2,233 research outputs found
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
A Model for Emergency Service of VoIP Through Certification and Labeling
Voice over Internet Protocol (VoIP) will transform many aspects of
traditional telephony service including technology, the business models
and the regulatory constructs that govern such service. This
transformation is generating a host of technical, business, social and
policy problems. The Federal Communications Commission (FCC) could
attempt to mandate obligations or specific solutions to the policy
issues around VoIP, but is instead looking first to industry initiatives
focused on key functionality that users have come to expect of
telecommunications services. High among these desired functionalities is
access to emergency services that allow a user to summon fire, medical
or law enforcement agencies. Such services were traditionally required
(and subsequently implemented) through state and federal regulations.
Reproducing emergency services in the VoIP space has proven to be a
considerable task, if for no other reason then the wide and diverse
variety of VoIP implementations and implementers. Regardless of this
difficulty, emergency service capability is a critical social concern,
making it is particularly important for the industry to propose viable
solutions for promoting VoIP emergency services before regulators are
compelled to mandate a solution, an outcome that often suffers
compromises both through demands on expertise that may be better
represented in industry and through the mechanisms of political
influence and regulatory capture. While technical and business
communities have, in fact, made considerable progress in this area,
significant uncertainty and deployment problems still exist. The
question we ask is: can an industry based certification and labeling
process credibly address social and policy expectations regarding
emergency services and VoIP, thus avoiding the need for government
regulation at this critical time?1 We hypothesize that it can. To
establish this, we developed just such a model for VoIP emergency
service compliance through industry certification and device labeling.
The intent of this model is to support a wide range of emergency service
implementations while providing the user some validation that the
service will operate as anticipated. To do this we first examine
possible technical implementations for emergency services for VoIP.
Next, we summarize the theory of certification as self-regulation and
examine several relevant examples. Finally, we synthesize a specific
model for certification of VoIP emergency services. We believe that the
model we describe provides both short term and long-term opportunities.
In the short term, an industry driven effort to solve the important
current problem of emergency services in VoIP, if properly structured
and overseen as we suggest, should be both effective and efficient. In
the long term, such a process can serve as a model for the application
of self-regulation to social policy goals in telecommunications, an
attractive tool to have as telecommunications becomes increasingly
diverse and heterogeneous
A Model for Emergency Service of VoIP through Certification and Labeling
Voice over Internet Protocol (VoIP) will transform many aspects of traditional telephony service, including the technology, the business models, and the regulatory constructs that govern such service. Perhaps not unexpectedly, this transformation is generating a host of technical, business, social, and policy problems. In attempting to respond to these problems, the Federal Communications Commission (FCC) could mandate obligations or specific solutions to VoIP policy issues; however, it is instead looking first to industry initiatives focused on the key functionality that users have come to expect of telecommunications services. High among this list of desired functionality is user access to emergency services for purposes of summoning fire, medical, and law enforcement agencies. Such services were traditionally required to be implemented (and subsequently were implemented) through state and federal regulations.
An emergency service capability is a critical social concern, making it particularly important for the industry to propose viable solutions for promoting VoIP emergency services before regulators are compelled to mandate a solution. Reproducing emergency services in the VoIP space has proven to be a considerable task, mainly due to the wide and diverse variety of VoIP implementations and implementers. While technical and business communities have, in fact, made considerable progress in this area, significant uncertainty and deployment problems still exist.
The question we ask is this: Can an industry-based certification and labeling process credibly address social and policy expectations regarding emergency services and VoIP, thus avoiding the need for government regulation at this critical time? We hypothesize that the answer is “yes.” In answering this question, we developed a model for VoIP emergency service compliance through industry certification and device labeling. This model is intended to support a wide range of emergency service implementations while providing users with sufficient verification that the service will operate as anticipated. To this end, we first examine possible technical implementations for VoIP emergency services. Next, we summarize the theory of certification as self-regulation and examine several relevant examples. Finally, we synthesize a specific model for certification of VoIP emergency services. We believe that the model we describe provides both short-term and long-term opportunities. In the short term, an industry-driven effort to solve the current problem of VoIP emergency services, if properly structured and overseen as we suggest, should be both effective and efficient. In the long term, such a process can serve as a self-regulatory model that can be applied to social policy goals in the telecommunications industry, making it an important tool to have as the industry becomes increasingly diverse and heterogeneous
Evaluation of Short-Range Wireless Technologies for Automated Meter Reading (AMR) Systems
The paper presents the results of the evaluation of some short-range wireless technologies suitable for communications in AMR systems. The typical AMR system structure is described, an overview of three candidate technologies, Wi-Fi, ZigBee and wireless M-Bus, is provided. The evaluation of these technologies is given, based on a selected set of properties, and the results of measurements in two real-world scenarios are summarised
A Comprehensive Security Assessment Toolkit for HealthCare Systems
This research identifies the critical need for conducting a comprehensive information security assessment of any healthcare system. This effort is vital to establish and maintain compliance of security and privacy in healthcare organizations. The paper presents a novel framework and toolkit for security assessment to establish and maintain regulatory compliance. Furthermore, the paper lays out the design of a comprehensive, automated tool set to gain insight about electronic healthcare information system vulnerabilities in the system. The research then investigates various mitigation techniques to secure a healthcare information system and its electronic health records. Furthermore, as validation the proposed toolkit is evaluated in a real-world HIMSS 6 [1] healthcare organization and their over 20 partnering clinical practices
Public Key Infrastructure based on Authentication of Media Attestments
Many users would prefer the privacy of end-to-end encryption in their online
communications if it can be done without significant inconvenience. However,
because existing key distribution methods cannot be fully trusted enough for
automatic use, key management has remained a user problem. We propose a
fundamentally new approach to the key distribution problem by empowering
end-users with the capacity to independently verify the authenticity of public
keys using an additional media attestment. This permits client software to
automatically lookup public keys from a keyserver without trusting the
keyserver, because any attempted MITM attacks can be detected by end-users.
Thus, our protocol is designed to enable a new breed of messaging clients with
true end-to-end encryption built in, without the hassle of requiring users to
manually manage the public keys, that is verifiably secure against MITM
attacks, and does not require trusting any third parties
Key exchange with the help of a public ledger
Blockchains and other public ledger structures promise a new way to create
globally consistent event logs and other records. We make use of this
consistency property to detect and prevent man-in-the-middle attacks in a key
exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates
an inconsistency in the world views of the two honest parties, and they can
detect it with the help of the ledger. Thus, there is no need for prior
knowledge or trusted third parties apart from the distributed ledger. To
prevent impersonation attacks, we require user interaction. It appears that, in
some applications, the required user interaction is reduced in comparison to
other user-assisted key-exchange protocols
Security aspects in voice over IP systems
Security has become a major concern with the rapid growth of interest in the internet. This project deals with the security aspects of VoIP systems. Various supporting protocols and technologies are considered to provide solutions to the security problems. This project stresses on the underlying VoIP protocols like Session Initiation Protocol (SIP), Secure Real-time Transport Procotol (SRTP), H.323 and Media Gateway Control Protocol (MGCP). The project further discusses the Network Address Translation (NAT) devices and firewalls that perform NAT. A firewall provides a point of defense between two networks. This project considers issues regarding the firewalls and the problems faced in using firewalls for VoIP; it further discusses the solutions about how firewalls can be used in a more secured way and how they provide security
- …