Reflections on security options for the real-time transport protocol framework

The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol

Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

Emergency services are vital services that Next Generation Networks (NGNs) have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs, 3GPP has carried the burden of specifying a standardized IMS-based emergency services framework. Unfortunately, like any other IP-based standards, the IMS-based emergency service framework is prone to Distributed Denial of Service (DDoS) attacks. We propose in this work, a simple but efficient solution that can prevent certain types of such attacks by creating firewall pinholes that regular clients will surely be able to pass in contrast to the attackers clients. Our solution was implemented, tested in an appropriate testbed, and its efficiency was proven.Comment: 17 Pages, IJNGN Journa

H-P2PSIP: Interconnection of P2PSIP domains for Global Multimedia Services based on a Hierarchical DHT Overlay Network

The IETF P2PSIP WG is currently standardising a protocol for distributed mul- timedia services combining the media session functionality of SIP and the decentralised distribution and localisation of resources in peer-to-peer networks. The current P2PSIP scenarios only consider the infrastructure for the connectivity inside a single domain. This paper proposes an extension of the current work to a hierarchical multi-domain scenario: a two level hierarchical peer-to-peer overlay architecture for the interconnection of different P2PSIP domains. The purpose is the creation of a global decentralised multimedia services in enterprises, ISPs or community networks. We present a study of the Routing Performance and Routing State in the particular case of a two-level Distributed Hash Table Hierarchy that uses Kademlia. The study is supported by an analytical model and its validation by a peer-to-peer simulator.En prens

EVEREST IST - 2002 - 00185 : D23 : final report

Deliverable públic del projecte europeu EVERESTThis deliverable constitutes the final report of the project IST-2002-001858 EVEREST. After its successful completion, the project presents this document that firstly summarizes the context, goal and the approach objective of the project. Then it presents a concise summary of the major goals and results, as well as highlights the most valuable lessons derived form the project work. A list of deliverables and publications is included in the annex.Postprint (published version

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

Providing End-to-End Connectivity to SIP User Agents Behind NATs

The widespread diffusion of private networks in SOHO scenarios is fostering an increased deployment of Network Address Translators (NATs). The presence of NATs seriously limits end-to-end connectivity and prevents protocols like the Session Initiation Protocol (SIP) from working properly. This document shows how the Address List Extension (ALEX), which was originally developed to provide dual-stack and multi-homing support to SIP, can be used, with minor modifications, to ensure end-to-end connectivity for both media and signaling flows, without relying on intermediate relay nodes whenever it is possibl

TINA as a virtual market place for telecommunication and information services: the VITAL experiment

The VITAL (Validation of Integrated Telecommunication Architectures for the Long-Term) project has defined, implemented and demonstrated an open distributed telecommunication architecture (ODTA) for deploying, managing and using a set of heterogeneous multimedia, multi-party, and mobility services. The architecture was based on the latest specifications released by TINA-C. The architecture was challenged in a set of trials by means of a heterogeneous set of applications. Some of the applications were developed within the project from scratch, while some others focused on integrating commercially available applications. The applications were selected in such a way as to assure full coverage of the architecture implementation and reflect a realistic use of it. The VITAL experience of refining and implementing TINA specifications and challenging the resulting platform by a heterogeneous set of services has proven the openness, flexibility and reusability of TINA. This paper describes the VITAL approach when choosing the different services and how they challenge and interact with the architecture, focusing especially on the service architecture and the Ret reference point definitions. The VITAL adjustments and enhancements to the TINA architecture are described. This paper contributes to proving that the TINA-based VITAL ODTA allows for easy and cost-effective development and deployment of advanced end-user and operator services, and can indeed act as the basis for a virtual market place for telecommunications service