Support infrastructures for multimedia services with guaranteed continuity and QoS

Advances in wireless networking and content delivery systems are enabling new challenging provisioning scenarios where a growing number of users access multimedia services, e.g., audio/video streaming, while moving among different points of attachment to the Internet, possibly with different connectivity technologies, e.g., Wi-Fi, Bluetooth, and cellular 3G. That calls for novel middlewares capable of dynamically personalizing service provisioning to the characteristics of client environments, in particular to discontinuities in wireless resource availability due to handoffs. This dissertation proposes a novel middleware solution, called MUM, that performs effective and context-aware handoff management to transparently avoid service interruptions during both horizontal and vertical handoffs. To achieve the goal, MUM exploits the full visibility of wireless connections available in client localities and their handoff implementations (handoff awareness), of service quality requirements and handoff-related quality degradations (QoS awareness), and of network topology and resources available in current/future localities (location awareness). The design and implementation of the all main MUM components along with extensive on the field trials of the realized middleware architecture confirmed the validity of the proposed full context-aware handoff management approach. In particular, the reported experimental results demonstrate that MUM can effectively maintain service continuity for a wide range of different multimedia services by exploiting handoff prediction mechanisms, adaptive buffering and pre-fetching techniques, and proactive re-addressing/re-binding

Context-awareness for ubiquitous media service delivery in next generation networks

Les récentes avancées technologiques permettent désormais la fabrication de terminaux mobiles de plus en plus compacts et dotés de plusieurs interfaces réseaux. Le nouveau modèle de consommation de médias se résume par le concept "Anytime, Anywhere, Any Device" et impose donc de nouvelles exigences en termes de déploiement de services ubiquitaires. Cependant la conception et le developpement de réseaux ubiquitaires et convergents de nouvelles générations soulèvent un certain nombre de défis techniques. Les standards actuels ainsi que les solutions commerciales pourraient être affectés par le manque de considération du contexte utilisateur. Le ressenti de l'utilisateur concernant certains services multimédia tels que la VoIP et l'IPTV dépend fortement des capacités du terminal et des conditions du réseau d'accès. Cela incite les réseaux de nouvelles générations à fournir des services ubiquitaires adaptés à l'environnement de l'utilisateur optimisant par la même occasion ses resources. L'IP Multimedia Subsystem (IMS) est une architecture de nouvelle génération qui centralise l'accès aux services et permet la convergence des réseaux fixe/mobile. Néanmoins, l'évolution de l'IMS est nécessaire sur les points suivants :- l'introduction de la sensibilité au contexte utilisateur et de la PQoS (Perceived QoS) : L'architecture IMS ne prend pas en compte l'environnement de l'utilisateur, ses préférences et ne dispose pas d'un méchanisme de gestion de PQOS. Pour s'assurer de la qualité fournit à l'utilisateur final, des informations sur l'environnement de l'utilisateur ainsi que ses préférences doivent transiter en cœur de réseau afin d'y être analysés. Ce traitement aboutit au lancement du service qui sera adapté et optimisé aux conditions observées. De plus pour le service d'IPTV, les caractéristiques spatio-temporelles de la vidéo influent de manière importante sur la PQoS observée côté utilisateur. L'adaptation des services multimédias en fonction de l'évolution du contexte utilisateur et de la nature de la vidéo diffusée assure une qualité d'expérience à l'utilisateur et optimise par la même occasion l'utilisation des ressources en cœur de réseau.- une solution de mobilité efficace pour les services conversationnels tels que la VoIP : Les dernières publications 3GPP fournissent deux solutions de mobilité: le LTE proposeMIP comme solution de mobilité alors que l'IMS définit une mobilité basée sur le protocoleapplicatif SIP. Ces standards définissent le système de signalisation mais ne s'avancent pas sur la gestion du flux média lors du changement d'interface réseau. La deuxième section introduit une étude comparative détaillée des solutions de mobilité dans les NGNs.Notre première contribution est la spécification de l'architecture globale de notre plateforme IMS sensible au contexte utilisateur réalisée au sein du projet Européen ADAMANTIUM. Nous détaillons tout d'abord le serveur MCMS intelligent placé dans la couche application de l'IMS. Cet élément récolte les informations de qualité de services à différents équipements réseaux et prend la décision d'une action sur l'un de ces équipements. Ensuite nous définissons un profil utilisateur permettant de décrire son environnement et de le diffuser en coeur de réseau. Une étude sur la prédiction de satisfaction utilisateur en fonction des paramètres spatio-temporels de la vidéo a été réalisée afin de connaître le débit idéal pour une PQoS désirée.Notre deuxième contribution est l'introduction d'une solution de mobilité adaptée aux services conversationnels (VoIP) tenant compte du contexte utilisateur. Notre solution s'intègre à l'architecture IMS existante de façon transparente et permet de réduire le temps de latence du handover. Notre solution duplique les paquets de VoIP sur les deux interfaces actives pendant le temps de la transition. Parallèlement, un nouvel algorithme de gestion de mémoire tampon améliore la qualité d'expérience pour le service de VoIP.The latest advances in technology have already defied Moore s law. Thanks to research and industry, hand-held devices are composed of high processing embedded systems enabling the consumption of high quality services. Furthermore, recent trends in communication drive users to consume media Anytime, Anywhere on Any Device via multiple wired and wireless network interfaces. This creates new demands for ubiquitous and high quality service provision management. However, defining and developing the next generation of ubiquitous and converged networks raise a number of challenges. Currently, telecommunication standards do not consider context-awareness aspects for network management and service provisioning. The experience felt by the end-user consuming for instance Voice over IP (VoIP) or Internet Protocol TeleVision (IPTV) services varies depending mainly on user preferences, device context and network resources. It is commonly held that Next Generation Network (NGN) should deliver personalized and effective ubiquitous services to the end user s Mobile Node (MN) while optimizing the network resources at the network operator side. IP Multimedia Subsystem (IMS) is a standardized NGN framework that unifies service access and allows fixed/mobile network convergence. Nevertheless IMS technology still suffers from a number of confining factors that are addressed in this thesis; amongst them are two main issues :The lack of context-awareness and Perceived-QoS (PQoS):-The existing IMS infrastructure does not take into account the environment of the user ,his preferences , and does not provide any PQoS aware management mechanism within its service provisioning control system. In order to ensure that the service satisfies the consumer, this information need to be sent to the core network for analysis. In order to maximize the end-user satisfaction while optimizing network resources, the combination of a user-centric network management and adaptive services according to the user s environment and network conditions are considered. Moreover, video content dynamics are also considered as they significantly impact on the deduced perceptual quality of IPTV services. -The lack of efficient mobility mechanism for conversational services like VoIP :The latest releases of Third Generation Partnership Project (3GPP) provide two types of mobility solutions. Long-Term Evolution (LTE) uses Mobile IP (MIP) and IMS uses Session Initiation Protocol (SIP) mobility. These standards are focusing on signaling but none of them define how the media should be scheduled in multi-homed devices. The second section introduces a detailed study of existing mobility solutions in NGNs. Our first contribution is the specification of the global context-aware IMS architecture proposed within the European project ADAptative Management of mediA distributioN based on saTisfaction orIented User Modeling (ADAMANTIUM). We introduce the innovative Multimedia Content Management System (MCMS) located in the application layer of IMS. This server combines the collected monitoring information from different network equipments with the data of the user profile and takes adaptation actions if necessary. Then, we introduce the User Profile (UP) management within the User Equipment (UE) describing the end-user s context and facilitating the diffusion of the end-user environment towards the IMS core network. In order to optimize the network usage, a PQoS prediction mechanism gives the optimal video bit-rate according to the video content dynamics. Our second contribution in this thesis is an efficient mobility solution for VoIP service within IMS using and taking advantage of user context. Our solution uses packet duplication on both active interfaces during handover process. In order to leverage this mechanism, a new jitter buffer algorithm is proposed at MN side to improve the user s quality of experience. Furthermore, our mobility solution integrates easily to the existing IMS platform.BORDEAUX1-Bib.electronique (335229901) / SudocSudocFranceF

Guidelines for End-to-End Support of the RTP Control Protocol (RTCP) in Back-to-Back User Agents (B2BUAs)

Abstract SIP Back-to-Back User Agents (B2BUAs) are often designed to also be on the media path, rather than just to intercept signalling. This means that B2BUAs often implement an RTP or RTP Control Protocol (RTCP) stack as well, thus leading to separate multimedia sessions that the B2BUA correlates and bridges together. If not disciplined, this behaviour can severely impact the communication experience, especially when statistics and feedback information contained in RTCP messages get lost because of mismatches in the reported data. This document defines the proper behaviour B2BUAs should follow when acting on both the signalling plane and media plane in order to preserve the end-to-end functionality of RTCP

Secure Service Provisioning (SSP) Framework for IP Multimedia Subsystem (IMS)

Mit dem Erscheinen mobiler Multimediadienste, wie z. B. Unified Messaging, Click-to-Dial-Applikationen, netzwerkübergeifende Multimedia-Konferenzen und nahtlose Multimedia-Streming-Dienste, begann die Konvergenz von mobilen Kommunikationsetzen und Festnetzen, begleitet von der Integration von Sprach- und Datenkommunikations-Übertragungstechnik Diese Entwicklungen bilden die Voraussetzung für die Verschmelzung des modernen Internet auf der einen Seite mit der Telekommunikation im klassischen Sinne auf der anderen. Das IP Multimedia-Subsystem (IMS) darf hierbei als die entscheidende Next-Generation-Service-Delivery-Plattform in einer vereinheitlichten Kommunikationswelt angesehen werden. Seine Architektur basiert auf einem modularen Design mit offenen Schnittstellen und bietet dedizierte Voraussetzungen zur Unterstützung von Multimedia-Diensten auf der Grundlage der Internet-Protokolle. Einhergehend mit dieser aufkommenden offenen Technologie stellen sich neue Sicherheits-Herausforderungen in einer vielschichtigen Kommunikationsinfrastruktur, im Wesentlichen bestehend aus dem Internet Protokoll (IP), dem SIP-Protokoll (Session Initiation Protocol) und dem Real-time Transport Protokoll (RTP). Die Zielsetzung des Secure Service Provisioning-Systems (SSP) ist, mögliche Angriffsszenarien und Sicherheitslücken in Verbindung mit dem IP Multimedia Subsystem zu erforschen und Sicherheitslösungen, wie sie von IETF, 3GPP und TISPAN vorgeschlagen werden, zu evaluieren. Im Rahmen dieser Forschungsarbeit werden die Lösungen als Teil des SSP-Systems berücksichtigt, mit dem Ziel, dem IMS und der Next-Generation-SDP einen hinreichenden Schutz zu garantieren. Dieser Teil, der als Sicherheitsschutzstufe 1 bezeichnet wird, beinhaltet unter anderem Maßnahmen zur Nutzer- und Netzwerk-Authentifizierung, die Autorisierung der Nutzung von Multimediadiensten und Vorkehrungen zur Gewährleistung der Geheimhaltung und Integrität von Daten im Zusammenhang mit dem Schutz vor Lauschangriffen, Session-Hijacking- und Man-in-the-Middle-Angriffen. Im nächsten Schritt werden die Beschränkungen untersucht, die für die Sicherheitsschutzstufe 1 charakteristisch sind und Maßnahmen zu Verbesserung des Sicherheitsschutzes entwickelt. Die entsprechenden Erweiterungen der Sicherheitsschutzstufe 1 führen zu einem Intrusion Detection and Prevention-System (IDP), das Schutz vor Denial-of-Service- (DoS) / Distributed-Denial-of-Service (DDoS)-Angriffen, missbräuchlicher Nutzung und Täuschungsversuchen in IMS-basierten Netzwerken bietet. Weder 3GPP noch TISPAN haben bisher Lösungen für diesen Bereich spezifiziert. In diesem Zusammenhang können die beschriebenen Forschungs- und Entwicklungsarbeiten einen Beitrag zur Standardisierung von Lösungen zum Schutz vor DoS- und DDoS-Angriffen in IMS-Netzwerken leisten. Der hier beschriebene Ansatz basiert auf der Entwicklung eines (stateful / stateless) Systems zur Erkennung und Verhinderung von Einbruchsversuchen (Intrusion Detection and Prevention System). Aus Entwicklungssicht wurde das IDP in zwei Module aufgeteilt: Das erste Modul beinhaltet die Basisfunktionen des IDP, die sich auf Flooding-Angriffe auf das IMS und ihre Kompensation richten. Ihr Ziel ist es, das IMS-Core-Netzwerk und die IMS-Ressourcen vor DoS- und DDoS-Angriffen zu schützen. Das entsprechende Modul basiert auf einer Online Stateless-Detection-Methodologie und wird aktiv, sobald die CPU-Auslastung der P-CSCF (Proxy-Call State Control Function) einen vordefinierten Grenzwert erreicht oder überschreitet. Das zweite Modul (IDP-AS) hat die Aufgabe, Angriffe, die sich gegen IMS Application Server (AS) richten abzufangen. Hierbei konzentrieren sich die Maßnahmen auf den Schutz des ISC-Interfaces zwischen IMS Core und Application Servern. Das betreffende Modul realisiert eine Stateful Detection Methodologie zur Erkennung missbräuchlicher Nutzungsaktivitäten. Während der Nutzer mit dem Application Server kommuniziert, werden dabei nutzerspezifische Zustandsdaten aufgezeichnet, die zur Prüfung der Legitimität herangezogen werden. Das IDP-AS prüft alle eingehenden Requests und alle abgehenden Responses, die von IMS Application Servern stammen oder die an IMS Application Server gerichtet sind, auf ihre Zulässigkeit im Hinblick auf die definierten Attack Rules. Mit Hilfe der Kriterien Fehlerfreiheit und Processing Delay bei der Identifikation potenzieller Angriffe wird die Leistungsfähigkeit der IDP-Module bewertet. Für die entsprechenden Referenzwerte werden hierbei die Zustände Nomallast und Überlast verglichen. Falls die Leistungsfähigkeit des IDP nicht unter den Erwartungen zurückbleibt, wird ein IDP-Prototyp zur Evaluation im Open IMS Playground des Fokus Fraunhofer 3Gb-Testbeds eingesetzt, um unter realen Einsatzbedingungen z. B. in VoIP-, Videokonferenz- , IPTV-, Presence- und Push-to-Talk-Szenarien getestet werden zu können.With the emergence of mobile multimedia services, such as unified messaging, click to dial, cross network multiparty conferencing and seamless multimedia streaming services, the fixed–mobile convergence and voice–data integration has started, leading to an overall Internet–Telecommunications merger. The IP Multimedia Subsystem (IMS) is considered as the next generation service delivery platform in the converged communication world. It consists of modular design with open interfaces and enables the flexibility for providing multimedia services over IP technology. In parallel this open based emerging technology has security challenges from multiple communication platforms and protocols like IP, Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP). The objective of Secure Service Provisioning (SSP) Framework is to cram the potential attacks and security threats to IP Multimedia Subsystem (IMS) and to explore security solutions developed by IETF, 3GPP and TISPAN. This research work incorporates these solutions into SSP Framework to secure IMS and next generation Service Delivery Platform (SDP). We define this part as level 1 security protection which includes user and network authentication, authorization to access multimedia services, providing confidentiality and integrity protection etc. against eavesdropping, session hijacking and man-in-the middle attacks etc. In the next step, we have investigated the limitations and improvements to level 1 security and proposed the enhancement and extension as level 2 security by developing Intrusion Detection and Prevention (IDP) system against Denial-of-Service (DoS)/Distributed DoS (DDoS) flooding attacks, misuses and frauds in IMS-based networks. These security threats recently have been identified by 3GPP and TISPAN but no solution is recommended and developed. Therefore our solution may be considered as recommendation in future. Our approach based on developing both stateless and stateful intrusion detection and prevention system. From development point of view, we have divided the work into two modules: the first module is IDP-Core; addressing and mitigating the flooding attacks in IMS core. Its objective is to protect the IMS resources and IMS-core entities from DoS/DDoS flooding attacks. This module based on online stateless detection methodology and activates when CPU processing load of P-CSCF (Proxy-Call State Control Function) reaches or crosses the defined threshold limit. The second module is IDP-AS; addressing and mitigating the misuse attacks facing to IMS Application Servers (AS). Its focus is to secure the ISC interface between IMS Core and Application Servers. This module is based on stateful misuse detection methodology by creating and comparing user state (partner) when he/she is communicating with application server to check whether user is performing legitimate or illegitimate action with attacks rules. The IDP-AS also compared the incoming request and outgoing response to and from IMS Application Servers with the defined attacks rules. In the performance analysis, the processing delay and attacks detection accuracy of both Intrusion Detection and Prevention (IDP) modules have been measured at Fraunhofer FOKUS IMS Testbed which is developed for research purpose. The performance evaluation based on normal and overload conditions scenarios. The results showed that the processing delay introduced by both IDP modules satisfied the standard requirements and did not cause retransmission of SIP REGISTER and INVITE requests. The developed prototype is under testing phase at Fraunhofer FOKUS 3Gb Testbed for evaluation in real world communication scenarios like VoIP, video conferencing, IPTV, presence, push-to-talk etc

Framework for Automated Functional Tests within Value-Added Service Environments

Full version unavailable due to 3rd party copyright restrictions.Recent years have witnessed that standard telecommunication services evolved more and more to next generation value-added services. This fact is accompanied by a change of service characteristics as new services are designed to fulfil the customer’s demands instead of just focussing on technologies and protocols. These demands can be very specific and, therefore, diverse potential service functionalities have to be considered by the service providers. To make matters worse for service providers, a fast transition from concept to market product and low price of a new service is required due to the increasing competition in the telecommunication industry. Therefore, effective test solutions need to be developed that can be integrated in current value-added service development life-cycles. Besides, these solutions should support the involvement of all participating stakeholders such as the service provider, the test developers as well as the service developers, and, in order to consider an agile approach, also the service customer. This thesis proposes a novel framework for functional testing that is based on a new sort of description language for value-added services (Service Test Description). Based on instances of the Service Test Description, sets of reusable test components described by means of an applied Statecharts notation are automatically selected and composed to so-called behaviour models. From the behaviour models, abstract test cases can be automatically generated which are then transformed to TTCN-3 test cases and then assembled to an Executable Test Suite. Within a TTCN-3 test system, the Executable Test Suite can be executed against the corresponding value-added service referred to as System Under Test. One benefit of the proposed framework is its application within standard development life-cycles. Therefore, the thesis presents a methodology that considers both service development and test development as parallel tasks and foresees procedures to synchronise the tasks and to allow an agile approach with customer involvement. The novel framework is validated through a proof-of-concept working prototype. Example value-added services have been chosen to illustrate the whole process from compiling instances of the Service Test Description until the execution of automated tests. Overall, this thesis presents a novel solution for service providers to improve the quality of their provided value-added services through automated functional testing procedures. It enables the early involvement of the customers into the service development life-cycle and also helps test developers and service developers to collaborate