sip.edu : openser in an academic environment openser summit - von – berlin 2006
TRANSCRIPT
![Page 1: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/1.jpg)
SIP.edu : OpenSER in an academic environment
OpenSER SUMMIT - VON – Berlin 2006
![Page 2: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/2.jpg)
Agenda
Introduction INRIA The SIP.edu project
SIP.edu at INRIA Access control with RADIUS
Expected limitations and problems Future improvements
![Page 3: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/3.jpg)
INRIA
French National Institute for Research in Computer Science and Control
Fundamental and applied research in various fields Networking Multimedia Software security Modeling living structures and mechanisms
5000 people in 6 locations
![Page 4: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/4.jpg)
The SIP.edu project
Started in late 2003, from an Internet2 organization initiative
Aims to connect academic institutions with SIP Two prerequisites
A user e-mail to phone number mapping mechanism SIP address ~= email address
Integrate with an existing PBX to make non-SIP phones reachable Not necessarily IP enabled
More than 250,000 people reachable MIT, Harvard University, Yale, ..
![Page 5: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/5.jpg)
SIP.edu : target architecture
![Page 6: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/6.jpg)
SIP.edu at INRIA
DNS SRV records to our SIP proxy SIP proxy : OpenSER version 1.0.1 Directory : OpenLDAP
Gathers the information for all INRIA members SIP PBX gateway : Asterisk + Cisco router
12 channels to the existing PBX PBX : TENOVIS
![Page 7: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/7.jpg)
SIP.edu at INRIA : the picture
![Page 8: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/8.jpg)
Available services
“sip:[email protected]” URIs that map with regular E.164 extensions at INRIA Accessible to anyone from the Internet
“sip:[email protected]” URIs, to call external E.164 extensions Restricted to INRIA’s members
RADIUS based access control
![Page 9: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/9.jpg)
Sample call flow to a numeric extension To initiate a call to PSTN extension 0123456789, Alice types
“sip:[email protected]" into her SIP user agent (UA); DNS SRV query Sent to INRIA’s SIP proxy
The proxy detects a numeric extension, and triggers the RADIUS authentication process
The proxy re-writes the INVITE to INVITE sip:[email protected], which it
sends to the Asterisk server;
Asterisk rings extension 0123456789 through the PSTN gateway and PBX.
![Page 10: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/10.jpg)
SIP and RADIUS : user password storage Two alternatives
Clear text format Insecure Regular authentication database cannot be used
Digest-HA1: MD5(username:realm:password) User password is kept opaque to the admin Stored information is still sensitive Regular authentication database cannot be used
![Page 11: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/11.jpg)
The key role of OpenSER
Call processing logic Not that easy to handle but powerful
Modular software architecture Many database/protocols connectors
RADIUS, SQL, Jabber, .. External scripting integration
In our SIP.edu architecture, the LDAP information retrieval process is a shell script launched by OpenSER
![Page 12: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/12.jpg)
Expected limitations and problems
NAT issues SPIT (SPam over IP Telephony)
Use inter-domain TLS?
OpenSER already addresses those issues
![Page 13: SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006](https://reader035.vdocument.in/reader035/viewer/2022072005/56649cc55503460f9498e206/html5/thumbnails/13.jpg)
Future improvements
Enable RADIUS authorization by implementing group checking
Integrate with our Jabber based IM - presence solution
Already possible with OpenSER