Presentation is loading. Please wait.

Presentation is loading. Please wait.

Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky."— Presentation transcript:

1

2 Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky

3 Background VoIP - a general term for a family of transmission technologies for delivery of voice communications over IP networks. SIP - The Session Initiation Protocol is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). JSLEE - Java Service Logic Execution Environment. A Java standard for high throughput, low latency event processing application environment (Application Server).

4 Problem Domain More and more telecommunication providers use VoIP infrastructure. Eavesdropping to someone conversation is very simple (requires connection to internet and packet capture software). Spam over the phone becomes more and more popular. Business clients are interested in more secured telecommunication services. Telecommunication providers interested to supply them with these services.

5 Current Situation Nowadays SIP(Session Initiation Protocol) is widely used for VoIP. The caller sends a request to SIP server with the callees nickname, receives its IP as a response and establishes P2P communication between two hosts. Callees nickname Callees IP Conversation

6 Current Situation(cont.) There are couple solutions for VoIP security available nowadays. SRTP and ZRTP protocols are both secured type of RTP (Real-time Transport Protocol), which is the 4 th layer in VoIP. Main problems of these protocols: Clients shall perform initial master key exchange. Not all SIP clients supports these protocols. Special hardware for every client required to create strong master key. There is no well known service for communication control management.

7 Telecommunication Provider Server Proposed Solution JBOSS Server JSLEE Server SIP Resource Adapter Communication Control Application IP Host 1 SIP ClientEnabler IPSec Module IP Host 2 SIP ClientEnabler IPSec Module Data Storage Control Rules Manager SIP Request SIP Request Event Pre-shared Key Host 2 IP Configuration HTTP IPSec Communication

8 Project Requirements [R1] Rule Based Authorization The system shall provide specified authorization of users according to the rules kept in the configuration storage, as were configured by the dynamic configuration. [R2] Dynamic Configuration The system shall provide users with the ability to control the configuration of the system services, more specifically, the rules of the authorization service, and the rules of the security service.

9 Project Requirements(cont.) [R3] Security The system shall provide users with the ability to establish IPSec secured session, or an unsecured session, according to the rules kept in the configuration storage, as were configured by the dynamic configuration.

10 Communication Control Application Requirements The Communication Control Application shall contain the following components: [R17]Rule Based Policy Manager The Rule based policy manager shall apply the rules that appear in the configuration storage. For a certain communication initiation process from a caller to a callee the policy manager should do the following: [R18]The Rule Based Policy Manager shall apply the authorization rules. [R19]The Rule Based Policy Manager shall apply the security rules for that communication. [R20]Communication Services The Communication Control Application shall provide the caller client module with SIP responses for the initiation of the call to the callee client module.

11 Control Rules Manager [R21]Control Rules Manager The Control Rules Manager shall provide the user with a graphical user interface that will enable the configuration (addition / modification / deletion) of the rules that were stated above, and saving them into the configuration storage.

12 Configuration Storage The configuration storage shall store all info needed by the Communication Control Application, while meeting the following requirements: [R22]Storage Type: All of the server side data shall be stored on SQL type storage server. [R23]Data security: All data stored on the server should be password secured. [R24]Connection to Communication Control Application: Data Storage shall be connected to Communication Control Application using ODBC. [R25]Communication Control Application Related Data: Data storage shall store persistence data relevant to the Communication Control Application: For each registered user Data Storage shall store his encryption key. Rule Based Configurations: All of the Rule Based Configurations, as described in, shall be stored in Data Storage.

13 Enabler Requirements Main responsibilities of the enabler are: [R27]Secrecy All information received by the enabler shall be decrypted using the user encryption key. [R28]IPSec configuration: Enabler shall be able to establish IPSec connection between its own IP host and target of the requested call configuring the IPSec module according to data received from Communication Control Application. [R29]Communication with Communication Control Application: All the communications between the enabler and Communication Control Application shall be according to defined protocol. The information sent by this protocol shall contain the type of the security (secured/ unsecured) and the information necessary to establish a communication with that type of security.

14 Non Functional Requirements Speed The system shall process each request in under 10 seconds. Throughput According to JSLEE Server specifications the system shall be able to handle 500 transactions per second. Reliability Each communication that was required to be secured shall be secured. Each call that is supposed to be authorized shall take place. Each call that isn’t supposed to be authorized shall not take place. Portability In the scope of our project the system won’t be portable, but in future development the enabler can be adjusted to all available OS, and then the system can run on any device that has JRE.

15 Use Case Diagram

16 Main Use Case Primary actors: Caller, Callee Description: Caller initiates a call by sending a request to the server with the callee username. Trigger: The Caller sends a request for a call to the server. Pre-conditions: The Caller and the Callee are registered with the system. The enabler is installed on the Caller’s and the Callee’s IP Hosts, and listening to messages from the Communication Control Application. The Communication Control Application is running. The Communication Control Application is listening to SIP messages through SIP RA. The combination of caller and callee authorization rules allows the establishment of the call. The combination of caller and callee security policy rules requires a secured call. Post-conditions: A secured called is established between the caller and the callee.

17

18 The End

Download ppt "Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.

Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
Students: Yuri Manusov, Boris Umansky, Yevgeni Fishman Academic Advisor: Prof. Yuval Alovich Industry Advisor: Yuri Granovski With Motorola, Israel.

Students: Yuri Manusov, Boris Umansky, Yevgeni Fishman Academic Advisor: Prof. Yuval Alovich Industry Advisor: Yuri Granovski With Motorola, Israel.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
INVESTMENT GAME IN SOCIAL NETWORK Academic Advisor: Dr. Yuval Alovici Professional Advisor: Dr. Mayer Goldberg Team Members: Ido Bercovich Dikla Mordechay.

INVESTMENT GAME IN SOCIAL NETWORK Academic Advisor: Dr. Yuval Alovici Professional Advisor: Dr. Mayer Goldberg Team Members: Ido Bercovich Dikla Mordechay.
Network Layer and Transport Layer.

Network Layer and Transport Layer.
Chapter 1 Introduction to Computer Networks and Data Communications.

Chapter 1 Introduction to Computer Networks and Data Communications.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Application Design. Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.

Application Design. Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Similar presentations

Ads by Google