1,559 research outputs found
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
A secure archive for Voice-over-IP conversations
An efficient archive securing the integrity of VoIP-based two-party
conversations is presented. The solution is based on chains of hashes and
continuously chained electronic signatures. Security is concentrated in a
single, efficient component, allowing for a detailed analysis.Comment: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of
the work. It is posted here by permission of ACM for your personal use. Not
for redistribution. The definitive version was published in Proceedings of
VSW06, June, 2006, Berlin, German
Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility
Using communication services is a common part of everyday life in a personal
or business context. Communication services include Internet services like
voice services, chat service, and web 2.0 technologies (wikis, blogs, etc), but
other usage areas like home energy management and eMobility are will be
increasingly tackled. Such communication services typically authenticate
participants. For this identities of some kind are used to identify the
communication peer to the user of a service or to the service itself. Calling
line identification used in the Session Initiation Protocol (SIP) used for
Voice over IP (VoIP) is just one example. Authentication and identification of
eCar users for accounting during charging of the eCar is another example. Also,
further mechanisms rely on identities, e.g., whitelists defining allowed
communication peers. Trusted identities prevent identity spoofing, hence are a
basic building block for the protection of communication. However, providing
trusted identities in a practical way is still a difficult problem and too
often application specific identities are used, making identity handling a
hassle. Nowadays, many countries introduced electronic identity cards, e.g.,
the German "Elektronischer Personalausweis" (ePA). As many German citizens will
possess an ePA soon, it can be used as security token to provide trusted
identities. Especially new usage areas (like eMobility) should from the start
be based on the ubiquitous availability of trusted identities. This paper
describes how identity cards can be integrated within three domains: home
energy management, vehicle-2-grid communication, and SIP-based voice over IP
telephony. In all three domains, identity cards are used to reliably identify
users and authenticate participants. As an example for an electronic identity
card, this paper focuses on the German ePA
Using an External DHT as a SIP Location Service
Peer-to-peer Internet telephony using the Session Initiation Protocol (P2P-SIP) can exhibit two different architectures: an existing P2P network can be used as a replacement for lookup and updates, or a P2P algorithm can be implemented using SIP messages. In this paper, we explore the first architecture using the OpenDHT service as an externally managed P2P network. We provide design details such as encryption and signing using pseudo-code and examples to provide P2P-SIP for various deployment components such as P2P client, proxy and adaptor, based on our implementation. The design can be used with other distributed hash tables (DHTs) also
XMPP and iDTV or how to make television a social medium
Instant Messaging (IM) has the potential to become one of the killer applications for interactive Digital Television (iDTV) [12]. However, several factors make it difficult to provide a good implementation of IM services, among which the limited resources of a set-top box and the different user experience compared to computer environments.
This paper proposes the XMPP (Extensible Messaging and Presence Protocol) standard as a solution for implementing IM. When we compare XMPP with other technologies, it reveals itself to be very well adapted to the specific needs of iDTV middleware platforms like the Multimedia Home Platform (MHP) [5].
Moreover, the use of XMPP doesn't limit itself to IM The flexible architecture of XMPP opens a window of opportunities like the ease of adding new interactive services. To demonstrate the possibilities of XMPP on MHP, an IM client -IM4MHP- is presented in this paper
Security in peer-to-peer communication systems
P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization.
Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems
and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization.
Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version
- …