Security for the signaling plane of the SIP protocol

VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

Voice over Internet Protocol (VOIP): Overview, Direction And Challenges

Voice will remain a fundamental communication media that cuts across people of all walks of life. It is therefore important to make it cheap and affordable. To be reliable and affordable over the common Public Switched Telephone Network, change is therefore inevitable to keep abreast with the global technological change. It is on this basis that this paper tends to critically review this new technology VoIP, x-raying the different types. It further more discusses in detail the VoIP system, VoIP protocols, and a comparison of different VoIP protocols. The compression algorithm used to save network bandwidth in VoIP, advantages of VoIP and problems associated with VoIP implementation were also critically examined. It equally discussed the trend in VoIP security and Quality of Service challenges. It concludes by reiterating the need for a cheap, reliable and affordable means of communication that would not only maximize cost but keep abreast with the global technological change. Keywords: Voice over Internet Protocol (VoIP), Public Switched Telephone Network (PSTN), Session Initiation Protocol (SIP),  multipoint control uni

Network-based IP flow mobility support in 3GPPs evolved packet core

Includes bibliographical references.Mobile data traffic in cellular networks has increased tremendously in the last few years. Due to the costs associated with licensed spectrum, Mobile Network Operators (MNOs) are battling to manage these increased traffic growths. Offloading mobile data traffic to alternative low cost access networks like Wi-Fi has been proposed as a candidate solution to enable MNOs to alleviate congestion from the cellular networks. This dissertation investigates an offloading technique called IP flow mobility within the 3rd Generation Partnership Project (3GPP) all-IP mobile core network, the Evolved Packet Core (EPC). IP flow mobility would enable offloading a subset of the mobile user‟s traffic to an alternative access network while allowing the rest of the end-user‟s traffic to be kept in the cellular access; this way, traffic with stringent quality of service requirements like Voice over Internet Protocol (VoIP) would not experience service disruption or interruption when offloaded. This technique is different from previous offloading techniques where all the end-user‟s traffic is offloaded. IP flow mobility functionality can be realised with either host- or network-based mobility protocols. The recommended IP flow mobility standard of 3GPP is based on the host-based mobility solution, Dual-Stack Mobile IPv6. However, host-based mobility solutions have drawbacks like long handover latencies and produce signaling overhead in the radio access networks, which could be less appealing to MNOs. Network-based mobility solutions, compared to the host-based mobility solutions, have reduced handover latencies with no signaling overhead occurring in the radio access network. Proxy Mobile IPv6 is a networkbased mobility protocol adapted by 3GPP for mobility in the EPC. However, the standardisation of the Proxy Mobile IPv6-based IP flow mobility functionality is still ongoing within 3GPP. A review of related literature and standardisation efforts reveals shortcomings with the Proxy Mobile IPv6 mobility protocol in supporting IP flow mobility. Proxy Mobile IPv6 does not have a mechanism that would ensure session continuity during IP flow handoffs or a mechanism enabling controlling of the forwarding path of a particular IP flow i.e., specifying the access network for the IP flow. The latter mechanism is referred to as IP flow information management and flow-based routing. These mechanisms represent the basis for enabling the IP flow mobility functionality. To address the shortcomings of Proxy Mobile IPv6, this dissertation proposes vi enhancements to the protocol procedures to enable the two mechanisms for IP flow mobility functionality. The proposed enhancements for the session continuity mechanism draw on work in related literature and the proposed enhancements for the IP flow information management and flow-based routing mechanism are based on the concepts used in the Dual- Stack Mobile IPv6 IP flow mobility functionality. Together the two mechanisms allow the end-user to issue requests on what access network a particular IP flow should be routed, and ensure that the IP flows are moved to the particular access network without session discontinuity

The college of extended learning online registration system

The purpose of this study was to build an online method to register for classes for the College of Extended Learning Online Registration System (CELORS). This system was initially built so that the College of Extended Learning could offer its students an online method to register for classes, in addition to the traditional methods of registering by phone, by fax, by mail, or in person. Over the last few years, the system has been routinely modified to meet the needs of the College to suit their ever-changing business rules

Scheme for identifying and describing behavioral innovations embodied in computer programs

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1996.Includes bibliographical references (p. 177-180).by Sean Sang-Chul Pak.M.Eng

Universal internet of things system powered by FIWARE

Internet of Things has grown exponentially in recent years and will continue to grow for some time, with more and more IoT devices available in the consumer market and specific, there are also increasingly systems and platforms that use and support these devices, thus providing the possibility to view information by these collected or control them through a graphical interface, which can be a website or an application. Due to the expansion of the Internet market of Things resulting from a wide variety of devices and systems from different manufacturers it is difficult to find systems that are compatible with all or several devices from different manufacturers, since many use proprietary communication protocols. This dissertation aims at the development of an universal IoT system using the FIWARE Platform, promoted by the European Commission, which allows the use of the modular components that make up this platform to develop the intended universal system. A set of microcontrollers coupled to various sensors and actuators will be used to test the system and to verify the proper functioning of the same and each FIWARE component used, which will communicate with the system transmitting the collected data or receiving commands in the case of the actuators. These "things" were used in the context of a fictional use case simulating a real implementation of the system, having been able to function properly, able to receive data from the sensors, present data when necessary, and control the actuators.A Internet das Coisas tem crescido exponencialmente nos últimos anos e continuará a crescer por algum tempo, com cada vez mais dispositivos IoT disponíveis no mercado de consumo e específicos, havendo também cada vez mais sistemas e plataformas que utilizam e suportam estes dispositivos, fornecendo assim a possibilidade de visualizar informação por estes recolhida ou controlar os mesmos através de uma interface gráfica, que pode ser um website ou uma aplicação. Devido á expansão do mercado da Internet das Coisas resultante de haver uma grande variedade de dispositivos e sistemas de diferentes fabricantes é difícil encontrar sistemas que sejam compatíveis com todos ou vários dispositivos de diferentes fabricantes, pois muitos utilizam protocolos de comunicação proprietários. Esta dissertação tem como objectivo o desenvolvimento de um sistema IoT universal, utilizando-se para tal a plataforma FIWARE, que foi impulsionada pela Comissão Europeia, e que permite utilizando os componentes modulares que compõem esta plataforma, desenvolver o sistema universal pretendido. Para testar o sistema e comprovar o bom funcionamento do mesmo e de cada componente FIWARE utilizado, serão utilizados um conjunto de microcontroladores acoplados a diversos sensores e actuadores, que comunicarão com o sistema transmitindo os dados recolhidos ou recebendo comandos no caso dos actuadores. Estas “coisas” foram utilizadas no âmbito de um caso de estudo fictício simulando uma implementação real do sistema, tendo-se conseguido com que este funcionasse correctamente, capaz de receber dados dos sensores, apresentar os mesmos quando necessário, e de controlar os actuadores

An interoperable and secure architecture for internet-scale decentralized personal communication

Interpersonal network communications, including Voice over IP (VoIP) and Instant Messaging (IM), are increasingly popular communications tools. However, systems to date have generally adopted a client-server model, requiring complex centralized infrastructure, or have not adhered to any VoIP or IM standard. Many deployment scenarios either require no central equipment, or due to unique properties of the deployment, are limited or rendered unattractive by central servers. to address these scenarios, we present a solution based on the Session Initiation Protocol (SIP) standard, utilizing a decentralized Peer-to-Peer (P2P) mechanism to distribute data. Our new approach, P2PSIP, enables users to communicate with minimal or no centralized servers, while providing secure, real-time, authenticated communications comparable in security and performance to centralized solutions.;We present two complete protocol descriptions and system designs. The first, the SOSIMPLE/dSIP protocol, is a P2P-over-SIP solution, utilizing SIP both for the transport of P2P messages and personal communications, yielding an interoperable, single-stack solution for P2P communications. The RELOAD protocol is a binary P2P protocol, designed for use in a SIP-using-P2P architecture where an existing SIP application is modified to use an additional, binary RELOAD stack to distribute user information without need for a central server.;To meet the unique security needs of a fully decentralized communications system, we propose an enrollment-time certificate authority model that provides asserted identity and strong P2P and user-level security. In this model, a centralized server is contacted only at enrollment time. No run-time connections to the servers are required.;Additionally, we show that traditional P2P message routing mechanisms are inappropriate for P2PSIP. The existing mechanisms are generally optimized for file sharing and neglect critical practical elements of the open Internet --- namely link-level security and asymmetric connectivity caused by Network Address Translators (NATs). In response to these shortcomings, we introduce a new message routing paradigm, Adaptive Routing (AR), and using both analytical models and simulation show that AR significantly improves message routing performance for P2PSIP systems.;Our work has led to the creation of a new research topic within the P2P and interpersonal communications communities, P2PSIP. Our seminal publications have provided the impetus for subsequent P2PSIP publications, for the listing of P2PSIP as a topic in conference calls for papers, and for the formation of a new working group in the Internet Engineering Task Force (IETF), directed to develop an open Internet standard for P2PSIP

Mitigating Denial-of-Service Attacks on VoIP Environment

IP telephony refers to the use of Internet protocols to provide voice, video, and data in one integrated service over LANs, BNs, MANs, not WANs. VoIP provides three key benefits compared to traditional voice telephone services. First, it minimizes the need fro extra wiring in new buildings. Second, it provides easy movement of telephones and the ability of phone numbers to move with the individual. Finally, VoIP is generally cheaper to operate because it requires less network capacity to transmit the same voice telephone call over an increasingly digital telephone network (FitzGerald & Dennis, 2007 p. 519). Unfortunately, benefits of new electronic communications come with proportionate risks. Companies experience losses resulting from attacks on data networks. There are direct losses like economic theft, theft of trade secrets and digital data, as well as indirect losses that include loss of sales, loss of competitive advantage etc. The companies need to develop their security policies to protect their businesses. But the practice of information security has become more complex than ever. The research paper will be about the major DoS threats the company’s VoIP environment can experience as well as best countermeasures that can be used to prevent them and make the VoIP environment and, therefore, company’s networking environment more secure