Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

Mobility: a double-edged sword for HSPA networks

This paper presents an empirical study on the performance of mobile High Speed Packet Access (HSPA, a 3.5G cellular standard) networks in Hong Kong via extensive field tests. Our study, from the viewpoint of end users, covers virtually all possible mobile scenarios in urban areas, including subways, trains, off-shore ferries and city buses. We have confirmed that mobility has largely negative impacts on the performance of HSPA networks, as fast-changing wireless environment causes serious service deterioration or even interruption. Meanwhile our field experiment results have shown unexpected new findings and thereby exposed new features of the mobile HSPA networks, which contradict commonly held views. We surprisingly find out that mobility can improve fairness of bandwidth sharing among users and traffic flows. Also the triggering and final results of handoffs in mobile HSPA networks are unpredictable and often inappropriate, thus calling for fast reacting fallover mechanisms. We have conducted in-depth research to furnish detailed analysis and explanations to what we have observed. We conclude that mobility is a double-edged sword for HSPA networks. To the best of our knowledge, this is the first public report on a large scale empirical study on the performance of commercial mobile HSPA networks

Solutions for IPv6-based mobility in the EU project MobyDick

Proceedings of the WTC 2002, 18th World Telecommunications Congress, Paris, France, 22 -27 September, 2002.Mobile Internet technology is moving towards a packet-based or, more precisely, IPv6-based network. Current solutions on Mobile IPv6 and other related QoS and AAA matters do not offer the security and quality users have come to take for granted. The EU IST project Moby Dick has taken on the challenge of providing a solution that integrates QoS, mobility and AAA in a heterogeneous access environment. This paper focuses on the mobility part of the project, describes and justifies the handover approach taken, shows how QoS-aware and secure handover is achieved, and introduces the project's paging concept. It shows that a transition to a fully integrated IP-RAN and IP-Backbone has become a distinct option for the future.Publicad