9,489 research outputs found
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
YANG-Based Configuration Modeling - The SecSIP IPS Case Study
International audienceWe present our experience with the development of an XML-based configuration model for an Intrusion Prevention System (IPS) dedicated to the Session Initiation Protocol (SIP) used in voice over IP signaling. In previous works [AL-IM09, AL-NOMS10] we have presented the SecSIP framework, a prevention system for SIP-based networks, which adopts a rule-based approach for specifying preventions on SIP protocol activities to stop attacks exploiting known vulnerability before reaching their targets. The SecSIP framework relies on a proprietary language called VeTo to express the prevention rules. SecSIP uses a plain text configuration file in which specifications are authored and managed manually. While extending the deployment of the framework beyond our own lab, support for remote configuration was required. Given the promise of Netconf, we naturally turned our investigations towards this protocol and embraced the YANG data-modeling framework. In this paper we present the modeling result on the SecSIP configuration interface and share our experience with both YANG and Netconf. The first part of the paper is dedicated to the description of the data to be modeled, namely VeTo policies. The second part presents the Yang model built for VeTo policies and the Netconf framework put in place. Lessons learned during both modeling and coding phases are presented in a third part of the presentation. Finally some conclusions are given and future work is outlined
Interworking Architectures in Heterogeneous Wireless Networks: An Algorithmic Overview
The scarce availability of spectrum and the proliferation of
smartphones, social networking applications, online gaming
etc., mobile network operators (MNOs) are faced with an
exponential growth in packet switched data requirements on
their networks. Haven invested in legacy systems (such as
HSPA, WCDMA, WiMAX, Cdma2000, LTE, etc.) that have
hitherto withstood the current and imminent data usage
demand, future and projected usage surpass the capabilities of the evolution of these individual technologies. Hence, a more critical, cost-effective and flexible approach to provide ubiquitous coverage for the user using available spectrum is of high demand. Heterogeneous Networks make use of these legacy systems by allowing users to connect to the best network available and most importantly seamlessly handover active sessions amidst them. This paper presents a survey of interworking architectures between IMT 2000 candidate networks that employ the use of IEFT protocols such as MIP, mSCTP, HIP, MOBIKE, IKEV2 and SIP etc. to bring about this much needed capacity
Delivering Live Multimedia Streams to Mobile Hosts in a Wireless Internet with Multiple Content Aggregators
We consider the distribution of channels of live multimedia content (e.g., radio or TV broadcasts) via multiple content aggregators. In our work, an aggregator receives channels from content sources and redistributes them to a potentially large number of mobile hosts. Each aggregator can offer a channel in various configurations to cater for different wireless links, mobile hosts, and user preferences. As a result, a mobile host can generally choose from different configurations of the same channel offered by multiple alternative aggregators, which may be available through different interfaces (e.g., in a hotspot). A mobile host may need to handoff to another aggregator once it receives a channel. To prevent service disruption, a mobile host may for instance need to handoff to another aggregator when it leaves the subnets that make up its current aggregator�s service area (e.g., a hotspot or a cellular network).\ud
In this paper, we present the design of a system that enables (multi-homed) mobile hosts to seamlessly handoff from one aggregator to another so that they can continue to receive a channel wherever they go. We concentrate on handoffs between aggregators as a result of a mobile host crossing a subnet boundary. As part of the system, we discuss a lightweight application-level protocol that enables mobile hosts to select the aggregator that provides the �best� configuration of a channel. The protocol comes into play when a mobile host begins to receive a channel and when it crosses a subnet boundary while receiving the channel. We show how our protocol can be implemented using the standard IETF session control and description protocols SIP and SDP. The implementation combines SIP and SDP�s offer-answer model in a novel way
SecSip: A Stateful Firewall for SIP-based Networks
SIP-based networks are becoming the de-facto standard for voice, video and
instant messaging services. Being exposed to many threats while playing an
major role in the operation of essential services, the need for dedicated
security management approaches is rapidly increasing. In this paper we present
an original security management approach based on a specific vulnerability
aware SIP stateful firewall. Through known attack descriptions, we illustrate
the power of the configuration language of the firewall which uses the
capability to specify stateful objects that track data from multiple SIP
elements within their lifetime. We demonstrate through measurements on a real
implementation of the firewall its efficiency and performance
Reflections on security options for the real-time transport protocol framework
The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol
A personal distributed environment for future mobile systems
A Personal Distributed Environment (PDE) embraces a user-centric view of communications that take place against a backdrop of multiple user devices, each with its distinct capabilities, in physically separate locations. This paper provides an overview of a Personal Distributed Environment and some of the research issues related to the implementation of the PDE concept that are being considered in the current Mobile VCE work programme
MAGDA: A Mobile Agent based Grid Architecture
Mobile agents mean both a technology
and a programming paradigm. They allow for a
flexible approach which can alleviate a number
of issues present in distributed and Grid-based
systems, by means of features such as migration,
cloning, messaging and other provided mechanisms.
In this paper we describe an architecture
(MAGDA – Mobile Agent based Grid Architecture)
we have designed and we are currently
developing to support programming and execution
of mobile agent based application upon Grid
systems
- …