IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

Emergency services are vital services that Next Generation Networks (NGNs) have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs, 3GPP has carried the burden of specifying a standardized IMS-based emergency services framework. Unfortunately, like any other IP-based standards, the IMS-based emergency service framework is prone to Distributed Denial of Service (DDoS) attacks. We propose in this work, a simple but efficient solution that can prevent certain types of such attacks by creating firewall pinholes that regular clients will surely be able to pass in contrast to the attackers clients. Our solution was implemented, tested in an appropriate testbed, and its efficiency was proven.Comment: 17 Pages, IJNGN Journa

Mobility Management in beyond 3G-Environments

Beyond 3G-environments are typically defined as environments that integrate different wireless and fixed access network technologies. In this paper, we address IP based Mobility Management (MM) in beyond 3G-environments with a focus on wireless access networks, motivated by the current trend of WiFi, GPRS, and UMTS networks. The GPRS and UMTS networks provide countrywide network access, while the WiFi networks provide network access in local areas such as city centres and airports. As a result, mobile end-users can be always on-line and connected to their preferred network(s), these network preferences are typically stored in a user profile. For example, an end-user who wishes to be connected with highest bandwidth could be connected to a WiFi network when available and fall back to GPRS when moving outside the hotspot area.\ud In this paper, we consider a combination of MM for legacy services (like web browsing, telnet, etc.) using Mobile IP and multimedia services using SIP. We assume that the end-user makes use of multi-interface terminals with the capability of selecting one or more types of access networks\ud based on preferences. For multimedia sessions, like VoIP or streaming video, we distinguish between changes in network access when the end-user is in a session or not in a session. If the end-user is not in a session, he or she needs to be able to start new sessions and receive invitations for new sessions. If the end-user is in a session, the session needs to be handed over to the new access network as seamless as possible from the perspective of the end-user. We propose an integrated but flexible solution to these problems that facilitates MM with a customizable transparency to applications and end-users

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism