internet security voice over ip - lunds tekniska högskola · etsf10 internet protocols 2011-11-22...
TRANSCRIPT
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 1
Internet SecurityVoice over IP
ETSF10 – Internet Protocols – 2011Kaan Bür & Jens Andersson
Department of Electrical and Information Technology
Internet Security
• IPSec §32.1
• SSL/TLS §32.2
• Firewalls §32.4
+• Voice over IP
– RTP/RTCP §29.6-7
– VoIP §29.8
+Introduction to DNS lab2011-11-22 2
Introduction
2011-11-22 3
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 2
IPSecurity (IPSec)
• Collection of protocols• Packet-level security• Network layer
2011-11-22 4
IPSec: Transport vs. tunnel modes
2011-11-22 5
TH
• Data protected• Headers unprotected
– Addresses fully visible
Transport mode in action
2011-11-22 6
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 3
Tunnel mode in action
• Not used between hosts• Entire packet protected
– New header inside tunnel
2011-11-22 7
IPSec protocols
• Authentication Header (AH)• Encapsulating Security Payload (ESP)
2011-11-22 8
AH ESP
+
+ +
+ +
AH protocol (transport mode)
2011-11-22 9
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 4
ESP protocol (transport mode)
• More functional than AH– Privacy
2011-11-22 10
Authentication data?
• Message Authentication Code §31.5
2011-11-22 11
A vicious circle?
2011-11-22 12
A & B need to exchange keys
A & B need a secure link
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 5
Asymmetric encryption
• Pair of keys– Public, known by all– Private, kept by owner
• Encryption: receiver’s public key– Decryption only with receiver’s private key
• Authentication: own private key– Validation only with sender’s public key
2011-11-22 13
Security Associations (SA)
• Aggreement on a set of security parameters
2011-11-22 14
Virtual Private Network (VPN)
• Overlay network• Alternative to a real private network
2011-11-22 15
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 6
An example VPN
• IPSec between routers
2011-11-22 16
SSL/TLS
• Secure Socket Layer Protocol– Created by Netscape– Authentication, integrity, confidentiality
• Transport Layer Security– IETF version of SSL
2011-11-22 17
SSL security parameters
• Cipher suite– Algorithms
• Cryptographicsecrets
2011-11-22 18
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 7
SSL protocols
• Record– Carrier
• Handshake– Authentication– Key exchange
• ChangeCipherSpec– Crypotgraphic secrets ready
• Alert– Signaling of abnormalities
2011-11-22 19
SSL processing
2011-11-22 20
Firewalls
• Control access to internal systems• Packet filter• Often combined with NAT and VPN tunnel ends
2011-11-22 21
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 8
Packet-filter firewall
• Network or Transport Layer– Checks header information
2011-11-22 22
80*
Application gateways
• Proxy firewall at Application Layer– Content-based filtering
• Acts as broker between client and server
2011-11-22 23
See you in 15’ :)
• After the break– RTP/RTCP– VoIP
2011-11-22 24
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 9
Real-time interactive audio/video
• Two-way communication in real time– Internet telephony– Voice over IP– Video conferencing
• Sensitive to delay and jitter• Not so sensitive to lost and corrupted packets• TCP not suitable
2011-11-22 25
Real-time Transport Protocol
2011-11-22 26
Real-time Transport Protocol
• RTP handles real-time traffic• No delivery mechanism
– Uses UDP/IP• Contributions
– Time-stamping– Sequencing– Mixing
2011-11-22 27
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 10
Real-time Transport Control Protocol
• RTP only carries data• RTCP carries control messages
– Flow control– Service quality– Feedback to source
2011-11-22 28
Sender report
• Sent by active senders– Periodical
• Statistics– Transmission– Reception
• Absolute timestamp– Receivers can synch RTP messages
• Important for audio and video
2011-11-22 29
Receiver report
• Sent by listeners– Not sending RTP packets– Feedback about QoS
2011-11-22 30
And others...
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 11
Voice over IP (VoIP)
• Internet telephony
• SIP– Session Initiation Protocol– IETF standard
• H.323– Communication (telephone, computer)– ITU-T standard
2011-11-22 31
Session Initiation Protocol (SIP)
• Application layer protocol• Multimedia session management• Text-based messages
• Various address types
2011-11-22 32
A simple SIP session
2011-11-22 33
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 12
Tracking the callee
2011-11-22 34
H.323
• Communication (telephone, computer)– Gateway = 5-layer translation device– Gatekeeper = registrar
2011-11-22 35
H.323 protocols
2011-11-22 36
ETSF10Internet Protocols 2011-11-22
Kaan Bür Jens Andersson 13
H.323 session
2011-11-22 37
Final exam
• Grade 3– Part A (60% = 3)– Part B points transferable to Part A
• Grade 4/5– Part B only (50% = 4; 75% = 5)
2011-11-22 38
This concludes our lectures!
A few last words
• Next week’s exercise session (28-29/11)– Final exam review
• Bonus programs– Each passed quiz = 10% * passing grade (A)– Each GOOD project = 10% * passing grade (quiz)
NOW: Introduction to DNS lab
2011-11-22 39