An interoperable and secure architecture for internet-scale decentralized personal communication

Interpersonal network communications, including Voice over IP (VoIP) and Instant Messaging (IM), are increasingly popular communications tools. However, systems to date have generally adopted a client-server model, requiring complex centralized infrastructure, or have not adhered to any VoIP or IM standard. Many deployment scenarios either require no central equipment, or due to unique properties of the deployment, are limited or rendered unattractive by central servers. to address these scenarios, we present a solution based on the Session Initiation Protocol (SIP) standard, utilizing a decentralized Peer-to-Peer (P2P) mechanism to distribute data. Our new approach, P2PSIP, enables users to communicate with minimal or no centralized servers, while providing secure, real-time, authenticated communications comparable in security and performance to centralized solutions.;We present two complete protocol descriptions and system designs. The first, the SOSIMPLE/dSIP protocol, is a P2P-over-SIP solution, utilizing SIP both for the transport of P2P messages and personal communications, yielding an interoperable, single-stack solution for P2P communications. The RELOAD protocol is a binary P2P protocol, designed for use in a SIP-using-P2P architecture where an existing SIP application is modified to use an additional, binary RELOAD stack to distribute user information without need for a central server.;To meet the unique security needs of a fully decentralized communications system, we propose an enrollment-time certificate authority model that provides asserted identity and strong P2P and user-level security. In this model, a centralized server is contacted only at enrollment time. No run-time connections to the servers are required.;Additionally, we show that traditional P2P message routing mechanisms are inappropriate for P2PSIP. The existing mechanisms are generally optimized for file sharing and neglect critical practical elements of the open Internet --- namely link-level security and asymmetric connectivity caused by Network Address Translators (NATs). In response to these shortcomings, we introduce a new message routing paradigm, Adaptive Routing (AR), and using both analytical models and simulation show that AR significantly improves message routing performance for P2PSIP systems.;Our work has led to the creation of a new research topic within the P2P and interpersonal communications communities, P2PSIP. Our seminal publications have provided the impetus for subsequent P2PSIP publications, for the listing of P2PSIP as a topic in conference calls for papers, and for the formation of a new working group in the Internet Engineering Task Force (IETF), directed to develop an open Internet standard for P2PSIP

Integrating Context-Awareness in the IP Multimedia Subsystem for Enhanced Session Control and Service Provisioning Capabilities

The 3GPP-defined IP Multimedia Subsystem (IMS) is becoming the de-facto standard for IP-based multimedia communication services. It consists of an overlay control and service layer that is deployed on top of IP-based mobile and fixed networks. This layer encompasses a set of common functions (e.g. session control functions allowing the initiation/modification/termination of sessions) and service logics that are needed for the seamless provisioning of IP multimedia services to users, via different access technologies. As it continues to evolve, the IMS still faces several challenges including: the enabling of innovative and personalized services that would appeal to users and increase network operators' revenues; its interaction with other types of networks (e.g. wireless sensor networks) as means to enhance its capabilities; and the support of advanced QoS schemes that would manage the network resources in an efficient and adaptive manner. The context-awareness concept, which comes from the pervasive computing field, signifies the ability to use situational information (or context) in support to operations and decision making and for the provision of relevant services to the user. Context-awareness is considered to enhance users' experience and is seen as an enabler to adaptability and service personalization - two capabilities that could play important roles in telecommunication environments. This thesis focuses on the introduction of the context-awareness technology in the IMS, as means to enhance its session control and service provisioning capabilities. It starts by presenting the necessary background information, followed by a derivation of requirements and a review of the related work. To ensure the availability of contextual information within the network, we then propose an architecture for context information acquisition and management in the IMS. This architecture leverages and extends the 3GPP presence framework. Building on the capabilities of this architecture, we demonstrate how the managed information could be integrated in IMS operations, at the control and service levels. Showcasing control level integration, we propose a novel context-aware call differentiation framework as means to offer enhanced QoS support (for sessions/calls) in IMS-based networks. This framework enables the differentiation between different categories of calls at the IMS session control level, via dynamic and adaptive resource allocation, in addition to supporting a specialized charging model. Furthermore, we also propose a framework for enhanced IMS emergency communication services. This framework addresses the limitations of existing IP-based emergency solutions, by offering three main improvements: a QoS-enhanced emergency service; a context-aware personalized emergency service; and a conferencing-enhanced emergency service. We demonstrate the use of context awareness at the IMS service level using two new context-aware IMS applications. Finally, to validate our solutions and evaluate their performance, we build various proof-of-concept prototypes and OPNET simulation model

A mobile toolkit and customised location server for the creation of cross-referencing location-based services

Although there are several Software Development kits and Application Programming Interfaces for client-side location-based services development, they mostly involve the creation of self-referencing location-based services. Self-referencing location-based services include services such as geocoding, reverse geocoding, route management and navigation which focus on satisfying the location-based requirements of a single mobile device. There is a lack of open-source Software Development Kits for the development of client-side location-based services that are cross-referencing. Cross-referencing location-based services are designed for the sharing of location information amongst different entities on a given network. This project was undertaken to assemble, through incremental prototyping, a client-side Java Micro Edition location-based services Software Development Kit and a Mobicents location server to aid mobile network operators and developers alike in the quick creation of the transport and privacy protection of cross-referencing location-based applications on Session Initiation Protocol bearer networks. The privacy of the location information is protected using geolocation policies. Developers do not need to have an understanding of Session Initiation Protocol event signaling specifications or of the XML Configuration Access Protocol to use the tools that we put together. The developed tools are later consolidated using two sample applications, the friend-finder and child-tracker services. Developer guidelines are also provided, to aid in using the provided tools

A structural and functional specification of a SCIM for service interaction management and personalisation in the IMS

The Internet Protocol Multimedia Subsystem (IMS) is a component of the 3G mobile network that has been specified by standards development organisations such as the 3GPP (3rd Generation Partnership Project) and ETSI (European Telecommunication Standards Institute). IMS seeks to guarantee that the telecommunication network of the future provides subscribers with seamless access to services across disparate networks. In order to achieve this, it defines a service architecture that hosts application servers that provide subscribers with value added services. Typically, an application server bundles all the functionality it needs to execute the services it delivers, however this view is currently being challenged. It is now thought that services should be synthesised from simple building blocks called service capabilities. This decomposition would facilitate the re-use of service capabilities across multiple services and would support the creation of new services that could not have originally been conceived. The shift from monolithic services to those built from service capabilities poses a challenge to the current service model in IMS. To accommodate this, the 3GPP has defined an entity known as a service capability interaction manager (SCIM) that would be responsible for managing the interactions between service capabilities in order to realise complex services. Some of these interactions could potentially lead to undesirable results, which the SCIM must work to avoid. As an added requirement, it is believed that the network should allow policies to be applied to network services which the SCIM should be responsible for enforcing. At the time of writing, the functional and structural architecture of the SCIM has not yet been standardised. This thesis explores the current serv ice architecture of the IMS in detail. Proposals that address the structure and functions of the SCIM are carefully compared and contrasted. This investigation leads to the presentation of key aspects of the SCIM, and provides solutions that explain how it should interact with service capabilities, manage undesirable interactions and factor user and network operator policies into its execution model. A modified design of the IMS service layer that embeds the SCIM is subsequently presented and described. The design uses existing IMS protocols and requires no change in the behaviour of the standard IMS entities. In order to develop a testbed for experimental verification of the design, the identification of suitable software platforms was required. This thesis presents some of the most popular platforms currently used by developers such as the Open IMS Core and OpenSER, as well as an open source, Java-based, multimedia communication platform called Mobicents. As a precursor to the development of the SCIM, a converged multimedia service is presented that describes how a video streaming application that is leveraged by a web portal was implemented for an IMS testbed using Mobicents components. The Mobicents SIP Servlets container was subsequently used to model an initial prototype of the SCIM, using a mUlti-component telephony service to illustrate the proposed service execution model. The design focuses on SIP-based services only, but should also work for other types of IMS application servers as well

Study, Analysis and Modeling of IP Multimedia systems on next generation networks providing mobile and fixed multimedia services

Not availabl

A unified data repository for rich communication services

Rich Communication Services (RCS) is a framework that defines a set of IP-based services for the delivery of multimedia communications to mobile network subscribers. The framework unifies a set of pre-existing communication services under a single name, and permits network operators to re-use investments in existing network infrastructure, especially the IP Multimedia Subsystem (IMS), which is a core part of a mobile network and also acts as a docking station for RCS services. RCS generates and utilises disparate subscriber data sets during execution, however, it lacks a harmonised repository for the management of such data sets, thus making it difficult to obtain a unified view of heterogeneous subscriber data. This thesis proposes the creation of a unified data repository for RCS which is based on the User Data Convergence (UDC) standard. The standard was proposed by the 3rd Generation Partnership Project (3GPP), a major telecommunications standardisation group. UDC provides an approach for consolidating subscriber data into a single logical repository without adversely affecting existing network infrastructure, such as the IMS. Thus, this thesis details the design and development of a prototypical implementation of a unified repository, named Converged Subscriber Data Repository (CSDR). It adopts a polyglot persistence model for the underlying data store and exposes heterogeneous data through the Open Data Protocol (OData), which is a candidate implementation of the Ud interface defined in the UDC architecture. With the introduction of polyglot persistence, multiple data stores can be used within the CSDR and disparate network data sources can access heterogeneous data sets using OData as a standard communications protocol. As the CSDR persistence model becomes more complex due to the inclusion of more storage technologies, polyglot persistence ensures a consistent conceptual view of these data sets through OData. Importantly, the CSDR prototype was integrated into a popular open-source implementation of the core part of an IMS network known as the Open IMS Core. The successful integration of the prototype demonstrates its ability to manage and expose a consolidated view of heterogeneous subscriber data, which are generated and used by different RCS services deployed within IMS

Algorithmes d'adressage et routage pour des réseaux fortement mobiles à grande échelle

After successfully connecting machines and people later (world wide web), the new era of In-ternet is about connecting things. Due to increasing demands in terms of addresses, mobility, scalability, security and other new unattended challenges, the evolution of current Internet archi-tecture is subject to major debate worldwide. The Internet Architecture Board (IAB) workshop on Routing and Addressing report described the serious scalability problems faced by large backbone operators in terms of routing and addressing, illustrated by the unsustainable growth of the Default Free Zone (DFZ) routing tables. Some proposals tackled the scalability and IP semantics overload issues with two different approaches: evolutionary approach (backward com-patibility) or a revolutionary approach. Several design objectives (technical or high-level) guided researchers in their proposals. Mobility is definitely one of the main challenges.Inter-Vehicle Communication (IVC) attracts considerable attention from the research com-munity and the industry for its potential in providing Intelligent Transportation Systems (ITS) and passengers services. Vehicular Ad-Hoc Networks (VANETs) are emerging as a class of wire-less network, formed between moving vehicles equipped with wireless interfaces (cellular and WiFi) employing heterogeneous communication systems. A VANET is a form of mobile ad-hoc network that provides IVC among nearby vehicles and may involve the use of a nearby fixed equipment on the roadside. The impact of Internet-based vehicular services (infotainment) are quickly developing. Some of these applications, driver assistance services or traffic reports, have been there for a while. But market-enabling applications may also be an argument in favor of a more convenient journey. Such use cases are viewed as a motivation to further adoption of the ITS standards developed within IEEE, ETSI, and ISO.This thesis focuses on applying Future Internet paradigm to vehicle-to-Internet communica-tions in an attempt to define the solution space of Future Vehicular Internet. We first introduce two possible vehicle-to-Internet use cases and great enablers for IP based services : eHealth and Fully-electric Vehicles. We show how to integrate those use cases into IPv6 enabled networks. We further focus on the mobility architectures and determine the fundamental components of a mobility architecture. We then classify those approaches into centralized and distributed to show the current trends in terms of network mobility extension, an essential component to vehicular networking. We eventually analyze the performance of these proposals. In order to define an identifier namespace for vehicular communications, we introduce the Vehicle Identification Numbers are possible candidates. We then propose a conversion algorithm that preserves the VIN characteristics while mapping it onto usable IPv6 networking objects (ad-dresses, prefixes, and Mobile Node Identifiers). We make use of this result to extend LISP-MN protocol with the support of our VIN6 addressing architecture. We also apply those results to group IP-based communications, when the cluster head is in charge of a group of followers.Cette thèse a pour objectif de faire avancer l'état de l'art des communications basée sur Internet Protocol version 6 (IPv6) dans le domaine des réseaux véhiculaires, et ce dans le cadre des évolutions récentes de IP, notamment l'avènement du Future Internet. Le Future Internet (F.I.) définit un ensemble d'approches pour faire évoluer l'Internet actuel , en particulier l'émergence d'un Internet mobile exigeant en ressources. Les acteurs de ce domaine définissent les contraintes inhérentes aux approches utilisées historiquement dans l'évolution de l'architecture d'Internet et tentent d'y remédier soit de manière évolutive soit par une rupture technologique (révolutionnaire). Un des problèmes au centre de cette nouvelle évolution d'Internet est la question du nommage et de l'adressage dans le réseau. Nous avons entrepris dans cette thèse l'étude de ce problème, dans le cadre restreint des communications véhiculaires Internet.Dans ce contexte, l'état de l'art du Future Internet a mis en avant les distinctions des approches révolutionnaires comparées aux propositions évolutives basées sur IPv6. Les réseaux véhiculaires étant d'ores-et-déjà dotés de piles protocolaires comprenant une extension IPv6, nous avons entamé une approche évolutive visant à intégrer les réseaux véhiculaires au Future Internet. Une première proposition a été de convertir un identifiant présent dans le monde automobile (VIN, Numéro d'Identification de Véhicule) en un lot d'adresses réseau propres à chaque véhicule (qui est donc propriétaire de son adressage issu de son identifiant). Cette proposition étant centrée sur le véhicule, nous avons ensuite intégré ces communications basés dans une architecture globale Future Internet basée sur IPv6 (protocole LISP). En particulier, et avec l'adressage VIN, nous avons défini un espace d'adressage indépendant des fournisseurs d'accès à Internet où le constructeur automobile devient acteur économique fournissant des services IPv6 à sa flotte de véhicules conjointement avec les opérateurs réseau dont il dépend pour transporter son trafic IP. Nous nous sommes ensuite intéressés à l'entourage proche du véhicule afin de définir un nouveau mode de communication inter-véhiculaire à Internet: le V2V2I (Angl. Vehicle-to-Vehicle-to-Infrastructure). Jusqu'à présent, les modes de transmission de données à Internet dans le monde du véhicule consistaient en des topologies V2I, à savoir véhicule à Internet, où le véhicule accède à l'infrastructure directement sans intermédiaire. Dans le cadre des communications véhiculaires à Internet, nous proposons une taxonomie des méthodes existantes dans l'état de l'art. Les techniques du Future Internet étant récentes, nous avons étendu notre taxonomie par une nouvelle approche basée sur la séparation de l'adressage topologique dans le cluster de celui de l'infrastructure. Le leader du cluster s'occupe d'affecter les adresses (de son VIN) et de gérer le routage à l'intérieur de son cluster. La dernière contribution consiste en la comparaison des performances des protocoles de gestion de mobilité, notamment pour les réseaux de véhicules et des communications de type vehicule-à-Internet. Dans ce cadre, nous avons proposé une classification des protocoles de gestion de mobilité selon leur déploiement: centralisé (basé réseau ou host) et distribué. Nous avons ensuite évalué les performances en modélisant les durées de configurations et de reconfigurations des différents protocoles concernés

Cooperative resource pooling in multihomed mobile networks

The ubiquity of multihoming amongst mobile devices presents a unique opportunity for users to co-operate, sharing their available Internet connectivity, forming multihomed mobile networks on demand. This model provides users with vast potential to increase the quality of service they receive. Despite this, such mobile networks are typically underutilized and overly restrictive, as additional Internet connectivity options are predominantly ignored and selected gateways are both immutable and incapable of meeting the demand of the mobile network. This presents a number of research challenges, as users look to maximize their quality of experience, while balancing both the financial cost and power consumption associated with utilizing a diverse set of heterogeneous Internet connectivity options. In this thesis we present a novel architecture for mobile networks, the contribution of which is threefold. Firstly, we ensure the available Internet connectivity is appropriately advertised, building a routing overlay which allows mobile devices to access any available network resource. Secondly, we leverage the benefits of multipath communications, providing the mobile device with increased throughput, additional resilience and seamless mobility. Finally, we provide a multihomed framework, enabling policy driven network resource management and path selection on a per application basis. Policy driven resource management provides a rich and descriptive approach, allowing the context of the network and the device to be taken into account when making routing decisions at the edge of the Internet. The aim of this framework, is to provide an efficient and flexible approach to the allocation of applications to the optimal network resource, no matter where it resides in a mobile network. Furthermore, we investigate the benefits of path selection, facilitating the policy framework to choose the optimal network resource for specific applications. Through our evaluation, we prove that our approach to advertising Internet connectivity in a mobile network is both efficient and capable of increasing the utilization of the available network capacity. We then demonstrate that our policy driven approach to resource management and path selection can further improve the user’s quality of experience, by tailoring network resource usage to meet their specific needs

Serviços IP multimédia em redes VoIP/3G

Mestrado em Engenharia de Computadores e TelemáticaEsta dissertação tem como objectivo o estudo da arquitectura ‘IP Multimedia Subsystem’, seus protocolos e entidades constituintes, e averiguar a implementação de uma plataforma de entrega de serviços que siga os conceitos e directrizes presentes na arquitectura orientada a serviços, mais especificamente a plataforma ‘OMA Service Environment’. ABSTRACT: The main goal of this dissertation is to study the IP Multimedia Subsystem, its constituting protocols and entities, and to evaluate the implementation of a service delivery platform that follows the concepts and directives present in service oriented architecture, more specifically the OMA Service Environment platform

Securing the Edges of IoT Networks: a Scalable SIP DDoS Defense Framework with VNF, SDN, and Blockchain

An unintended consequence of the global deployment of IoT devices is that they provide a fertile breeding ground for IoT botnets. An adversary can take advantage of an IoT botnet to launch DDoS attacks against telecommunication services. Due to the magnitude of such an attack, legacy security systems are not able to provide adequate protection. The impact ranges from loss of revenue for businesses to endangering public safety. This risk has prompted academia, government, and industry to reevaluate the existing de- fence model. The current model relies on point solutions and the assumption that adversaries and their attacks are readily identifiable. But adversaries have challenged this assumption, building a botnet from thousands of hijacked IoT devices to launch DDoS attacks. With bot- net DDoS attacks there are no clear boundary where the attacks originate and what defensive measures to use. The research question is: in what ways programmable networks could defend against Session Initiation Protocol (SIP) Distributed Denial-of-Service (DDoS) flooding attacks from IoT botnets? My significant and original contribution to the knowledge is a scalable and collaborative defence framework that secures the edges of IoT networks with Virtual Network Function (VNF), Software-Defined Networking (SDN), and Blockchain technology to prevent, detect, and mitigate SIP DDoS flooding attacks from IoT botnets. Successful experiments were performed using VNF, SDN, and Blockchain. Three kinds of SIP attacks (scan, brute force, and DDoS) were launched against a VNF running on a virtual switch and each was successfully detected and mitigated. The SDN controller gathers threat intelligence from the switch where the attacks originate and installs them as packet filtering rules on all switches in the organisation. With the switches synchronised, the same botnet outbreak is prevented from attacking other parts of the organisation. A distributed application scales this framework further by writing the threat intelligence to a smart contract on the Ethereum Blockchain so that it is available for external organisations. The receiving organisation retrieves the threat intelligence from the smart contract and installs them as packet filtering rules on their switches. In this collaborative framework, attack detection/mitigation efforts by one organisation can be leveraged as attack prevention efforts by other organisations in the community