1 / 20

Dimitris Daskopoulos GRNET

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003. Dimitris Daskopoulos GRNET. Contents. Videoconferencing practices Problematic points Security standards Current techniques in H.323 Future developments in H.323.

sdonaldson
Download Presentation

Dimitris Daskopoulos GRNET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication Methods and Security in Videoconferencing SystemsTERENA AA-Workshop Malaga, November 2003 Dimitris Daskopoulos GRNET

  2. Contents • Videoconferencing practices • Problematic points • Security standards • Current techniques in H.323 • Future developments in H.323

  3. Video conferencing worlds • H.323 • SIP • MBONE • other: VRVS, AG, proprietary VC s/w

  4. The importance of videoconference security • identity • confidentiality • trust

  5. Current practices • authentication assumed, but rarely examined • ad hoc authentication solutions • point-to-point vs. multi-party call practices

  6. Requirements for videoconferencing security • endpoint authentication • call signaling security • media encryption

  7. Problematic points • telephony-world preconceptions • people vs. endpoints • room-based systems • users vs. executives • multi-party conferences • multi-domain conferences

  8. Conferencing: a three-step process • endpoint registration (authentication) • dialing (authorization) • media exchange

  9. Protocols involved in H.323 conferencing • H.225 - RAS (UDP): Registration, Admission, Status • H.225 - Q.931 (TCP):Call Signaling (Setup & Termination) • H.245 (TCP):Call Control (Capabilities, Preferences, Channel Opening and Flow Control) • RTP (UDP):media streams

  10. Security standards for videoconferencing: • H.323 - H.235 • shared secret - symmetric (Annex D) • certificates - assymetric (Annex E) • secure media streams - S/RTP (Annex G) • SIP • SSL Digest Authentication • S/MIME media

  11. Current security options in H.323 H.235 not widely supported by endpoints. What options are we left with? • Identification by IP and alias • IPSec • other tricks

  12. Current authentication techniques in H.323 • point-to-point conferences (registration) • IP and alias authentication • web enhanced methods • multi-party conferences (calling) • generated target number • central calling

  13. Security in H.323: the Gatekeeper • H.235 • Cisco MCM: user/password piggy-back • Radvision ECS: predefined endpoints • GNU GK: predefined endpoints, Q.931 signaling filters

  14. Security in H.323:Gatekeeper backends • Gatekeeper APIs (SNMP or proprietary) • Cisco GKAPI • Radvision ECS API (SNMP-based H.348?) • Radius • Cisco MCM • GNU GK • DBMS • Radvision ECS • GNU GK • LDAP • Radvision ECS • GNU GK

  15. Security in H.323:web integration of backends • web-based flexible custom interfaces • SSL enabled • allow user control of IP and aliases • allow scheduling and reservation of resources (an added benefit)

  16. Current problems in H.323 • securing registration of multiple aliases is difficult • ad-hoc authentication techniques do not accommodate all endpoints • mobility is hindered • firewall/NAT traversal is difficult • media stream protection is lacking

  17. Future developments in H.323 security • H.350: • LDAP authentication • LDAP endpoint setup • H.235: • wider support in products • certificate support • media stream encryption

  18. Links and References • Internet2 - 2003 fall MM: securing video • The TERENA IP Telephony Cookbook • The VIDE VideoConf CookBook • The VIDE Development Initiative • Internet2 - Video Middleware (VidMid) • Internet2 - VC SiteCoordinatorsTraining • Internet2 - VidMid H.350 • Packetizer References

  19. Questions ?

  20. The END!

More Related