Xintong Zhou
Department of Computer Science
Presentation for COMS W4995 VoIP Security
Course Advisor: Prof. Schulzrinne
Outline
Overview
Basic Concepts
XMPP for IM and Presence
XMPP for VoIP
Discussion
Summary
10/15/2008 2
Overview
eXtensible Messaging and Presence Protocol
An open XML protocol for near-real-time messaging,
presence, and request-response services
History
Developed by Jabber open-source community, 1999
Formalized by IETF, 2002-2004
Continuously extended by XMPP Standards Foundation
10/15/2008 3
Overview – Network Architecture
Decentralized server architecture
10/15/2008 4
Overview – Protocol Organization
Core protocols
XMPP Core (RFC 3920): Client, Server, XML Stream, XML
Stanza, Resource Binding, TLS, SASL
XMPP IM (RFC 3921): Instant Messaging, Presence
Others, including XMPP CPIM (RFC 3922): Mapping XMPP
to IETF’s CPIM spec
Extensions
Jingle (XEP-0166)
Jingle RTP Sessions (XEP-0167)
Others, including Jabber-RPC (XEP-0009), Privacy Lists
(XEP-0016), Multi-user Chat (XEP-0045), Jingle File Transfer
(XEP-0234)
10/15/2008 5
Basic Concept – JID
Jabber Identifier (JID)
Bare JID: [ entity “@” ] domain
Full JID: entity “@” domain “/” resource
Resource identifier enables
multiple connected clients
Which resource to choose when
messaging to someone/entity?
Who will determine?
Server or Client
How to determine
Strategy
Difference - IM vs. VoIP
10/15/2008 6
Basic Concept
XML Stream
The body of XMPP session
Container for the exchange of
XML elements
XML Stanza
Semantic unit of structured
information
Message: push information
Presence: publish-subscribe
IQ (Info/Query): request- -- All XML examples are from RFC 3920, RFC 3921, XEP-0166 or
XEP-0167.
response
10/15/2008 7
XMPP for IM and Presence
Steps leading to message exchange
1. TLS negotiation
2. SASL negotiation
3. Resource binding
4. Session establishment
5. Initial presence
6. Message & presence exchange
1 – 3 : defined in XMPP Core
4 – 6 : defined in XMPP IM
10/15/2008 8
Steps – TLS and SASL
Transport Layer Security (TLS)
Provide server authentication and
communication privacy using
cryptography
Setup an encrypted channel for
further communication
Simple Authentication and Security
Layer (SASL)
Provide client authentication
Setup an authenticated channel
for further communication
10/15/2008 9
Steps – Resource Binding
Bind a specific resource to the current stream
Result in full JID
Using IQ stanza
Client request
Client asks server to bind a resource
Send IQ with empty bind element to request a resource
Client specifies the resource
Send IQ including the resource string
Server response
IQ including the full JID
10/15/2008 10
Steps – Session Establishment
Session on the server for the expected instant
messaging and presence activities
May be required by the server
10/15/2008 11
Steps – Initial Presence
Get contacts’ presence
10/15/2008 12
Steps – Initial Presence (Cont.)
Subscribers get initial presence
10/15/2008 13
Steps - Messaging
Use Message stanza to send out messages
Direct to a client: Use full JID when reply to a message to
preserve the context
Direct to a person/entity: Use bare JID for messages
outside current context
10/15/2008 14
XMPP for VoIP – Jingle
XMPP protocol extension for initiating and managing
peer-to-peer media sessions between two XMPP
entities
Designed to be simple
Designed to interwork with SIP (also SDP)
Commands
Parameters
10/15/2008 15
XMPP for VoIP – Jingle (Cont.)
Take advantage of IQ stanza
Three concepts: session, content, transport
10/15/2008 16
XMPP for VoIP – Jingle RTP Sessions
Define a Jingle application type
Negotiation and management over XMPP
Voice and video over RTP
Share similar process to SIP
Protocol status: Experimental
Last updated: 2008-09-25
10/15/2008 17
Jingle RTP vs. SIP RTP
10/15/2008 18
Discussion - Security
Confidentiality
Transport Layer Security (TLS)
Authentication
Simple Authentication and Security Layer (SASL)
Privacy
Roster – Subscription
Basic states: none, to(usercontact),
both
Privacy List – Blocking communication
Based on Messages, inbound/outbound presence, info/query,
JID
10/15/2008 19
Discussion – Which client to talk with
Resource selection is related to server routing rules
Detailed rules defined in Section 11.1, XMPP IM
When bare JID contained in the ‘to’
attribute of an inbound stanza
For Message stanza - IM
Server SHOULD delivers the stanza to the highest-priority available
resource
Server can determines the resource
For IQ stanza - VoIP
Server MUST NOT deliver the stanza to any of the available
resources
Client determines the resource – determine function support
10/15/2008 20
Summary
XMPP is an open XML protocol mainly for IM and presence, but is
extensible.
There is a set of core protocols and lots of extensions, covering IM,
Presence, VoIP and etc.
XML stanza is the semantic building block of XMPP.
Message exchanging uses decentralized server architecture.
XMPP uses TLS to provide confidentiality, SASL to provide client
authentication, Roster and Privacy List to provide privacy.
10/15/2008 22
Reference
RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core
RFC 3921: Extensible Messaging and Presence Protocol (XMPP): Instant
Messaging and Presence
XEP-0166: Jingle
XEP-0167: Jingle RTP Sessions
RFC 3261: SIP: Session Initiation Protocol
Extensible Messaging and Presence Protocol
http://en.wikipedia.org/wiki/Jabber
Transport Layer Security
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
Simple Authentication and Security Layer
http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
Digest access authentication
http://en.wikipedia.org/wiki/Digest_access_authentication
10/15/2008 23