1 / 16

VoIP (&) Security COMS 4995-03

VoIP (&) Security COMS 4995-03. Henning Schulzrinne Dept. of Computer Science Columbia University Fall 2008. Overview. Course outline Prerequisites Course mechanics Projects. History, background, motivation IETF and standardization Intro to SIP (Ott) RTP 3GPP Conferencing

aquila
Download Presentation

VoIP (&) Security COMS 4995-03

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VoIP (&) SecurityCOMS 4995-03 Henning Schulzrinne Dept. of Computer Science Columbia University Fall 2008

  2. Overview • Course outline • Prerequisites • Course mechanics • Projects

  3. History, background, motivation IETF and standardization Intro to SIP (Ott) RTP 3GPP Conferencing Events and Presence SIMPLE & XMPP Rich presence, policies, XCAP MSRP NATs, STUN, TURN, ICE GEOPRIV, Emergency calling, location conveyance Call control (CPL, sip-cgi, servlets) Peering (SPEERMINT) Jingle Skype Security threats Spam email, SIP I-D, SPF Identity DDOS Course outline & topics

  4. Course components • (Few) instructor lectures to start • ~2 presentations for each student • 30 minutes + questions • 3-4 so invited talks • lab sessions and reports • programming project • no exam

  5. Lab sessions • Team projects (2-3 members) • Take place in IRT lab, CLIC or MRL • 4 topics: • Set up PBX (proxy, phones) • Asterisk, openSER, ... • Media (conference) server, VoiceXML • Performance test • Buffer overflow and security tests • Lab report for each (HOW-TO)

  6. Programming project • Implement (emerging) standard • Team projects (2 per team) • Detailed project plan by 9/20 • Must demonstrate interoperability where applicable • Try to find niche compared to existing projects • Different language, OS, … • Java or C/C++ • Two presentations: • Mid-term presentation (10 min.) • Final presentation (20 min)

  7. Project topics • Audio AGC • RTP library (Java) • IM conferencing (“chat room”) • SIP identity framework (crypto) • SRTP (secure media delivery) • MSRP (media streaming) • XCAP (configuration) • STUN (NAT traversal) • TURN (NAT traversal)

  8. Course goals • understand current technology: systems, components, protocols • critical evaluation: why? how else? what can we learn from this? • presentation skills: part of your grade • goal: canonical presentation on topics • expect to find your slides in lots of other slide decks… • interactive: discussion + questions in class, on mailing list

  9. Am I in the right room? • This course does not address: • web services (SOAP)  Web-enhanced Information Management class, 6998 • routing • multicast, IPv6, … • You should know: • general networking (e.g., 4119: Tanenbaum, Kurose/Ross, Bertsekas/Gallagher, etc.) • network security basics (symmetric keys, PKI, hash, …) • C/C++, maybe Java • on Windows and/or Linux

  10. Course mechanics • Web page: Wiki • http://www.cs.columbia.edu/~hgs/teaching/voip-security • http://wiki.cs.columbia.edu:8080/display/~hgs/VoIP+Security • Please note academic honesty policy: http://www.cs.columbia.edu/education/honesty • Mailing list: voipsec@cs.columbia.edu • Office hours: MW, 4-5 pm, 450F CSB or by appointment • Grading: semester-long project 40%, labs 30%, presentations 30%

  11. Readings and text book • No text book required • Will provide references to papers, RFCs, I-Ds and chapters

  12. Reference books – general networking • James F. Kurose and Keith W. Ross, Computer Networking – A Top-Down Approach Featuring the Internet, Addison-Wesley, 3rd edition, 2004. • Bruce S. Davie, Larry L. Peterson, Computer Networks: A Systems Approach, Morgan Kaufman, 2003, 3rd edition. • W. R. Stevens, TCP/IP Illustrated, vol. 1. Reading, Massachusetts: Addison-Wesley, 1994. • D. E. Comer, Internetworking with TCP/IP, vol. 1. Englewood Cliffs, New Jersey: Prentice Hall, 4th ed., 2000. • D. E. Comer and D. L. Stevens, Internetworking with TCP/IP – Design, Implementation, and Internals, vol. 2. Englewood Cliffs, New Jersey: Prentice, Hall, 3rd ed., 1998.

  13. Reference books - multimedia and Internet telephony • John F. Koegel Buford, Multimedia Systems, Addison Wesley, 1994. • Borko Furht, Handbook of Multimedia Computing, CRC, 1999. • Ralf Steinmetz and Klara Nahrstedt, Multimedia: Computing, Communications and Applications, 1995. • RTP • Colin Perkins, RTP, 2003 • SIP and IMS • Miika Poikselka, Georg Mayer, Hisham Khartabil, Aki Niemi: The IMS, Wiley, 2004 • G. Camarillo, M. Garcia-Martin, The 3G IP Multimedia Subsystem (IMS) : Merging the Internet and the Cellular Worlds, Wiley, 2004 • Gonzalo Camarillo, SIP Demystified, McGraw-Hill, 2002. • Alan B. Johnston, SIP – Understanding the Session Initiation Protocol, Artech House, 2000.

  14. Journals and magazines • All in ACM or IEEE digital library • Journals • IEEE/ACM Transactions on Networking (TON) • Computer Communications Review (CCR) • ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP) • Magazines • IEEE Communications Magazine (more physical layer) • IEEE Network Magazine • IEEE Wireless Communications • IEEE MultiMedia • IEEE Pervasive Computing • Commercial magazines • Alcatel, Lucent, … • Internet Protocol Journal (http://www.cisco.com/ipj) • Cisco Packet (http://www.cisco.com/packet)

  15. Related Conferences • General networking • IEEE Infocom • ACM Sigcomm • IEEE ICC and Globecom (more VoIP) • ICNP (Int. Conference on Network Protocols) • Multimedia • ACM Multimedia • NOSSDAV (Network and Operating Support for Digital Audio and Video) • Other • IMC (Internet Measurement Conference) • PerCom (Pervasive Computing)

  16. Equipment • Need headset (headphone, microphone) • Possibly USB camera (“web cam”) for video project • e.g., Logitech • check support for OS platform you’ll be using • Get early and test compatibility!

More Related