Towards Securing Peer-to-peer SIP in the MANET Context: Existing Work and Perspectives

The Session Initiation Protocol (SIP) is a key building block of many social applications, including VoIP communication and instant messaging. In its original architecture, SIP heavily relies on servers such as proxies and registrars. Mobile Ad hoc NETworks (MANETs) are networks comprised of mobile devices that communicate over wireless links, such as tactical radio networks or vehicular networks. In such networks, no fixed infrastructure exists and server-based solutions need to be redesigned to work in a peer-to-peer fashion. We survey existing proposals for the implementation of SIP over such MANETs and analyze their security issues. We then discuss potential solutions and their suitability in the MANET context

Secure Naming and Addressing Operations for Store, Carry and Forward Networks

This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems

A Decentralized Session Management Framework for Heterogeneous Ad-Hoc and Fixed Networks

Wireless technologies are continuously evolving. Second generation cellular networks have gained worldwide acceptance. Wireless LANs are commonly deployed in corporations or university campuses, and their diffusion in public hotspots is growing. Third generation cellular systems are yet to affirm everywhere; still, there is an impressive amount of research ongoing for deploying beyond 3G systems. These new wireless technologies combine the characteristics of WLAN based and cellular networks to provide increased bandwidth. The common direction where all the efforts in wireless technologies are headed is towards an IP-based communication. Telephony services have been the killer application for cellular systems; their evolution to packet-switched networks is a natural path. Effective IP telephony signaling protocols, such as the Session Initiation Protocol (SIP) and the H 323 protocol are needed to establish IP-based telephony sessions. However, IP telephony is just one service example of IP-based communication. IP-based multimedia sessions are expected to become popular and offer a wider range of communication capabilities than pure telephony. In order to conjoin the advances of the future wireless technologies with the potential of IP-based multimedia communication, the next step would be to obtain ubiquitous communication capabilities. According to this vision, people must be able to communicate also when no support from an infrastructured network is available, needed or desired. In order to achieve ubiquitous communication, end devices must integrate all the capabilities necessary for IP-based distributed and decentralized communication. Such capabilities are currently missing. For example, it is not possible to utilize native IP telephony signaling protocols in a totally decentralized way. This dissertation presents a solution for deploying the SIP protocol in a decentralized fashion without support of infrastructure servers. The proposed solution is mainly designed to fit the needs of decentralized mobile environments, and can be applied to small scale ad-hoc networks or also bigger networks with hundreds of nodes. A framework allowing discovery of SIP users in ad-hoc networks and the establishment of SIP sessions among them, in a fully distributed and secure way, is described and evaluated. Security support allows ad-hoc users to authenticate the sender of a message, and to verify the integrity of a received message. The distributed session management framework has been extended in order to achieve interoperability with the Internet, and the native Internet applications. With limited extensions to the SIP protocol, we have designed and experimentally validated a SIP gateway allowing SIP signaling between ad-hoc networks with private addressing space and native SIP applications in the Internet. The design is completed by an application level relay that permits instant messaging sessions to be established in heterogeneous environments. The resulting framework constitutes a flexible and effective approach for the pervasive deployment of real time applications.The invention of the phone has radically changed the way people communicate, as it allowed persons to get in contact instantly no matter of their location. However, phone communication has been confined for decades to a fixed location, be it one's own house or a phone boot. The widespread affirmation of cellular technologies has had for fixed telephony a similar impact that the invention of the phone has had on communications years before. With mobile phones, people are enabled to talk with each other anytime and anywhere. Internet has also revolutionized the way people communicate. E-mails have soon become one of the Internet killer applications. Later on, instant messaging, popularly known as chatting, has gained huge consensus among net surfers. Only recently, the use of the Internet for voice communication is becoming mainstream, and the so called Voice over IP (VoIP) applications (Skype is probably the most famous for the masses) are becoming common use. Despite its popularity, Internet still suffers from the inherent limitations that affected early telephony: it is fixed. The usage of Internet on the move still does not constitute the easiest and most satisfactory user experience, due to capabilities and limitations of the access technology, terminals, services and applications. Efforts for mobilizing the Internet are ongoing both in the industrial and in the academic worlds, but several bricks are needed to build the wall of mobile Internet. This dissertation provides one of these bricks, describing a solution that allows the deployment of multimedia applications (chat, VoIP, gaming) in mobile environments. In other words, this dissertation gives solutions for facilitating ubiquitous Internet-based communication, anytime and anywhere. The vision that we want to become true is that Internet must become mobile in the same way as fixed telephony has become mobile thanks to the cellular technology. More than this, we do not want that users are limited by the presence of an infrastructure to communicate with each other. In order to achieve this, we present solutions to deploy Internet-based services and applications in environments where no support from servers is available. In other words, we enable direct device-to-device, user-to-user Internet communication. Our contribution is mainly focused on the steps needed to establish the communication, the so called session establishment or signaling phase. We have validated our signaling framework by building a chat application that utilizes its features and works in server-less environments. The custom server-less solution does not prohibit to connect at the same time with the Internet, so that one can engage in a chess game using direct communication with a person in the proximity while having a chat in progress with a friend using standard Internet services. The challenge that we had to face is that Internet services and applications are usually built implying support from a centralized server. In order to deploy direct user-to-user Internet services, while maintaining interoperability with mainstream services, we had to enhance native Internet services to work without infrastructure support, without sacrificing interoperability with standard Internet applications. To conclude, we have placed our brick on the still yet to be completed wall of mobile Internet. Our hope is that one day, thanks also to this brick, everybody will be able to enjoy Internet-based applications as easily as now it is possible to use mobile telephony services

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Integrating secure mobile P2P systems and Wireless Sensor Networks

Aquesta tesi tracta de les diferents limitacions trobades a WSN per a habilitar-ne el desplegament en nous escenaris i facilitar la difusió de la informació obtinguda. A un nivell baix, ens centrem en el consum d'energia, mentre que, a un nivell més alt, ens focalitzem en la difusió i la seguretat de la informació. Reduïm el consum d'una mote individual en xarxes amb patrons de trànsit dinàmic mitjançant la definició d'una funció de planificació basada en el conegut controlador PID i allarguem la vida d'una WSN globalment distribuint equitativament el consum energètic de totes les motes, disminuint el nombre d'intervencions necessàries per a canviar bateries i el cost associat. Per tal d'afavorir la difusió de la informació provinent d'una WSN, hem proposat jxSensor, una capa d'integració entre les WSN i el conegut sistema P2P JXTA. Com que tractem informació sensible, hem proposat una capa d'anonimat a JXTA i un mecanisme d'autenticació lleuger per a la seva versió mòbil.Esta tesis trata las diferentes limitaciones encontradas en WSN para habilitar su despliegue en nuevos escenarios, así como facilitar la diseminación de la información obtenida. A bajo nivel, nos centramos en el consumo de energía, mientras que, a un nivel más alto, nos focalizamos en la diseminación y seguridad de la información. Reducimos el consumo de una mota individual en redes con patrones de tráfico dinámico mediante la definición de una función de planificación basada en el conocido controlador PID y alargamos la vida de una WSN globalmente distribuyendo equitativamente el consumo energético de todas las motas, disminuyendo el número de intervenciones requeridas para cambiar baterías y su coste asociado. Para favorecer la diseminación de la información procedente de una WSN hemos propuesto jxSensor, una capa de integración entre las WSN y el conocido sistema P2P JXTA. Como estamos tratando con información sensible, hemos propuesto una capa de anonimato en JXTA y un mecanismo de autenticación ligero para su versión móvil.This thesis addresses different limitations found in WSNs in order to enable their deployment in new scenarios as well as to make it easier to disseminate the gathered information. At a lower level, we concentrate on energy consumption while, at a higher level, we focus on the dissemination and security of information. The consumption of an individual mote in networks with dynamic traffic patterns is reduced by defining a scheduling function based on the well-known PID controller. Additionally, the life of a WSN is extended by equally distributing the consumption of all the motes, which reduces the number of interventions required to replace batteries as well as the associated cost. To help the dissemination of information coming from a WSN we have proposed jxSensor, which is an integration layer between WSNs and the well-known JXTA P2P system. As we are dealing with sensitive information, we have proposed an anonymity layer in JXTA and a light authentication method in its mobile version

Efficient service discovery in wide area networks

Living in an increasingly networked world, with an abundant number of services available to consumers, the consumer electronics market is enjoying a boom. The average consumer in the developed world may own several networked devices such as games consoles, mobile phones, PDAs, laptops and desktops, wireless picture frames and printers to name but a few. With this growing number of networked devices comes a growing demand for services, defined here as functions requested by a client and provided by a networked node. For example, a client may wish to download and share music or pictures, find and use printer services, or lookup information (e.g. train times, cinema bookings). It is notable that a significant proportion of networked devices are now mobile. Mobile devices introduce a new dynamic to the service discovery problem, such as lower battery and processing power and more expensive bandwidth. Device owners expect to access services not only in their immediate proximity, but further afield (e.g. in their homes and offices). Solving these problems is the focus of this research. This Thesis offers two alternative approaches to service discovery in Wide Area Networks (WANs). Firstly, a unique combination of the Session Initiation Protocol (SIP) and the OSGi middleware technology is presented to provide both mobility and service discovery capability in WANs. Through experimentation, this technique is shown to be successful where the number of operating domains is small, but it does not scale well. To address the issue of scalability, this Thesis proposes the use of Peer-to-Peer (P2P) service overlays as a medium for service discovery in WANs. To confirm that P2P overlays can in fact support service discovery, a technique to utilise the Distributed Hash Table (DHT) functionality of distributed systems is used to store and retrieve service advertisements. Through simulation, this is shown to be both a scalable and a flexible service discovery technique. However, the problems associated with P2P networks with respect to efficiency are well documented. In a novel approach to reduce messaging costs in P2P networks, multi-destination multicast is used. Two well known P2P overlays are extended using the Explicit Multi-Unicast (XCAST) protocol. The resulting analysis of this extension provides a strong argument for multiple P2P maintenance algorithms co-existing in a single P2P overlay to provide adaptable performance. A novel multi-tier P2P overlay system is presented, which is tailored for service rich mobile devices and which provides an efficient platform for service discovery

Approaches to securing P2PSIP in MANETs

This paper studies the security for Voice over IP in peer-to-peer (P2P) networks. Instead of taking a general approach to security in P2P, we focus on a specific use case, namely private (e.g. military) mobile ad hoc networks. This allows for security measures that are not necessarily applicable to general P2P networks, but elegantly solve the issues in the given context. We propose security measures for two different approaches to the P2P version of the Session Initiation Protocol in such networks, provide their implementations and present results from performing experimentations in a simulator