A RELOAD Usage for Distributed Conference Control (DisCo) draft-knauf-p2psip-disco-00 Alexander...

A RELOAD Usage for Distributed Conference Control (DisCo)

draft-knauf-p2psip-disco-00

Alexander KnaufGabriel Hege

Thomas SchmidtMatthias Wählisch

[email protected], [email protected], {t.schmidt,waehlisch}@ieee.org

Outline

1. Motivation2. Problem statement and objectives3. Distributing a conference focus with SIP4. Evaluation (1): Signaling costs5. Virtualizing the Conference ID in RELOAD6. Access control to the shared RELOAD Resource7. Proximity-aware focus selection8. Evaluation (2): Proximity-aware focus selection9. Conclusion

2 draft-knauf-p2psip-disco-00 04/19/23

Motivation

• SIP and RELOAD designed for session establishment in a P2P-fashion

• No mechanism for group communication in RELOAD

• Entry points to groups need to be located by joining peers– SIP Usage for RELOAD only locates single entities

• Management of group membership and state synchronization within a group are not treated in P2PSIP

draft-knauf-p2psip-disco-003 04/19/23

Problem Statement for Conferences in P2PSIP Scenarios

• A conference in the tightly coupled model is managed by a single entity called focus in SIP:– Maintains signaling and media parameter negotiation– May perform media mixing functions

• Problem (1): The Conference URI– Identifies the multiparty session, and– locates the conference focus

Single point of failure• Problem (2): No dedicated server architecture in P2PSIP

– Media mixing performed at the end-user devices Scaling problem within large conferences

– Conference must be registered and globally accessible Demands a registrar, e.g., available through DNS


Objectives of Distributed Conference Control

• Separate the logical conference ID from the controlling entities: Allows multiple focus peers to

manage a single conference Increases robustness against focus

failures• RELOAD Usage for Distributed

Conference Control:– Conference URI is registered as a

key for several focus peers that are responsible for conference control


Distributing a focus with SIP

INVITE sip:[email protected] SIP/2.0Call-ID: [email protected]: 1 INVITEFrom: <sip:[email protected]>;tag=134652To: <sip:[email protected]>;tag=643684...Contact: <sip:[email protected]>;isfocusRecord-Route: <sip:[email protected]>...

Here: Alice is the focus responisble for Bob

• Alice receives the reply through the Record-Route and – as responsible focus peer - intercepts message from Bob


Operations in a Distributed Conference

• Second Step: Definition of protocol schemes for

State synchronization: Achieved by conference event package [RFC4575]

extended by elements describing a focus peer’s local state

Focus peers get consistent and global view of conference state

Call delegation: Transfer calls using SIP REFER requests carrying session

identifier (for semantic recognition of calls)

Used in cases of overloading, leaves or failures of focus peers

Focus Discovery: Allocating new focus peers that support the conference

Enables load distribution


Splitting a Focus: Common Scenarios

1st party invitation:– Situation: Participation

request sent to a single overloaded focus peer

– Reaction: Call delegated to other focus peer

3rd party invitation:– Situation: Participant

requests overloaded focus to invite peer

– Reaction: REFER to underloaded focus peer


Signaling Costs - Evaluation

• Signaling delay remains constant with increasing conference size


• 3rd Party invite signaling delay: Spikes caused by call delegations

• Comparing three signaling schemes: Centralized, hierarchical [Cho et al,

SAC-IEEE ‘05] distributed conferencing

9 04/19/23

Conference ID Virtualization

• Problem: How to distribute the conference entry point?• Idea: Conference URI is registered in a P2PSIP overlay as a key for several

focus peers that are responsible for the conference control• Achieve independence of dedicated registrar servers• Detach the Conf-ID from any physical instance


Definition of a Distributed Conferencing (DisCo) Kind

• DisCo-Registration stores a

dictionary of :

Address-of-Records or

Node-IDs of focus peers

A coordinates vector

describing the focus’

relative network position

• DisCo-Registration is a shared

resource of all focus peers


Creating a Conference

1) Probe for existence of Conference URI StatReq is sent to storing peer for duplicate addresses detection

2) Request a new certificate that is used for the DisCo-Registration Certificate for the “virtual” conference user (more on that later)

3) Store mapping Conf-ID to <creating peer, coordinates value> at storing peer


Security Model for Shared RELOAD-Resources

Problem: Conference registration needs to be written by multiple focus peers

• RELOAD defines no fitting access control policy• Initial idea: use USER-MATCH

– Certificate user name (Conf-URI) hashes to Resource-ID– Ask enrollment server for new certificate for each conference– Distribute conference private-key to all focuses

• But (as pointed out in P2PSIP WG on Monday):– Server should only be asked on enrollment– How to revoke certificate?

• Needs a new access policy


Some Ideas for a new Access-Policy

• Conference initiator creates conf-certificate, signed with his private key• Storing peer verifies certificate chain• Shared key model:

– Distribute conference private-key to all focus peers• PKI-Model:

– Sign focus peers‘ pubkeys with conference key– Either allow only direct signing or also longer certificate chains– Chains could be compacted on certificate renewal– Allows revocation of compromised keys– Conference initiator single point of failure → distribute conference key

to specially trusted focus peers• Problem: malicious peer can register arbitrary number of Conf-URIs (Sybil

attack)


Determination of Topological Descriptors

• Each peer in a distributed conferences determines a coordinates vector describing a peer’s position in an n-dim Cartesian space


<105ms,120ms,110ms,...,320ms,175ms>

Coordinates Vector:

15

• Distance between two peers p1, p2 is Euclidian distance between p1’s and p2’s coordinates vector:

• New participants select a focus peer whose Euclidian distance is minimal

• Demonstrating a landmarking approach for proximity-aware focus selection as in [Ratnasamy et al, INFOCOM '02]

n

iii ppppd

1

22121 )(),(

04/19/23

Proximity-aware Focus Selection - Evaluation setup

• Evaluation using PlanetLab platform:• Measurements using about 100 PlanetLab [www.planet-lab.org, 2010]

nodes:

• 15 Caida [www.caida.org, 2010] monitors used as landmark hosts• Build topologies using different focus-selection strategies:

1) Random strategy2) Optimal strategy3) Landmarking strategy


Proximity-aware Focus Selection - Evaluation

• Peer degree using landmarking vs. optimal and random strategy


• Delay stretch using landmarking vs. optimal and random strategy

• A simple landmarking strategy; close to optimal solution

• Comparing different peer topology building schemes:

17 04/19/23

Conclusion

• A new group communication scheme was defined for RELOAD• RELOAD overlay is used for distributing and virtualizing the focus

functionality• Transparent Identifier/Locator split of the conference URI• Constant signaling costs are achieved• New access control model needed in RELOAD• Demonstrated efficiency of a simple landmarking approach


Thank you for your attention!

Questions?

http://inet.cpt.haw-hamburg.de/


Alexander Knauf*, Gabriel Hege*, Thomas Schmidt*, Matthias Wählisch†

draft-knauf-p2psip-disco-00 is based on a paper we will present at IPTComm '10 in Munich August 3. 2010

*HAW-Hamburg, †link-lab & FU Berlin

Joining a Conference and publishing Focus-ability


Graduated Access Control Model for Conference Participation

• Task: Defining access control policies for shared DisCo-Registration• Solution: Focus peers pass writing permission to participants based on

chosen security modelAuthentication by ordinary SIP mechanisms while inviting conference

Shared secret used to join conference E.g., SIP Authorization header field

• Security models:Open access:

No Authentication

Closed access: Every Peer must be authenticate itself

Optionally for both: Focus Authenticate Extra authentication for focus peers

A Virtual and Distributed Control Layer with Proximity-awareness21

A RELOAD Usage for Distributed Conference Control (DisCo) draft-knauf-p2psip-disco-00 Alexander...

Documents

Transcript of A RELOAD Usage for Distributed Conference Control (DisCo) draft-knauf-p2psip-disco-00 Alexander...