Basic Search / Detailed Display

Author: 熊展烈
Nigel - Hsiung
Thesis Title: Design of a SIP-Based Handoff Management Architecture and Experimental Analysis of Security Protocols for SIP-Based VoIP Applications
Design of a SIP-Based Handoff Management Architecture and Experimental Analysis of Security Protocols for SIP-Based VoIP Applications
Advisor: 馮輝文
Huei-Wen Ferng
Committee: 陳秋華
Chyou-Hwa Chen
Hsing-Lung Chen
Ping-Cheng Yeh
Hung-Yun Hsieh
Degree: 碩士
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2006
Graduation Academic Year: 95
Language: 英文
Pages: 49
Keywords (in other languages): ALG, NAT, TCP Mobility, Handoff Management, Wireless Networks, VoIP Security
Reference times: Clicks: 240Downloads: 2
School Collection Retrieve National Library Collection Retrieve Error Report

  • This thesis proposes MobileALG architecture that enables SIP-based handoff management to support mobility for TCP-based applications. TCP connections are preserved in the architecture by keeping the connection tuples unchanged as MH moves across subnets. The proposed architecture also optimizes the handoff delay associated with real-time SIP-based applications, namely the TCP/IP inter-layer independence. It also takes into account additional delay imposed due to DAD procedures. The handoff delay is further reduced by eliminating the need for DAD procedure with the use a MAC address based NAT routing in the edge subnet. SIP INFO, based on SIP-EYE is also proposed to maintain direct path with an application level IP binding, as well as enabling parallel execution of SIP application handoff and link handoff procedures. In addition to mobility support, the thesis also focuses on security implications on SIP-based real-time applications. A security analysis of SIP-based media and secure session keys generation and exchange are carried out through experiment. The experiment is based on a SIP-based UA on the Linux platform. It compares the performance of media security protocols namely, IPSec and SRTP
    on real-time VoIP traffic. Based on the SDP security features, a Diffie-Hellman key exchange is also implemented and tested. The possibility of using an out-of-band GDOI authenticated key exchange (AKE) is also experimented. From test results, the use of SRTP for VoIP media protection is recommended.

    Abstract i Contents i List of Tables iv List of Figures v 1 Introduction 2 1.1 Background 2 1.2 Motivation 3 1.3 Topics to be addressed in this Thesis 4 1.3.1 MobileALG Architecture to Support TCP Session Mobility 4 1.3.2 Experimental Analysis of Real-Time Secured Voice over IP 5 1.4 Organization of this Thesis 5 2 MobileALG - An Optimized SIP-Based Mobility Management Protocol Supporting TCP Mobility 6 2.1 Introduction 6 2.2 Problem Definition and Related Works 8 2.2.1 SIP Mobility Description 8 2.2.2 Lack of TCP Session Mobility Support 9 2.2.3 Increased Handoff Delay 10 2.3 Proposed Protocol - MobileALG 13 2.3.1 MobileALG Design Concept 13 2.3.2 MobileALG Network Architecture 14 2.3.3 MobileALG Mobility Manager 15 2.3.4 Edge Router 16 2.3.5 MobileALG Optimized Handoff 18 2.4 Simulation and Numerical Results 20 2.4.1 Handoff Performance 21 2.4.2 Signaling Cost 25 2.5 Concluding Remarks 29 3 An Experimental Analysis of Secure Voice over IP 31 3.1 Introduction 31 3.1.1 Review of Related Works 32 3.2 Security Protocols Description 33 3.2.1 SIP Security Overview 33 3.2.2 SRTP 35 3.2.3 Diffie-Hellman 36 3.2.4 IPSec 36 3.2.5 GDOI 37 3.3 Numerical Results and Discussions 37 3.3.1 Experimental Setup 37 3.3.2 Discussions 39 3.4 Concluding Remarks 41 4 Conclusions 44 Bibliography 44

    N. Banerjee, K. Basu, and S. K. Das, ``Hand-off delay analysis in SIP-based mobility management in wireless networks,'' in {Proc. IEEE Parralel and Distributed Processing Symposium'03}, 2003.
    N. Banerjee, S. K. Das, and A. Acharya``SIP-based mobility architecture for next generation wireless networks,'' in {Proc IEEE PerCom '05}, pp. 181--190, 2005.
    M. Buddhikot, A. Hari, K. Singh, and S. Miller,``MobileNAT: A new technique for mobility across heterogeneous address spaces,'' {ACM
    Mobile Networks and Applications }, pp. 289--302, vol. 10, no. 3, 2005
    R. Droms, ``Dynamic host configuration protocol,'' {IETF RFC 2131}, Mar. 1997.
    A. Dutta, S. Madhani, and W. Chen, O. Altintas and H. Schulzrinne, ``Fast handoff schemes for application layer mobility management,'' in {Proc. IEEE PIRMC '04}, 1527--1532, 2004.
    R. Farha and A. L. Garcia``Mobility analysis for all-IP networks,'' in {Proc. IEEE WCNC '05}, pp. 1395--1401, 2005.
    J. C. Han, W. Hyun, S. O. Park, I. J. Lee, M. Y. Huh, and S. G. Kang ``An application level gateway for traversal of SIP transaction through NATs,'' in {Proc. IEEE ICACT'06}, 2006.
    T. R. Henderson, ``Host mobility for IP networks: A comparison,'' {Trans. IEEE Network}, pp. 18--26, vol.17, no. 6, Nov/Dec 2003.
    E. Ivov and T. Noel, ``Optimizing SIP application layer mobility over IPv6 using layer 2 triggers,'' in {Proc. IEEE VTC '04}, pp. 3135--3139, 2004.
    W. Kim, M. Kim, K. Lee, C. Yu, and B. Lee, ``Link layer assisted mobility support using SIP for real-time multimedia communications,'' in {Proc. IEEE/ACM MobiWac '04}, pp. 127--129, 2004.
    J. C. Lee, M. K. Shin, and H. J. Kim,``Implementation of NAT-PT/SIIT, ALGs and consideration to the mobility support in NAT-PT environment,'' in {IEEE VTC '04}, pp. 2714--2718, 2004.
    G. G. Lopez, Q. Wang, M. A. Abu-Rgheff, and A. Akram ``A MIP-SIP macro-mobility management scheme for VoIP across wired and wireless domains," in {Proc. IEE QoS '04}, pp. 114--118, 2004.
    D. A. Maltz and P. Bhagwat, ``MSOCKS: an architecture for transport layer mobility," in {Proc. IEEE INFOCOM '98}, pp. 1037--1045, 1998.
    C. Perkins``Mobility support for IPv4,'' {RFC 3344}, Aug 2002.
    J. Y. H. So, J. Wang, and D. Jones ``SHIP mobility management - hybrid SIP-HIP scheme," in {Proc. IEEE SNPD/SAWN'05}, pp. 226-230, 2005.
    A. C. Snoren and H. Balakrishnan, ``An end-to-end approach to host mobility,'' in {Proc. ACM MOBICOM'00}, pp. 155-66, Aug. 2000.
    H. Schulzrinne and E. Wedlund, ``Application-layer mobility using SIP,'' {ACM SIGMOBILE Mobile Computing and Communication Review} pp. 47--57, vol. 4, no. 3, Jul. 2000.
    D. Vali, S. Paskalis, A. Kaloxylos, and L. Merakos,``An efficient micro-mobility solution for SIP networks,'' in {Proc. IEEE GLOBECOM '03}, pp 3088--3092, 2003.
    {Vak00} F. Vakil, A. Dutta, J. C. Chen, M. Tauil, S. Baba, N. Nakajima, Y.
    Shobatake, and H. Schulzrinne ``Supporting mobility for TCP with SIP,'' {Internet
    Draft, draft-itsumo-sipping-mobility-tcp-00.txt}, Dec 2000.
    Q. Wang, M. A. Abu-Rgheff, and A. Akram, ``Design and evaluation of an integrated mobile-IP and SIP framework for advanced handoff management,'' in {Proc. IEEE International Conference on Communications '04}, pp. 3921--3925, 2004.
    S. Zeadally, F. Siddiqui, N. D. Mavatoor, and P. Randhawa, ``SIP And Mobile IP integration to support seamless mobility,'' in {Proc. IEEE PIMRC '04}, pp. 1927--1931, Sep 2004.
    A. Nadeem and M. Y. Javed, ``A performance comparison of data encryption algorithms,'' in {Proc. IEEE ICICT'05}, pp. 84--89, 2005.
    R. Barbieri, D. Bruschi, and E. Rosti, ``Voice over IPSec: Analysis and Solutions,'' in {Proc. IEEE Computer Security Applications Conference'02}, pp. 261--270, 2002.
    T. Berger, ``Analysis of current VPN technology,'' in {Proc. IEEE ARES'06}, 2006.
    J. Bilien, E. Eliasson, J. Orrblad, and J. O. Vatn, ``Secure VoIP: call establishment and media protection,"{2nd Workshop on Securing Voice over IP, Washington DC}, June 2005
    F. Cao and S. Malik, ``Security analysis and solutions for deploying IP telephony in the critical infrastructure,'' in {Proc. IEEE Security and Privacy for Emerging Areas in Communication Networks'05}, pp. 171--180, 2005.
    O. Elkeelany, M. M. Matalgah, K. P. Sheikh, M. Thaker, G. Chaudhry, D. Medhi, and J. Qaddour ``Performance analysis of IPSec protocol: Encryption and Authentication,'' in {Proc. IEEE ICC'02}, pp. 1164--1168, 2002.
    L. Harn, W. J. Hsin, and M. Mehta, ``Authenticated Diffie-Hellman key agreement protocol using a single cryptographic assumption,'' {Trans. IEE Communications}, vol. 152, no. 4, pp. 404--410, 2005.
    L. L. Iacono and C. Ruland, ``Confidential multimedia communication in IP networks,'' in {Proc. IEEE ICCS'02}, pp. 25--28, 2002.
    A. Lewis, ``Packets in peril [voice over IP security issues],'' {Trans. IEE Review '04}, vol 50, no. 11 pp. 30--34, 2004.
    J. Orrblad, ``Alternative to MIKEY/SRTP to secure VoIP,"{KTH, Stokholm, Sweden}, Mar 2005
    C. H. A. Razak, ``VOIP: A new challenge,'' as part of {GIAC Practical Repository, SANS Institute '04}, Mar, 2004.
    C. Sanchez-Avila and R. Sanchez-Reillo, ``The Rijndael block cipher (AES Proposal): A comparison with DES,'' in {Proc. IEEE International Carnahan Conference on Security Technology'01}, pp. 229--234, 2001.
    C. Shue, Y. Shin, M. Gupta, and J. Y. Choi, ``Analysis of IPSec overheads for VPN servers,'' in {Proc. IEEE NPSec'05}, pp 25--30, Nov 2005.
    J.Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, ``SIP : Session Initiation Protocol,'' {IETF RFC-3261}, 2002.
    F. Andreasen, M. Baugher, and Dan Wing , ``internet draft, Session Description Protocol Security Description for Media Streams'' {draft-ietf-mmusic-sdescriptions-05.txt}, 2005.
    M. Handley and V. Jacobson, ``SDP : Session Description Protocol,'' {IETF RFC-2327}, 1998.
    B. Baugher, M. Naslund, E. Carrara, and K. Norrman, ``The Secure Real Time Transport Protocol,'' {IETF RFC-3711} 2004.
    B. Baugher, B. Weis, T. Hardjono, and H. Harney, ``The Group Domain of Interpretation,'' {IETF RFC-3547}, 2003.
    J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, ``MIKEY: Multimedia Internet Keying,'' {IETF RFC-3830}, 2004.
    H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, ``RTP: A Transport Protocol for Real-Time Applications,'' {IETF RFC-1819}.
    S. Kent and R. Atkinson, ``Security Architecture for the Internet Protocol ,'' {IETF RFC-2401} Nov 1998.
    D. Harkins and D. Carrel, ``The Internet Key Exchange (IKE),'' {IETF RFC-2409}, Nov 1998.
    LinPhone, ``Linux SIP UA,''
    libSRTP, ``SRTP library,''