SIP.edu : OpenSER in an academic environment - PowerPoint PPT Presentation

About This Presentation
Title:

SIP.edu : OpenSER in an academic environment

Description:

French National Institute for Research in Computer Science and Control. Fundamental and applied research in various fields. Networking. Multimedia. Software security ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 14
Provided by: kama45
Learn more at: http://www.kamailio.org
Category:

less

Transcript and Presenter's Notes

Title: SIP.edu : OpenSER in an academic environment


1
SIP.edu OpenSER in an academic environment
  • OpenSER SUMMIT - VON Berlin 2006

2
Agenda
  • Introduction
  • INRIA
  • The SIP.edu project
  • SIP.edu at INRIA
  • Access control with RADIUS
  • Expected limitations and problems
  • Future improvements

3
INRIA
  • French National Institute for Research in
    Computer Science and Control
  • Fundamental and applied research in various
    fields
  • Networking
  • Multimedia
  • Software security
  • Modeling living structures and mechanisms
  • 5000 people in 6 locations

4
The SIP.edu project
  • Started in late 2003, from an Internet2
    organization initiative
  • Aims to connect academic institutions with SIP
  • Two prerequisites
  • A user e-mail to phone number mapping mechanism
  • SIP address email address
  • Integrate with an existing PBX to make non-SIP
    phones reachable
  • Not necessarily IP enabled
  • More than 250,000 people reachable
  • MIT, Harvard University, Yale, ..

5
SIP.edu target architecture
6
SIP.edu at INRIA
  • DNS SRV records to our SIP proxy
  • SIP proxy OpenSER version 1.0.1
  • Directory OpenLDAP
  • Gathers the information for all INRIA members
  • SIP PBX gateway Asterisk Cisco router
  • 12 channels to the existing PBX
  • PBX TENOVIS

7
SIP.edu at INRIA the picture
8
Available services
  • sipfirst.last_at_inria.fr URIs that map with
    regular E.164 extensions at INRIA
  • Accessible to anyone from the Internet
  • sip0123456789_at_inria.fr URIs, to call external
    E.164 extensions
  • Restricted to INRIAs members
  • RADIUS based access control

9
Sample call flow to a numeric extension
  • To initiate a call to PSTN extension 0123456789,
    Alice types sip0123456789_at_inria.fr" into her
    SIP user agent (UA)
  • DNS SRV query
  • Sent to INRIAs SIP proxy
  • The proxy detects a numeric extension, and
    triggers the RADIUS authentication process
  • The proxy re-writes the INVITE to
  • INVITE sip0123456789_at_asterisk.inria.fr, which
    it sends to the Asterisk server
  • Asterisk rings extension 0123456789 through the
    PSTN gateway and PBX.

10
SIP and RADIUS user password storage
  • Two alternatives
  • Clear text format
  • Insecure
  • Regular authentication database cannot be used
  • Digest-HA1 MD5(usernamerealmpassword)
  • User password is kept opaque to the admin
  • Stored information is still sensitive
  • Regular authentication database cannot be used

11
The key role of OpenSER
  • Call processing logic
  • Not that easy to handle but powerful
  • Modular software architecture
  • Many database/protocols connectors
  • RADIUS, SQL, Jabber, ..
  • External scripting integration
  • In our SIP.edu architecture, the LDAP information
    retrieval process is a shell script launched by
    OpenSER

12
Expected limitations and problems
  • NAT issues
  • SPIT (SPam over IP Telephony)
  • Use inter-domain TLS?
  • OpenSER already addresses those issues

13
Future improvements
  • Enable RADIUS authorization by implementing group
    checking
  • Integrate with our Jabber based IM - presence
    solution
  • Already possible with OpenSER
Write a Comment
User Comments (0)
About PowerShow.com