A Cloud Platform-as-a-Service for Multimedia Conferencing Service Provisioning

Multimedia conferencing is the real-time exchange of multimedia content between multiple parties. It is the basis of a wide range of applications (e.g., multimedia multiplayer game). Cloud-based provisioning of the conferencing services on which these applications rely will bring benefits, such as easy service provisioning and elastic scalability. However, it remains a big challenge. This paper proposes a PaaS for conferencing service provisioning. The proposed PaaS is based on a business model from the state of the art. It relies on conferencing IaaSs that, instead of VMs, offer conferencing substrates (e.g., dial-in signaling, video mixer and audio mixer). The PaaS enables composition of new conferences from substrates on the fly. This has been prototyped in this paper and, in order to evaluate it, a conferencing IaaS is also implemented. Performance measurements are also made.Comment: 6 pages, 6 figures, IEEE ISCC 201

A Cloud-Based Architecture for Multimedia Conferencing Service Provisioning

Multimedia conferencing is the real-time exchange of multimedia content between multiple parties. It is the basis of several interactive multiuser applications, such as distance learning and multimedia multiplayer online games. The cloud-based provisioning of the conferencing services on which these applications rely on can have several benefits, including the easy provisioning of new applications, efficient use of resources, and elastic scalability. This paper proposes a holistic cloud-based architecture for conferencing service provisioning, which covers both the infrastructure and platform layers of the cloud. The proposed infrastructure layer offers conferencing substrates-as-a-service (e.g., dial-in signaling, video mixing, and audio mixing), instead of virtual machines or containers. The platform layer abstracts the details of the conferencing concepts and offers a high-level interface to simplify conference service provisioning for a wide range of service and application providers (experts versus non-experts). It also enables the on-the-fly scaling of the running conferences while guaranteeing the required quality of service, enables substrates composition to create new conferencing services, and eases the reuse of conferencing services in building new applications. The presented architecture is supported by a proof-of-concept prototype and performance measurements. The latter provides the analysis of resource allocation efficiency and response time, as well as the scalability of the system under suboptimal and over-provisioned conditions. It also provides recommendations for service providers regarding the best alternatives for provisioning their service

A Cloud Platform-as-a-Service for Multimedia Conferencing Service Provisioning

Multimedia Conferencing is the real-time exchange of media content (e.g. voice, video and text) between multiple participants. It is the basis of a wide range of conferencing applications such as massively multi-player online games and distance learning applications. For faster development as well as cost efficiency, developers of such conferencing applications can use conferencing services (e.g. dial-in audio conference) provided by third-parties. However, the third-party service providers face several challenges with respect to conferencing service provisioning (i.e. service development, deployment and management). One challenge is mastering complex low-level details of conferencing technologies, protocols and their interactions. Another challenge is resource elasticity. Number of conference participants varies during runtime. So resource utilization in an elastic manner is a critical factor to achieve cost efficiency. Cloud Computing can help tackle these challenges. It is a paradigm for swiftly provisioning a shared pool of configurable resources (e.g. services, applications, network and storage) on demand. It has three main service models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Using a PaaS, service providers can provision conferencing services easily and offer them as SaaS. Nonetheless, cloud-based provisioning of conferencing services still remains a big challenge due to the shortcomings of existing PaaS. In this thesis, a PaaS architecture for conferencing service provisioning is proposed. It is based on a business model from the state of the art. It relies on conferencing IaaSs that, instead of VMs, offer conferencing substrates (e.g. dial-in signaling, video mixer and audio mixer). The conferencing PaaS enables composition of new conferences from substrates on the fly. Moreover, it provides conferencing service providers, who are experienced in programming, with high-level interfaces to abstract the internal complexities of conferencing. In order for PaaS to scale ongoing conferences elastically, an algorithm is also presented in this thesis. The conferencing PaaS is prototyped and performance measurements are made. The proposed algorithm’s performance is also evaluated

Architectures and Algorithms for Cloud-Based Multimedia Conferencing

Multimedia conferencing is the real-time exchange of multimedia content between multiple parties. It is the basis of several applications, such as distance learning, online meetings, and massively multiplayer online games. Cloud-based provisioning of multimedia conferencing has several benefits, like resource efficiency, elasticity, and scalability. However, it remains very challenging. A challenge, for instance, is the lack of holistic architectures which cover both the infrastructure and the platform layers of cloud-based multimedia conferencing applications. Another challenge is the lack of appropriate algorithms for resource allocation in the conferencing cloud to accommodate the fluctuating number of participants, while meeting the required quality of services (QoS). Yet another example is the lack of suitable algorithms for scaling the multimedia conferencing applications in the cloud while meeting both QoS requirements and cost efficiency objective. Unfortunately, the solutions proposed so far do not address these challenges. This thesis focuses on the architectural and algorithmic challenges of cloud-based multimedia conferencing. It proposes architectural components and interfaces for multimedia conferencing application provisioning, covering both the Platform-as-a-Service (PaaS) and the Infrastructure-as-a-Service (IaaS) layers. The proposed interfaces simplify multimedia conference service provisioning for a wide range of application providers. On the algorithmic side, it proposes resource allocation mechanisms that support scalability in terms of the number of participants while meeting the QoS. These mechanisms allocate the actual resources (e.g., CPU, RAM, and storage) in an optimal manner. Besides these mechanisms, it proposes the scalability approaches for cloud-based multimedia conferencing applications. To ensure cost efficiency, these proposed solutions enable fine-grained scalability of the applications with respect to the number of participants while considering the QoS requirements. All algorithmic problems in this thesis are formulated using the Integer Linear Programming (ILP) and heuristics have been designed and validated to solve them

Secure Service Provisioning (SSP) Framework for IP Multimedia Subsystem (IMS)

Mit dem Erscheinen mobiler Multimediadienste, wie z. B. Unified Messaging, Click-to-Dial-Applikationen, netzwerkübergeifende Multimedia-Konferenzen und nahtlose Multimedia-Streming-Dienste, begann die Konvergenz von mobilen Kommunikationsetzen und Festnetzen, begleitet von der Integration von Sprach- und Datenkommunikations-Übertragungstechnik Diese Entwicklungen bilden die Voraussetzung für die Verschmelzung des modernen Internet auf der einen Seite mit der Telekommunikation im klassischen Sinne auf der anderen. Das IP Multimedia-Subsystem (IMS) darf hierbei als die entscheidende Next-Generation-Service-Delivery-Plattform in einer vereinheitlichten Kommunikationswelt angesehen werden. Seine Architektur basiert auf einem modularen Design mit offenen Schnittstellen und bietet dedizierte Voraussetzungen zur Unterstützung von Multimedia-Diensten auf der Grundlage der Internet-Protokolle. Einhergehend mit dieser aufkommenden offenen Technologie stellen sich neue Sicherheits-Herausforderungen in einer vielschichtigen Kommunikationsinfrastruktur, im Wesentlichen bestehend aus dem Internet Protokoll (IP), dem SIP-Protokoll (Session Initiation Protocol) und dem Real-time Transport Protokoll (RTP). Die Zielsetzung des Secure Service Provisioning-Systems (SSP) ist, mögliche Angriffsszenarien und Sicherheitslücken in Verbindung mit dem IP Multimedia Subsystem zu erforschen und Sicherheitslösungen, wie sie von IETF, 3GPP und TISPAN vorgeschlagen werden, zu evaluieren. Im Rahmen dieser Forschungsarbeit werden die Lösungen als Teil des SSP-Systems berücksichtigt, mit dem Ziel, dem IMS und der Next-Generation-SDP einen hinreichenden Schutz zu garantieren. Dieser Teil, der als Sicherheitsschutzstufe 1 bezeichnet wird, beinhaltet unter anderem Maßnahmen zur Nutzer- und Netzwerk-Authentifizierung, die Autorisierung der Nutzung von Multimediadiensten und Vorkehrungen zur Gewährleistung der Geheimhaltung und Integrität von Daten im Zusammenhang mit dem Schutz vor Lauschangriffen, Session-Hijacking- und Man-in-the-Middle-Angriffen. Im nächsten Schritt werden die Beschränkungen untersucht, die für die Sicherheitsschutzstufe 1 charakteristisch sind und Maßnahmen zu Verbesserung des Sicherheitsschutzes entwickelt. Die entsprechenden Erweiterungen der Sicherheitsschutzstufe 1 führen zu einem Intrusion Detection and Prevention-System (IDP), das Schutz vor Denial-of-Service- (DoS) / Distributed-Denial-of-Service (DDoS)-Angriffen, missbräuchlicher Nutzung und Täuschungsversuchen in IMS-basierten Netzwerken bietet. Weder 3GPP noch TISPAN haben bisher Lösungen für diesen Bereich spezifiziert. In diesem Zusammenhang können die beschriebenen Forschungs- und Entwicklungsarbeiten einen Beitrag zur Standardisierung von Lösungen zum Schutz vor DoS- und DDoS-Angriffen in IMS-Netzwerken leisten. Der hier beschriebene Ansatz basiert auf der Entwicklung eines (stateful / stateless) Systems zur Erkennung und Verhinderung von Einbruchsversuchen (Intrusion Detection and Prevention System). Aus Entwicklungssicht wurde das IDP in zwei Module aufgeteilt: Das erste Modul beinhaltet die Basisfunktionen des IDP, die sich auf Flooding-Angriffe auf das IMS und ihre Kompensation richten. Ihr Ziel ist es, das IMS-Core-Netzwerk und die IMS-Ressourcen vor DoS- und DDoS-Angriffen zu schützen. Das entsprechende Modul basiert auf einer Online Stateless-Detection-Methodologie und wird aktiv, sobald die CPU-Auslastung der P-CSCF (Proxy-Call State Control Function) einen vordefinierten Grenzwert erreicht oder überschreitet. Das zweite Modul (IDP-AS) hat die Aufgabe, Angriffe, die sich gegen IMS Application Server (AS) richten abzufangen. Hierbei konzentrieren sich die Maßnahmen auf den Schutz des ISC-Interfaces zwischen IMS Core und Application Servern. Das betreffende Modul realisiert eine Stateful Detection Methodologie zur Erkennung missbräuchlicher Nutzungsaktivitäten. Während der Nutzer mit dem Application Server kommuniziert, werden dabei nutzerspezifische Zustandsdaten aufgezeichnet, die zur Prüfung der Legitimität herangezogen werden. Das IDP-AS prüft alle eingehenden Requests und alle abgehenden Responses, die von IMS Application Servern stammen oder die an IMS Application Server gerichtet sind, auf ihre Zulässigkeit im Hinblick auf die definierten Attack Rules. Mit Hilfe der Kriterien Fehlerfreiheit und Processing Delay bei der Identifikation potenzieller Angriffe wird die Leistungsfähigkeit der IDP-Module bewertet. Für die entsprechenden Referenzwerte werden hierbei die Zustände Nomallast und Überlast verglichen. Falls die Leistungsfähigkeit des IDP nicht unter den Erwartungen zurückbleibt, wird ein IDP-Prototyp zur Evaluation im Open IMS Playground des Fokus Fraunhofer 3Gb-Testbeds eingesetzt, um unter realen Einsatzbedingungen z. B. in VoIP-, Videokonferenz- , IPTV-, Presence- und Push-to-Talk-Szenarien getestet werden zu können.With the emergence of mobile multimedia services, such as unified messaging, click to dial, cross network multiparty conferencing and seamless multimedia streaming services, the fixed–mobile convergence and voice–data integration has started, leading to an overall Internet–Telecommunications merger. The IP Multimedia Subsystem (IMS) is considered as the next generation service delivery platform in the converged communication world. It consists of modular design with open interfaces and enables the flexibility for providing multimedia services over IP technology. In parallel this open based emerging technology has security challenges from multiple communication platforms and protocols like IP, Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP). The objective of Secure Service Provisioning (SSP) Framework is to cram the potential attacks and security threats to IP Multimedia Subsystem (IMS) and to explore security solutions developed by IETF, 3GPP and TISPAN. This research work incorporates these solutions into SSP Framework to secure IMS and next generation Service Delivery Platform (SDP). We define this part as level 1 security protection which includes user and network authentication, authorization to access multimedia services, providing confidentiality and integrity protection etc. against eavesdropping, session hijacking and man-in-the middle attacks etc. In the next step, we have investigated the limitations and improvements to level 1 security and proposed the enhancement and extension as level 2 security by developing Intrusion Detection and Prevention (IDP) system against Denial-of-Service (DoS)/Distributed DoS (DDoS) flooding attacks, misuses and frauds in IMS-based networks. These security threats recently have been identified by 3GPP and TISPAN but no solution is recommended and developed. Therefore our solution may be considered as recommendation in future. Our approach based on developing both stateless and stateful intrusion detection and prevention system. From development point of view, we have divided the work into two modules: the first module is IDP-Core; addressing and mitigating the flooding attacks in IMS core. Its objective is to protect the IMS resources and IMS-core entities from DoS/DDoS flooding attacks. This module based on online stateless detection methodology and activates when CPU processing load of P-CSCF (Proxy-Call State Control Function) reaches or crosses the defined threshold limit. The second module is IDP-AS; addressing and mitigating the misuse attacks facing to IMS Application Servers (AS). Its focus is to secure the ISC interface between IMS Core and Application Servers. This module is based on stateful misuse detection methodology by creating and comparing user state (partner) when he/she is communicating with application server to check whether user is performing legitimate or illegitimate action with attacks rules. The IDP-AS also compared the incoming request and outgoing response to and from IMS Application Servers with the defined attacks rules. In the performance analysis, the processing delay and attacks detection accuracy of both Intrusion Detection and Prevention (IDP) modules have been measured at Fraunhofer FOKUS IMS Testbed which is developed for research purpose. The performance evaluation based on normal and overload conditions scenarios. The results showed that the processing delay introduced by both IDP modules satisfied the standard requirements and did not cause retransmission of SIP REGISTER and INVITE requests. The developed prototype is under testing phase at Fraunhofer FOKUS 3Gb Testbed for evaluation in real world communication scenarios like VoIP, video conferencing, IPTV, presence, push-to-talk etc

Managing Next Generation Networks (NGNs) based on the Service-Oriented Architechture (SOA). Design, Development and testing of a message-based Network Management platform for the integration of heterogeneous management systems.

Next Generation Networks (NGNs) aim to provide a unified network infrastructure to offer multimedia data and telecommunication services through IP convergence. NGNs utilize multiple broadband, QoS-enabled transport technologies, creating a converged packet-switched network infrastructure, where service-related functions are separated from the transport functions. This requires significant changes in the way how networks are managed to handle the complexity and heterogeneity of NGNs. This thesis proposes a Service Oriented Architecture (SOA) based management framework that integrates heterogeneous management systems in a loose coupling manner. The key benefit of the proposed management architecture is the reduction of the complexity through service and data integration. A network management middleware layer that merges low level management functionality with higher level management operations to resolve the problem of heterogeneity was proposed. A prototype was implemented using Web Services and a testbed was developed using trouble ticket systems as the management application to demonstrate the functionality of the proposed framework. Test results show the correcting functioning of the system. It also concludes that the proposed framework fulfils the principles behind the SOA philosophy

Integrating Context-Awareness in the IP Multimedia Subsystem for Enhanced Session Control and Service Provisioning Capabilities

The 3GPP-defined IP Multimedia Subsystem (IMS) is becoming the de-facto standard for IP-based multimedia communication services. It consists of an overlay control and service layer that is deployed on top of IP-based mobile and fixed networks. This layer encompasses a set of common functions (e.g. session control functions allowing the initiation/modification/termination of sessions) and service logics that are needed for the seamless provisioning of IP multimedia services to users, via different access technologies. As it continues to evolve, the IMS still faces several challenges including: the enabling of innovative and personalized services that would appeal to users and increase network operators' revenues; its interaction with other types of networks (e.g. wireless sensor networks) as means to enhance its capabilities; and the support of advanced QoS schemes that would manage the network resources in an efficient and adaptive manner. The context-awareness concept, which comes from the pervasive computing field, signifies the ability to use situational information (or context) in support to operations and decision making and for the provision of relevant services to the user. Context-awareness is considered to enhance users' experience and is seen as an enabler to adaptability and service personalization - two capabilities that could play important roles in telecommunication environments. This thesis focuses on the introduction of the context-awareness technology in the IMS, as means to enhance its session control and service provisioning capabilities. It starts by presenting the necessary background information, followed by a derivation of requirements and a review of the related work. To ensure the availability of contextual information within the network, we then propose an architecture for context information acquisition and management in the IMS. This architecture leverages and extends the 3GPP presence framework. Building on the capabilities of this architecture, we demonstrate how the managed information could be integrated in IMS operations, at the control and service levels. Showcasing control level integration, we propose a novel context-aware call differentiation framework as means to offer enhanced QoS support (for sessions/calls) in IMS-based networks. This framework enables the differentiation between different categories of calls at the IMS session control level, via dynamic and adaptive resource allocation, in addition to supporting a specialized charging model. Furthermore, we also propose a framework for enhanced IMS emergency communication services. This framework addresses the limitations of existing IP-based emergency solutions, by offering three main improvements: a QoS-enhanced emergency service; a context-aware personalized emergency service; and a conferencing-enhanced emergency service. We demonstrate the use of context awareness at the IMS service level using two new context-aware IMS applications. Finally, to validate our solutions and evaluate their performance, we build various proof-of-concept prototypes and OPNET simulation model