Global ETD Search

1	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) <p>Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system.</p><p>Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session.</p><p>This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. <em>without</em> the possibility of undetectable fabrication of<em><strong> </strong></em>session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.</p> Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
2	Key Agreement for Secure Voice over IP Bilien, Johan January 2003 (has links) This thesis reviews the usual properties and requirements for key agreement protocols. It then focuses on MIKEY, a work-in-progress protocol designed to conduct key agreements for secure multimedia exchanges. The protocol was implemented and incorporated in a SIP user agent - minisip. This implementation was used to measure the additional delay required for key exchange during call establishment. Finally, some schemes are proposed regarding the use of MIKEY in advanced VoIP scenarios, such as conferences and terminal mobility. voice over IP MIKEY multimedia key exchange Communication Systems Kommunikationssystem
3	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system. Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session. This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. without the possibility of undetectable fabrication of session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
4	Bootstrapping Secure Multicast using Kerberized Multimedia Internet Keying Woo, Jeffrey Lok Tin January 2012 (has links) We address bootstrapping secure multicast in enterprise and public-safety settings. Our work is motivated by the fact that secure multicast has important applications in such settings, and that the application setting significantly influences the design of security systems and protocols. This document presents and analyzes two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY). The two designs are denoted to be KM1 and KM2 . The main aspect in which the objective impacts the design is the assumption of an additional trusted third party (called a Key Server) that is the final arbiter on whether a principal is authorized to receive a key. Secure composition can be a challenge, and therefore the designs were kept to be simple so they have intuitive appeal. Notwithstanding this, it was recognized that even simple, seemingly secure protocols can have flaws. Two main security properties of interest called safety and avail- ability were articulated. A rigorous analysis of KM1 and KM2 was conducted using Protocol Composition Logic (PCL), a symbolic approach to analyzing security protocols, to show that the designs have those properties. The value of the analysis is demonstrated by a possible weakness in KM1 that was discovered which lead to the design of KM2 . A prototype of KM1 and KM2 was implemented starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. This document also discusses the experience from the implementation, and present empirical results which demonstrate the inherent trade-off between security and performance in the design of KM1 and KM2 . MIKEY Kerberos Multicast Security Multimedia Internet Keying Protocol Composition Logic Electrical and Computer Engineering
5	Bootstrapping Secure Multicast using Kerberized Multimedia Internet Keying Woo, Jeffrey Lok Tin January 2012 (has links) We address bootstrapping secure multicast in enterprise and public-safety settings. Our work is motivated by the fact that secure multicast has important applications in such settings, and that the application setting significantly influences the design of security systems and protocols. This document presents and analyzes two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY). The two designs are denoted to be KM1 and KM2 . The main aspect in which the objective impacts the design is the assumption of an additional trusted third party (called a Key Server) that is the final arbiter on whether a principal is authorized to receive a key. Secure composition can be a challenge, and therefore the designs were kept to be simple so they have intuitive appeal. Notwithstanding this, it was recognized that even simple, seemingly secure protocols can have flaws. Two main security properties of interest called safety and avail- ability were articulated. A rigorous analysis of KM1 and KM2 was conducted using Protocol Composition Logic (PCL), a symbolic approach to analyzing security protocols, to show that the designs have those properties. The value of the analysis is demonstrated by a possible weakness in KM1 that was discovered which lead to the design of KM2 . A prototype of KM1 and KM2 was implemented starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. This document also discusses the experience from the implementation, and present empirical results which demonstrate the inherent trade-off between security and performance in the design of KM1 and KM2 . MIKEY Kerberos Multicast Security Multimedia Internet Keying Protocol Composition Logic Electrical and Computer Engineering
6	Secure data and voice over wireless networks in disaster and emergency response Vu Hoang, Tung January 2005 (has links) Communication is often limited in a disaster area and other emergency situations where no infrastructure exists or existing infrastructure has been destroyed. This makes its difficult for relief workers in the field to communicate with one another and with their home head office. Ericsson Response has developed a Wireless LAN in Disaster and Emergency Response (WIDER) solution. WIDER is based on broadband Wireless LAN internetworking to satellite and GSMnetworks. The WIDER solution has identified ways for organizations to share their communication infrastructure, and information in a secure and cost effective manner during an emergency response operation. Data over WIDER needs to be secured to prevent from unauthorized access to sensitive information of relief organizations. VoIP calls should be protected against eavesdropping. The thesis investigated how to enhance security solution in WIDER and implement a secure VoIP client. Measurements of the performance of WIDER and the total delay of VoIP over satellite were used to estimate the capability of WIDER before deployment in the field. / Kommunikation är ofta begränsad i katastrofområden och andra nödsituationer där infrastruktur saknas eller har blivit förstörd. Det gör det svårt för fältarbetande personal att kommunicera, både med varandra och centraliserade kontor. Ericsson Response har utvecklat en lösning kallad "Wireless LAN in Disaster and Emergency Response" (WIDER). WIDER använder trådlöst LAN och är en bredbandsbaserad internetteknik mot satelit- och GSM-nätverk. WIDER har identifierat lösningar för organisationer att dela deras infrastruktur för kommunikation och information på ett säkert och kostnatseffektivt sätt vid nödsituationer. Informationen som skickas via WIDER behöver bli skyddad för att förhindra oaktorisierad tillgång till känslig information. VoIP förhindrar obehöriga att avlyssna trafiken. Examensarbetet har undersökt den utökade säkerhetslösningen för WIDER och har implementerat en säker VoIP-klient. Mätningar av prestanda hos WIDER och den fördröjning som sker med VoIP över satelitlänk användes för att estimera WIDERs kapacitet innan systemet används i fält. Disaster Response WIDER SIP SRTP MIKEY VoWLAN Satellite Communication Systems Kommunikationssystem
7	Lawful Interception and Countermeasures : In the era of Internet Telephony Evripidis, Romanidis January 2008 (has links) Lawful interception and the way it is performed have played a significant role in the effectiveness of this type of communication monitoring. Although the secrecy of interception and the related equipment are supposed to provide correct information to a law enforcement agency, there are some countermeasures that can be taken by the subject that can seriously undermine the collection of correct and accurate data. This thesis project attempts to identify the problems that exist for interception of telephony (be it fixed, mobile, or via the Internet). Moreover, there are some suggestions for improvements how lawful interception should be performed in order to avoid possible attacks that could decrease the credibility of the intercepted data. Numerous publications (in print or distributed on the Internet) have described weaknesses in the current state of the art lawful interception when using equipment that can be purchased in the market. This thesis presents improvements in how LI can be conducted in order to avoid these vulnerabilities. Additionally, there is a description of the key escrow systems and the possibility of avoiding one of their most significant vulnerabilities. The main problem of the lawful interception is the rapid changes in telecommunications and the complicated architecture of the telecommunication networks, as both make monitoring vulnerable to specific countermeasures. An analysis of how lawful interception can take place and current countermeasures for lawful interception of Internet telephony are vital in order to identify the problems in carrying out such intercepts today and to make suggestions for improvements. This topic is especially relevant given the current Swedish “FRA lagen” regarding interception of electronic communication going into, out of, and through Sweden. Not only is it important to understand how lawful interception can be performed or prevented, but it is also important to understand how information obtained from lawful interception could be purposely misleading or falsified. Lawful interception countermeasures key escrow SRTP/MIKEY digital signatures Communication Systems Kommunikationssystem
8	A Network based Home surveillance/ monitoring system : Router based Deployment and Network Security Song, Zixuan January 2011 (has links) Home surveillance/monitoring systems are widely used nowadays. An intelligent surveillance system can provide multiple functions for uses. The assumption underlying this thesis project is that a home surveillance system can help people manage their homes better. The thesis presents two investigations into an intelligent home surveillance system implementation. First we will focus on the development of a router platform, which can manage the cameras connected to an intelligent home surveillance system. Such a system will include at least one router, one or more cameras. Some of these cameras will be connected by wireless links. Each camera will be dynamically allocated an IP address. The system will manage and control the various elements of the home surveillance/monitoring system via the network. Second, we will examine potential network security solutions, and choose a suitable solution. A key result of this thesis project is that SRTP and MIKEY are suitable for use in a home surveillance/monitoring system and together they provide authentication and privacy for the information from the camera (and potentially other information). This privacy is an important aspect of a home surveillance/monitoring system, since improper use of this information could be damaging to the homeowner’s privacy and personal integrity. Home surveillance/monitoring system router platform development network security SRTP MIKEY. Engineering and Technology Teknik och teknologier
9	Evaluation of VoIP Security for Mobile Devices Nakarmi, Prajwol Kumar January 2011 (has links) Market research reports by In-Stat, Gartner, and the Swedish Post and Telecom Agency (PTS) reveal a growing worldwide demand for Voice over IP (VoIP) and smartphones. This trend is expected to continue over the coming years and there is wide scope for mobile VoIP solutions. Nevertheless, with this growth in VoIP adoption come challenges related with quality of service and security. Most consumer VoIP solution, even in PCs, analog telephony adapters, and home gateways, do not yet support media encryption and other forms of security. VoIP applications based on mobile platforms are even further behind in adopting media security due to a (mis-)perception of more limited resources. This thesis explores the alternatives and feasibility of achieving VoIP security for mobile devices in the realm of the IP Multimedia Subsystem (IMS). VoIP smartphones IMS SIP SRTP MIKEY-TICKET GBA GBA Digest Engineering and Technology Teknik och teknologier
10	Voice over IP in a resource constrained environment Nesh-Nash, Ali January 2006 (has links) Today, the telecommunication world is focused on mobility. This is popular because since the 1990s most people have integrated their mobile phones into their life. A new factor is the rise of the voice over IP(VoIP) technology, with VoIP over Wireless LANs (WLANs) as the clear next growth area for mobile communications. The purpose of this thesis was to understand how to save power based upon changing when some operations are performed in a VoIP client. In order to do this, we decided to port minisip to an HP iPAQ 5500 Personal Digital Assistant (PDA), in order to explore some of the issues of running such a client on a PDA - due to its constraints with regard to storage, processing power, and battery power. Minisip is a SIP open source user agent running on Linux and Windows. This thesis builds upon earlier theses which showed that minisip can offer a secure communications platform with the latest functions which are desired in a mobile personal VoIP system. However, most of these earlier theses utilized desktop, laptop, or server based system, i.e., with few resources constrains. The focus of this thesis was to examine the case of a highly constrained user platform such as an iPAQ. / Dagens telekommunikationssystem fokuserar på mobilitet. Detta har blivit populärt under 90-talet då mobilitet blev naturligt integrerad i människans vardagliga liv i form av exempelvis mobiltelefoner. Voice over IP (VoIP) har blivit en stor del av dagen teknik där trådlösa system Wireless LANs (WLANs) har blivit en större del av mobilkommunikation. Målet med denna rapport är att förstå hur strömförbrukningen kan minimeras genom att utföra vissa operationer med hjälp av en VoIP-klient. För att åstadkomma detta porterade vi minisip, en SIP agent som är baserad på öppen källkod och körs på Linux och Windows, till en HP iPAQ 5500, en så kallad Personal Digital Assistant (PDA). Vi valde PDAn för att kunna utforska de begränsningar den medför i form av lagringsutrymme, processorkapacitet, och batteri. Denna rapport bygger vidare på tidigare rapporter som visar att minisip kan erbjuda en säker kommunikationsplattform med de senaste funktionerna som önskas i mobila VoIPsystem. De flesta av dessa tidigare rapporter baseras på system med få begränsningar rörande resurser såsom stationära- eller bärbara datorer samt serverbaserade system. Denna rapports fokus är att utforska detta fall i en miljö med större begränsningar på resurser som till exempel en iPAQ. Voice over IP porting embedded Pocket PC Windows CE SIP MIKEY Diffie-Hellmann energy Communication Systems Kommunikationssystem

Search results