Scribd Logo
Upload

Welcome to Scribd!

  • Unit III - XMPP

    Uploaded by

    arun134
    2 views43 pages

    Original Title

    Unit III - Xmpp

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    2 views43 pages

    Unit III - XMPP

    Uploaded by

    arun134

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 43

    Extensible Messaging and Presence Protocol

    (XMPP)
    2

    Extensible Messaging and Presence Protocol


    (XMPP)
    • A communication protocol based on XML.
    • Designed to be extensible.

    1999~2000 2011 2015


    RFC 3920 RFC 6120
    RFC 3921 RFC 6121
    RFC 6122 RFC 7622
    6

    XMPP Architecture
    • Distributed client-server architecture
    cyberlink.co google.co
    TC
    m m
    P

    TC TC
    TC
    P P
    P

    sean@cyberlink.com bob@google.com
    7

    Jabber ID (JID)
    • XMPP address
    • Bare JID
    ▫ <localpart@domainpart>
    ▫ EX: sean@cyberlink.com
    • Full JID
    ▫ <localpart@domainpart/resourcepart>
    ▫ EX: sean@cyberlink.com/123456789
    8

    XML Stanzas
    • iq
    ▫ Info/query
    • message
    ▫ Send a Message to a JID (a user or a group)
    • presence
    ▫ Broadcast message
    9

    Open a Stream – Initial Stream


    <?xml version=‘1.0’?>
    <stream:stream
    to='u.cyberlink.com'
    xmlns:stream='http://etherx.jabber.org/streams'

    xmlns='jabber:client‘
    xml:lang
    ='en'
    version='1.0'>

    Port:5222
    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    10

    Open a Stream – Response Stream


    <?xml version >
    <stream:stream
    version="1.0"
    from="u.cyberlink.com"
    id="3053277074"
    xml:lang="en“
    xmlns:stream='http://et
    herx.jabber.org/streams
    '

    xmlns='jabber:client‘
    >

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    11

    Stream Negotiation - Presence

    <presence ….>
    <show/>
    </presence>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    12

    Stream Negotiation - iq

    <iq id=“1” type=“get”> <iq id=“1” type=“result”>


    … …
    </iq> </iq>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m

    type: get, set, result, error


    13

    Stream Negotiation - message

    <message….>
    Hello
    </message>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    14

    Stream Negotiation – Close Stream

    </stream> </stream>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    15

    Client Server Communication Overview

    <?xml version='1.0'?>
    <stream
    from=“samo@cyberlink.com”

    to=“cyberlink.com”>
    <presence
    …>Online</presence>
    <iq …>…</iq>
    <message
    …>Hello</message>
    </stream>
    16

    Authentication for XMPP


    • Transport Layer Security (TLS)
    ▫ Secure the stream from tampering and eavesdropping.
    ▫ MUST send a new initial stream header after finish.
    • Simple Authentication and Security Layer
    (SASL)
    ▫ Authenticate a stream. (U: base64(id+token))
    ▫ MUST send a new initial stream header after finish.
    17

    Cryptography
    • Symmetric
    ▫ Use the same key for encrypt/decrypt.
    ▫ Security: Poor
    ▫ Performance: Good
    • Asymmetric
    ▫ Use public key for encryption and use private for decryption.
    ▫ Security: Good
    ▫ Performance: Poor
    18

    TLS
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
    • TLS 1.3 (draft)
    • Employ a handshake using asymmetric cipher.
    19

    Stream Header

    <?xml version='1.0'?> <?xml version='1.0'?>


    <stream <stream id=“+
    from=“sean@cyberlink.com” +TR84Sm6A3hnt3Q065SnAbbk3Y=”
    to=“sean@cyberlink.com”
    to=“cyberlink.com”> from=“cyberlink.com”>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    20

    TLS Negotiation
    <stream:features>
    <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
    <required/>
    </starttls>
    </stream:features>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    21

    <stream:features xmlns="http://etherx.jabber.org/streams">
    <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> R
    <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    </mechanisms>
    </stream:features>

    I
    <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

    TLS Handshake Protocol

    <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />


    or
    <failure xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
    </stream:stream>
    22

    TLS Handshake Protocol

    Client_hello(client_version, session_id, cipher_


    suites, compression_methods, RNc )

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNc

    PKc PrKc
    TLS Handshake Protocol

    Server_hello(client_version, session_id, cipher_ suites,


    compression_methods, RNs )

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNc RNs
    RNs

    PKc PrKc PKs PrKs


    24

    TLS Handshake Protocol

    Server_Certificate(CA, )
    PKs

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNc RNs
    RNs

    PKc PrKc PKs PrKs


    25

    TLS Handshake Protocol

    Check server certificate

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNs RNc RNs

    PKc PrKc PKs PKs PrKs


    26

    TLS Handshake Protocol

    Client_Certificate(CA,

    ) PKc

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNs RNc RNs

    PKc PrKc PKs PKs PrKs


    27

    TLS Handshake Protocol

    Generate random
    pre-master-
    PsMecSret

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNs PMS RNc RNs

    PKc PrKc PKs PKc PKs PrKs


    28

    TLS Handshake Protocol

    Encrypted PMS with


    PKs

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNs PMS RNc RNs PMS

    PKc PrKc PKs PKc PKs PrKs


    29

    TLS Handshake Protocol

    Calculae Master-Secret MS from RNc RNs PMS

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    RNc RNs PMS

    MS

    PKc PKs PrKs


    30

    TLS Handshake Protocol

    Calculae Master-Secret MS from RNc RNs PMS

    TC
    P
    sean@cyberlink.com cyberlink.co
    m

    MS MS
    31

    TLS Handshake Protocol

    1. Change cipher spec


    2. Client finish

    TC
    P
    sean@cyberlink.com cyberlink.co
    m

    MS MS
    32

    TLS Handshake Protocol

    1. Change cipher spec


    2. Server finish

    TC
    P
    sean@cyberlink.com cyberlink.co
    m

    MS MS
    33

    <stream:features xmlns="http://etherx.jabber.org/streams">
    <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> R
    <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    </mechanisms>
    </stream:features>

    I
    <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

    TLS Handshake Protocol

    <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />


    or
    <failure xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
    </stream:stream>
    34

    Restarts stream
    <stream
    <stream
    from=“samo@cyberlink.com” id=“++TR84Sm6A3hnt3Q065SnAbbk2Y=”
    to=“samo@cyberlink.com”
    to=“cyberlink.com”> from=“cyberlink.com”>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    35

    Restarts
    • On successful negotiation of a feature that necessitates a stream
    restart, both parties MUST consider the previous stream to be
    replaced but MUST NOT send a closing </stream> tag and MUST
    NOT terminate the underlying TCP connection.
    • The initiating entity then MUST send a new initial stream header.
    36
    37

    SASL Negotiation
    <stream:features
    xmlns:stream="http://etherx.jabber.org/streams">
    <mechanisms
    xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>SCRAM-SHA-1-PLUS</
    mechanism>
    <mechanism>SCRAM-SHA-1</
    mechanism>
    <mechanism>PLAIN</mechanism>
    </
    mechanism
    s>
    TC
    </
    P
    sean@cyberlink.com stream:feat cyberlink.co
    ures> m
    38

    SASL Negotiation
    <stream:features xmlns="http://etherx.jabber.org/streams">
    <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> R
    <mechanism>PLAIN</mechanism>
    </mechanisms>
    </stream:features>

    <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl“
    I mechanism="PLAIN">
    ADc2ODAwMQBkMGY2ZjllMi00YmRlLTQ2ZjItOGI2Yi1lNDM0OTk
    2ZjczZGQ=
    </auth>

    R
    <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
    39

    SASL Negotiation
    • Restart
    40

    Resource Binding

    <stream:features xmlns:stream="http://etherx.jabber.org/streams">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
    </stream:features>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    41

    Resource Binding
    <stream:features xmlns="http://etherx.jabber.org/streams">
    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /> R
    <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
    </stream:features>

    <iq type="set" id="97fe2b99-dfa6-4fa0-a963-f27e840b1adb-1">


    I <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
    <resource>mobile</resource>
    </bind>
    </iq>

    <iq type="result" id="97fe2b99-dfa6-4fa0-a963-f27e840b1adb-1">


    <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> R
    <jid>juliet@im.example.com/mobile</jid>
    </bind>
    </iq>
    42

    Currently Design for U


    • Remove the mechanism of RESTART.
    • Add <CLResumed/> for doing SASL and binding again after reconnecting.
    43

    CLResume: server give info


    <clresumed xmlns="urn:xmpp:custom:resume"
    status="success"
    sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZXJsa
    W5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGLTlEOTgt
    RjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3cE="
    expiration="2592000"/>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    44

    Begin Resume
    <clresumed xmlns="urn:xmpp:custom:resume"
    sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZX
    JsaW5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGL
    TlEOTgtRjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3
    cE=" />

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    45

    Resume success
    <clresumed xmlns="urn:xmpp:custom:resume"
    status="success"
    sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZXJsa
    W5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGLTlEOTgt
    RjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3cE="
    expiration="2592000"/>

    TC
    P
    sean@cyberlink.com cyberlink.co
    m
    49

    Q&A

    You might also like