSP Server can request in real time
that a domain digitally sign a batch of CDRs

15
Benefits of secure multi-lateral peering