47 research outputs found

    Roaming Real-Time Applications - Mobility Services in IPv6 Networks

    Full text link
    Emerging mobility standards within the next generation Internet Protocol, IPv6, promise to continuously operate devices roaming between IP networks. Associated with the paradigm of ubiquitous computing and communication, network technology is on the spot to deliver voice and videoconferencing as a standard internet solution. However, current roaming procedures are too slow, to remain seamless for real-time applications. Multicast mobility still waits for a convincing design. This paper investigates the temporal behaviour of mobile IPv6 with dedicated focus on topological impacts. Extending the hierarchical mobile IPv6 approach we suggest protocol improvements for a continuous handover, which may serve bidirectional multicast communication, as well. Along this line a multicast mobility concept is introduced as a service for clients and sources, as they are of dedicated importance in multipoint conferencing applications. The mechanisms introduced do not rely on assumptions of any specific multicast routing protocol in use.Comment: 15 pages, 5 figure

    Security aspects in voice over IP systems

    Get PDF
    Security has become a major concern with the rapid growth of interest in the internet. This project deals with the security aspects of VoIP systems. Various supporting protocols and technologies are considered to provide solutions to the security problems. This project stresses on the underlying VoIP protocols like Session Initiation Protocol (SIP), Secure Real-time Transport Procotol (SRTP), H.323 and Media Gateway Control Protocol (MGCP). The project further discusses the Network Address Translation (NAT) devices and firewalls that perform NAT. A firewall provides a point of defense between two networks. This project considers issues regarding the firewalls and the problems faced in using firewalls for VoIP; it further discusses the solutions about how firewalls can be used in a more secured way and how they provide security

    Location Management in a Transport Layer Mobility Architecture

    Get PDF
    Mobility architectures that place complexity in end nodes rather than in the network interior have many advantageous properties and are becoming popular research topics. Such architectures typically push mobility support into higher layers of the protocol stack than network layer approaches like Mobile IP. The literature is ripe with proposals to provide mobility services in the transport, session, and application layers. In this paper, we focus on a mobility architecture that makes the most significant changes to the transport layer. A common problem amongst all mobility protocols at various layers is location management, which entails translating some form of static identifier into a mobile node's dynamic location. Location management is required for mobile nodes to be able to provide globally-reachable services on-demand to other hosts. In this paper, we describe the challenges of location management in a transport layer mobility architecture, and discuss the advantages and disadvantages of various solutions proposed in the literature. Our conclusion is that, in principle, secure dynamic DNS is most desirable, although it may have current operational limitations. We note that this topic has room for further exploration, and we present this paper largely as a starting point for comparing possible solutions

    Signaling for Internet Telephony

    Get PDF
    Internet telephony must offer the standard telephony services.However, the transition to Internet-based telephony services also provides an opportunity to create new services more rapidly and with lower complexity than in the existing public switched telephone network(PSTN). The Session Initiation Protocol (SIP) is a signaling protocol that creates, modifies and terminates associations between Internet end systems, including conferences and point-to-point calls. SIP supports unicast, mesh and multicast conferences, as well as combinations of these modes. SIP implements services such as call forwarding and transfer, placing calls on hold, camp-on and call queueing by a small set of call handling primitives. SIP implementations can re-use parts of other Internet service protocols such as HTTP and the Real-Time Stream Protocol (RTSP). In this paper, we describe SIP, and show how its basic primitives can be used to construct a wide range of telephony services

    Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

    Get PDF
    Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues

    End-to-end security in active networks

    Get PDF
    Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

    Building a Secure Short Duration Transaction Network

    Get PDF
    The objective of this project was to design and test a secure IP-based architecture suitable for short duration transactions. This included the development of a prototype test-bed in which various operating scenarios (such as cryptographic options, various IP-based architectures and fault tolerance) were demonstrated. A solution based on SIP secured with TLS was tested on two IP based architectures. Total time, CPU time and heap usage was measured for each architecture and encryption scheme to examine the viability of such a solution. The results showed that the proposed solution stack was able to complete transactions in reasonable time and was able to recover from transaction processor failure. This research has demonstrated a possible architecture and protocol stack suitable for IP-based transaction networks. The benefits of an IP-based transaction network include reduced operating costs for network providers and clients, as shared IP infrastructure is used, instead of maintaining a separate IP and X.25 network

    A Secure Peer-to-Peer Application Framework

    Get PDF
    The nature of the Internet has changed dramatically. From a modest research network, it has evolved into one of the most important fabrics of our modern society, affecting the lives of billions each day. We rely on it for everything from performing our daily chores to accessing rich media and keeping in touch with our friends. Despite this change, service provisioning has largely remained intact. Services are provided in a centralized manner, resulting in bottlenecks and vulnerable collections of, often unwittingly, submitted sensitive information. Peer-to-peer (P2P) technologies have the potential to provide a better alternative for future networking. P2P services distribute the load from a single node to a network of peers, relying on the resources of the end-users themselves. Not only does it remove the bottlenecks, it has the potential to provide a more personal and safe networking environment. In this dissertation, we inspect the feasibility and implications of a generic, cross-application, P2P framework. We present the design and implementation of a framework that uses existing infrastructure and advanced networking protocols to create a secure environment. Using this framework, applications are able to benefit from P2P networking without having to deploy new infrastructure or implement complex connection- and identity management. Users benefit from using a single, strong, cross-application identity management and having better control over their data. This improves the trust within the system and enables new ways of dealing with security threats. We demonstrate the feasibility of the framework by evaluating the performance and usability of the prototype implementation. This provides a model for future networking applications and insight into the security and usability issues these will face
    corecore