Multimedia Networking and Network Security

Size: px
Start display at page:

Download "Multimedia Networking and Network Security"

Transcription

1 CMPT Multimedia Networking and Network Security 1 Multimedia Networking and Network Security This note is based on Chapters 7 and 8 of the text book. Outline of multimedia networking Multimedia networking application Streaming stored audio and video Making the best out of best effort service New applications Multimedia Networking In recent years, there has been an explosive growth of new applications on the Internet like streaming video, IP telephony, teleconferencing, interactive games, virtual world, distance learning, and so on. Those multimedia networking applications are referred as continuous-media applications and require services different from those for traditional elastic applications like , Web, remote login, etc. They are also different from download-and-then-play applications. Especially, the new applications require high quality on the communication latency and the latency variation (delay-sensitive) but may not require high quality on the error rate (loss-tolerant). One key issue for supporting new multimedia networking applications is how to get the high quality for the communication latency on the best effort Internet which provides no latency guarantee. Another key issue is how to improve the Internet architecture to provide support for the service required by multimedia applications. Streaming stored audio and video. Applications have the following key features: Stored media, the contents has been prerecorded and is stored at the server. So, a user may pause, rewind, or fast-forward the multimedia contents. The response time to the above actions should be in the order of 1-10 seconds. Streaming, a user starts playout a few seconds after it begins receiving the file from the server. So, a user plays out the audio/video from one location in the file while it is receiving later parts of the file from the server. This technique is called streaming and avoids having download the entire file before starting playout. Continuous playout, once playout begins, it should proceed based on the original timing of the recording. This requires high quality on the end-to-end delay. Streaming live audio and video. Applications are similar to traditional radio and television, except that audio/video contents are transmitted on the Internet. In these applications, many clients may receive the same program. A key issue here is how to deliver the program efficiently to multiple clients on the Internet. IP multicasting technologies play a key role for this. Similar to streaming stored audio and video applications, applications here require continuous playout and high quality on the end-to-end delay.

2 CMPT Multimedia Networking and Network Security 2 Real time interactive audio and video. Applications allow users using audio/video to communicate with each other in real time. Realtime interactive audio on the Internet is known as Internet phone. Applications in this category require very high quality on the end-to-end delay, usually a fraction of one second. Hurdles for multimedia in today s Internet The Internet Protocol (IP) used in the Internet provides connectionless best effort service for transmitting datagrams. The IP does not guarantee the end-to-end delay nor the uniform delay for all datagrams in a same packet stream. The variations of packet delays within the same packet stream is called packet jitter. The end-to-end delay and packet jitter in the Internet are major hurdles for multimedia applications on the Internet. How to overcome hurdles There are many approaches discussed for overcoming the hurdles mentioned above. At one extreme, it is argued that fundamental changes to the Internet should be made so that the users can explicitly reserve the bandwidth on every link in the path for transmitting the packets. On the other hand, it is argued that fundamental changes are difficult and incremental improvements over the best-effort IP are more practical. Especially, the improvements include: The Internet Service Providers (ISP) should scale/upgrade their networks well to meet the demands. The upgrade includes more bandwidth and caches in networks for heavily accessed data. Content distribution networks (CDNs), replicate stored contents and put the contents at edges of the Internet. Multicast overlay networks for sending data to a huge number of users simultaneously. Another approach is differentiated services (Diffserv). In this approach, small changes at the network and transport layers are required and scheduling/policing schemes are introduced at edges of the network. The idea is to introduce traffic classes, assign each datagram to one of the classes, and give datagrams different levels of services based on their class. Streaming stored audio and video In these applications, clients request audio/video data stored at servers. Upon client s request, servers send the data into a socket connection for transmission. Both TCP and UDP socket connections have been used in practice. The data are segmented and the segments are encapsulated with special headers appropriate for audio/video traffic. The real time protocol (RTP, will be discussed later) is a public-domain standard for encapsulating such segments. Audio/video streaming applications usually provide user interactivity which requires a protocol for client/server interaction. The real time streaming protocol (RTSP) is a public-domain protocol for this purpose. Clients often request data through a Web browser. A separate helper application (called media player) is required for playing out the audio/video. Well used helpers include RealPlayer and MediaPlayer. Access audio/video through Web server

3 CMPT Multimedia Networking and Network Security 3 The stored audio/video files can be delivered by a Web server or by an audio/video streaming server. When an audio file is delivered by a Web server, the file is treated as an ordinary object in the server s file system, like HTML and JEPG files. To get the file, a client establishes a TCP connection with the server and sends an HTTP request for the object. On receiving the request, the Web server encapsulates the audio file in an HTTP response message and sends the message back to the TCP connection. It is more complicated for the video case because usually the sounds (audio) and images are stored in two different files. In this case, a client sends two HTTP requests over two separate TCP connections and the server sends two responses, one for sounds and the other for images, to the client in parallel. It is up to the client to synchronize the two streams. Sending multimedia from a streaming server to a helper application Audio/video files can be delivered by a streaming server to a media player. Streaming servers include those marketed by RealNetworks and Microsoft, and those of public-domain servers. With a streaming server, audio/video files can be transmitted over UDP which has much smaller endto-end delay than TCP. Making the best of the best-effort service Limitation of best-effort service Packet loss, IP provides the best-effort service but does not guarantee the delivery of packets. Packets may be discarded due to congestions. End-to-end delay, IP does not guarantee the end-to-end delay either. The time for transmitting a packet may vary due to the conditions of the network. Also, in order to guarantee the delivery, positive acknowledgement and retransmission are used in TCP. The cost for realizing the reliable transmission in TCP is a longer end-to-end delay. Packet jitter, since the end-to-end delay for each packet may depend on the conditions of the network, the delays of packets in the same packet stream may vary. Especially, the packets may arrive to the receiver in a wrong order. Removing jitter at the receiver for audio In applications like Internet phone or audio-on-demand, it is up to the receiver to remove the jitters. Common techniques used include sequence number, timestamp, and delaying playout. The sender can put a sequence number on every packet sent and the receiver can use the sequence number to recover the correct order of the received packets. Timestamp is similar to sequence number, the sender stamps each packet with the time at which the packet is generated. In order to get the correct order from the sequence number and timestamp for a sequence of packets, the receiver need to receive all of the packets in the sequence. Playout delay is used for this purpose. The playout delay should be long enough to receive all packets in a subsequence of packets which can be played. On the other hand, the delay should be short enough so that the user will not notice the delay. The playout delay can be either fixed or adaptive. Fixed playout delay, the receiver plays out each packet exactly q msecs after the packet is generated. Usually, q is up to a few hundreds msecs. Adaptive playout delay, the receiver estimate the network delay and the variance of the network delay at the beginning of each talk, and adjusts the playout delay accordingly. Recovering from packet loss

4 CMPT Multimedia Networking and Network Security 4 A major scheme for handling packet loss for elastic applications is retransmission. However, this scheme does not work well for applications with strict end-to-end delay constraint. Internet phone applications usually use loss anticipation schemes to handle packet loss. Forward error correction (FEC) is one of such schemes. The basic idea of this scheme is to include redundant information in the original packet stream. The redundant information can be used to reconstruct the lost packet. One approach for the FEC scheme is to send the exclusive OR of every n packets as a redundant packet. If any one of the n + 1 packet is lost, the receiver can reconstruct it. However the scheme does not work if two or more of the n + 1 packets are lost. Another approach is to send two copies of the same packet, usually one is the original packet and the other is a short version (lower-resolution audio) of the packet. An example is that the short version of packet i is sent together with packet i + 1. FEC uses extra bandwidth of networks. Interleaving is another loss anticipation scheme. This scheme resequences units of audio data before transmission so that the original adjacent units are separated by some distance in the transmitted stream. The receiver rearranges the received stream into its original order before it is resequenced. If a transmitted packet is lost, only a small fraction of each original packet is lost and the quality of the voice may not be damaged much. Interleaving does not use extra bandwidth but introduces extra end-to-end delay. Receiver-based repair of damaged audio stream. This scheme reconstructs a lost packet using the other received packets based on the fact that there are large amount of short term self-similar signals in audio data, especially for speech. A simplest approach is packet repetition, using the immediate previous packet to replace the lost one. Another approach is interpolation, using the packets before and after the loss to interpolate a packet to cover the loss. Content Distribution Network (CDN) A major problem in multimedia networking is difficult to stream large files from a single server in real time. A solution for this problem is to replicate content at hundreds (CDN) servers, each server is at an edge of Internet and provide service to users close to it. A content distributed network (CDN) consists of servers connected by Internet. The servers are also considered connected by a logical network. Downloading content to CDN servers from the original server is realized by multicast over the logical network. Outline of network security Network security issues Principles of cryptography Message integrity Application layer security Transport layer security Network layer security Operational security, firewalls Network Security

5 CMPT Multimedia Networking and Network Security 5 Security issues Important issues in network security include the following. Confidentiality: To protect information from unauthorized disclosure. Two approaches are usually used to achieve this. One is to restrict the access to the information, e.g., to prevent unauthorized parties to have any access to the data. The other is to make the data meaningless to the unauthorized parties by encryption. Integrity: To protect information from unauthorized change. Authentication: To allow two communicating entities to validate each other s identity. Nonrepudiation: To prove that the received message is from a specific sender. Availability: To guarantee that unauthorized parties can not block the legitimate access to the information. Access control (Authorization): To control the access level of users to the data. Accountability: To track or audit what an individual or entity is doing on the network or system. Basic strategy Prevention, detection, and response are the basic strategies for achieving the network security. Prevention is the 1st step. To make a security system, it is critical to implement some measures to prevent any failure in the above issues. t should be noted that it is impossible to have a security scheme that can prevent all attacks on the system. Detection is needed to find the weak point of the system once a preventative measure is broken. Appropriate response procedure is also needed to deal with the weak point detected. Encryption Encryption and access control play central roles in network and information security. The encryption/decryption techniques have been used to achieve the confidentiality in communication for thousands of years. To send a message, the source uses encryption key and algorithm to encrypt the message and sends the encrypted message. The destination uses decryption key and algorithm to decrypt the received message. The security is based on the assumption that if one does not have the decryption key, one can not get any information from the encrypted message. Digital signature is used to provide integrity, authentication, and nonrepudiation. Encryption and certificate authority are key factors in digital signature. The encryption/decryption techniques can be classified into two classes. One is secret-key encryption and the other is public-key encryption. Secret-key encryption In secret-key encryption, the decryption key can be easily obtained from the encryption key. In fact, they can be the same key. So, the source and destination need to keep their keys in secret to ensure the security. If the same key is used for both encryption and decryption, the algorithm for decryption is the inverse of the algorithm for encryption. When the same key is used for both the encryption and decryption, secret-key encryption is also called symmetric encryption. Secret-key encryption has been used for thousands of years. One popular method used in network communication now is called data encryption standard (DES). DES encrypts and decrypts at bitlevel. The data is considered as a string of bits which is partitioned into segments of 64 bits. If

6 CMPT Multimedia Networking and Network Security 6 the last segment has less than 64 bits, 0 is padded. Each segment is encrypted by a 64-bit key (there are 56 effective bits and 8 parity bits in the key). To encrypt a message, DES scrambles each segment in multiple stages. The least significant 32 bits of the segment at current stage become the most significant 32 bits of the segment in the next stage. The most significant 32 bits at current stage are scrambled based on the key and become the least significant 32 bits in the next stage. Decryption is an inverse process. DES is not considered secure now because the length of the encryption/decryption key is not large enough. More secure secret-key schemes have been developed. Those schemes include Triple DES and Advanced Encryption Standard (AES). Public-key encryption For each user, there are two keys, one is a public key, used for encryption, and the other is a private key, used for decryption. The user announces the public key to everyone in the network but keeps the private key secret. Anyone who wants to send a message to this user in a secure way, it uses the public key to encrypt the message and the user uses its secret private key to decrypt the message. One principle in public-key encryption is that it should be extremely difficult to calculate the private key from the public key. The design of the keys usually involves some special mathematics such as one way function. A one way function y = f(x) is that it easy compute y when f and x are given, while it is difficult to compute x when y and the inverse function f 1 are given. An example: define f(p, q) to be the product of two prime numbers p and q. Then it takes O(n 1.59 ) time to compute y = p q of n bits. However, a brute-force algorithm takes O(2 n/2 ) time to compute p and q from y. In practice, there is a heuristic algorithm which takes O(2 n/4 ) time to compute p and q from y. If n is large enough, say 1024 or 2048 bits, then it is impossible to factorize y within any reasonable time even with the most powerful computers. In fact, the most common public key encryption scheme RSA is based on the above function. The name RSA comes from its inventors (Rivest, Shamir, and Adleman). To calculate the keys in RSA scheme, first two large prime numbers p and q, and then N = p q are computed. Next a small odd integer e which is relatively prime to (p 1)(q 1) is computed. Finally, find the integer d in the solution of the equation of d e 1 mod (p 1)(q 1). The public key is (e, N) and the private key is (d, N). To encrypt a message M, RSA algorithm treats M as a number and computes C = M e mod N as the encrypted message. The message C can be decrypted to M by M = C d mod N. An example of RSA. Assume that we send characters HELLO one by one using RSA. Each character is assigned an integer as shown below. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

7 CMPT Multimedia Networking and Network Security 7 We choose p = 3, q = 11 to get N = 3 1 = 33, (p 1) (q 1) = 20, and choose e = 3 to get d = 7 from d 3 1 mod 20. Below are the values calculated for each character in RSA. Ch M M^3 C=M^3(mod 33) C^7 C^7(mod 33)=M Ch H H E E L L L L O O A major advantage of public-key encryption is that one pair of keys for one user. This reduces the number of keys to n pairs for a system with n users. A disadvantage is the high computation complexity of encryption algorithm. For example, in RSA scheme the number N is known to public. If one can find the prime factors p and q then one can calculate d and thus the private key (d, N). The security of RSA relies on the difficulty of factorizing large N. To guarantee the security, large N, e.g., 512 bits, 1024 bits, or even 2048 bits integers are used. The calculation of M e mod N and C d mod N is not efficient for large N. Another disadvantage is that the announced public key of a user must be verified. That is, if a user A announces a public key, the other users must make sure the announced key belongs to A. This is especially important when public-key encryption is used for digital signature. The verification can be handled by certification authority. Secret-key encryption is often used for long message and public-key encryption is appropriate for short message. A combination of using secret-key and public key may like this. Assume Alice wants to send Bob a long message. Alice prepares a secret key, encrypts the key with Bob s public-key, and sends the encrypted key to Bob. Then Alice encrypts the message with the secret key and sends the encrypted message to Bob. Bob can get the secret key by his private-key and then uses the secret key to decrypt the message. Digital signature Digital signature refers the sign on an electronic document. It is a key for realizing authentication, integrity, and nonrepudiation. A digital signature on a message should guarantee that (1) the identity of a sender can be verified by a receiver; (2) a message from a sender can not be denied by the sender; and (3) a message from a sender can not be concocted by a receiver. Digital signature can be realized by either secret key encryption scheme or public key encryption scheme. However, it is more complex to use secret key encryption scheme for digital signature. Digital signature by symmetric-key encryption One approach is to have a central authority CA in the system. Every user X has a secret key K X. Only X and CA know K X. Every user knows CA s secret key K CA. Assume that A sends a message M to B. Then: A encrypts (M, B) by key K A to get K A (M, B) and sends it to CA. CA decrypts K A (M, B), encrypts (M, A) by key K CA to get K CA (M, A), encrypts (M, A, K CA (M, A)) by key K B to get K CA (M, A, K CA (M, A)), and sends K CA (M, A, K CA (M, A)) to B. Digital signature by public-key encryption It is more convenient to use public-key encryption scheme to sign a document. The idea is simple: the sender A uses its private-key to encrypt (sign) the document and the receiver uses A s publickey to decrypt the message (verify the sign). Because it is difficult to compute the private-key,

8 CMPT Multimedia Networking and Network Security 8 it is difficult to forge the signature. Digital signature can provide integrity, authentication, and nonrepudiation. If the encrypted (signed) message is changed partially or totally without the knowledge of the private-key (signature), the decrypted message will be (with overwhelming probability) unreadable. So, the integrity of the message is preserved. Assume that some other user B sends a message pretending the message from A. If B does not know A s private-key (signature), then the message produced by B will be unreadable after the message is decrypted by A s public-key. This gives the authentication. Similarly, if A sends out a signed document, only A s public-key can decrypt the message into a meaningful document. A will not be able to deny the fact of sending the message. This provides the nonrepudiation. Digital signature does not provide confidentiality. Every one can decrypt the signed document by sender s public-key. If the document should be kept confidential, then another layer of encryption is needed. For example, the sender encrypts the signed document with the receiver s public-key. The receiver decrypts the message with its private-key and then verifies the signature of sender by sender s public-key. Internet security Internet security is based on the principles and concepts discussed above. The security measures can be applied to each of the Internet layer. We will discuss application layer security and IP layer security here. Application layer security Application layer security is realized by each application program. The implementation of application layer security is simple for unicast communication. The sender and receiver can agree to use the same protocol and a specific type of security service. Web security Major issues in web security include: secure naming, how to securely name objects and resources; secure connection, how to establish a secure connection; and mobile code security, how to deal with an executable code from a website. Assume that A wants to connect to B s website. A types the URL of B into A s browser and connects to a website. However, there is no guarantee that the website A s reaches is indeed B s website because some cracker may have changed the URL-IP-address mapping provided by a DNS server. To make the DNS service more secure, DNSsec is proposed. To make a connection between two sites at a web application, secure socket layer (SSL) is used. SSL is between the application layer and transport layer and provides encryption and authentication between two connected sockets. SSL is the base for the transport layer security (TLS). Current web applications allow executable codes embedded in the data exchanged between two sites. Those executable codes however become a major threat to computer systems. There is no single nor easy solution for this problem. Well used approaches for solving this problem including restricting the foreign code within a virtual machine, authenticating the source which provides the code, and so on.

9 CMPT Multimedia Networking and Network Security 9 IP layer security (IPsec) The IETF (Internet Engineering Task Force) has devised a set of protocols known as IPsec to provide security service at IP layer. IPsec does not restrict the user to use a specific encryption or authentication method. Instead, IPsec provides a framework that allow each pair of communication end-points to choose algorithms and parameters (like key size). IPsec defines two protocols: Authentication Header (AH) protocol and Encapsulation Security Payload protocol. Firewalls So far we have discussed the security based on encryption. Another key component for realizing security is internet access control. A basic technique for internet access control is internet firewall. A firewall is a component or a set of components installed between the internal network of an organization and the rest of the Internet. A firewall restricts the access between a protected internal network and the Internet. Basic firewall technologies include packet filtering and proxy system. Packet filtering A firewall can be used as a packet filter. It selectively routes packets between the internal and external hosts based on the information in the IP layer and transport layer headers. Those information include IP source/destination address, packet type (UDP, TCP, etc.), UDP/TCP source/destination port, packet size, and so on. A packet-filter firewall uses a filtering table to decide how to deal with a packet. Possible actions on a packet include: Forward the packet to the destination. Drop the packet without notifying the sender. Drop the packet and give the sender an error message. Log information about the packet. Set off an alarm to notify someone about the packet. Modify the packet, e.g., perform the network address translation. Send the packet to a host other than the destination, e.g., to a proxy server. Modify the filtering table. Packet filtering has a number advantages. One firewall can help protecting the entire network. Simple packet filtering is fast. Packet filtering is widely available. There are also some disadvantages. Current filtering tools are not perfect. Especially, more secure services relies on more sophisticated filtering rules which reduce the speed of the firewall. Packet filtering can be implemented on a router which is between the internal network and the Internet. Such a router is known as screen router. Linux kernel and later supports the 4th generation of IP firewall netfilter. Proxy system Packet filtering works based on the information in the headers of the packets. The information on the data in the packet can also be used for filtering. This is application layer filtering. A proxy firewall can be used for this purpose. A proxy system may consist of a proxy server and a number of internal proxy clients. When a proxy client wants to connect to an external host, it sends a request to the proxy server. The proxy server checks the request and decides if it approves the

10 CMPT Multimedia Networking and Network Security 10 request or not. If it approves, the proxy server contacts the external host on behalf of the client. Similarly, the proxy server filters the incoming packets based on the information of the packets. Advantages of the proxy system include good at logging, intelligent filtering, user-level authentication, protection for weak or faulty IP implementation. Disadvantages include the proxy services lagging behind nonproxy services, may require extra servers, and may require the modifications to clients.

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Streaming Audio and Video

Streaming Audio and Video Streaming Audio and Video CS 360 Internet Programming Daniel Zappala Brigham Young University Computer Science Department Streaming Audio and Video Daniel Zappala 1/27 Types of Streaming stored audio and

More information

Lecture 33. Streaming Media. Streaming Media. Real-Time. Streaming Stored Multimedia. Streaming Stored Multimedia

Lecture 33. Streaming Media. Streaming Media. Real-Time. Streaming Stored Multimedia. Streaming Stored Multimedia Streaming Media Lecture 33 Streaming Audio & Video April 20, 2005 Classes of applications: streaming stored video/audio streaming live video/audio real-time interactive video/audio Examples: distributed

More information

Sources: Chapter 6 from. Computer Networking: A Top-Down Approach Featuring the Internet, by Kurose and Ross

Sources: Chapter 6 from. Computer Networking: A Top-Down Approach Featuring the Internet, by Kurose and Ross Multimedia Communication Multimedia Systems(Module 5 Lesson 2) Summary: H Internet Phone Example Making the Best use of Internet s Best-Effort Service. Sources: H Chapter 6 from Computer Networking: A

More information

Classes of multimedia Applications

Classes of multimedia Applications Classes of multimedia Applications Streaming Stored Audio and Video Streaming Live Audio and Video Real-Time Interactive Audio and Video Others Class: Streaming Stored Audio and Video The multimedia content

More information

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011 Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Streaming Audio and Video

Streaming Audio and Video Streaming Audio and Video Multimedia on the Internet Daniel Zappala Brigham Young University Computer Science Department Streaming Audio and Video Daniel Zappala 1/39 1 Introduction 2 Stored Media 3 CDNs

More information

Digital Audio and Video Data

Digital Audio and Video Data Multimedia Networking Reading: Sections 3.1.2, 3.3, 4.5, and 6.5 CS-375: Computer Networks Dr. Thomas C. Bressoud 1 Digital Audio and Video Data 2 Challenges for Media Streaming Large volume of data Each

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Review: Lecture 1 - Internet History

Review: Lecture 1 - Internet History Review: Lecture 1 - Internet History late 60's ARPANET, NCP 1977 first internet 1980's The Internet collection of networks communicating using the TCP/IP protocols 1 Review: Lecture 1 - Administration

More information

Internet Privacy Options

Internet Privacy Options 2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Voice-Over-IP. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Voice-Over-IP. Daniel Zappala. CS 460 Computer Networking Brigham Young University Voice-Over-IP Daniel Zappala CS 460 Computer Networking Brigham Young University Coping with Best-Effort Service 2/23 sample application send a 160 byte UDP packet every 20ms packet carries a voice sample

More information

Applications that Benefit from IPv6

Applications that Benefit from IPv6 Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,

More information

As enterprises conduct more and more

As enterprises conduct more and more Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Chapter 2: Representation of Multimedia Data Chapter 3: Multimedia Systems Communication Aspects and Services Multimedia Applications and Communication Protocols Quality of Service and Resource Management

More information

Multimedia Networking Applications

Multimedia Networking Applications Multimedia Communication Multimedia Systems Summary: Multimedia Networking Applications: Requirements Current Networks Limitations & Evolution RTSP Sources: Chapter 6 from Computer Networking: A Top-Down

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

First Semester Examinations 2011/12 INTERNET PRINCIPLES

First Semester Examinations 2011/12 INTERNET PRINCIPLES PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

IP-Telephony Real-Time & Multimedia Protocols

IP-Telephony Real-Time & Multimedia Protocols IP-Telephony Real-Time & Multimedia Protocols Bernard Hammer Siemens AG, Munich Siemens AG 2001 1 Presentation Outline Media Transport RTP Stream Control RTCP RTSP Stream Description SDP 2 Real-Time Protocol

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

TDM services over IP networks

TDM services over IP networks Keyur Parikh Junius Kim TDM services over IP networks 1. ABSTRACT Time Division Multiplexing (TDM) circuits have been the backbone of communications over the past several decades. These circuits which

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing E-Commerce Web Sites E-commerce Revision Companies create Web sites for very different reasons: simple proof-of concept sites Intranets (internal information) information-only sites for customers business-to-business

More information

Internet Security Firewalls

Internet Security Firewalls Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA

More information

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Test Cases Document VOIP SOFT PBX Project Code: SPBX Project Advisor : Aftab Alam Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Submission Date:23-11-2007 SPBX

More information

Encapsulating Voice in IP Packets

Encapsulating Voice in IP Packets Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls. Ahmad Almulhem March 10, 2012 Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 -------------------------------------------------------------------------- Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Protocol Rollback and Network Security

Protocol Rollback and Network Security CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

More information

Final for ECE374 05/06/13 Solution!!

Final for ECE374 05/06/13 Solution!! 1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Chapter 37. Secure Networks

Chapter 37. Secure Networks Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot

More information

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

An Introduction to VoIP Protocols

An Introduction to VoIP Protocols An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt) Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption

More information

Chapter 32 Internet Security

Chapter 32 Internet Security Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

More information

Clearing the Way for VoIP

Clearing the Way for VoIP Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

Requirements of Voice in an IP Internetwork

Requirements of Voice in an IP Internetwork Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

Broadband Networks. Prof. Dr. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Bombay. Lecture - 29.

Broadband Networks. Prof. Dr. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Bombay. Lecture - 29. Broadband Networks Prof. Dr. Abhay Karandikar Electrical Engineering Department Indian Institute of Technology, Bombay Lecture - 29 Voice over IP So, today we will discuss about voice over IP and internet

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

Internet Services & Protocols Multimedia Applications, Voice over IP

Internet Services & Protocols Multimedia Applications, Voice over IP Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dipl.-Inform. Stephan Groß Room: GRU314

More information

Internet Services & Protocols Multimedia Applications, Voice over IP

Internet Services & Protocols Multimedia Applications, Voice over IP Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail:

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

High Performance VPN Solutions Over Satellite Networks

High Performance VPN Solutions Over Satellite Networks High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

6. Streaming Architectures 7. Multimedia Content Production and Management 8. Commercial Streaming Systems: An Overview 9. Web Radio and Web TV

6. Streaming Architectures 7. Multimedia Content Production and Management 8. Commercial Streaming Systems: An Overview 9. Web Radio and Web TV Outline (Preliminary) 1. Introduction and Motivation 2. Digital Rights Management 3. Cryptographic Techniques 4. Electronic Payment Systems 5. Multimedia Content Description Part I: Content-Oriented Base

More information

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

Multimedia Communications Voice over IP

Multimedia Communications Voice over IP Multimedia Communications Voice over IP Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore 560012, India Voice over IP (Real time protocols) Internet Telephony

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Advanced Networking Voice over IP: RTP/RTCP The transport layer

Advanced Networking Voice over IP: RTP/RTCP The transport layer Advanced Networking Voice over IP: RTP/RTCP The transport layer Renato Lo Cigno Requirements For Real-Time Transmission Need to emulate conventional telephone system Isochronous output timing same with

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Protocols. Packets. What's in an IP packet

Protocols. Packets. What's in an IP packet Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets

More information

TCP - Introduction. Features of TCP

TCP - Introduction. Features of TCP TCP - Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Voice over IP: RTP/RTCP The transport layer

Voice over IP: RTP/RTCP The transport layer Advanced Networking Voice over IP: /RTCP The transport layer Renato Lo Cigno Requirements For Real-Time Transmission Need to emulate conventional telephone system Isochronous output timing same with input

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Unit 23. RTP, VoIP. Shyam Parekh

Unit 23. RTP, VoIP. Shyam Parekh Unit 23 RTP, VoIP Shyam Parekh Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

internet technologies and standards

internet technologies and standards Institute of Telecommunications Warsaw University of Technology 2015 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński multimedia in the Internet Voice-over-IP multimedia

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

Computer Networks & Security 2014/2015

Computer Networks & Security 2014/2015 Computer Networks & Security 2014/2015 IP Protocol Stack & Application Layer (02a) Security and Embedded Networked Systems time Protocols A human analogy All Internet communication is governed by protocols!

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

Examining Proxies to Mitigate Pervasive Surveillance

Examining Proxies to Mitigate Pervasive Surveillance Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and

More information

Network management and QoS provisioning - QoS in the Internet

Network management and QoS provisioning - QoS in the Internet QoS in the Internet Inernet approach is based on datagram service (best effort), so provide QoS was not a purpose for developers. Mainly problems are:. recognizing flows;. manage the issue that packets

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Distributed Systems. 2. Application Layer

Distributed Systems. 2. Application Layer Distributed Systems 2. Application Layer Werner Nutt 1 Network Applications: Examples E-mail Web Instant messaging Remote login P2P file sharing Multi-user network games Streaming stored video clips Social

More information

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission

More information

QoS issues in Voice over IP

QoS issues in Voice over IP COMP9333 Advance Computer Networks Mini Conference QoS issues in Voice over IP Student ID: 3058224 Student ID: 3043237 Student ID: 3036281 Student ID: 3025715 QoS issues in Voice over IP Abstract: This

More information