Session Initiation Protocol Attacks and Challenges

In recent years, Session Initiation Protocol (SIP) has become widely used in current internet protocols. It is a text-based protocol much like Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a strong enough signaling protocol on the internet for establishing, maintaining, and terminating session. In this paper the areas of security and attacks in SIP are discussed. We consider attacks from diverse related perspectives. The authentication schemes are compared, the representative existing solutions are highlighted, and several remaining research challenges are identified. Finally, the taxonomy of SIP threat will be presented

A Security-aware Approach to JXTA-Overlay Primitives

The JXTA-Overlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-Overlay¿s idiosyncrasies, providing an acceptable solution to some of its current shortcomings.El proyecto JXTA-Overlay es un esfuerzo por utilizar la tecnología JXTA para proporcionar un conjunto genérico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Aunque su diseño se centra principalmente en cuestiones como la escalabilidad y el rendimiento general, no tiene en cuenta la seguridad. Sin embargo, como las aplicaciones P2P se han desarrollado para cumplir con escenarios más complejos, la seguridad se ha convertido en un aspecto muy importante a tener en cuenta a la hora de evaluar un marco P2P. Este artículo propone una extensión de seguridad específicamente adaptada a la idiosincrasia de JXTA-Overlay, proporcionando una solución aceptable para algunas de sus deficiencias actuales.El projecte JXTA-Overlay és un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genèric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. Tot i que el seu disseny se centra principalment en qüestions com ara la escalabilitat i el rendiment general, no té en compte la seguretat. No obstant això, com que les aplicacions P2P s'han desenvolupat per complir amb escenaris més complexos, la seguretat s'ha convertit en un aspecte molt important a tenir en compte a l'hora d'avaluar un marc P2P. Aquest article proposa una extensió de seguretat específicament adaptada a la idiosincràsia de JXTA-Overlay, proporcionant una solució acceptable per a algunes de les seves deficiències actuals

Providing secure remote access to legacy applications

While the widespread adoption of Internet and Intranet technology has been one of the exciting developments of recent years, many hospitals are finding that their data and legacy applications do not naturally fit into the new methods of dissemination. Existing applications often rely on isolation or trusted networks for their access control or security, whereas untrusted wide area networks pay little attention to the authenticity, integrity or confidentiality of the data they transport. Many hospitals do not have the resources to develop new ''network-ready'' versions of existing centralised applications. In this paper, we examine the issues that must be considered when providing network access to an existing health care application, and we describe how we have implemented the proposed solution in one healthcare application namely the diabetic register at Hope Hospital. We describe the architecture that allows remote access to the legacy application, providing it with encrypted communications and strongly authenticated access control but without requiring any modifications to the underlying application. As well as comparing alternative ways of implementing such a system, we also consider issues relating to usability and manageability, such as password management

Security and privacy aspects of mobile applications for post-surgical care

Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries