Dynamic Exposure Control in P2PSIP Networks

Voice over IP services have undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of dedicated signaling protocols. They offer new opportunities, in particular in the context of peer-to-peer networks. However they are exposed to multiple security attacks due to a lower confinement in comparison to traditional networks. Protection mechanisms are available, but may significantly impact the service performance. We propose in this paper a risk management strategy for dynamically adapting the exposure of P2PSIP networks. We describe the underlying mechanisms for mitigating risks based on a portfolio of countermeasures. We also detail the mathematical modeling which supports our solution based on the analysis of a case study. Finally we quantify the benefits and limits of this approach through an extensive set of experiments performed with the OMNET++ simulator

WebNSM a novel scalable WebRTC signalling mechanism for many-to-many video conferencing

There is a strong focus on the use of Web Real-Time Communication (WebRTC) for many-to-many video conferencing, while the IETF working group has left the signalling issue on the application layer. The main aim of this paper is to create a novel scalable WebRTC signalling mechanism called WebNSM for many-to-many (bi-directional) video conferencing. WebNSM was designed for unlimited users over the mesh topology based on Socket.io (API) mechanism. A real implementation was achieved via LAN and WAN networks, including the evaluation of bandwidth consumption, CPU performance, memory usage, maximum links and RTPs calculation; and Quality of Experience (QoE). In addition, this application supplies video conferencing on different browsers without having to download additional software or user registration. The results present a novel signalling mechanism among various users, devices and networks to open one or multi rooms at the same time using the same server, determine room initiator to keep the session active even if the initiator or another peer leaves, sharing new user with current participants, etc. Moreover, this experiment highlights the limitations of CPU performance, bandwidth consumption and using mesh topology for WebRTC video conferencing

Designing and prototyping WebRTC and IMS integration using open source tools

WebRTC, or Web Real-time Communications, is a collection of web standards that detail the mechanisms, architectures and protocols that work together to deliver real-time multimedia services to the web browser. It represents a significant shift from the historical approach of using browser plugins, which over time, have proven cumbersome and problematic. Furthermore, it adopts various Internet standards in areas such as identity management, peer-to-peer connectivity, data exchange and media encoding, to provide a system that is truly open and interoperable. Given that WebRTC enables the delivery of multimedia content to any Internet Protocol (IP)-enabled device capable of hosting a web browser, this technology could potentially be used and deployed over millions of smartphones, tablets and personal computers worldwide. This service and device convergence remains an important goal of telecommunication network operators who seek to enable it through a converged network that is based on the IP Multimedia Subsystem (IMS). IMS is an IP-based subsystem that sits at the core of a modern telecommunication network and acts as the main routing substrate for media services and applications such as those that WebRTC realises. The combination of WebRTC and IMS represents an attractive coupling, and as such, a protracted investigation could help to answer important questions around the technical challenges that are involved in their integration, and the merits of various design alternatives that present themselves. This thesis is the result of such an investigation and culminates in the presentation of a detailed architectural model that is validated with a prototypical implementation in an open source testbed. The model is built on six requirements which emerge from an analysis of the literature, including previous interventions in IMS networks and a key technical report on design alternatives. Furthermore, this thesis argues that the client architecture requires support for web-oriented signalling, identity and call handling techniques leading to a potential for IMS networks to natively support these techniques as operator networks continue to grow and develop. The proposed model advocates the use of SIP over WebSockets for signalling and DTLS-SRTP for media to enable one-to-one communication and can be extended through additional functions resulting in a modular architecture. The model was implemented using open source tools which were assembled to create an experimental network testbed, and tests were conducted demonstrating successful cross domain communications under various conditions. The thesis has a strong focus on enabling ordinary software developers to assemble a prototypical network such as the one that was assembled and aims to enable experimentation in application use cases for integrated environments

Computer Science's Digest Volume 1

This series is dedicated to the students of the Systems Department, to give them reading material related to computer science in a second language. This book covers the Introduction to Computer Science, Computer Communications, Networking and Web Applications

Efficient service discovery in wide area networks

Living in an increasingly networked world, with an abundant number of services available to consumers, the consumer electronics market is enjoying a boom. The average consumer in the developed world may own several networked devices such as games consoles, mobile phones, PDAs, laptops and desktops, wireless picture frames and printers to name but a few. With this growing number of networked devices comes a growing demand for services, defined here as functions requested by a client and provided by a networked node. For example, a client may wish to download and share music or pictures, find and use printer services, or lookup information (e.g. train times, cinema bookings). It is notable that a significant proportion of networked devices are now mobile. Mobile devices introduce a new dynamic to the service discovery problem, such as lower battery and processing power and more expensive bandwidth. Device owners expect to access services not only in their immediate proximity, but further afield (e.g. in their homes and offices). Solving these problems is the focus of this research. This Thesis offers two alternative approaches to service discovery in Wide Area Networks (WANs). Firstly, a unique combination of the Session Initiation Protocol (SIP) and the OSGi middleware technology is presented to provide both mobility and service discovery capability in WANs. Through experimentation, this technique is shown to be successful where the number of operating domains is small, but it does not scale well. To address the issue of scalability, this Thesis proposes the use of Peer-to-Peer (P2P) service overlays as a medium for service discovery in WANs. To confirm that P2P overlays can in fact support service discovery, a technique to utilise the Distributed Hash Table (DHT) functionality of distributed systems is used to store and retrieve service advertisements. Through simulation, this is shown to be both a scalable and a flexible service discovery technique. However, the problems associated with P2P networks with respect to efficiency are well documented. In a novel approach to reduce messaging costs in P2P networks, multi-destination multicast is used. Two well known P2P overlays are extended using the Explicit Multi-Unicast (XCAST) protocol. The resulting analysis of this extension provides a strong argument for multiple P2P maintenance algorithms co-existing in a single P2P overlay to provide adaptable performance. A novel multi-tier P2P overlay system is presented, which is tailored for service rich mobile devices and which provides an efficient platform for service discovery

Quality of service, security and trustworthiness for network slices

(English) The telecommunications' systems are becoming much more intelligent and dynamic due to the expansion of the multiple network types (i.e., wired, wireless, Internet of Things (IoT) and cloud-based networks). Due to this network variety, the old model of designing a specific network for a single purpose and so, the coexistence of different and multiple control systems is evolving towards a new model in which the use of a more unified control system is able to offer a wide range of services for multiple purposes with different requirements and characteristics. To achieve this situation, the networks have become more digital and virtual thanks to the creation of the Software-Defined Networking (SDN) and the Network Function Virtualization (NFV).Network Slicing takes the strengths from these two technologies and allows the network control systems to improve their performance as the services may be deployed and their interconnection configured through multiple-transport domains by using NFV/SDN tools such as NFV-Orchestrators (NFV-O) and SDN Controllers. This thesis has the main objective to contribute to the state of the art of Network Slicing, with a special focus on security aspects towards the architectures and processes to deploy, monitor and enforce secured and trusted resources to compose network slices. Finally, this document is structured in eight chapters: Chapter 1 provides the motivation and objectives of this thesis which describes to where this thesis contributes and what it was expected to study, evaluate and research. Chapter 2 presents the background necessary to understand the following chapters. This chapter presents a state of the art with three clear sections: 1) the key technologies necessary to create network slices, 2) an overview about the relationship between Service Level Agreements (SLAs) and network slices with a specific view on Security Service Level Agreements (SSLAs), and, 3) the literature related about distributed architectures and systems and the use of abstraction models to generate trust, security, and avoid management centralization. Chapter 3 introduces the research done associated to Network Slicing. First with the creation of network slices using resources placed multiple computing and transport domains. Then, this chapter illustrates how the use of multiple virtualization technologies allows to have more efficient network slices deployments and where each technology fits better to accomplish the performance improvements. Chapter 4 presents the research done about the management of network slices and the definition of SLAs and SSLAs to define the service and security requirements to accomplish the expected QoS and the right security level. Chapter 5 studies the possibility to change at certain level the trend to centralise the control and management architectures towards a distributed design. Chapter 6 follows focuses on the generation of trust among service resources providers. This chapter first describes how the concept of trust is mapped into an analytical system and then, how the trust management among providers and clients is done in a transparent and fair way. Chapter 7 is devoted to the dissemination results and presents the set of scientific publications produced in the format of journals, international conferences or collaborations. Chapter 8 concludes the work and outcomes previously presented and presents possible future research.(Català) Els sistemes de telecomunicacions s'estan tornant molt més intel·ligents i dinàmics degut a l'expansió de les múltiples classes de xarxes (i.e., xarxes amb i sense fils, Internet of Things (IoT) i xarxes basades al núvol). Tenint en consideració aquesta varietat d'escenaris, el model antic de disseny d'una xarxa enfocada a una única finalitat i, per tant, la una coexistència de varis i diferents sistemes de control està evolucionant cap a un nou model en el qual es busca unificar el control cap a un sistema més unificat capaç d'oferir una amplia gama de serveis amb diferents finalitats, requeriments i característiques. Per assolir aquesta nova situació, les xarxes han hagut de canviar i convertir-se en un element més digitalitzat i virtualitzat degut a la creació de xarxes definides per software i la virtualització de les funcions de xarxa (amb anglès Software-Defined Networking (SDN) i Network Function Virtualization (NFV), respectivament). Network Slicing fa ús dels punts forts de les dues tecnologies anteriors (SDN i NFV) i permet als sistemes de control de xarxes millorar el seu rendiment ja que els serveis poden ser desaplegats i la seva interconnexió a través de múltiples dominis de transport configurada fent servir eines NFV/SDN com per exemple orquestradors NFV (NFV-O) i controladors SDN. Aquesta tesi té com a objectiu principal, contribuir en diferents aspectes a la literatura actual al voltant de les network slices. Més concretament, el focus és en aspectes de seguretat de cara a les arquitectures i processos necessaris per desplegar, monitoritzar i aplicar recursos segurs i fiables per generar network slices. Finalment, el document es divideix en 8 capítols: El Capítol 1correspon a la introducció de la temàtica principal, la motivació per estudiar-la i els objectius plantejats a l'inici dels estudis de doctorat. El Capítol 2 presenta un recull d'elements i exemples en la literatura actual per presentar els conceptes bàsics i necessaris en relació a les tecnologies NFV, SDN i Network Slicing. El Capítol 3 introdueix el lector a les tasques i resultats obtinguts per l'estudiant respecte l'ús de network slices enfocades en escenaris amb múltiples dominis de transport i posteriorment en la creació i gestió de network slices Híbrides que utilitzen diferents tecnologies de virtualització. El Capítol 4 s'enfoca en l'ús d’eines de monitorització tant en avaluar i assegurar que es compleixen els nivells esperats de qualitat del servei i sobretot de qualitat de seguretat de les network slices desplegades. Per fer-ho s'estudia l'ús de contractes de servei i de seguretat, en anglès: Service Level Agreements i Security Service Level Agreements. El Capítol 5 estudia la possibilitat de canviar el model d'arquitectura per tal de no seguir centralitzant la gestió de tots els dominis en un únic element, aquest capítol presenta la feina feta en l'ús del Blockchain com a eina per canviar el model de gestió de recursos de múltiples dominis cap a un punt de vista cooperatiu i transparent entre dominis. El Capítol 6 segueix el camí iniciat en el capítol anterior i presenta un escenari en el qual a part de tenir múltiples dominis, també tenim múltiples proveïdors oferint un mateix servei (multi-stakeholder). En aquest cas, l'objectiu del Blockchain passa a ser la generació, gestió i distribució de paràmetres de reputació que defineixin un nivell de fiabilitat associat a cada proveïdor. De manera que, quan un client vulgui demanar un servei, pugui veure quins proveïdors són més fiables i en quins aspectes tenen millor reputació. El Capítol 7 presenta les tasques de disseminació fetes al llarg de la tesi. El Capítol 8 finalitza la tesi amb les conclusions finals.Postprint (published version

Improving Fuzz Testing using Game Theory

International audienceWe propose a game theoretical model for fuzz testing, consisting in generating unexpected input to search for software vulnerabilities. As of today, no performance guarantees or assessment frameworks for fuzzing exist. Our paper addresses these issues and describes a simple model that can be used to assess and identify optimal fuzzing strategies, by leveraging game theory. In this context, payoff functions are obtained using a tainted data analysis and instrumentation of a target application to assess the impact of different fuzzing strategies

Study and implementation of a real time online football game for mobile devices

The main goal of this project is extracting an optimized system to do a sensible application to delay loses and jitter in a wireless environment. This system will be used in a football game for mobile devices with maximum two players per game

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200