A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description protocol

In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis

DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal

https://datatracker.ietf.org/doc/rfc5595/Publisher PD

Signaling for Internet Telephony

Internet telephony must offer the standard telephony services.However, the transition to Internet-based telephony services also provides an opportunity to create new services more rapidly and with lower complexity than in the existing public switched telephone network(PSTN). The Session Initiation Protocol (SIP) is a signaling protocol that creates, modifies and terminates associations between Internet end systems, including conferences and point-to-point calls. SIP supports unicast, mesh and multicast conferences, as well as combinations of these modes. SIP implements services such as call forwarding and transfer, placing calls on hold, camp-on and call queueing by a small set of call handling primitives. SIP implementations can re-use parts of other Internet service protocols such as HTTP and the Real-Time Stream Protocol (RTSP). In this paper, we describe SIP, and show how its basic primitives can be used to construct a wide range of telephony services

Host Identity Protocol-based Network Address Translator traversal in peer-to-peer environments

Osoitteenmuuntajat aiheuttavat ongelmia vertaisverkkojen yhteyksien luomiselle. Myös koneen identiteetti protokolla (HIP) kärsii osoitteenmuuntajien aiheuttamista ongelmista, mutta sopivilla laajennuksilla sitä voidaan käyttää yleisenä osoitteenmuuntajien läpäisymenetelmänä. Interaktiivinen yhteyden luominen (ICE) on tehokas osoitteenmuuntajien läpäisymenetelmä, joka toimii monissa erilaisissa tilanteissa. Tämän diplomityön tavoitteena on mahdollistaa HIP-pohjainen osoitteenmuuntajien läpäisy käyttämällä ICE-menetelmää, ja arvioida menetelmän toimivuutta implementoinnin ja mittausten avulla. Implementoimme ICE-prototyypin ja testasimme sitä eri tyyppisten osoitteenmuuntajien kanssa. Käytimme mittauksissa verkkoa, jossa kaksi isäntäkonetta olivat eri aliverkoissa, ja suoritimme ICE-yhteystestejä näiden koneiden välillä. Mittasimme testeissä lähetettyjen viestien ja tavujen määrän sekä käytetyn ajan. Mittaustulosten perusteella laskimme myös arvion ICE:n ja HIP:in aiheuttamalle ylimääräisten viestien ja ajankäytön määrälle. ICE onnistui luomaan yhteyden kaikissa testaamissamme tilanteissa, mutta käytti välillä enemmän viestejä ja aikaa kuin olisi tarpeen. Selvitimme työssä syyt ylimääräisille viesteille ja esitimme keinoja viestien määrän vähentämiselle. Saimme myös selville, että suuressa osassa tilanteista 4-5 yhteystestiviestiä riittää yhteyden luomiseksi, mutta tietynlaista osoitteenmuunnosta käyttävät osoitteenmuuntajat voivat helposti tuplata viestien määrän. Joka tapauksessa, yhteystestien luomat liikennemäärät ovat vähäisiä, ja käyttämällä lyhyempiä ajastinaikoja kuin mitä ICE spesifikaatio ehdottaa, voidaan ICE:n tehokkuutta kasvattaa merkittävästi. Käyttämällä HIP:iä ICE:n kanssa vertaisverkko-ohjelmat voivat saada käyttöönsä tehokkaan osoitteenmuuntajien läpäisymenetelmän, joka tukee myös yhteyden turvaominaisuuksia, mobiliteettia, sekä useita yhtäaikaisia verkkoliitäntöjä.Network Address Translators (NATs) cause problems when peer-to-peer (P2P) connections are created between hosts. Also the Host Identity Protocol (HIP) has problems traversing NATs but, with suitable extensions, it can be used as a generic NAT traversal solution. The Interactive Connectivity Establishment (ICE) is a robust NAT traversal mechanism that can enable connectivity in various NAT scenarios. The goal of this thesis is to enable HIP-based NAT traversal using ICE and to evaluate the applicability of the approach by implementation and measurements. We implemented an ICE prototype and tested it with different types of NATs. We used a network where two hosts were in different subnets and run ICE connectivity checks between them. The amount of messages and bytes sent during the process, and also how long the process took, was measured and analyzed. Based on the measurements, we calculated the overhead of using HIP with ICE for NAT traversal. ICE was able to create a connection in all the scenarios, but sometimes using more messages and longer time than expected or necessary. We found reasons why too many messages are exchanged and presented solutions on how some of these redundant messages could be avoided. We also found out that while 4-5 connectivity check messages are enough in many scenarios, NATs with specific address mapping behavior can easily double the amount of needed checks. Still, the generated traffic bitrate is modest, and using shorter timeout values than what the ICE specification suggests can have a significant positive impact on performance. By using HIP with ICE, P2P programs can get an efficient NAT traversal solution that additionally supports security, mobility and multihoming

Study, Analysis and Modeling of IP Multimedia systems on next generation networks providing mobile and fixed multimedia services

Not availabl

Toward the PSTN/Internet Inter-Networking--Pre-PINT Implementations

This document contains the information relevant to the development of the inter-networking interfaces underway in the Public Switched Telephone Network (PSTN)/Internet Inter-Networking (PINT) Working Group. It addresses technologies, architectures, and several (but by no means all) existing pre-PINT implementations of the arrangements through which Internet applications can request and enrich PSTN telecommunications services. The common denominator of the enriched services (a.k.a. PINT services) is that they combine the Internet and PSTN services in such a way that the Internet is used for non-voice interactions, while the voice (and fax) are carried entirely over the PSTN. One key observation is that the pre-PINT implementations, being developed independently, do not inter-operate. It is a task of the PINT Working Group to define the inter-networking interfaces that will support inter-operation of the future implementations of PINT services

Security for the signaling plane of the SIP protocol

VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism