* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 2. VoIP Network Architecture
Survey
Document related concepts
Remote Desktop Services wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer security wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Internet protocol suite wikipedia , lookup
TCP congestion control wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Transcript
Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David K . Y. Yau Algorithm of Detection 1. Security Challenges: Case 2. Low-rate DoS Attack on TCP Flow Traditional telephone network Sample recent instantaneous throughput at a constant rate Sample Each time of detection consists of a sequence of instantaneous the traffic Highly reliable, voice specific, closed and physically secure system throughput Avg BW= lR/T Normalization is necessary Normalized _ Throughput VoIP network Filter the Unpredictable/open transport, data/voice convergent, publicly connected (intelligent but untrusted/malicious systems) Security should not be an afterthought Media, signaling, infrastructure attacks The background noise of samples need to be filtered Background noise (UDP flows and other TCP flows that less sensitive to attack) For simplicity, a threshold filter can be used. noise Sufficiently large attack burst Packet loss at congested router TCP time out & retransmit after RTO Attack period = RTO of TCP flow, TCP continually incurs loss & achieves zero or very low throughput. Instantaneous _ throughput Maximum _ link _ bandwidth Extract the signature Autocorrelation is adopted to extract the periodic signature of input signal. periodic input => special pattern of its autocorrelation. (Autocorrelation can also mask the difference of time shift S) Unbiased normalization 2. VoIP Network Architecture Pattern Protocol Stack SIP flood and spoofing / theft-ofservice / authentication attack M: length of input sequence m: index of autocorrelation match 1 M m1 Ax (m) X mn X n M m n 0 Mobile VoIP phone DNS server Robustness of Detection Similarity between the template and input User registration should be calculated. Proxy / redirect server SIP signaling / TLS / TCP We use the Dynamic Time Warping (DTW). DTW (Template, Input ) min( Wireless attack, jamming, RTS / CTS attack K w k 1 Session Initiation Protocol (SIP) IP network VoIP phone Probability distribution of DTW values k ) (The detail algorithm of DTW is provided in our research work) The smaller the DTW value, the more Media: RTP/RTCP/UDP similar they are. INVITE sip:[email protected] Media eavesdropping, UDP / RTP flood, encryption attack, faked ToS (theft-of-service) Media gateway Device Threats Virus, misconfiguration, compromise (phone) TLS flood, authentication / encryption (proxy) RTP port starvation (media gateway) POTS INVITE sip:[email protected] 180 Ringing 180 Ringing 200 OK 200 OK Attack flows V.S. legitimate flows DTW values will be clustered; threshold can be set to distinguish them. Expect a separation between them. threshold ACK Media Stream BYE Legacy phone 200 OK Case 1. Flooding Attack 3. SIP: Security Issues •SIP requires: (1) DDoS attack (2) Low-Rate TCP attack (3) Jamming attack Common Jamming Low-rate attack on the control plane Exploiting the protocol :RTS-CTS Server •If not handled carefully, VoIP won’t fly. Example Max-min Rates (L=18, H=22) 18.23 6.25 0.22 0.22 15.51 59.9 Server 6.25 17.73 20.53 6.25 0.61 Solution: Router Throttle Securely installed by S Aggressive flow 14.1 17.73 0.61 defer time 4. Conclusion Security solutions Throttle for S To S Throttle for S’ To S’ Seek experimental evaluation 0.95 0.95 B Initial focus will be on denial-of-service, considering security protocols like SRTP, TLS, S/MIME, SSL, etc Protocol design and analysis (solutions must be scalable despite encryption, authentication, etc) 0.01 1.40 AP RTS-CTS Jamming 6.65 24.88 A •Wireless VoIP using 802.11 •Wi-Fi Security problems: Proxy server, Redirection Server, Firewall …etc •These servers can be subjected to Case 3. Wi-Fi Jamming Deployment router Realistic testbed network Hope to evolve into international scope: Bell Labs (NJ), Purdue (IN), Chinese University (Hong Kong), …