Global ETD Search

1	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) <p>Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system.</p><p>Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session.</p><p>This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. <em>without</em> the possibility of undetectable fabrication of<em><strong> </strong></em>session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.</p> Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
2	SIP on an Overlay Network Wu, Xiao January 2009 (has links) With the development of mobile (specifically: wide area cellular telephony) technology, users’ requirements have changed from the basic voice service based on circuit switch technology to a desire for high speed packet based data transmission services. Voice over IP (VoIP), a packet based service, is gaining increasing attention due to its high performance and low cost. However, VoIP does not work well in every situation. Today Network address translation (NAT) traversal has become the main obstruction for future VoIP deployment. In this thesis we analyze and compare the existing NAT traversal solutions. Following this, we introduce a VoIP over IPSec (VOIPSec) solution (i.e., a VoIP over IPSec virtual private network (VPN) scheme) and an extended VOIPSec solution mechanism. These two solutions were tested and compared to measure their performance in comparison to a version of the same Session Initiation Protocol (SIP) user agent running without IPSec. In the proposed VOIPSec solution, the IPSec VPN tunnel connects each of the SIP clients to a SIP server, thus making all of the potential SIP participants reachable, i.e., solving the NAT traversal problem. All SIP signaling and media traffic for VoIP calls are transmitted through this prior established tunnel. This VPN tunnel provides the desired universal means for VoIP traffic to traverse NAT equipment. Additionally, the IPSec VPN also guarantees the security of VoIP calls at the IP level. In order to improve the security level of media streams for the VOIPSec solution, we deployed and evaluated an extended VOIPSec solution which provides end-to-end protection of the real time media traffic. In this extended VOIPSec solution, we used SRTP instead of RTP to carry the media content. This extended method was shown to provide all of the advantages of VOIPSec and SRTP without any additional delay for the media traffic (as compared to the VoIPSec solution). Note that the solution proposed in this thesis may be of limited practical importance in the future as more NATs become VoIP capable; but the solution is currently essential for facilitating the increasing deployment of VoIP systems in practice. For VoIP calls that do not need end-to-end security, we recommend the use of the VOIPSec solution as a means to solve the NAT traversal problem and to protect traffic at the IP level. When application to application security is not needed we prefer the VOIPSec solution to the extended VOIPSec solution for the following reasons: (1) our test results show that the time for call setup for the extended VOIPSec solution is twice time the time needed for the VOIPSec solution and the extended VOIPSec solution requires the use of user agents that support SRTP. While, the VOIPSec solution does not require a special user agent and all VoIP clients in the market are compatible with this solution. However, when more SIP user agents add support for SRTP, the extended VOIPSec solution will be applicable for users of these SIP user agents. / Med utvecklingen av mobil (specifikt: wide area cellulär telefoni)-teknik, har användarnas krav ändras från den grundläggande röst-tjänst som bygger på krets kopplad teknik till att vilja ha hög-hastighets paket baserade dataöverföringstjänster. Voice over IP (VoIP) som vinner allt mer uppmärksamhet på grund av sin höga prestanda och låga kostnader är en paket baserad telefon tjänst. Däremot fungerar VoIP inte bra i alla situationer. Network address translation (NAT) har blivit det största hinder för en framtida användning av VoIP. I denna avhandling analyserar vi och jämför nuvarande NAT lösningar. Efter detta inför vi en VoIP över IPSec (VOIPSec) lösning (dvs. ett VoIP över IPSec Virtual Private Network (VPN) system) och en utvidgad VOIPSec lösnings mekanism. Dessa två lösningar testas och jämfördes för att mäta prestationer i förhållande till en version av samma SIP User Agent som körs utan IPSec. I den föreslagna lösningen VOIPSec ansluter IPSec en VPN-tunnel till varje SIP-klient och SIP-server, vilket gör att alla de potentiella SIP deltagarna kan nås, dvs eventuella NAT problem löses. All SIP-signalering och media trafik för VoIP-samtal överförs via denna etablerade tunnel. Denna VPN-tunnel ger allmänna medel för VoIP-trafik att passera NAT utrustningen. Dessutom ger IPSec VPN också garanterad säkerheten för VoIP-samtal på IP-nivå. För att förbättra skyddsnivån för mediaströmmar med VOIPSec, skapade vi och utvärderade en utsträckt VOIPSec lösning som innehåller end-to-end skydd av realtids media trafik. I denna utökade VOIPSec lösning, använde vi SRTP stället för RTP för att bära medieinnehåll. Denna utvidgade metod visade sig ge alla fördelar VOIPSec och SRTP kunde erbjuda utan ytterligare dröjsmål för media trafiken (jämfört med VoIPSec lösningen). Observera att den lösning som föreslås i denna avhandling kan vara av begränsad praktisk betydelse i framtiden då fler NAT lösningar blir VoIP kapabla, men lösningen är idag nödvändigt för att underlätta den ökande användningen av VoIP-system i praktiken. För VoIP-samtal som inte behöver end to end säkerhet rekommenderar vi användning av VOIPSec lösningen som ett sätt att lösa NAT problem och för att skydda trafiken på IP-nivå. När end to end säkerhet inte behövs föredrar vi VOIPSec lösningen av följande skäl: (1) våra testresultat visar att tiden för samtal inställning för det förlängda VOIPSec lösningen är dubbelt den tid som krävs för VOIPSec lösningen och den utökade VOIPSec lösningen kräver användning av användarprogram som stödjer SRTP. Medan VOIPSec lösningen inte kräver en speciell användar agent och alla VoIP-klienter på marknaden är kompatibla med denna lösning. Men när fler SIP användaragenter får stöd för SRTP, kommer den förlängda VOIPSec lösning tillämpas för användare av dessa SIP användarprogram. VOIPSec NAT IPSec SIP SRTP VPN Communication Systems Kommunikationssystem
3	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system. Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session. This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. without the possibility of undetectable fabrication of session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
4	Entwicklung eines JPEG-Dateianalysators Günther, Emanuel 01 October 2021 (has links) Die Arbeit befasst sich mit der Verbesserung und Erweiterung eines bestehenden Softwareprojektes zum Streaming von JPEG-Bildern per RTP. In diesem Projekt werden JPEG-Bilder aus MJPEG-Dateien von einem Server zum Client übertragen. Um eine fehlerfreie Übertragung zu gewährleisten, soll zuvor die Eignung der Dateien für eine solche geprüft werden. Die entsprechenden Anforderungen finden sich in RFC 2435, welcher die Übertragung von JPEG-Bildern per RTP standardisiert. Zur Automatisierung der Überprüfung wurde diese in einem eigenen Programm implementiert. Weitere Verbesserungen wurden hinsichtlich der Ausführbarkeit des Projektes auf verschiedener Hardware getroffen. So wurden interne Algorithmen verbessert, um auch auf schwächerer Hardware einen flüssigen Ablauf zu ermöglichen. Außerdem wurde die Kompatibilität der RTSP-Implementierung im Projekt mit jener im VLC Media Player hergestellt. Zuletzt wurde das Softwareprojekt hinsichtlich der Verschlüsselung der Übertragung erweitert. Die Grundlage dafür legt die Anlayse von Anforderungen an die Verschlüsselung von Mediendaten. Es wurden zwei verschiedene Verfahren betrachtet und implementiert: Zum einen das weitverbreitete SRTP-Protokoll, zum anderen eine eigene JPEG-Verschlüsselung. Anschließend wurde die Komplexität der Entwicklung eines Verschlüsselungsverfahrens gezeigt, indem das selbst ent wickelte Verfahren durch einen Ersetzungsangriff gebrochen wurde. / This work deals with the improvement and extension of an existing software project for streaming JPEG images via RTP. In the project JPEG images are read in from MJPEG files and transmitted from a server to a client. To guarantee a faultless transmission the fitness of the files for transmission should be checked. The corresponding requirements can be found in RFC 2435 in which the transmission of JPEG images via RTP is standardized. An automation of this verification is realized in an own program. Further improvements are done in regard to the executability of the project on different hardware. Internal algorithms are improved to get a smooth execution even on weaker hardware. Additionally the compatibility of the implementation of RTSP in the project with that in the VLC Media Player is established. Finally the software project is extended in terms of the encryption of the transmission. The requirements of media data encryption are analyzed and used as the base for the following considerations. There are two operations which were examined and implemented: On the one hand the SRTP protocoll which is widely used. On the other hand an own JPEG encryption. Following that the complexity of developing an own encryption method is shown by breaking the developed JPEG encryption with a replacement attack. JPEG, JFIF, RTP, SRTP, Verschlüsselung JPEG, JFIF, RTP, SRTP, Encryption info:eu-repo/classification/ddc/004 ddc:004
5	Privacy Ensuring SRTP for Cloud Conferencing Haider, Maria January 2016 (has links) Multimedia conferences held using services provided by clouds owned by third party companies are becoming increasingly popular. While using such services, end users will want to keep their audio/video data private when they pass through the servers situated in the cloud. Application of SRTP (Secure Real-time Transport Protocol) in such use cases fail to provide the desired privacy because it leads to sharing the master keys for encryption and authentication of the media content with the semi trusted media servers of the cloud. As a solution, modifications of SRTP are proposed in this thesis with the result of redesigning the security mechanisms of RTP header extensions and RTCP packets by separating the cryptographic contexts and keying materials for protecting end-to-end sensitive data. A couple of design choices for key management through DTLS-SRTP for Cloud conferencingare also proposed. Moreover, analysis of existing solutions for modifying SRTP packets for cloud conferences have also been carried out in this project. The solutions are found by studying related protocols, understating the problems and analyzing current solutions if there were any. The proposed solutions show different alternatives to solve a specific problem and their tradeoffs in terms of complexity and compatibility with current standards. Network Security Semi trusted cloud conference Server SRTP RTP DTLS-SRTP Communication Systems Kommunikationssystem Engineering and Technology Teknik och teknologier
6	Sécurité d'une application de communication multimédia sous protocole IP dans un contexte médical Bédard, Normand January 2010 (has links) L'application MédiclP est un logiciel de télémédecine permettant à des spécialistes de la santé d'entrer en communication lors de situations d'urgence. Ce prototype, développé depuis 2005, permet des communications audio ainsi que le transfert d'électrocardiogrammes en temps réel. Le scénario typique visé par ce projet était de permettre à une équipe ambulancière qui récupère un blessé sur la route, ou quelqu'un victime d'un malaise cardiaque, d'entrer en contact avec les hôpitaux les plus près afin de déterminer lequel est le plus apte à recevoir adéquatement ce patient. Cette approche permettrait d'améliorer la préparation, la qualité et la rapidité des opérations médicales à l'hôpital lorsque le patient se présente. Le présent projet, SécureMédic, se veut un moyen d'aborder le problème de la sécurité entourant ce prototype, étant donné son utilisation dans un contexte médical. Une analyse de MédicIP a permis d'identifier quatre failles de sécurité critiques reliées aux authentifications usagers, aux établissements des conférences, aux transferts des données audio ainsi qu'aux transferts des électrocardiogrammes. La contribution majeure de ce projet a été la création d'une infrastructure dédiée au processus d'authentification des usagers. Le système développé permet deux types d'authentification, fournissant ainsi un excellent niveau de robustesse. De plus, le serveur principal développé dans cette infrastructure intègre des mesures de protection permettant de minimiser les impacts de certains types d'attaque. Le projet SécureMédic a permis de démontrer la faisabilité de la sécurisation d'une application de télémédecine en utilisant les techniques de protection et les standards actuels de l'industrie. Les résultats de tests comparatifs ont cependant permis de constater que des impacts reliés à la performance ont été engendrés par l'ajout des mesures de sécurité, dus principalement aux ressources requises pour le chiffrement et le déchiffrement des données dans un environnement multimédia temps réel. Bien qu'il soit encore trop tôt pour envisager le déploiement du système actuel dans le milieu de la santé, les projets MédicIP et SécureMédic sont un pas dans la bonne direction. Le prototype actuel répond aux exigences techniques voulues, répond à un besoin bien réel et est parmi les premières solutions concrètes à démontrer la faisabilité d'un tel système. D'ici quelques années, l'apparition de solutions similaires est assurée. SRTP TLS SIP Conférence multimédia sécurisée PKI Infrastructure à clés publiques Télémédecine
7	Metody zabezpečení IP PBX proti útokům a testování odolnosti / Securing IP PBX against attacks and resistance testing Kakvic, Martin January 2014 (has links) This diploma thesis focuses on attacks on PBX Asterisk, FreeSWITCH and Yate in LTS versions. In this work was carried out two types of attacks, including an attack DoS and the attack Teardown. These attacks were carried out using two different protocols, SIP and IAX. During the denial of service attack was monitored CPU usage and detected if its possible to establish call and whether if call can be processed. The Security of PBX was build on two levels. As a first level of security there was used linux based firewall netfilter. The second level of security was ensured with protocols TLS and SRTP.
8	Šifrování bezdrátové hlasové komunikace / Encryption of Wireless Data Communication Klikar, Václav January 2014 (has links) This thesis deals with voice encryption in wireless communication. First, the necessary theoretical base about mobile telephone network is presented and followed by a description and comparison of existing voice encryption methods in wireless communication. After that, modern cryptographic algorithms are briefly described and a method based on voice over Internet protocol is proposed. This method is implemented as an Android application.
9	A reverse proxy for VoIP : Or how to improve security in a ToIP network Dhainaut, Guillaume January 2016 (has links) The need for security is crucial in Telephony over IP (ToIP). Secure protocols have been designed as well as specific devices to fulfill that need. This master thesis examines one of such devices called Session Border Controller (SBC), which can be compared to reverse proxies for ToIP. The idea is to apply message filters to increase security. This thesis presents the reasons of SBC existence, based on the security weaknesse sa ToIP network can show. These reasons are then used to establish a list of features which can be expected from a SBC and discuss its ideal placement in a ToIP network architecture. A test methodology for SBCs is established and used on the free software Kamailio as an illustration. Following this test, improvements of this software, regarding threats prevention and attacks detection, are presented and implemented. / Behovet av säkerhet är av avgörande betydelse i telefoni över IP (ToIP). Säkerhetsprotokoll har utformats samt särskilda enheter för att uppfylla detta behov. Detta examensarbete undersöker en av sådana enheter som kallas Session Border Controller (SBC), vilket kan jämföras med omvända proxyservrar för ToIP. Tanken är att tillämpa meddelandefilter för att öka säkerheten. Denna avhandling presenterar orsakerna till SBC existens, baserat på de säkerhets svagheter en ToIP nätverk kan visa. Dessa skäl används sedan för att upprätta en förteckning över egenskaper som kan förväntas av en SBC och diskutera dess ideal placering i en ToIP nätverksarkitektur . En testmetodik för SBC är etablerad och används på fri programvara Kamailio som en illustration. Efter detta test, förbättringar av denna programvara, om hot förebyggande och attacker upptäcka, presenteras och genomförs. VoIP ToIP SIP SIPS RTP SRTP SBC session border controller security toll fraud Communication Systems Kommunikationssystem
10	Secure data and voice over wireless networks in disaster and emergency response Vu Hoang, Tung January 2005 (has links) Communication is often limited in a disaster area and other emergency situations where no infrastructure exists or existing infrastructure has been destroyed. This makes its difficult for relief workers in the field to communicate with one another and with their home head office. Ericsson Response has developed a Wireless LAN in Disaster and Emergency Response (WIDER) solution. WIDER is based on broadband Wireless LAN internetworking to satellite and GSMnetworks. The WIDER solution has identified ways for organizations to share their communication infrastructure, and information in a secure and cost effective manner during an emergency response operation. Data over WIDER needs to be secured to prevent from unauthorized access to sensitive information of relief organizations. VoIP calls should be protected against eavesdropping. The thesis investigated how to enhance security solution in WIDER and implement a secure VoIP client. Measurements of the performance of WIDER and the total delay of VoIP over satellite were used to estimate the capability of WIDER before deployment in the field. / Kommunikation är ofta begränsad i katastrofområden och andra nödsituationer där infrastruktur saknas eller har blivit förstörd. Det gör det svårt för fältarbetande personal att kommunicera, både med varandra och centraliserade kontor. Ericsson Response har utvecklat en lösning kallad "Wireless LAN in Disaster and Emergency Response" (WIDER). WIDER använder trådlöst LAN och är en bredbandsbaserad internetteknik mot satelit- och GSM-nätverk. WIDER har identifierat lösningar för organisationer att dela deras infrastruktur för kommunikation och information på ett säkert och kostnatseffektivt sätt vid nödsituationer. Informationen som skickas via WIDER behöver bli skyddad för att förhindra oaktorisierad tillgång till känslig information. VoIP förhindrar obehöriga att avlyssna trafiken. Examensarbetet har undersökt den utökade säkerhetslösningen för WIDER och har implementerat en säker VoIP-klient. Mätningar av prestanda hos WIDER och den fördröjning som sker med VoIP över satelitlänk användes för att estimera WIDERs kapacitet innan systemet används i fält. Disaster Response WIDER SIP SRTP MIKEY VoWLAN Satellite Communication Systems Kommunikationssystem

Search results