slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 PowerPoint Presentation
Download Presentation
Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003

Loading in 2 Seconds...

play fullscreen
1 / 20

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003 - PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on

Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003. Dimitris Daskopoulos GRNET. Contents. Videoconferencing practices Problematic points Security standards Current techniques in H.323 Future developments in H.323.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authentication Methods and Security in Videoconferencing Systems TERENA AA-Workshop Malaga, November 2003' - Ava


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Authentication Methods and Security in Videoconferencing SystemsTERENA AA-Workshop Malaga, November 2003

Dimitris Daskopoulos

GRNET

contents
Contents
  • Videoconferencing practices
  • Problematic points
  • Security standards
  • Current techniques in H.323
  • Future developments in H.323
video conferencing worlds
Video conferencing worlds
  • H.323
  • SIP
  • MBONE
  • other: VRVS, AG, proprietary VC s/w
the importance of videoconference security
The importance of videoconference security
  • identity
  • confidentiality
  • trust
current practices
Current practices
  • authentication assumed, but rarely examined
  • ad hoc authentication solutions
  • point-to-point vs. multi-party call practices
requirements for videoconferencing security
Requirements for videoconferencing security
  • endpoint authentication
  • call signaling security
  • media encryption
problematic points
Problematic points
  • telephony-world preconceptions
  • people vs. endpoints
  • room-based systems
  • users vs. executives
  • multi-party conferences
  • multi-domain conferences
conferencing a three step process
Conferencing: a three-step process
  • endpoint registration (authentication)
  • dialing (authorization)
  • media exchange
protocols involved in h 323 conferencing
Protocols involved in H.323 conferencing
  • H.225 - RAS (UDP): Registration, Admission, Status
  • H.225 - Q.931 (TCP):Call Signaling (Setup & Termination)
  • H.245 (TCP):Call Control (Capabilities, Preferences, Channel Opening and Flow Control)
  • RTP (UDP):media streams
security standards for videoconferencing
Security standards for videoconferencing:
  • H.323 - H.235
    • shared secret - symmetric (Annex D)
    • certificates - assymetric (Annex E)
    • secure media streams - S/RTP (Annex G)
  • SIP
    • SSL Digest Authentication
    • S/MIME media
current security options in h 323
Current security options in H.323

H.235 not widely supported by endpoints.

What options are we left with?

  • Identification by IP and alias
  • IPSec
  • other tricks
current authentication techniques in h 323
Current authentication techniques in H.323
  • point-to-point conferences (registration)
    • IP and alias authentication
    • web enhanced methods
  • multi-party conferences (calling)
    • generated target number
    • central calling
security in h 323 the gatekeeper
Security in H.323: the Gatekeeper
  • H.235
  • Cisco MCM: user/password piggy-back
  • Radvision ECS: predefined endpoints
  • GNU GK: predefined endpoints, Q.931 signaling filters
security in h 323 gatekeeper backends
Security in H.323:Gatekeeper backends
  • Gatekeeper APIs (SNMP or proprietary)
    • Cisco GKAPI
    • Radvision ECS API (SNMP-based H.348?)
  • Radius
    • Cisco MCM
    • GNU GK
  • DBMS
    • Radvision ECS
    • GNU GK
  • LDAP
    • Radvision ECS
    • GNU GK
security in h 323 web integration of backends
Security in H.323:web integration of backends
  • web-based flexible custom interfaces
  • SSL enabled
  • allow user control of IP and aliases
  • allow scheduling and reservation of resources (an added benefit)
current problems in h 323
Current problems in H.323
  • securing registration of multiple aliases is difficult
  • ad-hoc authentication techniques do not accommodate all endpoints
  • mobility is hindered
  • firewall/NAT traversal is difficult
  • media stream protection is lacking
future developments in h 323 security
Future developments in H.323 security
  • H.350:
    • LDAP authentication
    • LDAP endpoint setup
  • H.235:
    • wider support in products
    • certificate support
    • media stream encryption
links and references
Links and References
  • Internet2 - 2003 fall MM: securing video
  • The TERENA IP Telephony Cookbook
  • The VIDE VideoConf CookBook
  • The VIDE Development Initiative
  • Internet2 - Video Middleware (VidMid)
  • Internet2 - VC SiteCoordinatorsTraining
  • Internet2 - VidMid H.350
  • Packetizer References