1 / 19

Pervasive Pixels Network Services

Pervasive Pixels Network Services. Angelos Keromytis Jason Nieh Henning Schulzrinne Dept. of Computer Science Columbia University. Overview. Enabling interactive communications mobility user creation of services event notification interaction with legacy telephone system

melinda
Download Presentation

Pervasive Pixels Network Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pervasive PixelsNetwork Services Angelos Keromytis Jason Nieh Henning Schulzrinne Dept. of Computer Science Columbia University

  2. Overview • Enabling interactive communications • mobility • user creation of services • event notification • interaction with legacy telephone system • Access control and privacy • System monitoring and management Pervasive Pixels - NSF site visit

  3. Pervasive Pixels integrates... • Chime for cooperation on a spatial communications metaphor • CINEMA for • unified synchronous & asynchronous communications • interoperation with telephone system • Virtual Display System Architecture for application sharing • KX for system monitoring Pervasive Pixels - NSF site visit

  4. Mobility • today: terminal mobility = same terminal, different networks • Pervasive Pixels: • personal mobility = same person, different terminals (seq. & parallel), different sessions • session mobility = move on-going sessions between terminals • e.g., mobile PDA and public display Pervasive Pixels - NSF site visit

  5. User creation of services • control reachability: • how, by whom, when, where, what format • classical telecom: carrier provides small menu of services • CINEMA: user-created services • cgi (web-like scripting) • CPL (XML rule set) • Java servlets • active (application-layer) networks – filters installed remotely Pervasive Pixels - NSF site visit

  6. Event notification • Fundamental abstraction • but only approximated in Internet today: • email – asynchronous delivery • web – “pull’’ (poll) only • presence – people events only • In Pervasive Pixels, pursuing several models: • Siena-based content filtering • SIP-based inter-domain notification • working on IETF standardization (SIMPLE) Pervasive Pixels - NSF site visit

  7. Interaction with legacy telephone system • Need to be able to interwork with • cell & landline phones • combinations of PSTN and Internet connectivity, e.g., • video, collaboration, status via laptop (Internet), • audio via phone • Will use departmental PBX + gateway Pervasive Pixels - NSF site visit

  8. CINEMA – Columbia Internet Extensible Multimedia Architecture • CINEMA = set of servers and services that support Session Initiation Protocol (SIP) • Internet standard co-developed by PI • services: • audio/video conferencing • unified messaging • conference recording • VoiceXML voice control interface for interaction via phone • protocol conversion H.232 - SIP Pervasive Pixels - NSF site visit

  9. CINEMA components Cisco 7960 MySQL sipconf rtspd user database LDAP server plug'n'sip RTSP conferencing media server server (MCU) wireless sipd 802.11b RTSP proxy/redirect server unified messaging server Pingtel sipum Nortel Cisco Meridian 2600 VoiceXML PBX server T1 T1 SIP sipvxml PhoneJack interface sipc SIP-H.323 converter sip-h323 Pervasive Pixels - NSF site visit

  10. Virtual display system architecture • serve applications across a network • X11, Citrix, SunRay: static • cross-platform, application-independent • adaptive applications • bandwidth availability • end-system compute power • proxy services • integration with conferencing Pervasive Pixels - NSF site visit

  11. System monitoring and management • Kinesthetics eXtreme (KX) • monitor interplay of Pervasive Pixel components • using Siena event notification systems Pervasive Pixels - NSF site visit

  12. Security • Mechanisms: • Security of communications: standard security protocols (SSL, IPsec) • Security of stored data: NFS over IPsec, DisCFS • Privacy (presence, other information) • Physical access control: swipe card readers, proximity badges Pervasive Pixels - NSF site visit

  13. Security – authentication • multiple authentication and identification mechanism: • swipe card • fingerprint • i-button ring • IR/RF badge • radio location Pervasive Pixels - NSF site visit

  14. Security • With mechanisms in place, we need policies to control them • Ease of configuration • Flexibility Pervasive Pixels - NSF site visit

  15. Trust management (TM) • Application-independent mechanism for specifying and evaluating application-specific policies • Policies can be expressed in terms of credentials (certificates with additional information) • KeyNote is an instance of a TM system • Efficient policy compliance checking • Delegation inherent in the system -> decentralized management Pervasive Pixels - NSF site visit

  16. Sample KeyNote Policy Authorizer: "POLICY" Licensees: Henning (public key) Conditions: app_domain == "web access control" && date >= "20020101" && date <= "20021231" && web_server == "www.cs.columbia.edu" && url ~= "^/people/hgs/.*" && (encryption_algorithm == "3DES" || encryption_algorithm == "AES") -> "permit"; Pervasive Pixels - NSF site visit

  17. Sample KeyNote credential Authorizer: Henning (public key) Licensees: Kathy (public key) Conditions: app_domain == "web access control" && date >= 20020311" && date <= 20020311" && web_server == "www.cs.columbia.edu" && url = "/people/hgs/for_kathy.html" -> "permit"; Signature: Signer by Henning's public key Pervasive Pixels - NSF site visit

  18. Access control with KeyNote • Embedded in IPsec (IKE), SSL (module for Apache) • part of the DARPA-funded STRONGMAN project • work in progress on DisCFS • fine-grained access control on remote files using credentials • Used for server-based or P2P file sharing • Extensible to other applications/protocols (e.g., interacting users in virtual worlds, privacy considerations) • Abstraction layer on top of KeyNote to make configuration easier for end-users Pervasive Pixels - NSF site visit

  19. On-going work in security • Integration between KeyNote and CPL • Token- and biometrics-based credentials • i-button • fingerprint recognition • voice recognition • IR+RF badges Pervasive Pixels - NSF site visit

More Related