Diseño e implementación de un Punto Neutro para VoIP

El objetivo de este proyecto consiste en el diseño e implementación de un Punto neutro para VoIP (PNVoIP). El Punto Neutro es una plataforma para ofrecer interoperabilidad entre proveedores de servicios de Telefonía IP (ToIP). Esta plataforma realiza el intercambio de tráfico de VoIP entre los diferentes proveedores, evitando la salida de las comunicaciones hacia la Internet pública, con mejoras de calidad de servicio (QoS) y seguridad para los clientes de los proveedores. Este proyecto se ha realizado conjuntamente con la fundación i2CAT y dos operadores de ToIP. Cada uno de los operadores trabaja con protocolos diferentes (uno con SIP y el otro H.323), por lo que nace la necesidad de solucionar el intercambio de señalización entre operadores que empleen protocolos diferentes

Measurement and Evaluation of ENUM Server Performance

ENUM is a protocol standard developed by the Internet Engineering Task Force (IETF) for translating the E.164 phone numbers into Internet Universal Resource Identifiers (URIs). It plays an increasingly important role as the bridge between Internet and traditional telecommunications services. ENUM is based on the Domain Name System (DNS), but places unique performance requirements on DNS server. In particular, ENUM server needs to host a huge number of records, provide high query throughput for both existing and non-existing records in the server, maintain high query performance under update load, and answer queries within a tight latency budget. In this report, we evaluate and compare performance of serving ENUM queries by three servers, namely BIND, PDNS and Navitas. Our objective is to answer whether and how these servers can meet the unique performance requirements of ENUM. Test results show that the ENUM query response time on our platform has always been on the order of a few milliseconds or less, so this is likely not a concern. Throughput then becomes the key. The throughput of BIND degrades linearly as the record set size grows, so BIND is not suitable for ENUM. PDNS delivers higher performance than BIND in most cases, while the commercial Navitas server presents even better ENUM performance than PDNS. Under our 5M-record set test, Navitas server with its default configuration consumes one tenth to one sixth the memory of PDNS, achieves six times higher throughput for existing records and an order of two magnitudes higher throughput for non-existing records than the bottom line PDNS server without caching. The throughput of Navitas is also the highest among the tested servers when the database is being updated in the background. We investigated ways to improve PDNS performance. For example, doubling CPU processing power by putting PDNS and its backend database in two separate machines can increase PDNS throughput for existing records by 45% and that for nonexisting records by 40%. Since PDNS is open source, we also instrumented the source code to obtain a detailed profile of contributions of various systems components to the overall latency. We found that when the server is within its normal load range, the main component of server processing latency is caused by backend database lookup operations. Excessive number of backend database lookups is the reason that makes PDNS throughput for non-existing records its key weakness. We studied using PDNS caching to reduce the number of database lookups. With a full packet cache and a modified cache maintenance mechanism, the PDNS throughput for existing records can be improved by 100%. This brings the value to one third of its Navitas counterpart. After enabling the PDNS negative query cache, we improved PDNS throughput for non-existing records to the level comparable to its throughput for existing records, but this result is still an order of magnitude lower than the corresponding value in Navitas. Further improvements of PDNS throughput for non-existing records will require optimization of related processing mechanism in its implementation

Infrastructure electronic numbering implementation in Australia

VoIP is becoming the dominant approach for telephony and this growth will continue with the upcoming introduction of 4G mobile wireless and fibre to the home networks. With the growing demand for VoIP and increased VoIP traffic, it is important to implement a system that provides interoperability between the existing telephony numbering system and the IP network device addresses. Infrastructure ENUM is one approach that may be used. This paper examines the Infrastructure ENUM implementation in Australia

Security of VoIP protocols

Předložená bakalářská práce je zaměřena na bezpečnost protokolu VoIP (Voice over Internet Protocol). Nejdříve jsou představeny nejpoužívanější transportní a signalizační protokoly, které jsou využity v této technologii. Práce je zaměřena na dva rozšířené protokoly SIP (Session Initiation Protocol), IAX (Inter-Asterisk eXchange Protocol) a open source Asterisk, který je úzce spjatý s užíváním těchto protokolů. V další části jsou popsány možné útoky, hrozby a metody, které jsou schopny zajistit bezpečný přenos při využívání VoIP mezi uživateli. Dále je popsána praktická část této práce, která je rozdělena na dvě části. V první je demonstrován pasivní útok formou odposlechu a ve druhé aktivní útok formou násilného ukončení a přesměrování hovoru mezi dvěma komunikujícími uživateli. U obou útoků jsou navržena bezpečnostní opatření, jež by účinně mohla předcházet jejich možnému napadení. V závěru je zhodnocena samotná bezpečnost VoIP s ohledem na zajištění kvalitního spojení mezi uživateli, kteří jej pro komunikaci využívají.This bachelor dissertation deals with the VoIP (Voice over Internet Protocol) safety. The most used transport and signal protocols employing this technology are presented first. Two extended protocols, SIP (Session Initiation Protocol) and IAX (Inter-Asterisk eXchange Protocol), as well as open source Asterisk, which is closely connected with these protocols, are shown in detail. After that, methods, attacks and threats able to assure secure transfer in the use of VoIP among users are described. Afterwards the practical part of this essay, divided into two parts, is presented. In the first part, a passive attack in the form of tapping is demonstrated, and in the second, active attacks are described which take the form of forced cancellations and forwarded calls between two communicating users. With both attacks, safety measures that could effectively prevent against their potential attacking are proposed. In the closing part, the VoIP safety is evaluated for securing a quality connection between users communicating through it.

Security in a Distributed Processing Environment

Distribution plays a key role in telecommunication and computing systems today. It has become a necessity as a result of deregulation and anti-trust legislation, which has forced businesses to move from centralised, monolithic systems to distributed systems with the separation of applications and provisioning technologies, such as the service and transportation layers in the Internet. The need for reliability and recovery requires systems to use replication and secondary backup systems such as those used in ecommerce. There are consequences to distribution. It results in systems being implemented in heterogeneous environment; it requires systems to be scalable; it results in some loss of control and so this contributes to the increased security issues that result from distribution. Each of these issues has to be dealt with. A distributed processing environment (DPE) is middleware that allows heterogeneous environments to operate in a homogeneous manner. Scalability can be addressed by using object-oriented technology to distribute functionality. Security is more difficult to address because it requires the creation of a distributed trusted environment. The problem with security in a DPE currently is that it is treated as an adjunct service, i.e. and after-thought that is the last thing added to the system. As a result, it is not pervasive and therefore is unable to fully support the other DPE services. DPE security needs to provide the five basic security services, authentication, access control, integrity, confidentiality and non-repudiation, in a distributed environment, while ensuring simple and usable administration. The research, detailed in this thesis, starts by highlighting the inadequacies of the existing DPE and its services. It argues that a new management structure was introduced that provides greater flexibility and configurability, while promoting mechanism and service independence. A new secure interoperability framework was introduced which provides the ability to negotiate common mechanism and service level configurations. New facilities were added to the non-repudiation and audit services. The research has shown that all services should be security-aware, and therefore would able to interact with the Enhanced Security Service in order to provide a more secure environment within a DPE. As a proof of concept, the Trader service was selected. Its security limitations were examined, new security behaviour policies proposed and it was then implemented as a Security-aware Trader, which could counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG

Development of a 3G Authentication Based Mobile Access of Health Records: A Mobile Telemedicine Application

As our country progresses in its aim to be a developed country by the Year 2020, the field of Information and Communications Technology or ICT is fast becoming the forerunner for the vision. The Internet is used in almost all aspects of life. As for the communications sector, according to Global Mobile Subscriber Database December 2002 report, there are 8,814,700 mobile subscribers in Malaysia with an Annual Growth of 16.6%. Withthe adoption of 3G-communication technology in the coming years, compelling high speed services, reaching up to 2 Mb/s together with improved security features would soon be possible. Through these years in the mobile industry, the health sector has always been neglected. Reason being, the technology could not support the application and it is not so much of a revenue generating business compared to mobile games or sports news. With globalization where the society is always on the move across borders, together with degrading environment conditions and the need for time, instant health services are becoming crucial. Looking into these conditions of mobile adoption and health status, the author intends to develop a solution for a mobile telemedicine application. Kevin Hung (2003) defines telemedicine as the utilization of telecommunication technology for medical diagnosis, treatment and patient care. Thus, the main aim of this project was to develop an application that could be used for medical purposes. This project integrates the latest mobile telecommunication technologies together with medical services with the idea of providing a highly secured personalize medical system and database query as mobile handsets are becoming a necessity to individuals. This would make updating and retrieving medical health records hassle free, anytime and anywhere. This project has also laid the groundwork for future expansion by incorporating the basic audio and video streaming features. This report accounts for all the concepts, design works and results of the mobile telemedicine application that has been developed successfully