ACUTA eNews July 2013 Vol. 42, No. 7

In this Issue... 1 Let\u27s Talk about Data Security 2 ACUTA Reaches Out to Local Schools 2 Regulatory Webinar on Section 255 2 Welcome, Owen West 3 20 Universities Form SIP Steering Committee i 3ACUTA Discount for SIP Certification 4 Info Links 4 Annual Dues Reminder Mailed July 1 5 loyn/RCSvs. webRTC: Solving Directory Services 6 Do You ROCKZi? 6 Mark Your Calendar for Fall Seminar 7 Board Report 8 Welcome New Members 8 Check It Ou

A Model for Emergency Service of VoIP Through Certification and Labeling

Voice over Internet Protocol (VoIP) will transform many aspects of traditional telephony service including technology, the business models and the regulatory constructs that govern such service. This transformation is generating a host of technical, business, social and policy problems. The Federal Communications Commission (FCC) could attempt to mandate obligations or specific solutions to the policy issues around VoIP, but is instead looking first to industry initiatives focused on key functionality that users have come to expect of telecommunications services. High among these desired functionalities is access to emergency services that allow a user to summon fire, medical or law enforcement agencies. Such services were traditionally required (and subsequently implemented) through state and federal regulations. Reproducing emergency services in the VoIP space has proven to be a considerable task, if for no other reason then the wide and diverse variety of VoIP implementations and implementers. Regardless of this difficulty, emergency service capability is a critical social concern, making it is particularly important for the industry to propose viable solutions for promoting VoIP emergency services before regulators are compelled to mandate a solution, an outcome that often suffers compromises both through demands on expertise that may be better represented in industry and through the mechanisms of political influence and regulatory capture. While technical and business communities have, in fact, made considerable progress in this area, significant uncertainty and deployment problems still exist. The question we ask is: can an industry based certification and labeling process credibly address social and policy expectations regarding emergency services and VoIP, thus avoiding the need for government regulation at this critical time?1 We hypothesize that it can. To establish this, we developed just such a model for VoIP emergency service compliance through industry certification and device labeling. The intent of this model is to support a wide range of emergency service implementations while providing the user some validation that the service will operate as anticipated. To do this we first examine possible technical implementations for emergency services for VoIP. Next, we summarize the theory of certification as self-regulation and examine several relevant examples. Finally, we synthesize a specific model for certification of VoIP emergency services. We believe that the model we describe provides both short term and long-term opportunities. In the short term, an industry driven effort to solve the important current problem of emergency services in VoIP, if properly structured and overseen as we suggest, should be both effective and efficient. In the long term, such a process can serve as a model for the application of self-regulation to social policy goals in telecommunications, an attractive tool to have as telecommunications becomes increasingly diverse and heterogeneous

Major: Electronics and Communication Engineering

Today, information technology is strategically important to the goals and aspirations of the business enterprises, government and high-level education institutions – university. Universities are facing new challenges with the emerging global economy characterized by the importance of providing faster communication services and improving the productivity and effectiveness of individuals. New challenges such as provides an information network that supports the demands and diversification of university issues. A new network architecture, which is a set of design principles for build a network, is one of the pillar bases. It is the cornerstone that enables the university’s faculty, researchers, students, administrators, and staff to discover, learn, reach out, and serve society. This thesis focuses on the network architecture definitions and fundamental components. Three most important characteristics of high-quality architecture are that: it’s open network architecture; it’s service-oriented characteristics and is an IP network based on packets. There are four important components in the architecture, which are: Services and Network Management, Network Control, Core Switching and Edge Access. The theoretical contribution of this study is a reference model Architecture of University Campus Network that can be followed or adapted to build a robust yet flexible network that respond next generation requirements. The results found are relevant to provide an important complete reference guide to the process of building campus network which nowadays play a very important role. Respectively, the research gives university networks a structured modular model that is reliable, robust and can easily grow

On the development of Voice over IP

This record of study documents the experience acquired during my internship at Sonus Networks, Inc. for the Doctor of Engineering Program. In this record of study, I have surveyed and analyzed the current standardization status of Voice over Internet Protocol (VoIP) security and proposed an Internet draft on secure retargeting and response identity. The draft provides a simple and comprehensive solution to the response identity, call recipient identity and intermediate server retargeting problems in the Session Initiation Protocol (SIP) call setup process. To support product line development and enable product evolution in the quickly growing VoIP market, I have proposed a generic development framework for SIP application servers. The common and open architecture of the framework supports multiple products development and facilitates integration of new service modules. The systematical reuse of proven software design and implementation enables companies to reduce the development cost and shorten the time-to-market. As the development and diffusion of VoIP can never be isolated from the social sphere, I have investigated the current status, influence and interaction of three most important factors: standardization, market forces and government regulation on the development and diffusion of VoIP. The worldwide deregulation and market privatization have caused the transition of the standards development model. This transition in turn influences the market diffusion. Other than standardization, market forces including customer needs, the revenue pressure on carriers and vendors, competitive and economic environment, social culture and regulation uncertainties create both threats and opportunities. I have examined market drivers and obstacles in the current VoIP adoption stage, analyzed current VoIP market players and their strategies, and predicted the direction of VoIP business. The regulation creates the macro environment in which VoIP develops and diffuses. I have explored modern telecommunications regulation principles based on which government makes decisions on most current issues, including 911 support, mergers and acquisitions, interconnection obligation and leasing rights, rate structure and universal service fees

A Model for Emergency Service of VoIP through Certification and Labeling

Voice over Internet Protocol (VoIP) will transform many aspects of traditional telephony service, including the technology, the business models, and the regulatory constructs that govern such service. Perhaps not unexpectedly, this transformation is generating a host of technical, business, social, and policy problems. In attempting to respond to these problems, the Federal Communications Commission (FCC) could mandate obligations or specific solutions to VoIP policy issues; however, it is instead looking first to industry initiatives focused on the key functionality that users have come to expect of telecommunications services. High among this list of desired functionality is user access to emergency services for purposes of summoning fire, medical, and law enforcement agencies. Such services were traditionally required to be implemented (and subsequently were implemented) through state and federal regulations. An emergency service capability is a critical social concern, making it particularly important for the industry to propose viable solutions for promoting VoIP emergency services before regulators are compelled to mandate a solution. Reproducing emergency services in the VoIP space has proven to be a considerable task, mainly due to the wide and diverse variety of VoIP implementations and implementers. While technical and business communities have, in fact, made considerable progress in this area, significant uncertainty and deployment problems still exist. The question we ask is this: Can an industry-based certification and labeling process credibly address social and policy expectations regarding emergency services and VoIP, thus avoiding the need for government regulation at this critical time? We hypothesize that the answer is “yes.” In answering this question, we developed a model for VoIP emergency service compliance through industry certification and device labeling. This model is intended to support a wide range of emergency service implementations while providing users with sufficient verification that the service will operate as anticipated. To this end, we first examine possible technical implementations for VoIP emergency services. Next, we summarize the theory of certification as self-regulation and examine several relevant examples. Finally, we synthesize a specific model for certification of VoIP emergency services. We believe that the model we describe provides both short-term and long-term opportunities. In the short term, an industry-driven effort to solve the current problem of VoIP emergency services, if properly structured and overseen as we suggest, should be both effective and efficient. In the long term, such a process can serve as a self-regulatory model that can be applied to social policy goals in the telecommunications industry, making it an important tool to have as the industry becomes increasingly diverse and heterogeneous

Vulnerabilities of signaling system number 7 (SS7) to cyber attacks and how to mitigate against these vulnerabilities.

As the mobile network subscriber base exponentially increases due to some attractive offerings such as anytime anywhere accessibility, seamless roaming, inexpensive handsets with sophisticated applications, and Internet connectivity, the mobile telecommunications network has now become the primary source of communication for not only business and pleasure, but also for the many life and mission critical services. This mass popularisation of telecommunications services has resulted in a heavily loaded Signaling System number 7 (SS7) signaling network which is used in Second and Third Generations (2G and 3G) mobile networks and is needed for call control and services such as caller identity, roaming, and for sending short message servirces. SS7 signaling has enjoyed remarkable popularity for providing acceptable voice quality with negligible connection delays, pos- sibly due to its circuit-switched heritage. However, the traditional SS7 networks are expensive to lease and to expand, hence to cater for the growing signaling demand and to provide the seamless interconnectivity between the SS7 and IP networks a new suite of protocols known as Signaling Transport (SIGTRAN) has been designed to carry SS7 signaling messages over IP. Due to the intersignaling between the circuit-switched and the packet-switched networks, the mo- bile networks have now left the “walled garden”, which is a privileged, closed and isolated ecosystem under the full control of mobile carriers, using proprietary protocols and has minimal security risks due to restricted user access. Potentially, intersignaling can be exploited from the IP side to disrupt the services provided on the circuit-switched side. This study demonstrates the vulnerabilities of SS7 messages to cyber-attacks while being trans- ported over IP networks and proposes some solutions based on securing both the IP transport and SCTP layers of the SIGTRAN protocol stack

Infrastructure electronic numbering implementation in Australia

VoIP is becoming the dominant approach for telephony and this growth will continue with the upcoming introduction of 4G mobile wireless and fibre to the home networks. With the growing demand for VoIP and increased VoIP traffic, it is important to implement a system that provides interoperability between the existing telephony numbering system and the IP network device addresses. Infrastructure ENUM is one approach that may be used. This paper examines the Infrastructure ENUM implementation in Australia

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Security Enhancements in Voice Over Ip Networks

Voice delivery over IP networks including VoIP (Voice over IP) and VoLTE (Voice over LTE) are emerging as the alternatives to the conventional public telephony networks. With the growing number of subscribers and the global integration of 4/5G by operations, VoIP/VoLTE as the only option for voice delivery becomes an attractive target to be abused and exploited by malicious attackers. This dissertation aims to address some of the security challenges in VoIP/VoLTE. When we examine the past events to identify trends and changes in attacking strategies, we find that spam calls, caller-ID spoofing, and DoS attacks are the most imminent threats to VoIP deployments. Compared to email spam, voice spam will be much more obnoxious and time consuming nuisance for human subscribers to filter out. Since the threat of voice spam could become as serious as email spam, we first focus on spam detection and propose a content-based approach to protect telephone subscribers\u27 voice mailboxes from voice spam. Caller-ID has long been used to enable the callee parties know who is calling, verify his identity for authentication and his physical location for emergency services. VoIP and other packet switched networks such as all-IP Long Term Evolution (LTE) network provide flexibility that helps subscribers to use arbitrary caller-ID. Moreover, interconnecting between IP telephony and other Circuit-Switched (CS) legacy telephone networks has also weakened the security of caller-ID systems. We observe that the determination of true identity of a calling device helps us in preventing many VoIP attacks, such as caller-ID spoofing, spamming and call flooding attacks. This motivates us to take a very different approach to the VoIP problems and attempt to answer a fundamental question: is it possible to know the type of a device a subscriber uses to originate a call? By exploiting the impreciseness of the codec sampling rate in the caller\u27s RTP streams, we propose a fuzzy rule-based system to remotely identify calling devices. Finally, we propose a caller-ID based public key infrastructure for VoIP and VoLTE that provides signature generation at the calling party side as well as signature verification at the callee party side. The proposed signature can be used as caller-ID trust to prevent caller-ID spoofing and unsolicited calls. Our approach is based on the identity-based cryptography, and it also leverages the Domain Name System (DNS) and proxy servers in the VoIP architecture, as well as the Home Subscriber Server (HSS) and Call Session Control Function (CSCF) in the IP Multimedia Subsystem (IMS) architecture. Using OPNET, we then develop a comprehensive simulation testbed for the evaluation of our proposed infrastructure. Our simulation results show that the average call setup delays induced by our infrastructure are hardly noticeable by telephony subscribers and the extra signaling overhead is negligible. Therefore, our proposed infrastructure can be adopted to widely verify caller-ID in telephony networks