Lecture 10. P2P VoIP

D. Moltchanov, TUT, Spring 2008

D. Moltchanov, TUT, Fall 2014

OutlineWhat is VoIP2G VoIP system: SIP-based

ArchitectureAll-IP callsPSTN-IP-PSTN callMessages and formats

3G VoIP system: P2P SkypeCapabilitiesLogin to the networkCallingSecurity features

Future VoIP systems: P2P SIP?

VoIP basics

What is VoIPVoIP definition

Specific sets of protocols to carry voice over the IPIP can be private or public InternetEarly provided by operators, now by third parties

The way VoIP is implemented evolved over time

Starting from late 90s

End devicesHardware phonesSoftware phones

Benefits of using VoIPOperational costs

No need for two separate networks (voice and data)Rich set of free features e.g. conference, forwarding…Lower costs since only Internet access is needed

Compare pricing scheme: flat for IP vs. per minute

FlexibilityMore than one call over a connectionCalls can be encryptedLocation independentIntegration with other servicesComputer + phone

Note: Internet to Internet calls are free…

VoIP evolution

2G VoIP systems: SIP

2G systems: protocolsData transmission: data plane

Real-time transport protocol (RTP)Real-time control protocol (RTCP)

Signaling: control planeH.323Session initiation protocol (SIP)

Location service: control planeProxiesFinding via DNS SVR

PSTN-IP gateways: control planeMedia gateway control protocol (MGCP)H.248 (similar to MGCP)

Description of codecs used: control planeSession description protocol (SDP)

2G VoIP infrastructure: SIP+RTPSIP+RTP makes a perfect combination

DNS is for proxy resolution

SIPWhat it does

Setup, control, terminate callsEnd-to-end signalingAllows for end system and MG control signaling

PropertiesPartially distributedText based (you may read messages in e.g. Wireshark)Simple (simpler than H.323)Limited but sufficient functionality (i.e. optimized)

FunctionalityPoint-to-point and multipoint callsAdditional featuresURL are used for addresses (e.g. sip:john@doe.com)

Basic call: all-IP

Basic call: PSTN-IP-PSTN

Reality is a bit more complicatedHow do we know where to call to?

All parties need to be registered with SIP serversWhich server to register with?Multicast to all known SIP proxies “sip.mcast.net” (224.0.1.75)

How to find the person?SVR (service record) in DNS servers for proxy resolutionSpecifies the location of proxy server for a specific serviceThat’s why we had DNS servers there

What is about type of the media?I use G.711, G.723, G.729, your client may prefer G.729Use SDP (session description protocol)

SIP calling

Requesting presence info Alice wants to be informed when Bob is online

Registering and notifying Bob goes online, Alice is notified

SIP messages: RFC 3261REGISTER

Register and notify proxy about its IP and URLs

INVITE Establish a media session between users

ACKConfirms reliable message exchanges

CANCEL Terminates a pending request

BYE Tears down a session between two users in a conference

OPTIONSSolicits info about the capabilities

SUBSCRIBEGet notifications

SDP: RFC 2327Media streams

A session can include multiple streams of differing content. SDP currently: audio, video, data, control, and application

AddressesIndicates the destination addresses

PortsUDP ports for each stream

Payload typesMedia format for each stream

Start and stop timesFor broadcasting (radio, video)

OriginatorFor broadcasting

2G systems: what we see?SIP almost makes a P2P system. Why?

Data connection goes directly between partiesControl is still performed using servers

Similar to “almost P2P” platforms?Music sharing (actually, file sharing) systems of late 90sNapsterAudiogalaxy

Audiogalaxy example You login using a specific agentAgent imports your song titles to the common DBOnce you need something you search through this DBResult is IP of the systems holding this title

3G VoIP systems: P2P Skype

What is Skype?A P2P application for

Primarily, VoIPVideo calls added recentlyInstant messagingFile transfers

Proprietary signalingNegotiable voice codecsProprietary encodersGateways to/from PSTN/SIP

Interesting featuresWorks well in almost all network conditionsWorks across NATs and firewalls

Overlay networkConsists of

Skype clients (SCs)Supernodes (SNs)Login serverHTTP server

ClientUsed to make activitiesStores configurationConnected to some SNsStores few SN addressesUpdates them periodically

Functionality of elementsSupernode

A node that can accept incoming TCP connectionsPreferably has enough CPU, memory, and BWPreferably not behind firewall or NATThere are default supernodesDo signaling directly with other SNsSometimes perform signaling and data transfer for SCs

Login serverEnsures that names are uniqueAuthentication point

HTTP serverUsed for updates

Skype featuresCodecs

Default: wideband 16KHz sampling, 5Kb per direction140pcks/s., 67 bytes of payload

Ports80 HTTP, 443 HTTPS TCPRandom UDP ports

Coding and encryptionEverything is encrypted using AESKeys: 256 bits, symmetricRSA for exchanging the symmetric keys

Host cacheSupernode list (IP, port) to fasten up the process, 200 entriesUpdated periodically, some SNs are always there

Login: joining the overlayContacting central servers

Authentification/authorizationLooking for updates at HTTP

Joining the overlayRefresh of SN list (shared.xml)

List containing SNsSends UDP packet to a default SN

Chooses a certain SN Opens TCP with connection with this SNConnection is maintained throughout a sessionExchanges info on on-line nodes

Testing for SN capabilitiesClient sometimes checks whether it could be a new SN

Login: firewall blockingIf firewall blocks UDP for SN list refreshing

Establishes TCP connections with few SNsGets info on the SN listAll but one connections are torn down

If firewall blocks connection to the login serverUses SN as a relay to authenticate

CallingSignaling

Using TCP connection directlyOverlay if impossible otherwiseMedia is carried using UDP

Procedure is as followsA queries SNs for the address of BOnce obtained signaling is done directly using TCPThen voice is carried using UDP

Calling: firewall blocks UDPSignaling by SNs on behalf of usersMedia: via TCP using 4 SNs as relays

Calling: port-restricted NATStep 1

User A gets address of SN of BSends UDP query containing its external addressSN of B replies with external address of B

Step 2A and B establish UDP flow using hole punchingA and B establish TCP connection using 4 SNs as relay

Calling: symmetric NATStep 1

A obtains the address of B

Step 2Trying hole punchingIt does not work (symmetric NAT)

Step 3They use TCP via 4 SNs as relays

Some factsSkype completely fails when firewall blocks UDP and TCP

This is exceptionally rareMechanism 1: hole punchingMechanism 2: tunneling via SNMechanism 3: use of overlay

Trying to use direct connections as much as possibleSNs may tear downNodes may overload overlay

Skype is seen as unwanted by enterprisesMay traverse firewalls, NATsMay bring unwanted stuff

Security: self-securityIt is not open source!Binary code

Parts of the binary are encryptedCode is decrypted in memory in run-time

Contains checks forPresence of a debuggerCode modificationResult: stops of crushes

Security: network securityFacts

Uses a proprietary protocolEncrypts all the traffic

Signaling packetsPayload: encrypted using RC4 streamRC4 key can be recovered from the packet

VoIP packetsEncrypted using AESOnly sender and receiver can decrypt

Future: P2P SIP?

What do we want?A bit more competition + open architecture

Goals and motivationGet rid of SIP serversNo fixed topologyAudio/video/IM all-in-oneInteroperability with SIP

PossibleJoin DHTQuery position in DHTUpdate neighborsRepeat periodically

More info at: http://www.p2psip.org/