irt2006 - Columbia University
Download
Report
Transcript irt2006 - Columbia University
The Internet Real-Time
Laboratory
Prof. Henning Schulzrinne
Feb 2006
http://www.cs.columbia.edu/IRT
Current members
IRT lab: 1 faculty, 1 post-doc, 13 PhD, 6 MS
GRAs, 2 visitors and a researcher: total 24
China, Germany, Hong Kong, India, Italy, Israel,
Japan, Korea, Pakistan, USA
Sponsors
Equipment grants and student support: past and present
Research topics
Internet Real-Time Systems
Security
Service discovery
Reliability and scalability
Multimedia collaboration
Mobile and ad hoc
Peer-to-peer systems
Enterprise IP telephony
911 calls on Internet
Ubiquitous computing
presence
Wireless telephony
Programmable services
Global service discovery
Knarig Arabshian
The problem
Current protocols:
Local network (not Internet)
Limited description or query -- attributevalue or interface matching
We need:
A global service discovery architecture
Scalable (avoid central dependency)
Robust and self adjusting
Use modern description logic (OWL)
Knarig Arabshian
Global service discovery
GloServ: Hierarchical P2P Global Service Discovery Architecture
Classify services
using OWL
Use service
classification to map
ontology to a
hierarchical P2P
network (using CAN
for p2p)
Bootstrap servers
using information in
ontology
Intelligent
registration and
querying
1
1) Query for “inn”
is issued
2
4
Hotel
3
hostel
inn rooming lodging motel
Service
2) Map the word
“inn” to “hotel”
Restaurant Travel Medical Communication
4) Send the query to the
closest high-level server
that is known
Destination Flights Agencies
Hotel
domain: hotel.destination.service
Bed&Breakfast
3) Look up the domain of
the equivalent server or
closely related server in
the primitive skeleton
ontology
Global service discovery
Knarig Arabshian
GloServ: Hierarchical P2P Global Service Discovery Architecture
CAN DHT
distribution of properties
hasAccommodation
(Hotel) 20
CAN DHT
(CampGround) 3
(Budget)
2
<1,2> <3,2>
<1,3> <3,3>
<2,1>
<2,2> . . .
<2,3> <10,2>
<10,3>
3
1
2
(Sightseeing)
(Sports) (Adventure)
hasActivity
CAN DHT
7DS
Wing Yuen (Andy)
The problem and overview of 7DS
The opportunity
Wireless infrastructure slow to emerge (3G $$$)
802.11b cheap and simple to deploy
Mobile devices spread data in densely populated areas
(e.g., NYC)
What is 7DS?
Content-independent: works for any web object
Uses standard caching mechanism
After 25’, 90% of interested users have data
Also, data upload:
Wing Yuen (Andy)
7DS
Overview of the networks
Two nodes communicate
when they are in proximity
Small transmit power
path
Mobile node
Optimal # neighbor ≈1
Large end-to-end
throughput
Trade off capacity with
delay
Ad hoc network; example:
Wing Yuen (Andy)
7DS
Email upload application
Objective: purge message replicas
Time-based scheme
breadth=2
depth=4
Hop-based scheme
Purge message when TTL expires
Decrement b in each node encounter
Purge message when b=0
Evaluate storage and storage-time
cost
Optimal depth=2, select breadth
such that prob. delivery =1
7DS
Derek
for mobile platforms
Source: ARCChart –
Developing for
Mobile Environments
Sangho Shin
Andrea Forte
Wireless VoIP
Layer 3 handoff
Overview of the network and problems
Internet
Subnet B
R2
Subnet A
R1
AP2
AP1
Layer 2 handoff
Handoff delay (Layer 2 and Layer 3)
Limited capacity
Call admission control
Access-point
Router
Sangho Shin
Andrea Forte
Wireless VoIP
Problems and solutions
Layer 2 (MAC) & Layer 3 (IP)
Handoff
Limited capacity
Selective Scanning & Caching
Fast L3 Handoff using temp IP
Cooperative handoff
Improving VoIP capacity
Bandwidth
Actual throughput
IEEE 802.11a/b/g : 11~ 54 Mb/s
Except overhead: 2~20 Mb/s
Ethernet (100-1000 Mb/s) >> WLANs
Need to improve Capacity for VoIP.
Dynamic PCF (DPCF)
Adaptive Priority Control (APC)
Call admission control
Virtual Traffic Generation
Too many clients or, simultaneous
calls in an AP deterioration of
QoS
Need Call Admission Control
(CAC)
Wireless VoIP
Sangho Shin
Andrea Forte
Passive DAD (1/2)
Duplicate Address Detection (DAD)
Before the DHCP server decides to assign an IP address, it has to be
sure that such address is not already in use. In order to do this, the
DHCP server sends ICMP Echo requests and waits for ICMP Echo
replies.
The delay introduced by DAD is in the order of
seconds!
Passive DAD (P-DAD)
We introduce a new agent, namely Address Usage Collector (AUC),
which collects information about the IP addresses in use in its
subnet. The AUC will then inform the DHCP server about IP
addresses already in use in a particular subnet.
Sangho Shin
Andrea Forte
Wireless VoIP
Passive DAD (2/2)
Address Usage Collector (AUC)
TCP Connection
DHCP server
IP4
DUID4
IP
MAC Expire Client ID MAC
IP1
MAC1
570
DUID1
MAC1
IP2
IP3
MAC2
MAC3
580
590
DUID2
DUID3
MAC2
MAC3
Broadcast-ARP/DHCP
Router/relay agent
SUBNET
AUC builds DUID:MAC pair table (DHCP traffic only).
AUC builds IP:MAC pair table (broadcast and ARP traffic).
Whenever a new pair is added to the table or if a potential
unauthorized IP is detected, the AUC sends the pair to the DHCP server.
DHCP server checks if the pair is correct or not and it records the IP
address as in use.
ARP checking
AUC scans unused IPs using ARP query periodically.
Silent nodes can be detected.
Wireless VoIP
Sangho Shin
Andrea Forte
Problems of the current DAD
In wireless networks, it takes long time to get
ICMP echo response, or even the response
can be lost when the channel is very
congested.
Windows XP SP2 activates the firewall, and
the firewall blocks incoming ICMP echo by
default.
ISC DHCP software has a bug in the DAD
timer, and the timer value is decided between
0 ~ 1 sec randomly.
VoIP real world app.
Venkata S. Malladi
Anurag Chakravarti
Training air traffic controllers at FAA
Existing communication system
What the project is?
Voice communications network
Analog, fixed point-to-point connections
Fast Ethernet data network
Video network
Depends on analog, hard-wired communication systems that use obsolete
parts no longer available without custom manufacture
Simulate a FAA classroom
Classroom has student, pilot and an instructor workstation
Student plays the role of an ATC, who is trained by the pilot.
Student and pilot communicate to each other, via a notion of frequency
(unicast) and facility (multicast)
What am I doing?
Feature enhancements
Get the project successfully deployed on-site
Development of robust audio tool on Windows platform
Charles Shen
Session peering
for multimedia and VoIP interconnect
Motivation: expenses, overhead, flexibility of end-toend IP-based services.
How it is done: switch fabric, rules and regulations
that manage sending and receiving data among one
another.
Challenges: Architecture, QoS, Security, Operations
Support Services, Reliability, Protocol Interoperability,
Call routing, ENUM, etc.
Direct Peering
IP Phone
SIP based
Network
SIP based
Network
PSTN PSTN
(telephone)
Existing architecture
IP Phone
Charles Shen
ENUM
Marriage of Internet and telephone numbering
Enum Server
SIP Proxy
Callee
[2] Caller’s proxy queries Enum for
0.4.0.7.9.3.9.2.1.2.1.e164.arpa
and gets response
sip:[email protected]
Caller
[1] Caller dials callee’s
normal phone number
SIP Proxy
[3] Caller’s proxy receives response
sip:[email protected] and proceed
to set up call with the callee
212-939-7040
Bridges traditional telephony with Internet capabilities
into a platform for new services and applications.
Session peering and ENUM
Charles Shen
Status quo and our work
WGs in standardization bodies such as IETF
SPEERMINT, ENUM WG and SIPForum
technical WG are working on requirements
and architecture details for a Session Peering
for Multimedia Interconnect architecture.
I am currently involved in ENUM server
performance investigation and expected to
contribute to other parts of the peering
architecture as well.
Also related: SIP Scalability Performance
Study.
NG 9-1-1
Jong Yul Kim
Wonsang Song
Overview of the NG911 project
Traditional 9-1-1 system
Two (related) fundamental problems
Does not work well for calls from Internet phones!
Where is the caller?
To which PSAP (call center) should the call go?
Other problems
Going beyond the traditional 9-1-1 functionalities
Multimedia (audio + video + text)
Sending instructional video on CPR
Project Participants
Columbia University, Texas A&M University, University of
Virginia
NENA, Cisco, Nortel
Funded by NTIA and SIPquest
Jong Yul Kim
Wonsang Song
NG 9-1-1
Solution and status
Location Determination
CDP
Merits
Drawbacks
DHCP
Cisco devices are
ubiquitous
Less burden for
administrators than
DHCP
Only works with Cisco
switches and access
points
Administrators have to
enter switch – location
mapping
In organizations that use
Cisco devices
Useful
Situation
DHCP is ubiquitous
Applicable to both SIP
UA and SIP proxy
No good for wireless
connections
Administrators have
to enter machine –
location mapping for
each machine
In organizations where
computers are fixed in
one place
Current status
GPS
Manual Entry
Delivers precise
location
No work for
administrators
Is always a backup
method
GPS does not work
indoors or when a
significant portion of
the sky is blocked
from view.
No guarantee of
timely update
Prone to human error
Outdoors
When all else fails
SIP-based prototype system
NENA requirements for IP-capable PSAPs
IETF ECRIT WG Proposals to solutions for fundamental problems
On-going preparations for testing in live PSAP in College Station, Texas
VoIP security
Eilon Yardeni
Denial of Service (DoS) attacks: the problem
DoS attacks are still prevalent in the
Internet
Telephony services are exposed as they
move to the IP network
The E911 service is specifically
vulnerable
How to distinguish between a human
and machine request?
Detection and Mitigation
VoIP security
Taxonomy of DoS attacks: vulnerability attacks
Implementation flaws
Application specific attacks
Session Initiation Protocol (SIP)
Flooding
Session tear down – spoofed “BYE”s
Modify media sessions – spoofed re-INVITEs
Flood with “INVITE” or “REGISTER”
Access links congestion
Attack on E911
911 calls do not require authentication
Attacker can target:
Call takers
Call routing
Mapping service
Physical location spoofing
Eilon Yardeni
VoIP security
Defense against DoS attacks
Fake location
Signed location
Location verification
First level filtering heuristics
IP-to-geo location comparison
List of legitimate subnets
Eilon Yardeni
Kumiko Ono
VoIP security
Trust path discovery for SPAM detection
Motivation: option for sender
filtering against spam (SPIT/SPIM)
Determine whether to accept
communication’s requests, e.g.,
emails, calls, instant messages from
a “stranger”
Based on reputation of that
stranger
Challenge: how to get the
stranger’s reputation
Approach
Gathering trustworthy opinions on
individuals and their domains from
trust paths
Opinions: based on trust indicators
which represent one’s trust on
receiving messages
Trust paths: chains of trust
relationships; among individuals,
among domains and between an
individual and a domain
IETF draft-ono-trust-path-discovery-01
Related Work
2. Query
his reputation
Our Approach
A third party
reputation system
i.e., a server of
social network
Alice 1. Receive communication request Dave
Trust paths i.e., buddy-list, call-log
2. Query
his reputation
Alice
1. Receive communication request
Dave
Kundan Singh
VoIP infrastructure
Reliability and scalability
Failover: redundancy
Load sharing: scalability
P1
a-h
INVITE
REGISTER
i-q
Use DNS
P2
P3
r-z
Combine the two in a two stage architecture
• Infinite scalability (linear with #servers)
• High availability
Kundan Singh
VoIP infrastructure
CINEMA: multi-platform multimedia collaboration
Beyond voice: video, text, IM, presence, screen sharing, shared web
browsing, …
Beyond SIP phone: regular telephone, email, web, …
Beyond synchronous communication: offline mails, discussion forum, file
sharing, …
Internet
Telephony
Interactive
voice response
Internet
Radio/TV
Messaging
and Presence
Unified
messaging
Video
conferencing
Media
G.711
MPEG
SIP
RTSP
SAP
RSVP
RTCP
Application layer
RTP
Transport (TCP, UDP)
Network (IPv4, IPv6)
Quality of service
Signaling
Media transport
Link layer
Physical layer
Program
Call
routing
Voice
XML
DTMF
Mixing
Speech/
text
SDP
VoIP infrastructure
Kundan Singh
Peer-to-peer Internet telephony
Server-based
Peer-to-peer
Maintenance and configuration cost: dedicated administrator
Central point of failures: catastrophic failures
Depends on controlled infrastructure (e.g., DNS)
Self adjusting, robust against catastrophic failures, highly scalable,
and no configurations
Call setup and user search latency is higher: O(log(N))
Security: how to handle malicious peers? Identity protection?
Our P2P-SIP
Hybrid architecture: works with both P2P and server-based
Built-in P2P network: acts as a service node for proxy, registrar,
presence, offline storage, and media relay
External P2P network: managed and trusted peer nodes
Identity protection: Email identifier == SIP identifier
Presence System Overview
Presence
Ability and willingness to
communicate.
Rules about how and what part of
presence info can be accessed
More detailed information includes
location, preferred communication
mode, current mood and activity
Presentity
Represents a user or a group of
users or a program
Source of presence information
Watcher
Requester of presence
information about a presentity
Bob is busy
right now. He
is on 42nd
,Broadway.
U can reach
him after 4.00
p.m. on his
office line.
Bob’s
Presentity
Presentity and Watchers
Bob’s
Presentity
PUBLISH
Bob’s
status,
location
Presence
Server
Bob’s Filters
(Rules), PIDF
SUBSCRIBE
NOTIFY
Available,
Busy,
Somewhat
available,
Invisible
Watchers
Watchers
Watchers
wife
PUBLISH
son
Ru
there ?
BUZZ
Cell
Phone
colleague
PC-IM Client
Bob’s Presence User
Agents (PUA)
external
world
Presence Deployment: Cross-domain
SCP
SIP NOTIFY
SIP PUBLISH
Presence Server
PSTN
SIP PUBLISH
SIP PUBLISH
Wireless Network
Presence
Database
Presence
Server
Presence Server
Watchers/Buddies
for one presentity
SIP SUBSCRIBE
IM
TV
SIP Phone
Broadband IP Network
(VoIP, Internet)
Presence Server
Presence Server
Watchers/Buddies
for one presentity
Presence Services
Determining communication status
Dial tone no longer enough, Decide based
on
Presentity’s Location, Activity (Sleeping,
Driving, etc.), Mood (angry, happy etc.,)
Presentity’s preferred mode of communication
(e.g., text , audio device, landline phone)
Location based services
Fleet management
Summary
Internet Real-Time Systems
Service discovery, 7DS, wireless VoIP,
Security, NG 911, reliability, scalability,
peer-to-peer
Other projects: sip user agent, CPL/sipcgi/LESS scripts, session mobility, Skype
analysis, …
Questions?