Efficient User Controlled Inter-Domain SIP Mobility: Authentication, Registration, and Call Routing

Over the past decade, multimedia services have gained significant acceptance and played an important role in the convergence of IP networks. Supporting mobility in IP (Internet Protocol) networks is a crucial step towards satisfying the nomadic communication paradigms on the current Internet. The Session Initiation Protocol (SIP) presents one approach towards supporting IP mobility. Additionally, SIP is increasingly gaining in popularity as the next generation multimedia signaling and session establishment protocol. It is anticipated that the SIP infrastructure will be extensively deployed all over the Internet. In this paper, we explore an efficient approach to inter-domain SIP mobility in an attempt to improve personal and terminal mobility schemes. We succeed in applying a persistent identification framework to application level SIP addressing by introducing a level of indirection on top of the traditional SIP architecture. We refer to our approach as the Handle SIP (H-SIP). H-SIP leverages the current SIP architecture abstracting any domain binding from users. Our approach to mobility is user-controlled. We experimentally prove the efficiency of H-SIP in achieving inter-domain authentication and call routing through modeling and real-time measurements

Honeynet design and implementation

Over the past decade, webcriminality has become a real issue. Because they allow the botmasters to control hundreds to millions of machines, botnets became the first-choice attack platform for the network attackers, to launch distributed denial of service attacks, steal sensitive information and spend spam emails. This work aims at designing and implementing a honeynet, specific to IRC bots. Our system works in 3 phasis: (1) binaries collection, (2) simulation, and (3) activity capturing and monitoring. Our phase 2 simulation uses an IRC redirection to extract the connection information thanks to a IRC redirection (using a DNS redirection and a "fakeserver"). In phase 3, we use the information previously extracted to launch our honeyclient, which will capture and monitor the traffic on the C&C channel. Thanks to our honeynet, we create a database of the activity of IRC botnets (their connection characteristics, commands on the C&C ), and hope to learn more about their behavior and the underground market they create.M.S.Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahama

AUTOMATED NETWORK FAULT INFERENCE TOOL (AN FIT)

The lack of specialized experts in diagnosing network faults, inconsistencies of diagnose results and professional opinions, time-consuming and growing complexity of this task; has motivated the dewlopment of our c\utomated Network Fault Diagnostic System. This system aims to serve as an intelligent diai-,'llOStic system that will be able to produce fast, accurate, user-friendly and appropriate suggestions that will assist normal network users and administrators respectively. To ensure the realistic and successful development of the system, we adopt Extreme Programming methodology. l\lany efforts have been paid to implement a novel and efficient solution to precisely diagnose problems and in timely manner. The methodology has e\·oh-ed from rule-based systems through case-based systems to more recent model-based systems. Our project is designed upon case-based diagnostic approach as it suggests the use of previously experienced, concrete problem or cases instead of rules or modelling yueries evaluation. We propose a system that will provide reactive response on-demand in term of error messages based on inaccessible URL input entered by user. 'I he system will then diagnose the problems based on the formulated inference table that is comprised of pre-defined failure cases and test cases which will be developed via user-defined functions and general network probing tools. hom there, we expect the output to be returned in command line error mess;tges. To measure the success of the system, four Key Performance Indicators (KPI) hm-e been identified as evaluation metrics which are cm·erage, accuracy, time and response. Hence, unit testing, integration testing and usability test will be conducted to obtain the assessment results. We claim that the system could initiate an extensible framework for network services that act as a community support tooL However, at present we narrow down our focus on Web Set\~ce application but by all means encouraging and welcoming the extension to other network services or adding in new test cases as future development for the benefit of all network users

A new scheme to reduce session establishment time in session initiation protocol (SIP)

The session Initiation Protocol (SIP) has been developed by Internet Engineering Taskforce standard (IETF) with the main purpose of establishing and managing sessions between two or more parties wishing to communicate. SIP is a signaling protocol which is used for the current and future Internet Protocol (IP) telephony services, video services, and integrated web and multimedia services. SIP is an application layer protcol, thus it can run over Transmission Control Protocol(TCP) or User Datagram Protocol (UDP). When the packets are sent over the network, a form of congestion control mechanism is necessary to prevent from network collapse. TCP is a reliable protocl and provides the congestion control by adjusting the size of the congestion windows. UDP is an unreliable protocol and no flow control mechanism is provided. Many applications of the Internet require the establishment and management of sessions. The purpose of the thesis is to study the session establishnment procedure in SIP and try to reduce the time taken for the session setup in two different conditions. One, when there is no congestion in the network, and the other is when there is a network congestion. We have simulated the behaviour of session establishment in SIP using Network Simulator (NS2). UDP is used as the transport protocol. We have created different network topologies. In the topology we had created SIP user agents who wants to communicte, proxy servers for forwarding the requests on behalf of the user agents, and a Domain Name Server (DNS) which maintains the location information of all proxy servers. We tried to reduce the time taken for the session establishment. As UDP does not provide any congestion control mechanisms, we used the binary exponential backoff (BEB) algorithm to set the timers. In our network topolgy when there is no packet loss in the network, the time taken for the session establishment is reduced from 0.86 sec to 0.574 sec. In case of network congestion the setup time is reduced from 4.55 sec to 2.86 sec. From the simulation, we conclude that the session establishment time can be reduced by reducing the number of message exchanges required for session setup

Internet censorship in the European Union

Diese Arbeit befasst sich mit Internetzensur innnerhalb der EU, und hier insbesondere mit der technischen Umsetzung, das heißt mit den angewandten Sperrmethoden und Filterinfrastrukturen, in verschiedenen EU-Ländern. Neben einer Darstellung einiger Methoden und Infrastrukturen wird deren Nutzung zur Informationskontrolle und die Sperrung des Zugangs zu Websites und anderen im Internet verfügbaren Netzdiensten untersucht. Die Arbeit ist in drei Teile gegliedert. Zunächst werden Fälle von Internetzensur in verschiedenen EU-Ländern untersucht, insbesondere in Griechenland, Zypern und Spanien. Anschließend wird eine neue Testmethodik zur Ermittlung der Zensur mittels einiger Anwendungen, welche in mobilen Stores erhältlich sind, vorgestellt. Darüber hinaus werden alle 27 EU-Länder anhand historischer Netzwerkmessungen, die von freiwilligen Nutzern von OONI aus der ganzen Welt gesammelt wurden, öffentlich zugänglichen Blocklisten der EU-Mitgliedstaaten und Berichten von Netzwerkregulierungsbehörden im jeweiligen Land analysiert.This is a thesis on Internet censorship in the European Union (EU), specifically regarding the technical implementation of blocking methodologies and filtering infrastructure in various EU countries. The analysis examines the use of this infrastructure for information controls and the blocking of access to websites and other network services available on the Internet. The thesis follows a three-part structure. Firstly, it examines the cases of Internet censorship in various EU countries, specifically Greece, Cyprus, and Spain. Subsequently, this paper presents a new testing methodology for determining censorship of mobile store applications. Additionally, it analyzes all 27 EU countries using historical network measurements collected by Open Observatory of Network Interference (OONI) volunteers from around the world, publicly available blocklists used by EU member states, and reports issued by network regulators in each country

The Power Manager for the LHCb On-Line Farm

The Power Manager is a tool of the LHCb FMC (Farm Monitoring and Control System) which allows - in an OS-independent manner and without requiring expensive network-controlled power distributors - to switch the farm nodes on and off, and to monitor their physical condition: power status (on/off), temperatures, fan speeds and voltages. The Power Manager can operate on farm nodes whose motherboards and network interface cards implement the IPMI (Intelligent Platform Management Interface) specifications, version 1.5 or subsequent, and copes with several IPMI limitations

Efficient User Controlled Inter-Domain SIP Mobility Authentication, Registration, and Call Routing

Over the past decade, multimedia services have gained significant acceptance and played an important role in the convergence of IP networks. The proliferation of mobile devices and the nomadic user and computing lifestyles on current networks make mobility support a crucial ingredient of current IP-based multimedia systems. The Session Initiation Protocol (SIP) presents one approach towards supporting IP mobility. Additionally, SIP is increasingly gaining in popularity as the next generation multimedia signaling and session establishment protocol, and the SIP infrastructure is anticipated to be extensively deployed all over the Internet. We have lately proposed an approach to inter-domain SIP mobility which we call H-SIP. H-SIP is a user-controlled mobility scheme that improves personal and terminal mobility. H-SIP uses persistent identifiers and leverages the traditional SIP architecture to abstract any domain binding from users. This paper expands on our previous work and experimentally proves the efficiency of H-SIP in achieving inter-domain authentication and call routing through modeling and real-time measurements