Henning%20Schulzrinne - PowerPoint PPT Presentation

About This Presentation

Title:

Henning%20Schulzrinne

Description:

Global Ubiquitous Computing Henning Schulzrinne Columbia University (KAIST KNSS) – PowerPoint PPT presentation

Number of Views:157

Avg rating:3.0/5.0

Slides: 57

Provided by: MaryL228

Learn more at: http://www.cs.columbia.edu

Category:

more less

Transcript and Presenter's Notes

Title: Henning%20Schulzrinne

1

Global Ubiquitous Computing

Henning Schulzrinne
Columbia University
(KAIST KNSS)

2
Agenda

SIP overview
SIP for ubiquitous computing
Location-based services
Emergency calling
Services, carriers and service creation
Security issues

3
SIP Overview
4
Internet services the missing entry
Service/delivery synchronous asynchronous
push instant messaging presence event notification session setup media-on-demand messaging
pull data retrieval file download remote procedure call peer-to-peer file sharing
5
Filling in the protocol gap
Service/delivery synchronous asynchronous
push SIP RTSP, RTP SMTP
pull HTTP ftp SunRPC, Corba, SOAP (not yet standardized)
6
SIP as service enabler

Rendezvous protocol
lets users find each other by only knowing a
permanent identifier
Mobility enabler
personal mobility
one person, multiple terminals
terminal mobility
one terminal, multiple IP addresses
session mobility
one user, multiple terminals in sequence or in
parallel
service mobility
services move with user

7
What is SIP?

Session Initiation Protocol ? protocol that
establishes, manages (multimedia) sessions
also used for IM, presence event notification
uses SDP to describe multimedia sessions
Developed at Columbia U. (with others)
Standardized by
IETF (RFC 3261-3265 et al)
3GPP (for 3G wireless)
PacketCable
About 60 companies produce SIP products
Microsofts Windows Messenger (4.7) includes SIP

8
Philosophy

Session establishment event notification
Any session type, from audio to circuit emulation
Provides application-layer anycast service
Provides terminal and session mobility
Based on HTTP in syntax, but different in
protocol operation
Peer-to-peer system, with optional support by
proxies
even stateful proxies only keep transaction
state, not call (session, dialogue) state
transaction single request retransmissions
proxies can be completely stateless

9
Basic SIP message flow
10
SIP trapezoid
destination proxy (identified by SIP URI domain)
outbound proxy
1st request
SIP trapezoid
2nd, 3rd, request
a_at_foo.com 128.59.16.1
registrar
voice traffic RTP
11
SIP message format
SDP
12
RFC 3261

Backward compatible with RFC 2543 no new
version
Major changes
specification behavior-oriented, not
header-oriented
e.g., separation into layers
mandate support for UDP and TCP
formal offer/answer model for media negotiation
uses both SRV and NAPTR for server location, load
balancing and redundancy
much more complete security considerations
sips for secured (TLS) path
PGP removed due to lack of use
Basic authentication removed as unsafe
S/MIME added for protecting message bodies (and
headers, via encapsulation)
Route/Record-Route simplified

13
PSTN vs. Internet Telephony
PSTN
Signaling Media
Signaling Media
China
Internet telephony
Signaling
Signaling
Media
Australia
Belgian customer, currently visiting US
14
SIP addressing

Users identified by SIP or tel URIs
sipalice_at_example.com
tel URIs describe E.164 number, not dialed
digits (RFC 2806bis)
tel URIs ? SIP URIs by outbound proxy
A person can have any number of SIP URIs
The same SIP URI can reach many different phones,
in different networks
sequential parallel forking
SIP URIs can be created dynamically
GRUUs
conferences
device identifiers (sipfoo_at_128.59.16.15)
Registration binds SIP URIs (e.g., device
addresses) to SIP address-of-record (AOR)

tel110
sipsos_at_domain
domain ? 128.59.16.17 via NAPTR SRV
15
3G Architecture (Registration)
mobility management
signaling
serving
interrogating
interrogating
CSCF
proxy
home IM domain
registration signaling (SIP)_
visited IM domain
16
SIP is PBX/Centrex ready
boss/admin features
call waiting/multiple calls RFC 3261
hold RFC 3264
transfer RFC 3515/Replaces
conference RFC 3261/callee caps
message waiting message summary package
call forward RFC 3261
call park RFC 3515/Replaces
call pickup Replaces
do not disturb RFC 3261
call coverage RFC 3261
simultaneous ringing RFC 3261
basic shared lines dialog/reg. package
barge-in Join
Take Replaces
Shared-line privacy dialog package
divert to admin RFC 3261
intercom URI convention
auto attendant RFC 3261/2833
attendant console dialog package
night service RFC 3261
centrex-style features
attendant features
from Rohan Mahys VON Fall 2003 talk
17
Example SIP phones
about 85
18
SIP architecture biases

International ? no national variants
Internet intranet
separation of data and signaling
signaling nodes can be anywhere
end-to-end security where possible, hop-by-hop
otherwise
S/MIME bodies
TLS (sips)
end system control of information

proxies can
inspect, modify and add headers
may be able to inspect the message body (if not
encrypted)
should not modify the message body ? may break
end-to-end integrity
no security by obscurity
dont rely on address or network hiding

19
SIP, SIPPING SIMPLE 00 drafts
includes draft-ietf--00 and draft-personal--00
20
Ubiquitous computing ?Location-based services
?Emergency calling
21
What is ubiquitous computing?

Ubiquitous computing has as its goal the
enhancing computer use by making many computers
available throughout the physical environment,
but making them effectively invisible to the
user. (Weiser, 1993)
Ubiquitous computing is not virtual reality, it
is not a Personal Digital Assistant (PDA) such as
Apple's Newton, it is not a personal or intimate
computer with agents doing your bidding. Unlike
virtual reality, ubiquitous computing endeavers
to integrate information displays into the
everyday physical world. It considers the nuances
of the real world to be wonderful, and aims only
to augment them. (Weiser, 1993)

22
Ubiquitous computing aspects

Also related to pervasive computing
Mobility, but not just cell phones
Computation and communications
Integration of devices
borrow capabilities found in the environment ?
composition into logical devices
seamless mobility ? session mobility
adaptation to local capabilities
environment senses instead of explicit user
interaction
from small dumb devices to PCs
light switches and smart wallpaper

23
Context-aware communications

Traditional emphasis communicate anywhere,
anytime, any media ? largely possible today
New challenge tailor reachability
Context-aware communications
modify when, how, where to be reached
? machine context-dependent call routing
? human convey as part of call for human usage
context-aware services
leveraging local resources
awareness of other users
sources of location information
voluntary and automatic
location-based services ? privacy concerns
applies to other personal information
activity, reachability, capabilities, bio sensor
data,
emergency services as a location-based service

24
Context

context the interrelated conditions in which
something exists or occurs
anything known about the participants in the
(potential) communication relationship
both at caller and callee

time CPL
capabilities caller preferences
location location-based call routing location events
activity/availability presence
sensor data (mood, bio) not yet, but similar in many aspects to location data
25
Location-based services

Finding services based on location
physical services (stores, restaurants, ATMs, )
electronic services (media I/O, printer, display,
)
not covered here
Using location to improve (network) services
communication
incoming communications changes based on where I
am
configuration
devices in room adapt to their current users
awareness
others are (selectively) made aware of my
location
security
proximity grants temporary access to local
resources

26
GEOPRIV and SIMPLE architectures
rule maker
rule interface
target
location server
location recipient
notification interface
publication interface
GEOPRIV
SUBSCRIBE
presentity
presence agent
watcher
SIP presence
PUBLISH
NOTIFY
caller
callee
SIP call
INVITE
INVITE
27
SIP URIs for locations
location beacon

Identify confined locations by a SIP URI, e.g.,
siprm815_at_cs.columbia.edu
Register all users or devices in room
Allows geographic anycast reach any party in the
room

siprm815
Contact bob
Contact alice
Room 815
28
Location-based SIP services

Location-aware inbound routing
do not forward call if time at callee location is
11 pm, 8 am
only forward time-for-lunch if destination is on
campus
do not ring phone if Im in a theater
outbound call routing
contact nearest emergency call center
send delivery_at_pizza.com to nearest branch
location-based events
subscribe to locations, not people
Alice has entered the meeting room
subscriber may be device in room ? our lab stereo
changes CDs for each person that enters the room

29
Presence policy
SUBSCRIBE
subscription policy
subscriber (watcher)
for each watcher
event generator policy
subscriber filter rate limiter
change to previous notification?
NOTIFY
30
Example user-adaptive device configuration
all devices that are in the building RFC 3082?
802.11 signal strength ? location
SLP
device controller
HTTP
PA
tftp
REGISTER To 815cepsr Contact alice_at_cs
SUBSCRIBE to each room

discover room URI
REGISTER as contact for room URI

SIP
room 815
SUBSCRIBE to configuration for users currently in
rooms
31
Location-based services in CINEMA

Initial proof-of-concept implementation
Integrate devices
lava lamp via X10 controller ? set personalized
light mood setting
Pingtel phone ? add outgoing line to phone and
register user
painful needs to be done via HTTP POST request
stereo ? change to audio CD track based on user
Sense user presence and identity
passive infrared (PIR) occupancy sensor
magnetic swipe card
ibutton
BlueTooth equipped PDA
IRRF badge (in progress)
RFID (future)
biometrics (future)

32
Location-based IM presence
33
Emergency (911) services

Old wireline and wireless models dont work any
more
All wireline systems are potentially mobile
(nomadic)
device bought in Belgium
place call in Canada
with VSP in Mexico
and maybe a VPN for extra excitement
Customer may not have a traditional voice carrier
at all
corporate
residential ? VSP in a different country

Needs to work internationally
same standards
no custom configuration
Components
universal identifier ? sos
configure local emergency numbers
find right PSAP
identify and verify PSAP
On-going effort in IETF and NENA

34
Location-based call routing UA knows its
location
GPS
INVITE sipssos_at_
40.86N 73.98E CNus A1NJ A2Bergen
leonia.nj.us.sos.arpa POLY 40.85 73.97 40.86
73.99 NAPTR firedept_at_leoniaboro.org
outbound proxy server
provided by local ISP?
40.86N 73.98E Leonia, NJ fire dept.
DHCP
35
DHCP for locations

modified dhcpd (ISC) to generate location
information
use MAC address backtracing to get location
information

8020abd5d
DHCP server
CDP SNMP 8020abd5d ? 458/17
DHCP answer staDC locRm815 lat38.89868
long77.03723
458/17 ? Rm. 815 458/18 ? Rm. 816
36
Location-based call routing network knows
location
TOA
outbound proxy
include location info in 302
INVITE sipssos_at_
INVITE sipssos_at_paris.gendarme.fr
48 49' N 2 29' E
map location to (SIP) domain
37
Service creation
38
PSTN vs. VoIP and the role of carriers

PSTN only carriers can get full signaling
functionality (SS7)
UNI vs. NNI signaling
VoIP same signaling, same functionality
Application-layer service providers (VSP) ?
network-layer service provider
enterprise may run its own services
Columbia doesnt use an email service provider

39
Network vs. end system services

Really two meanings
services implemented in user agent (instead of
proxy)
services implemented in server run by end user
(instead of carrier) ?
business
residential
Variation on old Centrex vs. PBX argument
except that media routing no longer an issue
Often, services require or can use both
e.g., the history of speed dial
CLASS service translation in CO
(semi)intelligent end systems locally, possibly
with hotsync to PC
intelligent end system, but network-synchronized

40
Call routing services

Outsourcing allows temporarily disconnected end
users
Staged service

carrier proxy
user proxy
personal preferences
basic call routing
41
Carrier services Identity management

Identity assertion (notary) services
best done by larger organization
server certificates
name recognition
recourse
Anonymity services
needs to have large user population to provide
effective hiding
Portable services
high availability and universal reachability

42
Service creation

Tailor a shared infrastructure to individual
users
traditionally, only vendors (and sometimes
carriers)
learn from web models

programmer, carrier end user
network servers SIP servlets, sip-cgi CPL
end system VoiceXML VoiceXML (voice), LESS
43
Call Processing Language (CPL)

XML-based language for processing requests
intentionally restricted to branching and
subroutines
no variables (may change), no loops
thus, easily represented graphically
and most bugs can be detected statically
termination assured
mostly used for SIP, but protocol-independent
integrates notion of calendaring (time ranges)
structured tree describing actions performed on
call setup event
top-level events incoming and outgoing

44
CPL

Location set stored as implicit global variable
operations can add, filter and delete entries
Switches
address
language
time, using CALSCH notation (e.g., exported from
Outlook)
priority
Proxy node proxies request and then branches on
response (busy, redirection, noanswer, ...)
Reject and redirect perform corresponding
protocol actions
Supports abstract logging and email operation

45
CPL example
46
CPL example

lt?xml version"1.0" ?gt
lt!DOCTYPE call SYSTEM "cpl.dtd"gt
ltcplgt
ltincominggt
ltlookup source"http//www.example.com/cgi-bin
/locate.cgi?userjones"
timeout"8"gt
ltsuccessgt
ltproxy /gt
lt/successgt
ltfailuregt
ltmail url"mailtojones_at_example.comSubjec
tlookup20failed" /gt
lt/failuregt
lt/lookupgt
lt/incominggt
lt/cplgt

47
Service creation environment for CPL and LESS
48
Security issues
49
Security issues Threats

Fraud
authentication (Digest)
VSP-provided customer certificates for S/MIME
authenticated identity body
SIP spam
domain-based authentication
trait-based authentication (future)
return calls
reputation systems

DOS attacks
layered protection
User privacy and confidentiality
TLS and S/MIME for signaling
SRTP for media streams
IPsec unlikely (host vs. person)
Needs to work across domains and administrations

50
DOS attack prevention
port filtering (SIP only) address-based rate
limiting
return routability
authentication
UDP SIP TCP SYN attack precautions needed SCTP
built-in
51
Denial-of-service attacks signaling

attack targets
DNS for mapping
SIP proxies
SIP end systems at PSAP
types of attacks
amplification ? only if no routability check, no
TCP, no TLS
state exhaustion ? no state until return
routability established
bandwidth exhaustion ? no defense except filters
for repeats
one defense big iron fat pipe
danger of false positives

unclear number of DOS attacks using spoofed IP
addresses
mostly for networks not following RFC 2267
(Network Ingress Filtering Defeating Denial of
Service Attacks which employ IP Source Address
Spoofing)
limit impact of DOS require return routability
built-in mechanism for SIP (null
authentication)
also provided by TLS
allow filtering of attacker IP addresses
(pushback)

52
TLS