Challenges of Voice-over-IP - PowerPoint PPT Presentation

About This Presentation

Title:

Challenges of Voice-over-IP

Description:

– PowerPoint PPT presentation

Number of Views:175

Avg rating:3.0/5.0

Slides: 52

Provided by: henningsc

Learn more at: http://www.cs.columbia.edu

Category:

more less

Transcript and Presenter's Notes

Title: Challenges of Voice-over-IP

1
Challenges of Voice-over-IP The Second Quarter
Century

Henning Schulzrinne
Dept. of Computer Science
Columbia University

2
Outline

A brief history
Challenges
QoS
Security
NATs
Service creation
Scaling
Interworking
Emergency calls
CINEMA project at Columbia

3
A brief history

August 1974
Realtime packet voice between USC/ISI and MIT/LL,
using CVSD and NVP.
December 1974
Packet voice between CHI and MIT/LL, using LPC
and NVP
January 1976
Live packet voice conferencing between USC/ISI,
MIT/LL, SRI, using LPC and NVCP
Approximately 1976
First packetized speech over SATNET between
Lincoln Labs and NTA (Norway) and UCL (UK)
1990
ITU recommendation G.764 (Voice packetization
packetized voice protocols)

4
A brief history

February 1991
DARTnet voice experiments
August 1991
LBL's audio tool vat released for DARTnet use
March 1992
First IETF MBONE broadcast (San Diego)
January 1996
RTP standardized (RFC 1889/1890)
November 1996
H.323v1 published
February/March 1999
SIP standardized (RFC 2543)

5
VoIP applications

Trunk replacements between PBXs
Ethernet trunk cards for PBXs
T1/E1 gateways
IP centrex outsourcing the gateway
Denwa, Worldcom
Enterprise telephony
Cisco Avvid, 3Com, Mitel, ...
Consumer calling cards (phone-to-phone)
net2phone, iConnectHere (deltathree), ...
PC-to-phone, PC-to-PC
net2phone, dialpad, iConnectHere, mediaring, ...

6
Where are we?

Variety of robust SIP phones (and lots of
proprietary ones)
not yet in Wal-Mart
SIP carriers terminate LAN VoIP
number portability?
911
50 vendors at SIPit
Building blocks media servers, unified
messaging, conferencing, VoiceXML,

7
Status in 2002

2000 6b wholesale, 15b minutes retail
2001 10b worldwide 6 of traffic (only
phone-to-phone)
e.g., net2phone 341m min/quarter

8
Where are we?

Not quite what we had in mind
initially, SIP for initiating multicast
conferencing
in progress since 1992
still small niche
even the IAB and IESG meet by POTS conference
then VoIP
written-off equipment (circuit-switched) vs. new
equipment (VoIP)
bandwidth is (mostly) not the problem
cant get new services if other end is POTS ??
why use VoIP if I cant get new services

9
Where are we?

VoIP avoiding the installed base issue
cable modems lifeline service
3GPP vaporware?
Finally, IM/presence and events
probably, first major application
offers real advantage interoperable IM
also, new service

10
VoIP at Home

Lifeline (power)
Multiple phones per household
expensive to do over PNA or 802.11
BlueTooth range too short
need wireless SIP base station handsets
PDAs with 802.11 and GSM? (Treo)
Incentives
SMS IM services

11
SIP phones

Hard to build really basic phones
need real multitasking OS
need large set of protocols
IP, DNS, DHCP, maybe IPsec, SNTP and SNMP
UDP, TCP, maybe TLS
HTTP (configuration), RTP, SIP
user-interface for entering URLs is a pain
see success of Internet appliances
PCs with handset cost 500 and still have a
Palm-size display

12
VoIP protocol components

RTP for data transmission
ROHC, CRTP for header compression
SIP or H.323 for call setup (signaling)
sometimes, H.248 (Megaco) for control of gateways
ENUM for mapping E.164 numbers to (SIP) URIs
TRIP for large gateway clouds

13
Challenges QoS

Bottlenecks access and interchanges
Backbones e.g., Worldcom Jan. 2002
50 ms US, 79 ms transatlantic RTT
0.067 US, 0.042 transatlantic packet loss
Keynote 2/2002 almost all had error rates less
then 0.25 (but some up to 1)
LANs generally, less than 0.1 loss, but beware
of hubs

14
(No Transcript)
15
Challenges QoS

Not lack of protocols RSVP, diff-serv
Lack of policy mechanisms and complexity
which traffic is more important?
how to authenticate users?
cross-domain authentication
may need for access only bidirectional traffic
DiffServ need agreed-upon code points
NSIS WG in IETF currently, requirements only

16
Challenges Security

Classical model of restricted access systems -gt
cryptographic security
Objectives
identification for access control billing
phone/IM spam control (black/white lists)
call routing
privacy

17
SIP security

Bar is higher than for email telephone
expectations (albeit wrong)
SIP carries media encryption keys
Potential for nuisance phone spam at 2 am
Safety prevent emergency calls

18
System model
outbound proxy
SIP trapezoid
a_at_foo.com 128.59.16.1
registrar
19
Threats

Bogus requests (e.g., fake From)
Modification of content
REGISTER Contact
SDP to redirect media
Insertion of requests into existing dialogs BYE,
re-INVITE
Denial of service (DoS) attacks
Privacy SDP may include media session keys
Inside vs. outside threats
Trust domains can proxies be trusted?

20
Threats

third-party
not on path
can generate requests
passive man-in-middle (MIM)
listen, but not modify
active man-in-middle
replay
cut-and-paste

21
L3/L4 security options

IPsec
Provides keying mechanism
but IKE is complex and has interop problems
works for all transport protocol (TCP, SCTP, UDP,
)
no credential-fetching API
TLS
provides keying mechanism
good credential binding mechanism
no support for UDP SCTP in progress

22
Hop-by-hop security TLS

Server certificates well-established for web
servers
Per-user certificates less so
email return-address (class 1) certificate not
difficult (Thawte, Verisign)
Server can challenge client for certificate ?
last-hop challenge

23
HTTP Digest authentication

Allows user-to-user (registrar) authentication
mostly client-to-server
but also server-to-client (Authentication-Info)
Also, Proxy-Authenticate and Proxy-Authorization
May be stacked for multiple proxies on path

24
HTTP Digest authentication
REGISTER To sipalice_at_example.com
401 Unauthorized WWW-Authenticate Digest
realm"alice_at_example.com", qopauth,
nonce"dcd9"
REGISTER To sipalice_at_example.com Authorization
Digest username"alice", nc00000001,
cnonce"defg", response"9f01"
REGISTER To sipalice_at_example.com Authorization
Digest username"alice", nc00000002,
cnonce"abcd", response"6629"
25
End-to-end authentication

What do we need to prove?
Person sending BYE is same as sending INVITE
Person calling today is same as yesterday
Person is indeed "Alice Wonder, working for
Deutsche Bank"
Person is somebody with account at MCI Worldcom

26
End-to-end authentication

Why end-to-end authentication?
prevent phone/IM spam
nuisance callers
trust is this really somebody from my company
asking about the new widget?
Problem generic identities are cheap
filtering bozo_at_aol.com doesn't prevent calls from
jerk_at_yahoo.com (new day, sam person)

27
End-to-end authentication and confidentiality

Shared secrets
only scales (N2) to very small groups
OpenPGP chain of trust
S/MIME-like encapsulation
CA-signed (Verisign, Thawte)
every end point needs to have list of Cas
need CRL checking
ssh-style

28
Ssh-style authentication

Self-signed (or unsigned) certificate
Allows active man-in-middle to replace with own
certificate
always need secure (against modification) way to
convey public key
However, safe once established

29
DOS attacks

CPU complexity get SIP entity to perform work
Memory exhaustion SIP entity keeps state (TCP
SYN flood)
Amplification single message triggers group of
message to target
even easier in SIP, since Via not subject to
address filtering

30
DOS attacks amplification

Normal SIP UDP operation
one INVITE with fake Via
retransmit 401/407 (to target) 8 times
Modified procedure
only send one 401/407 for each INVITE
Suggestion have null authentication
prevents amplification of other responses
E.g., user "anonymous", password empty

31
DOS attacks memory

SIP vulnerable if state kept after INVITE
Same solution challenge with 401
Server does not need to keep challenge nonce, but
needs to check nonce freshness

32
Challenges NATs and firewalls

NATs and firewalls reduce Internet to web and
email service
firewall, NAT no inbound connections
NAT no externally usable address
NAT many different versions -gt binding duration
lack of permanent address (e.g., DHCP) not a
problem -gt SIP address binding
misperception NAT security

33
Challenges NAT and firewalls

Solutions
longer term IPv6
longer term MIDCOM for firewall control?
control by border proxy?
short term
NAT STUN and SHIPWORM
send packet to external server
server returns external address, port
use that address for inbound UDP packets

34
Challenges service creation

Cant win by (just) recreating PSTN services
Programmable services
equipment vendors, operators JAIN
local sysadmin, vertical markets sip-cgi
proxy-based call routing CPL
voice-based control VoiceXML

35
Emergency calls

Opportunity for enhanced services
video, biometrics, IM
Finding the right emergency call center (PSAP)
VoIP admin domain may span multiple 911 calling
areas
Common emergency address
User location
GPS doesnt work indoors
phones can move easily IP address does not help

36
Emergency calls
common emergency identifier sos_at_domain
EPAD
REGISTER sipsos Location 07605
302 Moved Contact sipsos_at_psap.leonia.nj.us Conta
ct tel1-201-911-1234
SIP proxy
INVITE sipsos Location 07605
INVITE sipsos_at_psap.leonia.nj.us Location 07605
37
Scaling and redundancy

Single host can handle ?10-100 calls
registrations/second ? 18,000-180,000 users
1 call, 1 registration/hour
Conference server about 50 small conferences or
large conference with 100 users
For larger system and redundancy, replicate proxy
server

38
Scaling and redundancy

DNS SRV records allow static load balancing and
fail-over
but failed systems increase call setup delay
can also use IP address stealing to mask failed
systems, as long as load lt 50
Still need common database
can separate REGISTER
make rest read-only

39
Large system
stateless proxies
a1.example.com
sip1.example.com
a2.example.com
sip2.example.com
sipbob_at_example.com
b1.example.com
sipbob_at_b.example.com
sip3.example.com
b2.example.com
_sip._udp SRV 0 0 b1.example.com 0
0 b2.example.com
_sip._udp SRV 0 0 sip1.example.com
0 0 sip2.example.com 0 0
sip3.example.com
40
Enterprise VoIP

Allow migration of enterprises to IP multimedia
communication
Add capacity to existing PBX, without upgrade
Allow both
IP centrex hosted by carrier
PBX-style locally hosted
Unlike classical centrex, transition can be done
transparently

41
Motivation

Not cheaper phone calls
Single number, follow-me even for analog phone
users
Integration of presence
person already busy better than callback
physical environment (IR sensors)
Integration of IM
no need to look up IM address
missed calls become IMs
move immediately to voice if IM too tedious

42
Migration strategy

Add IP phones to existing PBX or Centrex system
PBX as gateway
Initial investment ?2k for gateway
Add multimedia capabilities PCs, dedicated video
servers
Reverse PBX replace PSTN connection with
SIP/IP connection to carrier
Retire PSTN phones

43
Example Columbia Dept. of CS

About 100 analog phones on small PBX
DID
no voicemail
T1 to local carrier
Added small gateway and T1 trunk
Call to 7134 becomes sip7134_at_cs
Ethernet phones, soft phones and conference room
CINEMA set of servers, running on 1U rackmount
server

44
CINEMA components
Cisco 7960
MySQL
rtspd
sipconf
user database
LDAP server
plug'n'sip
RTSP
conferencing
media
server
server
(MCU)
wireless
sipd
802.11b
RTSP
proxy/redirect server
unified
messaging
server
Pingtel
sipum
Cisco
Nortel
2600
Meridian
VoiceXML
PBX
server
T1
T1
SIP
sipvxml
PhoneJack interface
sipc
SIP-H.323
converter
sip-h323
45
Experiences