598 research outputs found

    A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description protocol

    Get PDF
    In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis

    DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal

    Get PDF
    https://datatracker.ietf.org/doc/rfc5595/Publisher PD

    Signaling for Internet Telephony

    Get PDF
    Internet telephony must offer the standard telephony services.However, the transition to Internet-based telephony services also provides an opportunity to create new services more rapidly and with lower complexity than in the existing public switched telephone network(PSTN). The Session Initiation Protocol (SIP) is a signaling protocol that creates, modifies and terminates associations between Internet end systems, including conferences and point-to-point calls. SIP supports unicast, mesh and multicast conferences, as well as combinations of these modes. SIP implements services such as call forwarding and transfer, placing calls on hold, camp-on and call queueing by a small set of call handling primitives. SIP implementations can re-use parts of other Internet service protocols such as HTTP and the Real-Time Stream Protocol (RTSP). In this paper, we describe SIP, and show how its basic primitives can be used to construct a wide range of telephony services

    Host Identity Protocol-based Network Address Translator traversal in peer-to-peer environments

    Get PDF
    Osoitteenmuuntajat aiheuttavat ongelmia vertaisverkkojen yhteyksien luomiselle. Myös koneen identiteetti protokolla (HIP) kÀrsii osoitteenmuuntajien aiheuttamista ongelmista, mutta sopivilla laajennuksilla sitÀ voidaan kÀyttÀÀ yleisenÀ osoitteenmuuntajien lÀpÀisymenetelmÀnÀ. Interaktiivinen yhteyden luominen (ICE) on tehokas osoitteenmuuntajien lÀpÀisymenetelmÀ, joka toimii monissa erilaisissa tilanteissa. TÀmÀn diplomityön tavoitteena on mahdollistaa HIP-pohjainen osoitteenmuuntajien lÀpÀisy kÀyttÀmÀllÀ ICE-menetelmÀÀ, ja arvioida menetelmÀn toimivuutta implementoinnin ja mittausten avulla. Implementoimme ICE-prototyypin ja testasimme sitÀ eri tyyppisten osoitteenmuuntajien kanssa. KÀytimme mittauksissa verkkoa, jossa kaksi isÀntÀkonetta olivat eri aliverkoissa, ja suoritimme ICE-yhteystestejÀ nÀiden koneiden vÀlillÀ. Mittasimme testeissÀ lÀhetettyjen viestien ja tavujen mÀÀrÀn sekÀ kÀytetyn ajan. Mittaustulosten perusteella laskimme myös arvion ICE:n ja HIP:in aiheuttamalle ylimÀÀrÀisten viestien ja ajankÀytön mÀÀrÀlle. ICE onnistui luomaan yhteyden kaikissa testaamissamme tilanteissa, mutta kÀytti vÀlillÀ enemmÀn viestejÀ ja aikaa kuin olisi tarpeen. Selvitimme työssÀ syyt ylimÀÀrÀisille viesteille ja esitimme keinoja viestien mÀÀrÀn vÀhentÀmiselle. Saimme myös selville, ettÀ suuressa osassa tilanteista 4-5 yhteystestiviestiÀ riittÀÀ yhteyden luomiseksi, mutta tietynlaista osoitteenmuunnosta kÀyttÀvÀt osoitteenmuuntajat voivat helposti tuplata viestien mÀÀrÀn. Joka tapauksessa, yhteystestien luomat liikennemÀÀrÀt ovat vÀhÀisiÀ, ja kÀyttÀmÀllÀ lyhyempiÀ ajastinaikoja kuin mitÀ ICE spesifikaatio ehdottaa, voidaan ICE:n tehokkuutta kasvattaa merkittÀvÀsti. KÀyttÀmÀllÀ HIP:iÀ ICE:n kanssa vertaisverkko-ohjelmat voivat saada kÀyttöönsÀ tehokkaan osoitteenmuuntajien lÀpÀisymenetelmÀn, joka tukee myös yhteyden turvaominaisuuksia, mobiliteettia, sekÀ useita yhtÀaikaisia verkkoliitÀntöjÀ.Network Address Translators (NATs) cause problems when peer-to-peer (P2P) connections are created between hosts. Also the Host Identity Protocol (HIP) has problems traversing NATs but, with suitable extensions, it can be used as a generic NAT traversal solution. The Interactive Connectivity Establishment (ICE) is a robust NAT traversal mechanism that can enable connectivity in various NAT scenarios. The goal of this thesis is to enable HIP-based NAT traversal using ICE and to evaluate the applicability of the approach by implementation and measurements. We implemented an ICE prototype and tested it with different types of NATs. We used a network where two hosts were in different subnets and run ICE connectivity checks between them. The amount of messages and bytes sent during the process, and also how long the process took, was measured and analyzed. Based on the measurements, we calculated the overhead of using HIP with ICE for NAT traversal. ICE was able to create a connection in all the scenarios, but sometimes using more messages and longer time than expected or necessary. We found reasons why too many messages are exchanged and presented solutions on how some of these redundant messages could be avoided. We also found out that while 4-5 connectivity check messages are enough in many scenarios, NATs with specific address mapping behavior can easily double the amount of needed checks. Still, the generated traffic bitrate is modest, and using shorter timeout values than what the ICE specification suggests can have a significant positive impact on performance. By using HIP with ICE, P2P programs can get an efficient NAT traversal solution that additionally supports security, mobility and multihoming

    Toward the PSTN/Internet Inter-Networking--Pre-PINT Implementations

    Get PDF
    This document contains the information relevant to the development of the inter-networking interfaces underway in the Public Switched Telephone Network (PSTN)/Internet Inter-Networking (PINT) Working Group. It addresses technologies, architectures, and several (but by no means all) existing pre-PINT implementations of the arrangements through which Internet applications can request and enrich PSTN telecommunications services. The common denominator of the enriched services (a.k.a. PINT services) is that they combine the Internet and PSTN services in such a way that the Internet is used for non-voice interactions, while the voice (and fax) are carried entirely over the PSTN. One key observation is that the pre-PINT implementations, being developed independently, do not inter-operate. It is a task of the PINT Working Group to define the inter-networking interfaces that will support inter-operation of the future implementations of PINT services

    Security for the signaling plane of the SIP protocol

    Get PDF
    VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

    Options for Securing RTP Sessions

    Get PDF
    The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism
    • 

    corecore