Multimedia Networking and Network Security
|
|
- Junior Fields
- 8 years ago
- Views:
Transcription
1 CMPT Multimedia Networking and Network Security 1 Multimedia Networking and Network Security This note is based on Chapters 7 and 8 of the text book. Outline of multimedia networking Multimedia networking application Streaming stored audio and video Making the best out of best effort service New applications Multimedia Networking In recent years, there has been an explosive growth of new applications on the Internet like streaming video, IP telephony, teleconferencing, interactive games, virtual world, distance learning, and so on. Those multimedia networking applications are referred as continuous-media applications and require services different from those for traditional elastic applications like , Web, remote login, etc. They are also different from download-and-then-play applications. Especially, the new applications require high quality on the communication latency and the latency variation (delay-sensitive) but may not require high quality on the error rate (loss-tolerant). One key issue for supporting new multimedia networking applications is how to get the high quality for the communication latency on the best effort Internet which provides no latency guarantee. Another key issue is how to improve the Internet architecture to provide support for the service required by multimedia applications. Streaming stored audio and video. Applications have the following key features: Stored media, the contents has been prerecorded and is stored at the server. So, a user may pause, rewind, or fast-forward the multimedia contents. The response time to the above actions should be in the order of 1-10 seconds. Streaming, a user starts playout a few seconds after it begins receiving the file from the server. So, a user plays out the audio/video from one location in the file while it is receiving later parts of the file from the server. This technique is called streaming and avoids having download the entire file before starting playout. Continuous playout, once playout begins, it should proceed based on the original timing of the recording. This requires high quality on the end-to-end delay. Streaming live audio and video. Applications are similar to traditional radio and television, except that audio/video contents are transmitted on the Internet. In these applications, many clients may receive the same program. A key issue here is how to deliver the program efficiently to multiple clients on the Internet. IP multicasting technologies play a key role for this. Similar to streaming stored audio and video applications, applications here require continuous playout and high quality on the end-to-end delay.
2 CMPT Multimedia Networking and Network Security 2 Real time interactive audio and video. Applications allow users using audio/video to communicate with each other in real time. Realtime interactive audio on the Internet is known as Internet phone. Applications in this category require very high quality on the end-to-end delay, usually a fraction of one second. Hurdles for multimedia in today s Internet The Internet Protocol (IP) used in the Internet provides connectionless best effort service for transmitting datagrams. The IP does not guarantee the end-to-end delay nor the uniform delay for all datagrams in a same packet stream. The variations of packet delays within the same packet stream is called packet jitter. The end-to-end delay and packet jitter in the Internet are major hurdles for multimedia applications on the Internet. How to overcome hurdles There are many approaches discussed for overcoming the hurdles mentioned above. At one extreme, it is argued that fundamental changes to the Internet should be made so that the users can explicitly reserve the bandwidth on every link in the path for transmitting the packets. On the other hand, it is argued that fundamental changes are difficult and incremental improvements over the best-effort IP are more practical. Especially, the improvements include: The Internet Service Providers (ISP) should scale/upgrade their networks well to meet the demands. The upgrade includes more bandwidth and caches in networks for heavily accessed data. Content distribution networks (CDNs), replicate stored contents and put the contents at edges of the Internet. Multicast overlay networks for sending data to a huge number of users simultaneously. Another approach is differentiated services (Diffserv). In this approach, small changes at the network and transport layers are required and scheduling/policing schemes are introduced at edges of the network. The idea is to introduce traffic classes, assign each datagram to one of the classes, and give datagrams different levels of services based on their class. Streaming stored audio and video In these applications, clients request audio/video data stored at servers. Upon client s request, servers send the data into a socket connection for transmission. Both TCP and UDP socket connections have been used in practice. The data are segmented and the segments are encapsulated with special headers appropriate for audio/video traffic. The real time protocol (RTP, will be discussed later) is a public-domain standard for encapsulating such segments. Audio/video streaming applications usually provide user interactivity which requires a protocol for client/server interaction. The real time streaming protocol (RTSP) is a public-domain protocol for this purpose. Clients often request data through a Web browser. A separate helper application (called media player) is required for playing out the audio/video. Well used helpers include RealPlayer and MediaPlayer. Access audio/video through Web server
3 CMPT Multimedia Networking and Network Security 3 The stored audio/video files can be delivered by a Web server or by an audio/video streaming server. When an audio file is delivered by a Web server, the file is treated as an ordinary object in the server s file system, like HTML and JEPG files. To get the file, a client establishes a TCP connection with the server and sends an HTTP request for the object. On receiving the request, the Web server encapsulates the audio file in an HTTP response message and sends the message back to the TCP connection. It is more complicated for the video case because usually the sounds (audio) and images are stored in two different files. In this case, a client sends two HTTP requests over two separate TCP connections and the server sends two responses, one for sounds and the other for images, to the client in parallel. It is up to the client to synchronize the two streams. Sending multimedia from a streaming server to a helper application Audio/video files can be delivered by a streaming server to a media player. Streaming servers include those marketed by RealNetworks and Microsoft, and those of public-domain servers. With a streaming server, audio/video files can be transmitted over UDP which has much smaller endto-end delay than TCP. Making the best of the best-effort service Limitation of best-effort service Packet loss, IP provides the best-effort service but does not guarantee the delivery of packets. Packets may be discarded due to congestions. End-to-end delay, IP does not guarantee the end-to-end delay either. The time for transmitting a packet may vary due to the conditions of the network. Also, in order to guarantee the delivery, positive acknowledgement and retransmission are used in TCP. The cost for realizing the reliable transmission in TCP is a longer end-to-end delay. Packet jitter, since the end-to-end delay for each packet may depend on the conditions of the network, the delays of packets in the same packet stream may vary. Especially, the packets may arrive to the receiver in a wrong order. Removing jitter at the receiver for audio In applications like Internet phone or audio-on-demand, it is up to the receiver to remove the jitters. Common techniques used include sequence number, timestamp, and delaying playout. The sender can put a sequence number on every packet sent and the receiver can use the sequence number to recover the correct order of the received packets. Timestamp is similar to sequence number, the sender stamps each packet with the time at which the packet is generated. In order to get the correct order from the sequence number and timestamp for a sequence of packets, the receiver need to receive all of the packets in the sequence. Playout delay is used for this purpose. The playout delay should be long enough to receive all packets in a subsequence of packets which can be played. On the other hand, the delay should be short enough so that the user will not notice the delay. The playout delay can be either fixed or adaptive. Fixed playout delay, the receiver plays out each packet exactly q msecs after the packet is generated. Usually, q is up to a few hundreds msecs. Adaptive playout delay, the receiver estimate the network delay and the variance of the network delay at the beginning of each talk, and adjusts the playout delay accordingly. Recovering from packet loss
4 CMPT Multimedia Networking and Network Security 4 A major scheme for handling packet loss for elastic applications is retransmission. However, this scheme does not work well for applications with strict end-to-end delay constraint. Internet phone applications usually use loss anticipation schemes to handle packet loss. Forward error correction (FEC) is one of such schemes. The basic idea of this scheme is to include redundant information in the original packet stream. The redundant information can be used to reconstruct the lost packet. One approach for the FEC scheme is to send the exclusive OR of every n packets as a redundant packet. If any one of the n + 1 packet is lost, the receiver can reconstruct it. However the scheme does not work if two or more of the n + 1 packets are lost. Another approach is to send two copies of the same packet, usually one is the original packet and the other is a short version (lower-resolution audio) of the packet. An example is that the short version of packet i is sent together with packet i + 1. FEC uses extra bandwidth of networks. Interleaving is another loss anticipation scheme. This scheme resequences units of audio data before transmission so that the original adjacent units are separated by some distance in the transmitted stream. The receiver rearranges the received stream into its original order before it is resequenced. If a transmitted packet is lost, only a small fraction of each original packet is lost and the quality of the voice may not be damaged much. Interleaving does not use extra bandwidth but introduces extra end-to-end delay. Receiver-based repair of damaged audio stream. This scheme reconstructs a lost packet using the other received packets based on the fact that there are large amount of short term self-similar signals in audio data, especially for speech. A simplest approach is packet repetition, using the immediate previous packet to replace the lost one. Another approach is interpolation, using the packets before and after the loss to interpolate a packet to cover the loss. Content Distribution Network (CDN) A major problem in multimedia networking is difficult to stream large files from a single server in real time. A solution for this problem is to replicate content at hundreds (CDN) servers, each server is at an edge of Internet and provide service to users close to it. A content distributed network (CDN) consists of servers connected by Internet. The servers are also considered connected by a logical network. Downloading content to CDN servers from the original server is realized by multicast over the logical network. Outline of network security Network security issues Principles of cryptography Message integrity Application layer security Transport layer security Network layer security Operational security, firewalls Network Security
5 CMPT Multimedia Networking and Network Security 5 Security issues Important issues in network security include the following. Confidentiality: To protect information from unauthorized disclosure. Two approaches are usually used to achieve this. One is to restrict the access to the information, e.g., to prevent unauthorized parties to have any access to the data. The other is to make the data meaningless to the unauthorized parties by encryption. Integrity: To protect information from unauthorized change. Authentication: To allow two communicating entities to validate each other s identity. Nonrepudiation: To prove that the received message is from a specific sender. Availability: To guarantee that unauthorized parties can not block the legitimate access to the information. Access control (Authorization): To control the access level of users to the data. Accountability: To track or audit what an individual or entity is doing on the network or system. Basic strategy Prevention, detection, and response are the basic strategies for achieving the network security. Prevention is the 1st step. To make a security system, it is critical to implement some measures to prevent any failure in the above issues. t should be noted that it is impossible to have a security scheme that can prevent all attacks on the system. Detection is needed to find the weak point of the system once a preventative measure is broken. Appropriate response procedure is also needed to deal with the weak point detected. Encryption Encryption and access control play central roles in network and information security. The encryption/decryption techniques have been used to achieve the confidentiality in communication for thousands of years. To send a message, the source uses encryption key and algorithm to encrypt the message and sends the encrypted message. The destination uses decryption key and algorithm to decrypt the received message. The security is based on the assumption that if one does not have the decryption key, one can not get any information from the encrypted message. Digital signature is used to provide integrity, authentication, and nonrepudiation. Encryption and certificate authority are key factors in digital signature. The encryption/decryption techniques can be classified into two classes. One is secret-key encryption and the other is public-key encryption. Secret-key encryption In secret-key encryption, the decryption key can be easily obtained from the encryption key. In fact, they can be the same key. So, the source and destination need to keep their keys in secret to ensure the security. If the same key is used for both encryption and decryption, the algorithm for decryption is the inverse of the algorithm for encryption. When the same key is used for both the encryption and decryption, secret-key encryption is also called symmetric encryption. Secret-key encryption has been used for thousands of years. One popular method used in network communication now is called data encryption standard (DES). DES encrypts and decrypts at bitlevel. The data is considered as a string of bits which is partitioned into segments of 64 bits. If
6 CMPT Multimedia Networking and Network Security 6 the last segment has less than 64 bits, 0 is padded. Each segment is encrypted by a 64-bit key (there are 56 effective bits and 8 parity bits in the key). To encrypt a message, DES scrambles each segment in multiple stages. The least significant 32 bits of the segment at current stage become the most significant 32 bits of the segment in the next stage. The most significant 32 bits at current stage are scrambled based on the key and become the least significant 32 bits in the next stage. Decryption is an inverse process. DES is not considered secure now because the length of the encryption/decryption key is not large enough. More secure secret-key schemes have been developed. Those schemes include Triple DES and Advanced Encryption Standard (AES). Public-key encryption For each user, there are two keys, one is a public key, used for encryption, and the other is a private key, used for decryption. The user announces the public key to everyone in the network but keeps the private key secret. Anyone who wants to send a message to this user in a secure way, it uses the public key to encrypt the message and the user uses its secret private key to decrypt the message. One principle in public-key encryption is that it should be extremely difficult to calculate the private key from the public key. The design of the keys usually involves some special mathematics such as one way function. A one way function y = f(x) is that it easy compute y when f and x are given, while it is difficult to compute x when y and the inverse function f 1 are given. An example: define f(p, q) to be the product of two prime numbers p and q. Then it takes O(n 1.59 ) time to compute y = p q of n bits. However, a brute-force algorithm takes O(2 n/2 ) time to compute p and q from y. In practice, there is a heuristic algorithm which takes O(2 n/4 ) time to compute p and q from y. If n is large enough, say 1024 or 2048 bits, then it is impossible to factorize y within any reasonable time even with the most powerful computers. In fact, the most common public key encryption scheme RSA is based on the above function. The name RSA comes from its inventors (Rivest, Shamir, and Adleman). To calculate the keys in RSA scheme, first two large prime numbers p and q, and then N = p q are computed. Next a small odd integer e which is relatively prime to (p 1)(q 1) is computed. Finally, find the integer d in the solution of the equation of d e 1 mod (p 1)(q 1). The public key is (e, N) and the private key is (d, N). To encrypt a message M, RSA algorithm treats M as a number and computes C = M e mod N as the encrypted message. The message C can be decrypted to M by M = C d mod N. An example of RSA. Assume that we send characters HELLO one by one using RSA. Each character is assigned an integer as shown below. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
7 CMPT Multimedia Networking and Network Security 7 We choose p = 3, q = 11 to get N = 3 1 = 33, (p 1) (q 1) = 20, and choose e = 3 to get d = 7 from d 3 1 mod 20. Below are the values calculated for each character in RSA. Ch M M^3 C=M^3(mod 33) C^7 C^7(mod 33)=M Ch H H E E L L L L O O A major advantage of public-key encryption is that one pair of keys for one user. This reduces the number of keys to n pairs for a system with n users. A disadvantage is the high computation complexity of encryption algorithm. For example, in RSA scheme the number N is known to public. If one can find the prime factors p and q then one can calculate d and thus the private key (d, N). The security of RSA relies on the difficulty of factorizing large N. To guarantee the security, large N, e.g., 512 bits, 1024 bits, or even 2048 bits integers are used. The calculation of M e mod N and C d mod N is not efficient for large N. Another disadvantage is that the announced public key of a user must be verified. That is, if a user A announces a public key, the other users must make sure the announced key belongs to A. This is especially important when public-key encryption is used for digital signature. The verification can be handled by certification authority. Secret-key encryption is often used for long message and public-key encryption is appropriate for short message. A combination of using secret-key and public key may like this. Assume Alice wants to send Bob a long message. Alice prepares a secret key, encrypts the key with Bob s public-key, and sends the encrypted key to Bob. Then Alice encrypts the message with the secret key and sends the encrypted message to Bob. Bob can get the secret key by his private-key and then uses the secret key to decrypt the message. Digital signature Digital signature refers the sign on an electronic document. It is a key for realizing authentication, integrity, and nonrepudiation. A digital signature on a message should guarantee that (1) the identity of a sender can be verified by a receiver; (2) a message from a sender can not be denied by the sender; and (3) a message from a sender can not be concocted by a receiver. Digital signature can be realized by either secret key encryption scheme or public key encryption scheme. However, it is more complex to use secret key encryption scheme for digital signature. Digital signature by symmetric-key encryption One approach is to have a central authority CA in the system. Every user X has a secret key K X. Only X and CA know K X. Every user knows CA s secret key K CA. Assume that A sends a message M to B. Then: A encrypts (M, B) by key K A to get K A (M, B) and sends it to CA. CA decrypts K A (M, B), encrypts (M, A) by key K CA to get K CA (M, A), encrypts (M, A, K CA (M, A)) by key K B to get K CA (M, A, K CA (M, A)), and sends K CA (M, A, K CA (M, A)) to B. Digital signature by public-key encryption It is more convenient to use public-key encryption scheme to sign a document. The idea is simple: the sender A uses its private-key to encrypt (sign) the document and the receiver uses A s publickey to decrypt the message (verify the sign). Because it is difficult to compute the private-key,
8 CMPT Multimedia Networking and Network Security 8 it is difficult to forge the signature. Digital signature can provide integrity, authentication, and nonrepudiation. If the encrypted (signed) message is changed partially or totally without the knowledge of the private-key (signature), the decrypted message will be (with overwhelming probability) unreadable. So, the integrity of the message is preserved. Assume that some other user B sends a message pretending the message from A. If B does not know A s private-key (signature), then the message produced by B will be unreadable after the message is decrypted by A s public-key. This gives the authentication. Similarly, if A sends out a signed document, only A s public-key can decrypt the message into a meaningful document. A will not be able to deny the fact of sending the message. This provides the nonrepudiation. Digital signature does not provide confidentiality. Every one can decrypt the signed document by sender s public-key. If the document should be kept confidential, then another layer of encryption is needed. For example, the sender encrypts the signed document with the receiver s public-key. The receiver decrypts the message with its private-key and then verifies the signature of sender by sender s public-key. Internet security Internet security is based on the principles and concepts discussed above. The security measures can be applied to each of the Internet layer. We will discuss application layer security and IP layer security here. Application layer security Application layer security is realized by each application program. The implementation of application layer security is simple for unicast communication. The sender and receiver can agree to use the same protocol and a specific type of security service. Web security Major issues in web security include: secure naming, how to securely name objects and resources; secure connection, how to establish a secure connection; and mobile code security, how to deal with an executable code from a website. Assume that A wants to connect to B s website. A types the URL of B into A s browser and connects to a website. However, there is no guarantee that the website A s reaches is indeed B s website because some cracker may have changed the URL-IP-address mapping provided by a DNS server. To make the DNS service more secure, DNSsec is proposed. To make a connection between two sites at a web application, secure socket layer (SSL) is used. SSL is between the application layer and transport layer and provides encryption and authentication between two connected sockets. SSL is the base for the transport layer security (TLS). Current web applications allow executable codes embedded in the data exchanged between two sites. Those executable codes however become a major threat to computer systems. There is no single nor easy solution for this problem. Well used approaches for solving this problem including restricting the foreign code within a virtual machine, authenticating the source which provides the code, and so on.
9 CMPT Multimedia Networking and Network Security 9 IP layer security (IPsec) The IETF (Internet Engineering Task Force) has devised a set of protocols known as IPsec to provide security service at IP layer. IPsec does not restrict the user to use a specific encryption or authentication method. Instead, IPsec provides a framework that allow each pair of communication end-points to choose algorithms and parameters (like key size). IPsec defines two protocols: Authentication Header (AH) protocol and Encapsulation Security Payload protocol. Firewalls So far we have discussed the security based on encryption. Another key component for realizing security is internet access control. A basic technique for internet access control is internet firewall. A firewall is a component or a set of components installed between the internal network of an organization and the rest of the Internet. A firewall restricts the access between a protected internal network and the Internet. Basic firewall technologies include packet filtering and proxy system. Packet filtering A firewall can be used as a packet filter. It selectively routes packets between the internal and external hosts based on the information in the IP layer and transport layer headers. Those information include IP source/destination address, packet type (UDP, TCP, etc.), UDP/TCP source/destination port, packet size, and so on. A packet-filter firewall uses a filtering table to decide how to deal with a packet. Possible actions on a packet include: Forward the packet to the destination. Drop the packet without notifying the sender. Drop the packet and give the sender an error message. Log information about the packet. Set off an alarm to notify someone about the packet. Modify the packet, e.g., perform the network address translation. Send the packet to a host other than the destination, e.g., to a proxy server. Modify the filtering table. Packet filtering has a number advantages. One firewall can help protecting the entire network. Simple packet filtering is fast. Packet filtering is widely available. There are also some disadvantages. Current filtering tools are not perfect. Especially, more secure services relies on more sophisticated filtering rules which reduce the speed of the firewall. Packet filtering can be implemented on a router which is between the internal network and the Internet. Such a router is known as screen router. Linux kernel and later supports the 4th generation of IP firewall netfilter. Proxy system Packet filtering works based on the information in the headers of the packets. The information on the data in the packet can also be used for filtering. This is application layer filtering. A proxy firewall can be used for this purpose. A proxy system may consist of a proxy server and a number of internal proxy clients. When a proxy client wants to connect to an external host, it sends a request to the proxy server. The proxy server checks the request and decides if it approves the
10 CMPT Multimedia Networking and Network Security 10 request or not. If it approves, the proxy server contacts the external host on behalf of the client. Similarly, the proxy server filters the incoming packets based on the information of the packets. Advantages of the proxy system include good at logging, intelligent filtering, user-level authentication, protection for weak or faulty IP implementation. Disadvantages include the proxy services lagging behind nonproxy services, may require extra servers, and may require the modifications to clients.
Chapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationLecture 33. Streaming Media. Streaming Media. Real-Time. Streaming Stored Multimedia. Streaming Stored Multimedia
Streaming Media Lecture 33 Streaming Audio & Video April 20, 2005 Classes of applications: streaming stored video/audio streaming live video/audio real-time interactive video/audio Examples: distributed
More informationSources: Chapter 6 from. Computer Networking: A Top-Down Approach Featuring the Internet, by Kurose and Ross
Multimedia Communication Multimedia Systems(Module 5 Lesson 2) Summary: H Internet Phone Example Making the Best use of Internet s Best-Effort Service. Sources: H Chapter 6 from Computer Networking: A
More informationClasses of multimedia Applications
Classes of multimedia Applications Streaming Stored Audio and Video Streaming Live Audio and Video Real-Time Interactive Audio and Video Others Class: Streaming Stored Audio and Video The multimedia content
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationDigital Audio and Video Data
Multimedia Networking Reading: Sections 3.1.2, 3.3, 4.5, and 6.5 CS-375: Computer Networks Dr. Thomas C. Bressoud 1 Digital Audio and Video Data 2 Challenges for Media Streaming Large volume of data Each
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationReview: Lecture 1 - Internet History
Review: Lecture 1 - Internet History late 60's ARPANET, NCP 1977 first internet 1980's The Internet collection of networks communicating using the TCP/IP protocols 1 Review: Lecture 1 - Administration
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationApplications that Benefit from IPv6
Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationVoice-Over-IP. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Voice-Over-IP Daniel Zappala CS 460 Computer Networking Brigham Young University Coping with Best-Effort Service 2/23 sample application send a 160 byte UDP packet every 20ms packet carries a voice sample
More informationAs enterprises conduct more and more
Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2: Representation of Multimedia Data Chapter 3: Multimedia Systems Communication Aspects and Services Multimedia Applications and Communication Protocols Quality of Service and Resource Management
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationFirst Semester Examinations 2011/12 INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationIP-Telephony Real-Time & Multimedia Protocols
IP-Telephony Real-Time & Multimedia Protocols Bernard Hammer Siemens AG, Munich Siemens AG 2001 1 Presentation Outline Media Transport RTP Stream Control RTCP RTSP Stream Description SDP 2 Real-Time Protocol
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationTDM services over IP networks
Keyur Parikh Junius Kim TDM services over IP networks 1. ABSTRACT Time Division Multiplexing (TDM) circuits have been the backbone of communications over the past several decades. These circuits which
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationE-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing
E-Commerce Web Sites E-commerce Revision Companies create Web sites for very different reasons: simple proof-of concept sites Intranets (internal information) information-only sites for customers business-to-business
More informationProject Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080
Test Cases Document VOIP SOFT PBX Project Code: SPBX Project Advisor : Aftab Alam Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Submission Date:23-11-2007 SPBX
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA
More informationEncapsulating Voice in IP Packets
Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationComputer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------
Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationFinal for ECE374 05/06/13 Solution!!
1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationChapter 37. Secure Networks
Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationAn Introduction to VoIP Protocols
An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationClearing the Way for VoIP
Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationBroadband Networks. Prof. Dr. Abhay Karandikar. Electrical Engineering Department. Indian Institute of Technology, Bombay. Lecture - 29.
Broadband Networks Prof. Dr. Abhay Karandikar Electrical Engineering Department Indian Institute of Technology, Bombay Lecture - 29 Voice over IP So, today we will discuss about voice over IP and internet
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationRequirements of Voice in an IP Internetwork
Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dipl.-Inform. Stephan Groß Room: GRU314
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail:
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationVoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
More information6. Streaming Architectures 7. Multimedia Content Production and Management 8. Commercial Streaming Systems: An Overview 9. Web Radio and Web TV
Outline (Preliminary) 1. Introduction and Motivation 2. Digital Rights Management 3. Cryptographic Techniques 4. Electronic Payment Systems 5. Multimedia Content Description Part I: Content-Oriented Base
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationELECTRONIC COMMERCE OBJECTIVE QUESTIONS
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationUnit 23. RTP, VoIP. Shyam Parekh
Unit 23 RTP, VoIP Shyam Parekh Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP
More informationProtocols. Packets. What's in an IP packet
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
More informationAdvanced Networking Voice over IP: RTP/RTCP The transport layer
Advanced Networking Voice over IP: RTP/RTCP The transport layer Renato Lo Cigno Requirements For Real-Time Transmission Need to emulate conventional telephone system Isochronous output timing same with
More informationMultimedia Communications Voice over IP
Multimedia Communications Voice over IP Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore 560012, India Voice over IP (Real time protocols) Internet Telephony
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationThree attacks in SSL protocol and their solutions
Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer
More informationVoice over IP: RTP/RTCP The transport layer
Advanced Networking Voice over IP: /RTCP The transport layer Renato Lo Cigno Requirements For Real-Time Transmission Need to emulate conventional telephone system Isochronous output timing same with input
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology 2015 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński multimedia in the Internet Voice-over-IP multimedia
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationQoS Issues for Multiplayer Gaming
QoS Issues for Multiplayer Gaming By Alex Spurling 7/12/04 Introduction Multiplayer games are becoming large part of today s digital entertainment. As more game players gain access to high-speed internet
More informationComputer Networks & Security 2014/2015
Computer Networks & Security 2014/2015 IP Protocol Stack & Application Layer (02a) Security and Embedded Networked Systems time Protocols A human analogy All Internet communication is governed by protocols!
More informationMeasurement of the Usage of Several Secure Internet Protocols from Internet Traces
Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified
More informationNetwork management and QoS provisioning - QoS in the Internet
QoS in the Internet Inernet approach is based on datagram service (best effort), so provide QoS was not a purpose for developers. Mainly problems are:. recognizing flows;. manage the issue that packets
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationQoS issues in Voice over IP
COMP9333 Advance Computer Networks Mini Conference QoS issues in Voice over IP Student ID: 3058224 Student ID: 3043237 Student ID: 3036281 Student ID: 3025715 QoS issues in Voice over IP Abstract: This
More informationExamining Proxies to Mitigate Pervasive Surveillance
Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and
More informationStreaming Stored Audio & Video
Streaming Stored Audio & Video Streaming stored media: Audio/video file is stored in a server Users request audio/video file on demand. Audio/video is rendered within, say, 10 s after request. Interactivity
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationDistributed Systems. 2. Application Layer
Distributed Systems 2. Application Layer Werner Nutt 1 Network Applications: Examples E-mail Web Instant messaging Remote login P2P file sharing Multi-user network games Streaming stored video clips Social
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More information