Improving ICE Service Selection in a P2P System using the Gradient Topology

GS

A Survey on Handover Management in Mobility Architectures

This work presents a comprehensive and structured taxonomy of available techniques for managing the handover process in mobility architectures. Representative works from the existing literature have been divided into appropriate categories, based on their ability to support horizontal handovers, vertical handovers and multihoming. We describe approaches designed to work on the current Internet (i.e. IPv4-based networks), as well as those that have been devised for the "future" Internet (e.g. IPv6-based networks and extensions). Quantitative measures and qualitative indicators are also presented and used to evaluate and compare the examined approaches. This critical review provides some valuable guidelines and suggestions for designing and developing mobility architectures, including some practical expedients (e.g. those required in the current Internet environment), aimed to cope with the presence of NAT/firewalls and to provide support to legacy systems and several communication protocols working at the application layer

Security aspects in voice over IP systems

Security has become a major concern with the rapid growth of interest in the internet. This project deals with the security aspects of VoIP systems. Various supporting protocols and technologies are considered to provide solutions to the security problems. This project stresses on the underlying VoIP protocols like Session Initiation Protocol (SIP), Secure Real-time Transport Procotol (SRTP), H.323 and Media Gateway Control Protocol (MGCP). The project further discusses the Network Address Translation (NAT) devices and firewalls that perform NAT. A firewall provides a point of defense between two networks. This project considers issues regarding the firewalls and the problems faced in using firewalls for VoIP; it further discusses the solutions about how firewalls can be used in a more secured way and how they provide security

Agent-based approach for cross-subnet communication

Projecte realitzat mitjançant programa de mobilitat. TECHNISCHE UNIVERSITÄT BERLIN. FAKULTÄT IV - ELEKTROTECHNIK UND INFORMATIKThe establishment of point-to-point connections between hosts behind NAT boxes have been always a problem due to the problem with the private IP addresses and NAT rewalls. To solve this problem, there are di erent techniques to make possible that hosts behind NAT boxes can establish a point-to-point connection rounding NAT rewalls and using solutions to exchange their IPs. The goal of this thesis is to present an implementation of a communication protocol which establishes a communication between agents that are behind NAT boxes avoiding all the problems that could occur during the communication, such as duplicated IP addresses or host unreachable errors and introduce to the reader some related work about NAT traversal. There is also in this thesis a little introduction to the existing techniques used to round a NAT rewall and the explanation of why we use NAT boxes even though they sometimes are a problem

Evidences Behind Skype Outage

Skype is one of the most successful VoIP application in the current Internet spectrum. One of the most peculiar characteristics of Skype is that it relies on a P2P infrastructure for the exchange of signaling information amongst active peers. During August 2007, an unexpected outage hit the Skype overlay, yielding to a service blackout that lasted for more than two days: this paper aims at throwing light to this event. Leveraging on the use of an accurate Skype classification engine, we carry on an experimental study of Skype signaling during the outage. In particular, we focus on the signaling traffic before, during and after the outage, in the attempt to quantify interesting properties of the event. While it is very difficult to gather clear insights concerning the root causes of the breakdown itself, the collected measurement allow nevertheless to quantify several interesting aspects of the outage: for instance, measurements show that the outage caused, on average, a 3-fold increase of signaling traffic and a 10-fold increase of number of contacted peers, topping to more than 11 million connections for the most active node in our network - which immediately gives the feeling of the extent of the phenomeno

Design and development of a software architecture for seamless vertical handover in mobile communications

In this work I firstly present an overview on current wireless technology and network mobility focusing on challenges and issues which arise when mobile nodes migrate among different access networks, while employing real-time communications and services. In literature many solutions propose different methods and architectures to enhance vertical handover, the process of transferring a network communication between two technologically different points of attachment. After an extensive review of such solutions this document describes my personal implementation of a fast vertical handover mechanism for Android smartphones. I also performed a reliability and performance comparison between the current Android system and my enhanced architecture which have both been tested in a scenario where vertical handover was taking place between WiFi and cellular network while the mobile node was using video streaming services. Results show the approach of my implementation to be promising, encouraging future works, some of which are suggested at the end of this dissertation together with concluding remarks

A comparative study of RTC applications

Real-Time Communication (RTC) applications have become ubiquitous and are nowadays fundamental for people to communicate with friends and relatives, as well as for enterprises to allow remote working and save travel costs. Countless competing platforms differ in the ease of use, features they implement, supported user equipment and targeted audience (consumer of business). However, there is no standard protocol or interoperability mechanism. This picture complicates the traffic management, making it hard to isolate RTC traffic for prioritization or obstruction. Moreover, undocumented operation could result in the traffic being blocked at firewalls or middleboxes. In this paper, we analyze 13 popular RTC applications, from widespread consumer apps, like Skype and Whatsapp, to business platforms dedicated to enterprises - Microsoft Teams and Webex Teams. We collect packet traces under different conditions and illustrate similarities and differences in their use of the network. We find that most applications employ the well-known RTP protocol, but we observe a few cases of different (and even undocumented) approaches. The majority of applications allow peer-to-peer communication during calls with only two participants. Six of them send redundant data for Forward Error Correction or encode the user video at different bitrates. In addition, we notice that many of them are easy to identify by looking at the destination servers or the domain names resolved via DNS. The packet traces we collected, along with the metadata we extract, are made available to the community

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

A collaborative P2P Scheme for NAT Traversal Server discovery based on topological information

In the current Internet picture more than 70% of the hosts are located behind Network Address Translators (NATs). This is not a problem for the client/server paradigm. However, the Internet has evolved, and nowadays the largest portion of the traffic is due to peer-to-peer (p2p) applications. This scenario presents an important challenge: two hosts behind NATs (NATed hosts) cannot establish direct communications. The easiest way to solve this problem is by using a third entity, called Relay, that forwards the traffic between the NATed hosts. Although many efforts have been devoted to avoid the use of Relays, they are still needed in many situations. Hence, the selection of a suitable Relay becomes critical to many p2p applications. In this paper, we propose the Gradual Proximity Algorithm (GPA): a simple algorithm that guarantees the selection of a topologically close-by Relay. We present a measurement-based analysis, showing that the GPA minimizes both the delay of the relayed communication and the transit traffic generated by the Relay, being a QoS-aware and ISP-friendly solution. Furthermore, the paper presents the Peer-to-Peer NAT Traversal Architecture (P2P-NTA), which is a global, distributed and collaborative solution, based on the GPA. This architecture addresses the Relay discovery/selection problem. We have performed large-scale simulations based on real measurements, which validate our proposal. The results demonstrate that the P2P-NTA performs similarly to direct communications with reasonably large deployments of p2p applications. In fact, only 5% of the communications experience an extra delay that may degrade the QoS due to the use of Relays. Furthermore, the amount of extra transit traffic generated is only 6%. We also show that the P2P-NTA largely outperforms other proposals, where the QoS degradation affects up to more than 50% of the communications, and the extra traffic generated goes beyond 80%.This work has been partially funded by the Grants MEDIANET (S2009/TIC-1466) from the Regional Government of Madrid and CON-PARTE (TEC2007-67966-C03- 03) by the Ministry of Science and Innovation of Spain.Publicad