Slide 1

Making services bloom outside the walled garden Henning Schulzrinne (with Jong Yul Kim, Kundan Singh, Wonsang Song, Anshuman Rawat, Matthew Mintz-Habib, Amrita Rajagopal and Xiaotao Wu) Columbia University Dept. of Computer Science Slide 2 Telekom - February 2006 2 Overview Internet design philosophy an attempt at a summary Advanced VoIP services and issues emergency calling location-based services secure VoIP spam/spit quality-of-service A peer-to-peer approach to VoIP Slide 3 Telekom - February 2006 3 Internet philosophy Innovation is created at the edges providers benefit by increased usage content innovation Wikipedia, Flickr, blogs, eBay cf. WAP service innovation IM, Skype, distributed games Reliability and ubiquity are created by the network room for improvement (99.5% now) services & applications (HTTP, SIP, RTSP, ) ISP (IP, DHCP, DNS) network access (fiber, copper, wireless) enterprise consumer ISP enterprise consumer ISP OS vendors software services Yahoo iTunes Google MSN mySpace Skype eBay sockets RJ-45 natural monopoly or oligopoly geographic range Slide 4 Telekom - February 2006 4 Internet philosophy Small number of narrow and stable interfaces: HTML (+ PDF, flash) for content socket API for applications RJ-45 (Ethernet) for landline & enterprise 802.11/16/ for wireless Provides sufficient scale as incentive reduces uncertainty on platform and access Allows same applications in enterprise and consumer space cf. difficulty with wireless applications Allows same company to provide all three layers avoids collapse of monopoly rent if bypass succeeds services & applications (HTTP, SIP, RTSP, ) ISP (IP, DHCP, DNS) network access (fiber, copper, wireless) enterprise consumer ISP enterprise consumer ISP OS vendors software services Yahoo iTunes Google MSN mySpace Skype eBay sockets RJ-45 natural monopoly or oligopoly geographic range Slide 5 Telekom - February 2006 5 IP hourglass email WWW phone... SMTP HTTP RTP... TCP UDP IP ethernet PPP CSMA async sonet... copper fiber radio... Steve Deering, IETF Aug. 2001 Slide 6 Telekom - February 2006 6 The real Internet hourglass (slightly simplified) IP TCP HTTP Ethernet web web services p2p (port 80) Slide 7 Telekom - February 2006 7 Internet eco-system geographycustomer choice expertisecustomer interaction income services & content internationaldozens to infinite software server farms marketing almost none (anonymous, self- service) advertising pre-pay ISP regional & national handfulBGP SNMP limited phone support rent pre-pay (wireless) network access regional & national handfulconstruction fiber splicing RF propagation truck roll hardware rent IRUs Slide 8 Telekom - February 2006 8 Walled gardens Walled garden = certain applications can only be provided by the access provider (e.g., wireless carrier) due to handset lockdown due to network restrictions due to lack of service interface (e.g., QoS) Economic argument: provides monopoly rent variation: dont just want to be dumb bit pipe but marketing, size, trust advantages dont depend on this Technical argument: reliable, consumer-friendly services require it Hard to make work for corporations doesnt integrate well with enterprise networks and applications at best, requires extra servers (BlackBerry email) Corporations and universities dont have email carriers, either some may outsource (e.g., to gmail) VoIP: large enterprises may contract directly with PSTN gateway provider everything else can be run in-house Slide 9 Telekom - February 2006 9 Stakeholders and arguments Customers low cost avoid lock-in new applications and services ease of use Carriers extract differential value of different kinds of bits user value of voice vs. email vs. web vs. video avoid commodization Technically necessary vs. good for my business Will focus on technical issues Slide 10 Telekom - February 2006 10 Network neutrality = network does not favor particular applications (or packets) does not filter, drop, delay based on ports, sources or destinations information networks ought to be as neutral as possible between competing content, applications and services (Wikipedia) more precise: same services available to everyone, as unbundled service elements e.g., if QoS, can be purchased separately e.g., location available without buying restaurant guide FCC: Powell 2004 Consumers are entitled to access the lawful Internet content of their choice; Consumers are entitled to run applications and services of their choice, subject to the needs of law enforcement; Consumers are entitled to connect their choice of legal devices that do not harm the network; and Consumers are entitled to competition among network providers, application and service providers, and content providers. Legal discussion in the US revision of Telecom Act of 1996 Variations (Wikipedia) Most Favored Nation: operators must offer to all companies transit on equal terms, and cannot discriminate as between them; Radical Bit Anti-Discrimination: operators must pass all packets blindly, and never make any decisions based on information specific to any packet; Enough and as Good: if operators prioritize bandwidth, they must leave enough and as good bandwidth to permit non-prioritized services to reach consumers; Tiering only: Operators may discriminate as between their customers, but must offer the same services to content, application and service providers; Police what you own: Operators may exercise discrimination with respect to entirely private networks, but not inter-networks. Slide 11 Telekom - February 2006 11 Evolution of VoIP amazing the phone rings does it do call transfer? how can I make it stop ringing? 1996-2000 2000-20032004- catching up with the digital PBX long-distance calling, ca. 1930 going beyond the black phone Slide 12 Telekom - February 2006 12 Classical IETF interfaces L2 Ethernet L3 IPv4/IPv6 L3 config DHCP, PPP name mapping BGP OSPF IPv4/IPv6 SONET DNS signaling SIP UNINNI host end system UA router proxy server Slide 13 Telekom - February 2006 13 Interconnection approaches PropertyNGN, 3GPPInternet interconnectionper serviceservice neutral end device controlcarrier-controlleduser-provided end device typemostly hardwaresoftware, maybe hardware state preferencecall state-fullstateless transaction-stateful interconnect arrangementpre-arrangedserendipitous interconnect discoverypre-configuredDNS billing preferenceper service usage-based bandwidth-based services fixed-rate or ad-supported billing arrangementclearing housesender keeps independent Slide 14 Telekom - February 2006 14 SIP division of labor proxyB2BUAUA Statestateless transaction-stateful call stateful Headersinspect insert modify (rarely) inspect insert modify inspect reflect Bodiesignore some inspect inspect insert modify inspect Forkyesseparate call legsno Medianomaybeyes Servicesrendezvous call routing call statefulmedia-related Slide 15 Telekom - February 2006 15 IETF 4G (access-neutral) model columbia.eduexample.com sip:alice@columbia.edu sip:bob@example.com TLS DIAMETER server 802.1x NSIS NTLP for QoS Visited network AP Check reputation of columbia.edu alice@isp.net isp.net Slide 16 Telekom - February 2006 16 Emergency calling Location-based service route calls to best PSAP based on callers location deliver location information to PSAP to dispatch help Has to work even if caller is roaming has a VSP from another country (or no VSP) bought phone in Finland But also supports better resiliency during catastrophes (Katrina-like events) multimedia situational awareness Standardization efforts: IETF ECRIT working group protocols NENA (National Emergency Number Association) requirements, overall architecture, transition ETSI EMTEL architecture? requirements? Implemented all-IP prototype at Columbia University testing with real PSAPs emergency call center Slide 17 Telekom - February 2006 17 Components of emergency calling Contact well-known number or identifier Route call to location- appropriate PSAP Deliver precise location to call taker to dispatch emergency help nowtransitionall IP 112 911 112 911 dial 112, 911 signal sos@ selective router VPCDNS phone number location (ALI lookup) in-band key location in-band Slide 18 Telekom - February 2006 18 The core emergency calling problem Voice Service Provider (VSP) sees emergency call but does not know caller location ISP/IAP knows user location but does not handle call Slide 19 Telekom - February 2006 19 UA recognition & UA resolution INVITE sip:psap@leonianj.gov To: urn:service:sos 9-1- 1 mapping location URL INVITE sip:psap@leonianj.gov To: urn:service:sos leonianj.gov DHCP (w/loc) LLDP-MED (L2) GPS (outdoors) Slide 20 Telekom - February 2006 20 UA recognition & proxy resolution 9-1- 1 mapping INVITE urn:service:sos To: urn:service:sos INVITE sip:psap@leonianj.gov To: urn:service:sos provider.com Slide 21 Telekom - February 2006 21 UA recognition & proxy resolution (proxy location determination) 9-1- 1 mapping INVITE urn:service:sos To: urn:service:sos INVITE sip:psap@leonianj.gov To: urn:service:sos provider.com how does proxy insert location? redirect? Slide 22 Telekom - February 2006 22 Proxy recognition & proxy resolution 9-1- 1 mapping INVITE sip:911@provider.com;user=phone To: sip:911@provider.com;user=phone INVITE sip:psap@leonianj.gov To: sip:911@provider.com;user=phone Location: provider.com Slide 23 Telekom - February 2006 23 LUMP architecture T1 (.us) T2 (.de) T3 (.dk) G G G G G broadcast (gossip) T1:.us T2:.de resolver seeker 313 Westview Leonia, NJ US Leonia, NJ sip:psap@leonianj.gov tree guide Slide 24 Telekom - February 2006 24 Location-based services Guidance and mapping services including meta-data such as traffic information Finding services based on location physical services (stores, restaurants, ATMs, ) electronic services (media I/O, printer, display, ) needs to use end system location information Using location to improve (network) services communication incoming communications changes based on where I am proximity triggers communications configuration devices in room adapt to their current users awareness others are (selectively) made aware of my location security proximity grants temporary access to local resources Slide 25 Telekom - February 2006 25 GEOPRIV and SIMPLE architectures target location server location recipient rule maker presentity caller presence agent watcher callee GEOPRIV SIP presence SIP call PUBLISH NOTIFY SUBSCRIBE INVITE publication interface notification interface XCAP (rules) INVITE DHCP PIDF-LO Slide 26 Telekom - February 2006 26 The role of presence for call routing Presence as cross-system glue narrow interface for location information, device state, user behavior, Two modes: watcher uses presence information to select suitable contacts advisory caller may not adhere to suggestions and still call when youre in a meeting user call routing policy informed by presence likely less flexible machine intelligence if activities indicate meeting, route to tuple indicating assistant try most-recently-active contact first (seq. forking) LESS translate RPID CPL PA PUBLISH NOTIFY INVITE Slide 2737:46:30N 122:25:10W no 2003-06-23T04:57:29Z 2003-06-22T20:57:29Z"> Telekom - February 2006 27 Location data & privacy Location = civic location (street) geo (longitude + latitude) descriptive (hotel) All presence data, particularly location, is highly sensitive Basic location object (PIDF-LO) describes distribution (binary) retention duration Policy rules for more detailed access control who can subscribe to my presence who can see what when37:46:30N 122:25:10W no 2003-06-23T04:57:29Z 2003-06-22T20:57:29Z Slide 28 Telekom - February 2006 28 Presence & location privacy rules Conditions identity, sphere, validity time of day current location identity as or + Actions watcher confirmation Transformations include information reduced accuracy User gets maximum of permissions across all matching rules Extendable to new presence data rich presence biological sensors mood sensors Slide 29 Telekom - February 2006 29 Example privacy rules document user@example.com allow sip mailto true bare Slide 30 Telekom - February 2006 30 Location-based service language false true NOTIFY action alert conditions proximity occupancy time IM actions alert message log call transfer join events incoming outgoing notify message subscription Slide 31 Telekom - February 2006 31 Secure VoIP What is security? Caller privacy protection: media + signaling secure RTP (SRTP) + TLS or S/MIME Anonymity protection the anonymity of large providers Theft-of-service protection access link: 802.1x and similar (+ RADIUS) voice service: SIP Digest authentication + RADIUS/DIAMETER for roaming Conflicts of goals theft-of-service protection emergency calling anonymity, caller privacy legal intercept Slide 32 Telekom - February 2006 32 Secure VoIP, contd. Assume secure channel (TLS) and/or SIP payload (S/MIME) Session keys are exchanged in-band between parties e.g., via SDP Used for SRTP keying Possibly use SIP preconditions to require use of secure channel and negotiate crypto algorithms Slide 33 Telekom - February 2006 33 Quality of service QoS = packet-level loss & delay + reliability (longer outages) latter tends to be more of a problem Per-flow resource reservation scales well in access networks Difficulty: most of the time, high-priority traffic sees same backbone queueing delay (~0) and loss (0) as low-priority traffic thus, incentive to label traffic best effort most of the time Hypothesis: most QoS problems are self-interference and access link problems can be solved with DiffServ and 802.11e may need rate limit for high-priority traffic on access link self- interference access links backbone peering Slide 34 Telekom - February 2006 34 New IETF signaling protocol architecture: NSIS Generalized version of RSVP: separating transport & signaling applications allows use of secure transport supports node mobility Support signaling-layer protocol (NSLP) transport layer (NTLP) (GIST) transport layer (RA + UDP; TCP [+ TLS]) NAT/FW, QoS, measurement, Slide 35 Telekom - February 2006 35 Unsolicited calls and messages: SPIT SPIT = Spam for Internet Telephony spim = spam for IM Possibly at least as large a problem as email spam more annoying (ring, pop-up) Bayesian content filtering unlikely to work identity-based filtering PKI for every user unrealistic Use two-stage authentication well-proven domain-level authentication via TLS certs SIP identity work outbound proxy certifies uses Digest auth locally (shared secret) I, example.com have verified that this is Alice\ Also proposed: computational puzzles e-postage home.com Digest mutual PK authentication (TLS) Slide 36 Telekom - February 2006 36 Spam for Internet Telephony (SPIT) Black lists only modestly helpful bad users can likely get fresh identities trustable identity personal whitelist (called, emailed) domain reputation user reputation relies on Slide 37 Telekom - February 2006 37 SPIT: domain classification Classification of domains based on their identity instantiation and maintenance procedures plus other domain policies. Admission controlled domains Strict identity instantiation with long term relationships Example: Employees, students, bank customers Bonded domains Membership possible only through posting of bonds tied to a expected behavior Membership domains No personal verification of new members but verifiable identification required such as a valid credit card and/or payment Example: E-bay, phone and data carriers Open domains No limit or background check on identity creation and usage Example: Hotmail Open, rate limited domains Open but limits the number of messages per time unit and prevents account creation by bots (CAPTCHA) Example: Yahoo Slide 38 Telekom - February 2006 38 P2P for VoIP SIP VoIP is peer-to-peer media and mid-call requests are sent end-to-end but fixed server set registered in DNS for AOR domain p2p = user nodes perform server functionality Motivation scalable growth: server count grows with user population quick deployment in network islands Skype envy Functions that can be placed on peer-to-peer nodes Signaling and identifier mapping map AOR alice@example.com one or more contacts Presence publish and subscribe NAT traversal discover external IP address (STUN) + relaying where needed Media storage voice mail, ring tones, recordings, Conferencing mixing and replication Slide 39 Telekom - February 2006 39 P2P-SIP: Using an External P2P network (DHT) Data model Treat DHT as database Service model Join DHT to provide service DHT [1] [2] [3] [1] put(k,192.1.2.3), k is H(bob) [2] get(k) gives 192.1.2.3 [3] INVITE sip:bob to 192.1.2.3 bob 192.1.2.3 alice DHT [1] [2] [3] bob alice [4] [5] [1] join(128.3.4.5) [2] lookup(H(bob)) gives 128.3.4.5 [3] REGISTER sip:bob to 128.3.4.5 [4] lookup(H(bob)) gives 128.3.4.5 [5] INVITE sip:bob to 128.3.4.5 Service node (128.3.4.5) Slide 40 Telekom - February 2006 40 P2P-SIP: Logical Operations Contact management put (user id, signed contact) Key storage User certificates and private configurations Presence put (subscribee id, signed encrypted subscriber id) Composition needs service model Offline message put (recipient, signed encrypted message) NAT and firewall traversal STUN and TURN server discovery needs service model Slide 41 Telekom - February 2006 41 P2P-SIP: Implementation in SIPc OpenDHT Trusted nodes Robust Fast enough (