Figure 4 - uploaded by María Mercedes Larrondo Petrie
Content may be subject to copyright.
Source publication
Voice over IP (VoIP) has had a strong effect on global communications by allowing human voice and fax information to travel over existing packet data networks along with traditional data packets. The convergence of voice and data in the same network brings both benefits and constraints to users. Among the several issues that need to be addressed wh...
Contexts in source publication
Context 1
... Agent Proxy Server * Law Enforcement Agent is a legal agent who redirects duplicated media packets to law enforcement, for the purpose of wiretapping. If legally authorized, the agent has access to corporate servers in order to intercept data and voice packets. In addition to these roles, the use case diagram (Fig. 4) can be used to systematically analyze the different types of attacks against the VoIP network, following the approach in ...
Context 2
... on the Use Case Diagram of Fig. 4, we can determine the possible attacks against the VoIP ...
Similar publications
![Figura 5.3: Arquitectura distribuída do NCTUns [79]](profile/Nuno-Rodrigues-9/publication/233986068/figure/fig4/AS:654734524444681@1533112283350/Figura-53-Arquitectura-distribuida-do-NCTUns-79_Q320.jpg)
Internet had its origin nearly three decades ago, in American military and investigation groups, based on one principle that made success in computer communications: packet switching. It had, since that time, a notable growth as a communication system, to share information and, more recently, to entertain at a global scale, based on a set of very s...
Citations
... • The selection from "patterns for networks" [18] for an appropriate secure data transmission pattern is based on the type of the data source. Related patterns for common data sources are: patterns for secure sensors [54], patterns for web services [18], security patterns for Voice over IP Networks [20], security patterns and secure systems design [17]. • Patterns for identity management are described in [18]. ...
... In [20], the authors present the simple-setbased algorithm, a mathematical solution that creates an efficient VLAN network structure by analysing traffic flows and defining which VLAN is the most suitable for each node of the network. Another VLAN segmentation approach is proposed in [21] to adequately separate voice and data packets in Voice-over-IP (VoIP) networks to improve network security. ...
The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtual local area networks (PVLANs). Although defence in depth is usually manageable in small networks, it is not easily scalable to larger environments. Software-defined networks (SDNs) are emerging technologies that can be very helpful when performing network segmentation in such environments. In this work, a corporate networking scenario using PVLANs is emulated in order to carry out a comparative performance analysis on defensive strategies regarding CPU and memory usage, communications delay, packet loss, and power consumption. To do so, a well-known PVLAN attack is executed using simulated attackers located within the corporate network. Then, two mitigation strategies are analysed and compared using the traditional approach involving access control lists (ACLs) and SDNs. The results show the operation of the two mitigation strategies under different network scenarios and demonstrate the better performance of the SDN approach in oversubscribed network designs.
... • The selection from "patterns for networks" [18] for an appropriate secure data transmission pattern is based on the type of the data source. Related patterns for common data sources are: patterns for secure sensors [54], patterns for web services [18], security patterns for Voice over IP Networks [20], security patterns and secure systems design [17]. • Patterns for identity management are described in [18]. ...
... However, since SIP Protocol is an Internet protocol, it inherits its vulnerabilities, as it is insecure by nature and subject to common internet attacks and vulnerabilities [6]. Various researches studies on SIP states that its security can be maintained in hardware level by establishing a trust relationship on the network devices and/or in application layer by using data encryption protocol [5,7,12,13]. ...
Interconnecting voice service providers require a mutual trust between communicating entities, which are built either using bilateral agreements or intermediary service provider. To achieve such relationship between Anonymous Service Providers we should have an automated mechanism. In this paper, we propose a conceptual architecture that can build such relationship between communicating Anonymous Service Providers. By applying this architecture, we argue that we can increase efficiency, security, and performance of service provider's networks. The impact of internet speed on the interconnection network is measured using key metrics including ACD, ASR, PDD, NER, and MOS.
... An IP Media Server is an important part of the next generation network (NGN) solutions [1]. It is located in the business layer network, providing the required media resources and services for a variety of services in the next generation network. ...
... A protocol is required to set up the exchange of a single master key, for instance Zimmerman RTP (ZRTP) and multimedia Internet keying (MIKEY). Authentication of the audio-video payload on SRTP is performed to test the integrity of the information through the checksum process using HMAC-SHA1 algorithm, which yields 160 bits (Fernandez et al. [9]). Audio-video payload encryption was performed in this study using the ZRTP master key protocol so that the client's mobile communication device could perform master key derivative exchanges with the VoIP service server (Mueed et al. [14]). ...
When consumer-class Wi-Fi router’s transfer rate becomes higher,
many types of real-time multimedia communication services, such as
web conference and unified communication (UC) can be run in middle
and low-class business offices. However, a real-time multimedia
communication service should also be safe, both in the upper layer
(application) and lower layer (data link). This work attempted to create
balance optimization between QoS and security. Series of network
stress test experiments with Jperf and penetration test with Kali Linux
distribution were performed against three of wireless infrastructure
topologies. Typically for topology 1, experiments were carried out
against 3 of Wi-Fi authentication standards (Open Security, WEP,
WPA2 Personal TKIP and WPA2 Personal AES). QoS values (delay
and packet loss) were recorded into tables and charts, while security
vulnerabilities were recorded into CVSS (common vulnerability
scoring system) framework. Wi-Fi authentication standard with best
QoS values and CVSS score was chosen to represent at topology 1 and compared against other topologies. Before topology 2 was examined, QoS optimization was performed for authentication and location was moved from wireless router into external RADIUS server. This server changed Wi-Fi authentication method from passphrase checking to public and private certificates/keys validation. Optimization performed by QoS utility installation on OpenWRT firmware prioritized UDP and RTP traffics on Jperf’s and VoIP server’s ports. Another optimization treatment was performed by USB flash disk mounting to add extra swap/cache memory for OpenWRT system. Moreover, transmission frequency was changed from 20MHz to 40MHz On topology 3, optimization was performed by shortening route between wireless router and RADIUS server, namely radius utility installation as internal RADIUS server, on OpenWRT firmware. Security
hardening was performed by deploying ZRTP encryption and SRTP
protocol into Android smartphone clients. Total QoS values and
CVSS scores comparison proved that topology 3 is the best system
for supporting multimedia real-time communication services like
VoIP/UC. Topology 3’s performance will be better when deployed
into wireless router that has greater processor clock and more memory capacity.
... As time goes on, the older Private Branch Exchanges (PBXs) and network switches will be outdated and replaced with SIP enabled network model that is packet switched and IP based. [13] C. H323 [7] Described H323 as an International Telecommunication Union (ITU) standard that transmits audio, video signal over a packet switched network. ...
Technological growth is changing the way of human communication over network. The Voice over Internet Protocol (VoIP) which is also referred to as internet telephony is a technology that transmits voice signal in real time using the internet protocol (IP) over a public internet or private data network. In a simpler term, it converts voice signal which is analog to a digital signal in your telephone before compressing and encoding it into long strings of IP packets for upward transmission over the IP network to the receiver. At the receiving end, the received IP packets reassembles in order before decompressing and processing through the
use of a Digital to Analog Converter (DAC) to generate the initial signal transmitted. The paper is contained with the development of audio, text and video communicationover wireless private area networksusing IP Addresses with free of cost using Wi-Fi or Zig-Bee etc., to replace traditional telephonic Intercom system
... VoIP services can be obtained on any network such as the Internet, intranets and local networks with Internet Protocol (IP) routing protocol in which the digitized voice packets are forwarded to the destination [1]. Several analyses were made to compare the performance of VoIP network and VoIP over Multiprotocol Label Switching Network (MPLS) network and it has been proved that the overall performance of voice transmission is improved with respect to VoIP over MPLS network [2] [3]. ...
... Packet loss rate is estimated by sending a continuous query message at regular time interval of 100 ms along the label switched path P from the ingress router to the egress router. Initially, a set of sample test packets are sent from ingress router to the egress router on particular label switched path P. Later, ingress router sends a query message indicating the number of packets transmitted1 ...
In recent years, Voice over IP (VoIP) has impacted global telecommunications and networking tremendously. Traffic engineering and Quality of Service (QoS) guarantees for VoIP services pose a challenge for network researchers and designers. The repeated use of Internet Protocol shortest path towards the same destination may lead to unbalanced traffic situations and degraded network performance. Therefore, load balancing and link utilization become the critical functions in Internet Protocol routing for providing Quality of Service assurance for VoIP application. The aim of this work is to employ Multiprotocol Label Switching Network as a traffic engineering tool to enhance the QoS for VoIP applications. To achieve this, an effective Multiprotocol Label Switching Network load balancing architecture is developed that classifies the Internet traffic flows, routes the flows into multiple paths. Flow arrival rate, packet loss rate and delay are measured and taken as the input parameters and compared with the threshold values to identify the VoIP flow. Network load status is calculated by estimating the average buffer occupancy value and multipath routing is triggered when the network load is high to enhance the QoS. The investigated performance measures like throughput, delay and packet loss are reported to show the efficiency of the proposed technique for effective VoIP flows.
... Fernandez et al. [10] design several UML models of some aspects of VoIP infrastructure, including architectures and basic use cases. ...
... Our work focuses on the elicitation of domain knowledge. Fernandez et al. (2007) design several UML models of some aspects of Voice-overIP (VoIP) infrastructure, including architectures and basic use cases. The authors also present security patterns that describe countermeasures to VoIP attacks. ...
In the beginning of every security analysis a Context Establishment aims at eliciting and understanding the system that shall be analyzed including its direct and indirect environment, the relevant stakeholders, other already established systems, and other entities that are directly or indirectly related to the system. For this purpose, we describe in this chapter a specific way of elicitation of the system context by introducing so-called context-patterns. The application of context-patterns helps to gather knowledge in a structured way about a specific domain such as cloud computing. These patterns contain graphical patterns and templates with elements that require consideration for a specific context. In addition, our context-pattern contains a method for eliciting domain knowledge using the graphical patterns and templates. In this chapter we present a catalog of context-pattern describing the following domains: Cloud Computing Systems, Peer-to-Peer Systems, Service-oriented Architectures, and Law. Furthermore, we distinguish our context-patterns from further existing patterns for system analysis.
