Security Concerns of new alternative telecommunication services

With the advancing new era of communication, the so-called era of ‘being always online’ many providers offer their services for free. In that sense a small company or a virtual company becomes a huge competitor for different traditional telecommunication providers. Using the same services such as: voice calls, video calls, chat and similar services, the internet technology has made huge changes how users make use of such services . Instead of using these services, users shall install applications that are specialized for offering these services via applications, such as: Viber, WhatsApp, Facebook, Google Talk etc.. During the installation and update of these applications people do not recognize the risks of security and privacy of the information that makes their business vital, and how such information are abused on the fly and reused for unauthorized purposes. Using qualitative and quantitative methods we have conducted an empirical study focused on the usage of “these” services and we have elaborated further the need for increasing the knowledge of people in the area of security and privacy while using “free” services. This paper will highlight the challenges by setting a number of privacy and security concerns that are violated while using “free” online services, also offering a bird’s eye view of numerous recommendations developed by various standard organizations

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Security Concerns of new alternative telecommunication services

With the advancing new era of communication, the so-called era of ‘being always online’ many providers offer their services for free. In that sense a small company or a virtual company becomes a huge competitor for different traditional telecommunication providers. Using the same services such as: voice calls, video calls, chat and similar services, the internet technology has made huge changes how users make use of such services . Instead of using these services, users shall install applications that are specialized for offering these services via applications, such as: Viber, WhatsApp, Facebook, Google Talk etc.. During the installation and update of these applications people do not recognize the risks of security and privacy of the information that makes their business vital, and how such information are abused on the fly and reused for unauthorized purposes. Using qualitative and quantitative methods we have conducted an empirical study focused on the usage of “these” services and we have elaborated further the need for increasing the knowledge of people in the area of security and privacy while using “free” services. This paper will highlight the challenges by setting a number of privacy and security concerns that are violated while using “free” online services, also offering a bird’s eye view of numerous recommendations developed by various standard organizations

Security Concerns of new alternative telecommunication services

With the advancing new era of communication, the so-called era of ‘being always online’ many providers offer their services for free. In that sense a small company or a virtual company becomes a huge competitor for different traditional telecommunication providers. Using the same services such as: voice calls, video calls, chat and similar services, the internet technology has made huge changes how users make use of such services . Instead of using these services, users shall install applications that are specialized for offering these services via applications, such as: Viber, WhatsApp, Facebook, Google Talk etc.. During the installation and update of these applications people do not recognize the risks of security and privacy of the information that makes their business vital, and how such information are abused on the fly and reused for unauthorized purposes. Using qualitative and quantitative methods we have conducted an empirical study focused on the usage of “these” services and we have elaborated further the need for increasing the knowledge of people in the area of security and privacy while using “free” services. This paper will highlight the challenges by setting a number of privacy and security concerns that are violated while using “free” online services, also offering a bird’s eye view of numerous recommendations developed by various standard organizations

Prospects of peer-to-peer SIP for mobile operators

Tämän diplomityön tarkoituksena on esitellä kehitteillä oleva Peer-to-Peer Session Initiation Protocol (P2PSIP), jonka avulla käyttäjät voivat itsenäisesti ja helposti luoda keskenään puhe- ja muita multimediayhteyksiä vertaisverkko-tekniikan avulla. Lisäksi tarkoituksena on arvioida P2PSIP protokollan vaikutuksia ja mahdollisuuksia mobiilioperaattoreille, joille sitä voidaan pitää uhkana. Tästä huolimatta, P2PSIP:n ei ole kuitenkaan tarkoitus korvata nykyisiä puhelinverkkoja. Työn alussa esittelemme SIP:n ja vertaisverkkojen (Peer-to-Peer) periaatteet, joihin P2PSIP-protokollan on suunniteltu perustuvan. SIP mahdollistaa multimedia-istuntojen luomisen, sulkemisen ja muokkaamisen verkossa, mutta sen monipuolinen käyttö vaatii keskitettyjen palvelimien käyttöä. Vertaisverkon avulla käyttäjät voivat suorittaa keskitettyjen palvelimien tehtävät keskenään hajautetusti. Tällöin voidaan ylläpitää laajojakin verkkoja tehokkaasti ilman palvelimista aiheutuvia ylläpito-kustannuksia. Mobiilioperaattorit ovat haasteellisen tilanteen edessä, koska teleliikennemaailma on muuttumassa yhä avoimemmaksi. Tällöin operaattoreiden asiakkaille aukeaa mahdollisuuksia käyttää kilpailevia Internet-palveluja (kuten Skype) helpommin ja tulevaisuudessa myös itse muodostamaan kommunikointiverkkoja P2PSIP:n avulla. Tutkimukset osoittavat, että näistä uhista huolimatta myös operaattorit pystyvät näkemään P2PSIP:n mahdollisuutena mukautumisessa nopeasti muuttuvan teleliikennemaailman haasteisiin. Nämä mahdollisuudet sisältävät operaattorin oman verkon optimoinnin lisäksi vaihtoehtoisten ja monipuolisempien palveluiden tarjoamisen asiakkailleen edullisesti. Täytyy kuitenkin muistaa, että näiden mahdollisuuksien toteuttamisten vaikutusten ei tulisi olla ristiriidassa operaattorin muiden palveluiden kanssa. Lisäksi tulisi muistaa, että tällä hetkellä keskeneräisen P2PSIP-standardin lopullinen luonne ja ominaisuudet voivat muuttaa sen vaikutuksia.The purpose of this thesis is to present the Peer-to-Peer Session Initiation Protocol (P2PSIP) being developed. In addition, the purpose of this thesis is to evaluate the impacts and prospects of P2PSIP to mobile operators, to whom it can be regarded as a threat. In P2PSIP, users can independently and easily establish voice and other multimedia connections using peer-to-peer (P2P) networking. However, P2PSIP is not meant to replace the existing telephony networks of the operators. We start by introducing the principles of SIP and P2P networking that the P2PSIP is intended to use. SIP enables to establish, terminate and modify multimedia sessions, but its versatile exploitation requires using centralized servers. By using P2P networking, users can decentralize the functions of centralized servers by performing them among themselves. This enables to maintain large and robust networks without maintenance costs resulted of running such centralized servers. Telecommunications market is transforming to a more open environment, where mobile operators and other service providers are challenged to adapt to the upcoming changes. Subscribers have easier access to rivalling Internet-services (such as Skype) and in future they can form their own communication communities by using P2PSIP. The results show that despite of these threats, telecom operators can find potential from P2PSIP in concurrence in adaptation to the challenges of the rapidly changing telecom environment. These potential roles include optimization of the network of the operator, but as well roles to provide alternative and more versatile services to their subscribers at low cost. However, the usage of P2PSIP should not conflict with the other services of the operator. Also, as P2PSIP is still under development, its final nature and features may change its impacts and prospects

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Security aspects in voice over IP systems

Security has become a major concern with the rapid growth of interest in the internet. This project deals with the security aspects of VoIP systems. Various supporting protocols and technologies are considered to provide solutions to the security problems. This project stresses on the underlying VoIP protocols like Session Initiation Protocol (SIP), Secure Real-time Transport Procotol (SRTP), H.323 and Media Gateway Control Protocol (MGCP). The project further discusses the Network Address Translation (NAT) devices and firewalls that perform NAT. A firewall provides a point of defense between two networks. This project considers issues regarding the firewalls and the problems faced in using firewalls for VoIP; it further discusses the solutions about how firewalls can be used in a more secured way and how they provide security

Designing and prototyping WebRTC and IMS integration using open source tools

WebRTC, or Web Real-time Communications, is a collection of web standards that detail the mechanisms, architectures and protocols that work together to deliver real-time multimedia services to the web browser. It represents a significant shift from the historical approach of using browser plugins, which over time, have proven cumbersome and problematic. Furthermore, it adopts various Internet standards in areas such as identity management, peer-to-peer connectivity, data exchange and media encoding, to provide a system that is truly open and interoperable. Given that WebRTC enables the delivery of multimedia content to any Internet Protocol (IP)-enabled device capable of hosting a web browser, this technology could potentially be used and deployed over millions of smartphones, tablets and personal computers worldwide. This service and device convergence remains an important goal of telecommunication network operators who seek to enable it through a converged network that is based on the IP Multimedia Subsystem (IMS). IMS is an IP-based subsystem that sits at the core of a modern telecommunication network and acts as the main routing substrate for media services and applications such as those that WebRTC realises. The combination of WebRTC and IMS represents an attractive coupling, and as such, a protracted investigation could help to answer important questions around the technical challenges that are involved in their integration, and the merits of various design alternatives that present themselves. This thesis is the result of such an investigation and culminates in the presentation of a detailed architectural model that is validated with a prototypical implementation in an open source testbed. The model is built on six requirements which emerge from an analysis of the literature, including previous interventions in IMS networks and a key technical report on design alternatives. Furthermore, this thesis argues that the client architecture requires support for web-oriented signalling, identity and call handling techniques leading to a potential for IMS networks to natively support these techniques as operator networks continue to grow and develop. The proposed model advocates the use of SIP over WebSockets for signalling and DTLS-SRTP for media to enable one-to-one communication and can be extended through additional functions resulting in a modular architecture. The model was implemented using open source tools which were assembled to create an experimental network testbed, and tests were conducted demonstrating successful cross domain communications under various conditions. The thesis has a strong focus on enabling ordinary software developers to assemble a prototypical network such as the one that was assembled and aims to enable experimentation in application use cases for integrated environments

Feasibility study of VoIP in 3GPP UMTS release 5 interworking with fixed networks

Masteroppgave i informasjons- og kommunikasjonsteknologi 2003 - Høgskolen i Agder, GrimstadThe Universal Mobile Telecommunications System (UMTS) is denoted as a 3rd generation cellular system and has been designed with the objective to be a system with global coverage. With improvement of bandwidth capabilities, the UMTS system has the ability to support real time multimedia services. The focus in this thesis is Voice over IP (VoIP) which enables a user to make phone calls in the packet switched network in UMTS. This thesis starts with a presentation of VoIP with the quality requirements related to a voice session. A voice conversation needs a guaranteed quality to satisfy the participants. This thesis focuses on three main aspects; Quality of Service mechanisms (Best Effort, IntServ and DiffServ), VoIP in UMTS with a certain quality and last but not least implementation of Quality of Service (QoS) in a voice call interworking with external networks. Best Effort cannot be used when dealing with real time traffic such as VoIP. IntServ reserves resources from the application itself, and gives opportunity for each application in the terminal to request a certain quality. DiffServ works on a higher level and classifies traffic based on type of traffic, not for a particular request. For UMTS interworking with IP networks, the theoretical results suggest that IntServ over DiffServ should be used in the UMTS gateway node. An evaluation of the UMTS network is done by checking the voice quality attained by the network during a VoIP session in comparison of a traditional circuit switched call setup. Moreover, tests from the Norwegian UMTS network operator NetCom became useful when evaluating how well the VoIP could work when implementing UMTS release 5. The tests were set up with the focus on delay and voice quality in the network, and were meant for disclosing the differences with and without quality parameters during a transmission. Due to network restrictions the test results are limited