6,953 research outputs found
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
Enhancement of perceived quality of service for voice over internet protocol systems
Voice over Internet Protocol (WIP) applications are becoming more and more popular in
the telecommunication market. Packet switched V61P systems have many technical advantages
over conventional Public Switched Telephone Network (PSTN), including its efficient and flexible
use of the bandwidth, lower cost and enhanced security.
However, due to the IP network's "Best Effort" nature, voice quality are not naturally guaranteed
in the VoIP services. In fact, most current Vol]P services can not provide as good a voice
quality as PSTN. IP Network impairments such as packet loss, delay and jitter affect perceived
speech quality as do application layer impairment factors, such as codec rate and audio features.
Current perceived Quality of Service (QoS) methods are mainly designed to be used
in a PSTN/TDM environment and their performance in V6IP environment is unknown. It is a
challenge to measure perceived speech quality correctly in V61P system and to enhance user
perceived speech quality for VoIP system.
The main goal of this project is to evaluate the accuracy of the existing ITU-T speech quality
measurement method (Perceptual Evaluation of Speech Quality - PESQ) in mobile wireless
systems in the context of V61P, and to develop novel and efficient methods to enhance the user
perceived speech quality for emerging V61P services especially in mobile V61P environment.
The main contributions of the thesis are threefold:
(1) A new discovery of PESQ errors in mobile VoIP environment. A detailed investigation
of PESQ performance in mobile VoIP environment was undertaken and included setting up a
PESQ performance evaluation platform and testing over 1800 mobile-to-mobile and mobileto-
PSTN calls over a period of three months. The accuracy issues of PESQ algorithm was
investigated and main problems causing inaccurate PESQ score (improper time-alignment in
the PESQ algorithm) were discovered
.
Calibration issues for a safe and proper PESQ testing
in mobile environment were also discussed in the thesis.
(2) A new, simple-to-use, V611Pjit ter buffer algorithm. This was developed and implemented
in a commercial mobile handset. The algorithm, called "Play Late Algorithm", adaptively alters
the playout delay inside a speech talkspurt without introducing unnecessary extra end-to-end
delay. It can be used as a front-end to conventional static or adaptive jitter buffer algorithms
to provide improved performance. Results show that the proposed algorithm can increase user
perceived quality without consuming too much processing power when tested in live wireless
VbIP networks.
(3) A new QoS enhancement scheme. The new scheme combines the strengths of adaptive
codec bit rate (i. e. AMR 8-modes bit rate) and speech priority marking (i. e. giving high priority
for the beginning of a voiced segment). The results gathered on a simulation and emulation test
platform shows that the combined method provides a better user perceived speech quality than
separate adaptive sender bit rate or packet priority marking methods
SecSip: A Stateful Firewall for SIP-based Networks
SIP-based networks are becoming the de-facto standard for voice, video and
instant messaging services. Being exposed to many threats while playing an
major role in the operation of essential services, the need for dedicated
security management approaches is rapidly increasing. In this paper we present
an original security management approach based on a specific vulnerability
aware SIP stateful firewall. Through known attack descriptions, we illustrate
the power of the configuration language of the firewall which uses the
capability to specify stateful objects that track data from multiple SIP
elements within their lifetime. We demonstrate through measurements on a real
implementation of the firewall its efficiency and performance
Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks
Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'.
Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services
- âŠ