Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Privacy-preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment

Purpose – This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics. Design/methodology/approach – A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment. Findings – The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency. Research limitations/implications – The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services. Practical implications – PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions. Social implications – This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it. Originality/value – To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users

Service composition based on SIP peer-to-peer networks

Today the telecommunication market is faced with the situation that customers are requesting for new telecommunication services, especially value added services. The concept of Next Generation Networks (NGN) seems to be a solution for this, so this concept finds its way into the telecommunication area. These customer expectations have emerged in the context of NGN and the associated migration of the telecommunication networks from traditional circuit-switched towards packet-switched networks. One fundamental aspect of the NGN concept is to outsource the intelligence of services from the switching plane onto separated Service Delivery Platforms using SIP (Session Initiation Protocol) to provide the required signalling functionality. Caused by this migration process towards NGN SIP has appeared as the major signalling protocol for IP (Internet Protocol) based NGN. This will lead in contrast to ISDN (Integrated Services Digital Network) and IN (Intelligent Network) to significantly lower dependences among the network and services and enables to implement new services much easier and faster. In addition, further concepts from the IT (Information Technology) namely SOA (Service-Oriented Architecture) have largely influenced the telecommunication sector forced by amalgamation of IT and telecommunications. The benefit of applying SOA in telecommunication services is the acceleration of service creation and delivery. Main features of the SOA are that services are reusable, discoverable combinable and independently accessible from any location. Integration of those features offers a broader flexibility and efficiency for varying demands on services. This thesis proposes a novel framework for service provisioning and composition in SIP-based peer-to-peer networks applying the principles of SOA. One key contribution of the framework is the approach to enable the provisioning and composition of services which is performed by applying SIP. Based on this, the framework provides a flexible and fast way to request the creation for composite services. Furthermore the framework enables to request and combine multimodal value-added services, which means that they are no longer limited regarding media types such as audio, video and text. The proposed framework has been validated by a prototype implementation

Improving privacy in identity management systems for health care scenarios

Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.Proyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri

Open Access to Resource Management in Multimedia Networks

The paper is dedicated to mechanisms for open access to resource management in the Internet Protocol (IP) multimedia networks. First we present the concept of IP Multimedia Subsystem (IMS) and explain the IMS functional architecture, principles of quality of service management and service control in IMS. Then we describe the idea behind the opening of network interfaces for third parties so that others besides the network operator can create and deploy services. Open Service Access (OSA) and Parlay appear to be the technologies for value-added service delivery in multimedia networks. In the paper we take a closer look to the Parlay/OSA interfaces that allow third party applications to access the resource management functions in IMS. OSA "Connectivity Manager" interfaces and OSA "Policy Management" interfaces are considered. Parlay X Web Services interfaces provide a higher level of abstraction than Parlay/OSA interfaces and gain an amazing amount of support among service developers. We address "Applicationdriven Quality of Service" Parlay X Web Service and "Policy" Parlay X Web Service also