A VoIP Privacy Mechanism and its Application in VoIP Peering for Voice Service Provider Topology and Identity Hiding

Voice Service Providers (VSPs) participating in VoIP peering frequently want to withhold their identity and related privacy-sensitive information from other parties during the VoIP communication. A number of existing documents on VoIP privacy exist, but most of them focus on end user privacy. By summarizing and extending existing work, we present a unified privacy mechanism for both VoIP users and service providers. We also show a case study on how VSPs can use this mechanism for identity and topology hiding in VoIP peering

On the development of Voice over IP

This record of study documents the experience acquired during my internship at Sonus Networks, Inc. for the Doctor of Engineering Program. In this record of study, I have surveyed and analyzed the current standardization status of Voice over Internet Protocol (VoIP) security and proposed an Internet draft on secure retargeting and response identity. The draft provides a simple and comprehensive solution to the response identity, call recipient identity and intermediate server retargeting problems in the Session Initiation Protocol (SIP) call setup process. To support product line development and enable product evolution in the quickly growing VoIP market, I have proposed a generic development framework for SIP application servers. The common and open architecture of the framework supports multiple products development and facilitates integration of new service modules. The systematical reuse of proven software design and implementation enables companies to reduce the development cost and shorten the time-to-market. As the development and diffusion of VoIP can never be isolated from the social sphere, I have investigated the current status, influence and interaction of three most important factors: standardization, market forces and government regulation on the development and diffusion of VoIP. The worldwide deregulation and market privatization have caused the transition of the standards development model. This transition in turn influences the market diffusion. Other than standardization, market forces including customer needs, the revenue pressure on carriers and vendors, competitive and economic environment, social culture and regulation uncertainties create both threats and opportunities. I have examined market drivers and obstacles in the current VoIP adoption stage, analyzed current VoIP market players and their strategies, and predicted the direction of VoIP business. The regulation creates the macro environment in which VoIP develops and diffuses. I have explored modern telecommunications regulation principles based on which government makes decisions on most current issues, including 911 support, mergers and acquisitions, interconnection obligation and leasing rights, rate structure and universal service fees

Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

The Public and the Private at the United States Border with Cyberspace

In the twenty-first century, a state can come to know more about each of its citizens via surveillance than ever before in human history. Some states are beginning to exercise this ability. Much of this additional surveillance ability derives from enhanced access to digital information. This digital information comes in the form of bits of data that flow through both rivers and oceans of data. These rivers are full of information that passes by a given point, or series of points, in a network and can be intercepted; these oceans are also stocked with information that can be searched after the fact. These data are held in private hands as well as public. The most effective (or invasive, depending upon your vantage point) new forms of surveillance often involve a search of data held in a combination of private and public hands. Both private and public entities are increasingly encouraged to retain more data as a result of legal and market pressures. There are essentially no Fourth Amendment protections for U.S. citizens whose data is collected by a private third-party and turned over to the state. Nor are there such constitutional protections for the re-use of privately collected data by state actors. The few statutory provisions that protect citizens in these contexts are out-of-date and riddled with loop-holes. This inquiry prompts hard questions about the need to redefine the public and the private in a digital age. The meaning of the public and the private is changing, in material ways, both from the perspective of the observer and the observed. We need to rethink legal protections for citizens from state surveillance in a digital age as a result of this third-party data problem