Telephony Denial of Service Defense at Data Plane (TDoSD@DP)

The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.Final Accepted Versio

Modernizing National Numbering Plan on NGN Platform - Hungarian Case Study

The intensive technological development of the last years brought the overall acceptance of an IP based network and services vision based on the NGN. The realization of the NGN vision, the decision on the migration to NGN sets regulatory tasks, especially in the area of numbering and addressing. The utilization of the opportunities provided by the NGN platform requires the use of IP addresses and names in the core network, the role of the E.164 numbers is taken over by IP addresses. However in case of voice services the identification of end-user access points will remain by the use of E.164 numbers. Migration to NGN doesn't require directly the change of the subscribers' phone number; however the NGN enables among others the implementation of national number portability for fixed telephone service. The opportunities can be realized by using uniform domestic number length and dialling method, practically closed numbering. The introduction of a 9-digit uniform, closed domestic numbering provides a consistent solution for the deficiencies of the present Hungarian numbering plan, too. Recently it can be reached in single step so that the present 9-digit domestic numbers and the short codes remain unchanged, the 8-digit domestic numbers are completed to 9-digit by the insertion of an appropriate digit, as well as the present and new numbering schemes can be in operation simultaneously. --

Minimization of Handoff Failure Probability for Next-Generation Wireless Systems

During the past few years, advances in mobile communication theory have enabled the development and deployment of different wireless technologies, complementary to each other. Hence, their integration can realize a unified wireless system that has the best features of the individual networks. Next-Generation Wireless Systems (NGWS) integrate different wireless systems, each of which is optimized for some specific services and coverage area to provide ubiquitous communications to the mobile users. In this paper, we propose to enhance the handoff performance of mobile IP in wireless IP networks by reducing the false handoff probability in the NGWS handoff management protocol. Based on the information of false handoff probability, we analyze its effect on mobile speed and handoff signaling delay.Comment: 16 Page

Internames: a name-to-name principle for the future Internet

We propose Internames, an architectural framework in which names are used to identify all entities involved in communication: contents, users, devices, logical as well as physical points involved in the communication, and services. By not having a static binding between the name of a communication entity and its current location, we allow entities to be mobile, enable them to be reached by any of a number of basic communication primitives, enable communication to span networks with different technologies and allow for disconnected operation. Furthermore, with the ability to communicate between names, the communication path can be dynamically bound to any of a number of end-points, and the end-points themselves could change as needed. A key benefit of our architecture is its ability to accommodate gradual migration from the current IP infrastructure to a future that may be a ubiquitous Information Centric Network. Basic building blocks of Internames are: i) a name-based Application Programming Interface; ii) a separation of identifiers (names) and locators; iii) a powerful Name Resolution Service (NRS) that dynamically maps names to locators, as a function of time/location/context/service; iv) a built-in capacity of evolution, allowing a transparent migration from current networks and the ability to include as particular cases current specific architectures. To achieve this vision, shared by many other researchers, we exploit and expand on Information Centric Networking principles, extending ICN functionality beyond content retrieval, easing send-to-name and push services, and allowing to use names also to route data in the return path. A key role in this architecture is played by the NRS, which allows for the co-existence of multiple network "realms", including current IP and non-IP networks, glued together by a name-to-name overarching communication primitive.Comment: 6 page