1 / 12

Caller Identification in H.323 Systems

Explore the use of Caller ID identification in H.323 systems, including its relevance in voice communications and video conferencing. Learn about the different identifiers used and the deployment models involved. Discuss the trustworthiness of Gatekeepers and the potential issues with digital signatures.

josefoster
Download Presentation

Caller Identification in H.323 Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014) Caller Identification in H.323 Systems Paul E. Jones ITU-T Q2/16 Rapporteur paulej@packetizer.com

  2. What is H.323? H.323 is a widely used standard for videoconferencing over IP networks H.323 is also widely used for voice communications, including IP PBX systems and international voice transit In addition, H.323 is used for “over-the-top” video conferencing

  3. Product Form Factors • H.323 is used in • Desktop voice and videophone devices • Desktop video terminals • Room systems, including modern telepresence systems • Soft phones on nearly every platform, including Windows, Mac, Android, and iOS

  4. Caller ID Information • H.323 can identify callers using a variety of identifier types, including • URIs, including h323:, tel:, and mailto: • numbers, including both public (E.164) and private • local identifiers, such as a locally-defined identifier • IP addresses

  5. How are Identifiers Assigned? • H.323 identifiers may be • Provisioned in end-user devices, either by the user or an administrator • Assigned by a “Gatekeeper” • Let’s discuss a few common deployment models…

  6. Direct Call Model (No Gatekeeper) EP EP Media and Call Signaling A popular deployment model is the direct call model where two users call each other without a Gatekeeper, often using IP addresses

  7. Direct Call Model (Gatekeeper Assisted) GK Address resolution EP EP Media and Call Signaling In this model, a Gatekeeper helps resolve addresses (i.e., translating user-friendly identifiers into IP addresses), but does not route signaling

  8. Gatekeeper Routed GK Call Signaling EP EP Media Flows In the third model, a Gatekeeper routes the call signaling (and may optionally route media, but we’ll ignore that for this presentation)

  9. Spoofing Caller ID • When no Gatekeeper is used to route signaling, a user could put in just about anything • Where a Gatekeeper is used to route signaling, the Gatekeeper can enforce (override) any signaling information received from an end-user device

  10. Can We Trust a Gatekeeper? • Gatekeepers controlled and operated by service providers are generally trusted • Service providers must know and trust the peers at the network edge, as this is effectively a transitive trust model • Gatekeepers might be set up by end users, hackers, thieves, etc. and cannot be trusted in the public Internet

  11. Digital Signatures H.235.2 (“H.323 security: Signature security profile”) defines procedures for using certificates to sign messages to allow for either hop-by-hop or end-to-end authentication of messages It is possible to allow end-user devices to sign messages so that identifiers can be validated It is also possible for the user’s Gatekeeper to enforce caller ID information and to sign messages

  12. Issues with Digital Signatures • Certificates can be assigned to an H.323 URI easily (using identifiers like paulej@packetizer.com), but how are certificates assigned to a phone number? • It’s unclear if anyone is using certificates for signing messages • Is it a non-issue due to transitive trust? • Too much effort?

More Related