My talk at Voip2day 2014 in Madrid, Spain and Elastix World 2014 in Santiago, Chile. Asterisk is now 15 years old and the revolution has faded away and is now part of regular business. It's time to restart and look forward, build new things and include security by default. Security needs to be in focus for everyone in VoIP and realtime communication during the coming year.
Speaker: Olle Johansson
"SIP 2.0 was published as an RFC in 2002 and started a revolution in the telecom industry. The big move away from traditional technologies is still happening and things are moving fast. But 99% of the implementations of SIP are still focused on ISDN-over-IP, something that is very frustrating to many that believe that there are much more functionality in SIP. WebRTC is about to become standardized and we already see some early implementations. How will this affect the SIP industry and what should be in focus for the coming year? Olle delivers his thoughts, ideas and will give some clear instructions about how to move forward."
ElastixWorld
Santiago de Chile
October 2014
A presentation covering work that needs to happen. We jokingly came up with a non-existing organisation that maintains a reference profile for SIP. While the organisation is just a joke, the work is quite serious.
A quick introduction to Kamailio - the leading Open Source SIP server (based on OpenSER and SER). Kamailio is quite different than Asterisk, FreeSwitch and many other VoIP platforms - why is that and how do you start getting your head around Kamailio?
Time to get serious about realtime communicationOlle E Johansson
My talk for ElastixWorld 2013 in Mexico City, Voip2day in Madrid and Astricon 10 in Atlanta:
I list four to-do's for everyone working with realtime communication as we move away from telephony over IP into the world of Internet-based realtime communication. I believe that here is a trust gap between what users expect us to deliver, but don't ask for, and what we actually deliver. Let's change that together!
The presentation got the "Best speaker" award at Voip2day 2013.
Speaker: Olle Johansson
"SIP 2.0 was published as an RFC in 2002 and started a revolution in the telecom industry. The big move away from traditional technologies is still happening and things are moving fast. But 99% of the implementations of SIP are still focused on ISDN-over-IP, something that is very frustrating to many that believe that there are much more functionality in SIP. WebRTC is about to become standardized and we already see some early implementations. How will this affect the SIP industry and what should be in focus for the coming year? Olle delivers his thoughts, ideas and will give some clear instructions about how to move forward."
ElastixWorld
Santiago de Chile
October 2014
A presentation covering work that needs to happen. We jokingly came up with a non-existing organisation that maintains a reference profile for SIP. While the organisation is just a joke, the work is quite serious.
A quick introduction to Kamailio - the leading Open Source SIP server (based on OpenSER and SER). Kamailio is quite different than Asterisk, FreeSwitch and many other VoIP platforms - why is that and how do you start getting your head around Kamailio?
Time to get serious about realtime communicationOlle E Johansson
My talk for ElastixWorld 2013 in Mexico City, Voip2day in Madrid and Astricon 10 in Atlanta:
I list four to-do's for everyone working with realtime communication as we move away from telephony over IP into the world of Internet-based realtime communication. I believe that here is a trust gap between what users expect us to deliver, but don't ask for, and what we actually deliver. Let's change that together!
The presentation got the "Best speaker" award at Voip2day 2013.
Security and Real-time Communications – a maze of twisty little passages, tha...Alan Quayle
Security and Real-time Communications – a maze of twisty little passages, that all look alike.
Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP. Kamailio and Asterisk expert.
Olle has worked with Internet and TCP/IP networking for almost 30 years and is a developer, project manager, documentation writer, trainer and a secret lover of X.509 and PKI. Olle is active in the IETF and has co-authored an RFC and contributed to many. He has spoken at many conferences and trained many, many Asterisk and Kamailio admins. Olle co-founded Astricon, the Asterisk conference. Outside of work he is an oral storyteller and spends a lot of time in his garden back home in Sweden.
After almost 20 years of working with real-time communication: SIP, XMPP, WebRTC, and other protocols and platforms. I haven’t built a standard compliant secure platform once with strong encryption and identity handling. I’ve been close, but no cigar.
Looking at the standard documents for SIP, there are a lot of missing pieces and most of the Open Source implementations are missing large amounts of code to implement both existing security specifications as well as the missing pieces. It’s a mess, and that doesn’t help those who are trying to implement secure real-time communications. We can do better and hopefully we will do better.
While WebRTC mandates encrypted communication channels, it doesn’t mean that all platforms are secure. Also there are as many definitions of “secure platform” as people implementing them.
There are hooks and new solutions to build from, but few implementers get the requirements, time and resources to do this.
Let’s discuss what the issues are, where privacy plays in, the missing support in the standard documents and where to go next.
We will also talk about why we think that the requirements for security are missing in almost every project and how we can change that.
Keywords:
– #MoreCrypto: PKI and TLS
– Oauth2 and OpenID connect, where do they fit in?
– SIP, The session initiation protocol
– WebRTC
– SRTP, Secure RealTime Protocol
A presentation about new functionality in SIP that is really needed for Hosted PBX services, SIP on mobile phones and more situations. #SIP #Kamailio #Asterisk #TLS #MoreCrypto
A video with this presentation is available on YouTube at
https://www.youtube.com/watch?v=uqFNlqB_Ssw
A presentation that tries to set an IPv6 agenda for the SIP community. VoIP and IPv6 is a natural match. If we want unified communication to be truly global and unified - we need to build solutions on IPv6 and not Ipv4.
A presentation for Kamailio World 2017 in Berlin: How Open Standards and Open Source affect national public radio broadcast. My personal view and opinions. Also, some information about Project IrisBroadcast.
ZyXEL is a world-class broadband networking company that provides leading Internet solutions for customers ranging from telecommunication service providers, businesses to home users.
Pexip Infinity Fusion for Skype for BusinessGraham Walsh
A brief overview of the Pexip Infinity Fusion for Skype for Business that is certified by Microsoft. Pexip allows VTCs to access Skype Meetings and point to point calling from Skype Clients to VTCs. It just works.
gogonetlive 4 conference keynote on Internet of ThingsJoachim Lindborg
In this keynote session I talk about IP as a driver for internet of things and that Internet of things will drive the IPv6 usage forward. presentation held at http://gogonetlive.com/gogonetlive-speakers.asp
Integrated Shipbuilding Strategy by David Thomson, AVEVAAVEVA Group plc
As the focus of many shipbuilders shifts from pure manufacturing towards system integration and service support, so does the focus of their Information Technology investments. David Thomson takes a look at the further digitization for the shipbuilding industry and the transition to Industry 4.0.
Through innovative technology, tailored to your business needs and built upon the Digital Asset approach, AVEVA is there to support you throughout the life cycle.
9 of the World’s Top 10 Shipyards trust AVEVA. Find out how AVEVA’s dedicated marine solution can give you control of your project here >> www.aveva.com
Arqiva presentation to Upland Biodiversity Conference - 4th march 2015181273
David MacDonald, Head of Estates & Property at Arqiva, presenting to the Upland Biodiversity Conference 2015. The conference was a great opportunity to demonstrate to key stakeholders that Arqiva is a responsible landowner with the likes of Natural England, National Trust, Forestry Commission, Environment Agency, Peak District National Park and RSPB all in attendance.
The RIEDEL :update brochure #021 is now available as a PDF file featuring our latest products incl. MediorNet MicroN IP app, Bolero Wireless Intercom System and the virtual MultiViewer. Learn more about installations at the Hillsong Conference and the Eurovision Song Contest, Thomas Riedel talks about 30 years of RIEDEL, the new partnership with PIDSO, the Mission to the Moon project, MediorNet for the Sky Sport HQ and our equipment used at the street parade in Zurich. And as usual, RIEDEL project pictures and recent installations.
Pexip and Microsoft - Certified for Skype for Business ServerGraham Walsh
Pexip Infinity certified for Skype for Business Server providing Video interoperability from standards based H.323 and SIP video to and from Skype for Business. Including Skype Room System and Surface Hub Interop. Microsoft Teams inteorp coming soon.
Inspired by my work on understanding the effects of the EU cyber resilience act, I made this presentation on vulnerability handling - SBOM, Vex, CVE, CVSS, CWE and more.
More Related Content
Similar to Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Security and Real-time Communications – a maze of twisty little passages, tha...Alan Quayle
Security and Real-time Communications – a maze of twisty little passages, that all look alike.
Olle E. Johansson, Consultant in network security and real-time communication – PKI, webrtc, SIP , XMPP. Kamailio and Asterisk expert.
Olle has worked with Internet and TCP/IP networking for almost 30 years and is a developer, project manager, documentation writer, trainer and a secret lover of X.509 and PKI. Olle is active in the IETF and has co-authored an RFC and contributed to many. He has spoken at many conferences and trained many, many Asterisk and Kamailio admins. Olle co-founded Astricon, the Asterisk conference. Outside of work he is an oral storyteller and spends a lot of time in his garden back home in Sweden.
After almost 20 years of working with real-time communication: SIP, XMPP, WebRTC, and other protocols and platforms. I haven’t built a standard compliant secure platform once with strong encryption and identity handling. I’ve been close, but no cigar.
Looking at the standard documents for SIP, there are a lot of missing pieces and most of the Open Source implementations are missing large amounts of code to implement both existing security specifications as well as the missing pieces. It’s a mess, and that doesn’t help those who are trying to implement secure real-time communications. We can do better and hopefully we will do better.
While WebRTC mandates encrypted communication channels, it doesn’t mean that all platforms are secure. Also there are as many definitions of “secure platform” as people implementing them.
There are hooks and new solutions to build from, but few implementers get the requirements, time and resources to do this.
Let’s discuss what the issues are, where privacy plays in, the missing support in the standard documents and where to go next.
We will also talk about why we think that the requirements for security are missing in almost every project and how we can change that.
Keywords:
– #MoreCrypto: PKI and TLS
– Oauth2 and OpenID connect, where do they fit in?
– SIP, The session initiation protocol
– WebRTC
– SRTP, Secure RealTime Protocol
A presentation about new functionality in SIP that is really needed for Hosted PBX services, SIP on mobile phones and more situations. #SIP #Kamailio #Asterisk #TLS #MoreCrypto
A video with this presentation is available on YouTube at
https://www.youtube.com/watch?v=uqFNlqB_Ssw
A presentation that tries to set an IPv6 agenda for the SIP community. VoIP and IPv6 is a natural match. If we want unified communication to be truly global and unified - we need to build solutions on IPv6 and not Ipv4.
A presentation for Kamailio World 2017 in Berlin: How Open Standards and Open Source affect national public radio broadcast. My personal view and opinions. Also, some information about Project IrisBroadcast.
ZyXEL is a world-class broadband networking company that provides leading Internet solutions for customers ranging from telecommunication service providers, businesses to home users.
Pexip Infinity Fusion for Skype for BusinessGraham Walsh
A brief overview of the Pexip Infinity Fusion for Skype for Business that is certified by Microsoft. Pexip allows VTCs to access Skype Meetings and point to point calling from Skype Clients to VTCs. It just works.
gogonetlive 4 conference keynote on Internet of ThingsJoachim Lindborg
In this keynote session I talk about IP as a driver for internet of things and that Internet of things will drive the IPv6 usage forward. presentation held at http://gogonetlive.com/gogonetlive-speakers.asp
Integrated Shipbuilding Strategy by David Thomson, AVEVAAVEVA Group plc
As the focus of many shipbuilders shifts from pure manufacturing towards system integration and service support, so does the focus of their Information Technology investments. David Thomson takes a look at the further digitization for the shipbuilding industry and the transition to Industry 4.0.
Through innovative technology, tailored to your business needs and built upon the Digital Asset approach, AVEVA is there to support you throughout the life cycle.
9 of the World’s Top 10 Shipyards trust AVEVA. Find out how AVEVA’s dedicated marine solution can give you control of your project here >> www.aveva.com
Arqiva presentation to Upland Biodiversity Conference - 4th march 2015181273
David MacDonald, Head of Estates & Property at Arqiva, presenting to the Upland Biodiversity Conference 2015. The conference was a great opportunity to demonstrate to key stakeholders that Arqiva is a responsible landowner with the likes of Natural England, National Trust, Forestry Commission, Environment Agency, Peak District National Park and RSPB all in attendance.
The RIEDEL :update brochure #021 is now available as a PDF file featuring our latest products incl. MediorNet MicroN IP app, Bolero Wireless Intercom System and the virtual MultiViewer. Learn more about installations at the Hillsong Conference and the Eurovision Song Contest, Thomas Riedel talks about 30 years of RIEDEL, the new partnership with PIDSO, the Mission to the Moon project, MediorNet for the Sky Sport HQ and our equipment used at the street parade in Zurich. And as usual, RIEDEL project pictures and recent installations.
Pexip and Microsoft - Certified for Skype for Business ServerGraham Walsh
Pexip Infinity certified for Skype for Business Server providing Video interoperability from standards based H.323 and SIP video to and from Skype for Business. Including Skype Room System and Surface Hub Interop. Microsoft Teams inteorp coming soon.
Similar to Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014) (20)
Inspired by my work on understanding the effects of the EU cyber resilience act, I made this presentation on vulnerability handling - SBOM, Vex, CVE, CVSS, CWE and more.
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
A short introduction to the proposed EU Cyber Resilience Act. It's a large document to parse, so please don't take my words as a truth, just indications of what will come. The CRA will impact everyone that distributes software and connected devices on the EU market, so it's important to stay up to date with this regulation.
Januscon 2019: Slides from my short talk about the need for a federation solution to connect all isolated WebRTC and SIP islands out there. Sorry for the lack of text, hopefully it will be available in a streamed version soon.
Photos (C) Olle E. Johansson
A talk about me discovering new architectures, new ways of building scalable realtime platforms #SIP #WebRTC #Kamailio #MQTT #NODERED
Watch it live at https://www.youtube.com/watch?v=BbfUXUWtxIg
Introduction to WebRTC used in the Stockholm WebRTC Meetup February 16th 2017. Talks about the underlying architecture - RTP, Turn, STUN, Ice and the world of changing IP networks
Realtime communication over a dual stack networkOlle E Johansson
Fosdem 2017: A short talk about dual stack (IPv4 and IPv6) issues when using SIP, WebRTC, XMPP and other realtime platforms in a dual stack world - where both client and server is connecting to the new and the old Internet.
Side note: Uploads to slide share doesn't work on IPv6-only networks.
My talk at Voip2day 2016 in Madrid (organised by Avanzada 7 in Malaga).
This talks cover recent trends in realtime communication, from VoIP to WebRTC and Internet of Things
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
What's the state of SIP and IPv6?
- An update I gave at the Netnod spring Meeting 2015.
Nothing much is happening, despite the fact that we have proven real issues with dual stacks in SIP.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
A presentation about how we can make the Internet hard to monitor - how we can and should encrypt more communication. This version includes a presentation of the TLS protocol.
Changes in 2.2: Added quotes from Viktor Dukhovni's IETF RFC 7435 about Opportunistic Security
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
32. INTERNET
COMMUNICATION OTT
Everything is IP. Bypassing carriers over IP.
BECOME
THE TELCO
OPEN SOURCE!
Push the telco down the stack. Get a quick start.