Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,"— Presentation transcript:

1 Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities, targeting the transmitting of real-time data over enterprise networks.

2 Topics IP Telephony Overview IP Telephony Components IP Telephony Protocols How SIP Works STEM Architecture Architecture Components Call Scenarios STEM Security Countermeasures DoS Attack Eavesdropping

3 IP Telephony Components 1. Gateways 2. Gatekeepers 3. IP Telephones 4. PC-based Software Phones 5. MCUs

4 IP Telephony Protocols Internet Engineering Task Force (IETF): Signaling: Session Initiation Protocol (SIP) Transport: Real Time Protocol (RTP) Media Description: Session Description Protocol (SDP) International Telecommunications Union (ITU): Signaling: H.323 Codecs: G.711 (PCM), G.729, … ISDN: Q.931 STEM architecture is currently using the network required for SIP deployment.

5 How SIP Works – SIP Call Setup SIP IP Phone sip:alice@alanta.com SIP IP Phone sip:bob@cs.sjsu.edu Location Service SIP Proxy DNS Server Media Transport 1 2 3 4 5 6 A request is sent (SIP INVITE) to ESTABLISH a session DNS Query for the IP Address of the SIP Proxy of the Destination Domain The INVITE is forwarded The Location Service is being queries to check that the destination SIP URI represents a valid registered device, and requests for its IP Address The request is forwarded to the End-Device Destination device returns its IP Address to the originating device and a media connection is opened

6 How SIP Works – SIP Call Sequence SIP IP Phone sip:alice@alanta.com SIP IP Phone sip:bob@cs.sjsu.edu DNS Server SIP Proxy Location Service SIP INVITE DNS Query for the IP Address of the SIP Proxy of the Destination Domain FW: SIP INVITE 100 Trying The Location Service is being queries to check that the destination SIP URI represents a valid registered device, and requests for its IP Address FW: SIP INVITE 180 Ringing 200 OK ACK Both Way RTP Media BYE 200 OK

7 STEM Architecture Components Security Manager (SM) Enhanced Firewall Media / Signaling Gateway (M/S Gateway) User Terminals

8 STEM Enhanced Firewall Pattern Matcher Protocol Parser Flow Monitor Application Gateway External Interface

9 Call Scenarios – Net-to-Net

10 Call Scenarios – Net-to-Phone

11 STEM Security Countermeasures Denial of Service TCP SYN Floods detected by Flow Monitor. SIP INVITE Floods detected by Protocol Parser. Malicious RTP Streams detected by Flow Monitor. M/S Gateway Voice Port saturation. Eavesdropping Control Flow: STEM uses secured communication protocols among SM, firewall, M/S gateways. Data Flow: STEM replies on application protocols (SIP or H.323) to implement payload encryption.

12 References International Engineering Consortium. H.323. http://www.iec.org/online/tutorials/h323/ Reynolds, B. Challenges Challenges and Rewards in Enterprise Deployments of IP Telephony Presentation. http://networks.cs.ucdavis.edu/~ghosal/Research/Talks/IP-Tel- Netlab%20talK%20-%20rev%202.ppt http://networks.cs.ucdavis.edu/~ghosal/Research/Talks/IP-Tel- Netlab%20talK%20-%20rev%202.ppt Reynolds, B. Deploying IP Telephony in an Enterprise and the Vulnerabilities that Come With It Presentation. http://seclab.cs.ucdavis.edu/secsem2/ReynoldsSeminar.ppt http://seclab.cs.ucdavis.edu/secsem2/ReynoldsSeminar.ppt Reynolds, B. and D. Ghosal. STEM: Secure Telephony Enabled Middlebox. IEEE Communications Magazine Special Issue on Security in Telecommunication Networks. October 2002 http://www.off-pisteconsulting.com/research/pubs/ieee_comm.pdf

Download ppt "Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,"

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
VoIP PRESENTATION BY HÜSEYİN SAVRAN 220702044. OUTLINE PSTN an brief history of telephone.

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.

Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.
H. 323 Chapter 4.

H. 323 Chapter 4.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.

VoIP Using SIP/RTP by George Fu, UCCS CS 522 Semester Project Fall 2004.
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Similar presentations

Ads by Google