Secure SIP-based Mobility Management Scheme for Cost-Optimized NEMO Environments



Similar documents
Performance Analysis of Energy Consumption of Smartphone Running Mobile Hotspot Application

A Secure Password-Authenticated Key Agreement Using Smart Cards

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS

Canon NTSC Help Desk Documentation

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

Hosted Voice Self Service Installation Guide

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST)

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Traffic State Estimation in the Traffic Management Center of Berlin

Calculating the high frequency transmission line parameters of power cables

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

A role based access in a hierarchical sensor network architecture to provide multilevel security

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

An RFID Distance Bounding Protocol

An Interest-Oriented Network Evolution Mechanism for Online Communities

Performance Analysis and Comparison of QoS Provisioning Mechanisms for CBR Traffic in Noisy IEEE e WLANs Environments

Conferencing protocols and Petri net analysis

A Novel Pathway for Portability of Networks and Handing-on between Networks

Enabling P2P One-view Multi-party Video Conferencing

P2P/ Grid-based Overlay Architecture to Support VoIP Services in Large Scale IP Networks

Efficient Bandwidth Management in Broadband Wireless Access Systems Using CAC-based Dynamic Pricing

Network Security Situation Evaluation Method for Distributed Denial of Service

CHOLESTEROL REFERENCE METHOD LABORATORY NETWORK. Sample Stability Protocol

Relay Secrecy in Wireless Networks with Eavesdropper

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks

Efficient On-Demand Data Service Delivery to High-Speed Trains in Cellular/Infostation Integrated Networks

J. Parallel Distrib. Comput.

M3S MULTIMEDIA MOBILITY MANAGEMENT AND LOAD BALANCING IN WIRELESS BROADCAST NETWORKS

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

Open Access A Load Balancing Strategy with Bandwidth Constraint in Cloud Computing. Jing Deng 1,*, Ping Guo 2, Qi Li 3, Haizhu Chen 1

sscada: securing SCADA infrastructure communications

Frequency Selective IQ Phase and IQ Amplitude Imbalance Adjustments for OFDM Direct Conversion Transmitters

A GENERIC HANDOVER DECISION MANAGEMENT FRAMEWORK FOR NEXT GENERATION NETWORKS

Reinforcement Learning for Quality of Service in Mobile Ad Hoc Network (MANET)

VoIP Playout Buffer Adjustment using Adaptive Estimation of Network Delays

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *

On File Delay Minimization for Content Uploading to Media Cloud via Collaborative Wireless Network

EVALUATING THE PERCEIVED QUALITY OF INFRASTRUCTURE-LESS VOIP. Kun-chan Lan and Tsung-hsun Wu

Optimization Model of Reliable Data Storage in Cloud Environment Using Genetic Algorithm

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

denote the location of a node, and suppose node X . This transmission causes a successful reception by node X for any other node

GR-303 Solution For Access Gateways

A Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks

Scalable and Secure Architecture for Digital Content Distribution

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION. Michael E. Kuhl Radhamés A. Tolentino-Peña

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

Complex Service Provisioning in Collaborative Cloud Markets

A Dynamic Energy-Efficiency Mechanism for Data Center Networks

Towards a Light-weight Bag-of-tasks Grid Architecture

Dimming Cellular Networks

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Methodology to Determine Relationships between Performance Factors in Hadoop Cloud Computing Applications

Politecnico di Torino. Porto Institutional Repository

RequIn, a tool for fast web traffic inference

A High-confidence Cyber-Physical Alarm System: Design and Implementation

How To Detect An Traffc From A Network With A Network Onlne Onlnet

Proceedings of the Annual Meeting of the American Statistical Association, August 5-9, 2001

Enterprise Master Patient Index

Application of Multi-Agents for Fault Detection and Reconfiguration of Power Distribution Systems

A Dynamic Load Balancing for Massive Multiplayer Online Game Server

Chapter 3: Dual-bandwidth Data Path and BOCP Design

2008/8. An integrated model for warehouse and inventory planning. Géraldine Strack and Yves Pochet

Secure Network Coding Over the Integers

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Ad-Hoc Games and Packet Forwardng Networks

METHODOLOGY TO DETERMINE RELATIONSHIPS BETWEEN PERFORMANCE FACTORS IN HADOOP CLOUD COMPUTING APPLICATIONS

Damage detection in composite laminates using coin-tap method

THE DISTRIBUTION OF LOAN PORTFOLIO VALUE * Oldrich Alfons Vasicek

A generalized hierarchical fair service curve algorithm for high network utilization and link-sharing

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

The OC Curve of Attribute Acceptance Plans

Cooperative Load Balancing in IEEE Networks with Cell Breathing

What is Candidate Sampling

Multiple-Period Attribution: Residuals and Compounding

Forecasting the Direction and Strength of Stock Market Movement

DEFINING %COMPLETE IN MICROSOFT PROJECT

Analysis of Energy-Conserving Access Protocols for Wireless Identification Networks

Calculation of Sampling Weights

Oservce Vs. Sannet - Which One is Better?

Dynamic Pricing for Smart Grid with Reinforcement Learning

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

Transcription:

Secure SIP-based Moblty Management Scheme for Cost-Optmzed NEMO Envronments Chulhee Cho 1 Jae-Young Cho 1 Jun-Dong Cho 2 and Jongpl Jeong 2* 1 College of Informaton and Communcaton Engneerng Sungkyunkwan Unversty Suwon Korea 2 Department of Human ICT Convergence ( * Correspondng Author) Sungkyunkwan Unversty Suwon Korea tgb017@nate.com {jaeychojdchojpjeong}@skku.edu ABSTRACT The moble Vrtual Prvate Network (MVPN) of the Internet Engneerng Task Force (IETF) s not desgned to support NEtwork MOblty (NEMO) and s not sutable for real-tme applcatons. Therefore archtecture and protocols to support VPN n NEMO are needed. Therefore n ths paper we propose a costeectve and secure moblty management scheme (SeSIP) that s based on sesson ntaton protocol (SIP) and desgned for real-tme applcatons wth VPN. Our scheme to support MVPN n NEMO enables the sesson to be well mantaned durng movement of the entre network. Further n order to reduce the authentcaton delay tme n hando operatons the sgnalng tme whch occurs to mantan the sesson s shortened through our proposed hando scheme whch adopts authentcaton usng HMAC-based one-tme password (HOTP). Our performance analyss results show our proposed scheme provdes mprovement n average hando performance tme relatve to exstng schemes. KEYWORDS NEMO MVPN SIP HOTP Moblty Management. 1 INTRODUCTION As the coverage area of wreless LAN (WLAN) expands the demand from users s growng for access to the Internet anytme and anywhere. To satsfy ths requrement technologes that enable access to the Internet on trans busses shps and other modes of transportatons have come nto the lmelght. One such technology s NEMO an IP network moblty technology [1-3]. The acronyms used n ths paper s lsted n Table 1. NEMO enables Internet connecton servce to be provded from the moble router (MR) wth all the nodes nsde the network not recognzng the moblty a standardzaton that s makng progress n IETF based on IPv6. NEMO provdes moblty servce through drect lnks to the Internet network wthout passng through other networks. Thus t can be appled to telematcs Personal Area Networks (PAN) Ad-hoc networks etc. as well as provdng varous means of moblty. The IETF NEMO workng group has completed several RFCs to enable a network to move from one locaton to another locaton whle stll mantanng ts local nodes ongong sessons. For example a NEMO VPN can be used n publc safety where wreless devces n a polce patrol car can access to the crmnal databases drver lcense and vehcle regstraton databases or other servces n the dspatch center as the car travels between derent subnets. Smlar type of servces can also be used n ambulance or moble medcal car where varous wreless devces or sensors are deployed nsde the car. Securty has recently emerged as an mportant ssue for the Internet and vrtual prvate network (VPN) was developed to ensure stablty n user communcatons between the Internet and the ntranet. VPN servce n NEMO has wde-rangng applcatons provdng stable access to the ntranet for moble networks. For example NEMO VPN enables access to the crmnal drver s lcense and car regstraton databases from a polce patrol car va the moble devce thereby helpng to ncrease publc safety. However a method for provdng VPN servce has yet to be dentfed n the NEMO workng group of IETF. ISBN:978-0-9891305-6-1 2014 SDIWC 24

Although IETF proposed a VPN archtecture that supports moblty ths soluton dd not consder moble equpment groups and s only applcable for a sngle node and furthermore t s based on MIP whch s not suted for real-tme applcatons. MVPN of IETF uses one IPSec [4] tunnels and two MIP tunnels. These three tunnels are major contrbutors to overhead durng the real-tme packet transfer. Thus a new archtecture and protocol are requred to support the MVPN n safe NEMO. In addton the complexty of the authentcaton procedure and multple sgnalng messages that may occur n varous nodes due to the movement of the moble equpment group are also major contrbutors to overhead. Ths paper proposes a Cost-Eectve and Secure Moblty Management Scheme (SeSIP) based on the SIP (Sesson Intaton Protocol) whch s sutable for real-tme applcaton on MVPN and whch shortens the sgnalng tme. Ths desgn mantans the sesson contnuously as the overall network moves. It ntegrates SIP-based MVPN and NEMO to provde ecent group moblty for hgh securty and real-tme servces. Addtonally all SIP clents can drectly communcate wth each other bypassng the moble agent such as the Home Agent (HA) n MIP. Thus the path s optmzed. Ths s useful for real-tme applcatons such as IP-based voce communcatons (VoIP) and vdeo streamng and t does not requre an IPSec tunnel or MIP tunnel. Hence a sngle NEMO VPN gateway can support an entre moble network upon the address request of a moble network that has changed ts connecton locaton address resultng n consderable reducton of sgnalng overhead. Moreover ths approach reduces the sgnalng numbers snce all CNs connecton addresses are combned n a URL lst and ntegrated n a sngle INVITE message for transfer. Further ths desgn adopts an authentcaton method based on HMACbased One Tme Password (HOTP) [5] to shorten the authentcaton tme a sgnfcant element of delay durng hand-o thereby mprovng the ongong sgnalng tme to mantan the sesson. Moreover ths approach ntegrates the generaton sgnals of multple nodes nsde the moble network to reduce sgnalng tme. Table 1. Parameters for Hando Sgnallng Cost. Acronym Descrpton ALG AVP CN CoA HA HMAC HOTP IKE -HA -MIP MAA MAR MIDCOM MIKEY MIP MN MR NEMO OTP RTCP RTP SA SDP SIP SIP-NVG SRTP TEK TGK UAA UAR VPN VPN-TIA X-HA X-MIP Applcaton Level Gateway Attrbute Value Par Correspondent Node Care of Address Home Agent Hash-based Message Authentcaton Code HMAC based One Tme Password Internet Key Exchange Internal HA Internal MIP Multmeda-Auth-Answer Multmeda-Auth-Request Mddlebox Communcaton Multmeda Internet Keyng Moble IP Moble Node Moble Router Network Moblty One Tme Passwords RTP Control Protocol Real-tme Transport Protocol Securty Assocaton Sesson Descrpton Protocol Sesson Intaton Protocol SIP NEMO VPN Gateway Secure Real-tme Transport Protocol Trac Encrypton Key TEK Generaton Key User-Authorzaton-Answer User-Authorzaton-Request Vrtual Prvate Network VPN Tunnel Inner Address external HA external MIP Ths paper conssts of the followng sectons: Secton 2 examnes the problems of archtecture for MVPN proposed n the exstng IETF and t looks nto the need for a SIP-based MVPN. Secton 3 descrbes the proposed SIP-based moblty management scheme whch s cost- ISBN:978-0-9891305-6-1 2014 SDIWC 25

eectve and secure. Secton 4 dscusses the analytcal model to evaluate the functonng of the proposed scheme. Secton 5 descrbes the numercal results for the analyss presented n Secton 4. Fnally conclusons are drawn n Secton 6. 2 RELATED WORK IETF has prevously defned the archtecture and protocol for MVPN [6]; t s shown n Fg. 1. Here the nternal HA (-HA) and external HA (x-ha) are present n the ntranet and Internet and the two HAs. A new care-of address (CoA) s frst obtaned from the dynamc host confguraton protocol (DHCP) server or foregn agent (FA) when the MN moves out of the ntranet. Ths CoA s regstered n x-ha. Then MN creates a VPN gateway and IPSec tunnel usng ts external home address (x-hoa). An IPSec tunnel s created by usng nternet key exchange (IKE) [7]. Fg. 1 shows the three tunnels (x-mip IPSec and -MIP). x-fa 802.11b AP Subnet DHCP Internet x-ha VPN Gateway & AAAF DMZ Intranet -HA AAAH Subnet 802.11b AP DHCP/-FA MN transfer delay for host and sesson moblty [1213]. However f SIP s appled to NEMO t may ncrease the hando sgnalng cost when many re-invite messages are transferred among the sessons n progress. HTTP dgest s the basc user authentcaton realzed n SIP. Ths authentcaton uses a secret key and s based on the challenge-response paradgm. Most protocols n Internet applcatons use ths mechansm for clent authentcaton before provdng servces; however SIP authentcaton usng HTTP dgest ncreases the sgnalng exchange n the protocol desgn requrng two handshakes to occur. To smplfy the authentcaton procedure we can nstead adopt HOTP-based authentcaton shortenng processng tme and so reducng sgnalng cost. Therefore n ths paper we consder these methods for supportng the MVPN n NEMO and for shortenng authentcaton tme and sgnalng tme n moble networks sutable for real-tme applcatons. MN Moble Gateway DHCP X-HA AAAF AAAH Ipsec-VPN -HA CN MN gets a new CoA Reg-Req & MN-AAA (x-mip) Reg-Reply (x-mip) AMR HAR HAA AMA AMR HAR HAA AMA Regster to x-ha (CoA mode) 802.11b AP Subnet MN x-mip (x-ha to MN Coa) 1. Regster to x-ha by usng CoA 2. Establsh Ipsec tunnel wth VPN by usng x-hoa 3. Regster to -HoA by usng VPN-TIA IPsec -MIP (VPN GW to x-hoa) (-HA to VPN-TIA) Three Tunnels Orgnal Packet Subnet 802.11b AP HDR SA HDR KE N HDR* KE Id HASH_I Reg-Req(-MIP) HDR SA HDR KE Nr HDR* KE Id HASH_R Establsh Ipsec tunnel Reg-Reply(-MIP) Regster to -HA Fgure 1. MVPN proposed by IETF. HDR* N/D (Informaton Exchange) Termnate Ipsec tunnel Fg. 2 shows the sgnalng message flows of IETF MVPN. Because the moblty of a moble equpment group was not consdered n IETF MVPN t cannot be appled to NEMO snce t would cause long hando latency and end-to-end latency [89]. These tunnels sgnfcantly ncrease the overhead due to packet length and processng tme and ths can degrade the performance n realtme applcatons. Although SIP-based MVPN was proposed only the moblty of a sngle node was consdered [1011]. In ths paper we propose SIP-based NEMO because t s easly dstrbuted and reduces the data Fgure 2. Sgnallng flows of IETF MVPN. 3 COST-EFFECTIVE AND SECURE MOBILITY MANAGEMENT SCHEME 3.1 System Archtecture IETF has defned archtecture and protocols for moble VPN. However The IETF moble VPN cannot be appled to NEMO because t does not consder the moblty of a group of moble devces. Besdes the IETF soluton s based on IPsec and ISBN:978-0-9891305-6-1 2014 SDIWC 26

MIPv4 so t wll ncur long hando latency and end-to-end latency. On the other hand SIP has been proposed to provde host moblty and sesson contnuty. However by adoptng SIP nto NEMO t may ncrease sgnalng cost durng network hando. So I propose archtecture and protocols to support VPN n NEMO whch s called Cost-Eectve and Secure Moblty Management Scheme [40]. The proposed SeSIP comprses SIP secure real-tme transport protocol (SRTP) [14] multmeda nternet keyng (MIKEY) [15] and a Dameter server [16] to provde VPN servces n NEMO. Fg. 3 depcts the archtecture of the proposed SeSIP. Foregn Network 2 MN Foregn Network 1 SIP-NVG AP/BS AP/BS Moble Network MN Frewall Fgure 3. System archtecture. VPN Gateway SIP Proxy 1 ALG Sgnalng trac Data trac Dameter Server Intranet SIP Proxy 2 (SIP regstrar) Fg. 3 shows a moble network n a foregn network (Internet) connectng to the CN n the home network (ntranet). The SIP NEMO VPN gateway (SIP-NVG) shown n the moble network resdng n Foregn Network 1 s the gateway of the moble network to other networks. It follows the SIP standards and manages the trac between the moble network and the outsde world. The VPN gateway conssts of SIP Proxy 1 and an applcaton level gateway (ALG). There s a frewall between the Internet and the ntranet to prevent external users from gettng drect access to the ntranet. SIP Proxy 1 s a SIP proxy server whch authentcates the ncomng SIP messages through the Dameter server. It also routes messages to SIP Proxy 2 whch s essentally a SIP regstrar. Meanwhle MIKEY s used as the key management protocol to provde securty keys for the ALG whch then oversees all data trac. CN In the proposed SeSIP SIP s the man protocol to manage the sesson between MN SIP-NVG SIP Proxy 1 SIP Proxy 2 and CN. Dameter SIP Applcaton [17] s an adaptaton of the Dameter base protocol [16] that s used to authentcate and authorze a user n the Dameter server whle resource allocaton n ALG s acheved usng Mddle box Communcaton (MIDCOM) [18]. In addton MIKEY messages are embedded nsde the messages of the Dameter base protocol and the Sesson Descrpton Protocol (SDP) [19] to carry securty nformaton. For user plane when the moble network resdes n nternet SRTP s used to secure the data transmsson between MN and ALG. SIP s an applcaton-layer sgnalng protocol. It s used to create modfy and termnate sessons n the proposed SeSIP. SIP has defned ts own securty and authentcaton schemes. In our proposed CE-SeMMS we use SIP to authentcate and dentfy the moble users. SIP also supports user moblty and termnal moblty [12] [20]. Termnal moblty s acheved by sendng new INVITE (re-invite) to the CN usng the same call ID as that n the orgnal sesson. The new INVITE contans the new contact address the MN has acqured n the new locaton. After recevng the re-invite the CN wll redrect future trac to the MNs new locaton. SRTP defnes a framework to provde encrypton and ntegrty for Real-tme Transport Protocol (RTP) [21] and RTP Control Protocol (RTCP) [21] streams. MIKEY s a key management protocol developed for multmeda real-tme applcatons runnng over RTP/SRTP. In contrast to IKE whch s wdely used as key management protocol for uncast MIKEY s desgned for peer-to-peer or small nteractve groups. MIKEY can fulfll the requrements of derent envronments. For example a MIKEY message can be embedded nsde an SDP message. A new type k has been defned n SDP to carry MIKEY message. The man purpose of MIKEY s to transport the TEK2 Generaton Key(TGK) and other related securty parameters or polces whch are used n securty transport protocols. The Dameter SIP Applcaton allows a clent of a SIP server to be authentcated and authorzed by a Dameter server. There are sx Dameter ISBN:978-0-9891305-6-1 2014 SDIWC 27

commands n the Dameter SIP applcaton. In the proposed SeSIP we use User-Authorzaton- Request (UAR) / User-Authorzaton-Answer (UAA) and Multmeda-Auth-Request (MAR) / Multmeda-Auth-Answer (MAA) to process SIP REGISTER and INVITE messages. The authentcaton s done by the Dameter server rather than by delegatng to a SIP server. HOTPbased authentcaton s adopted n the proposed SeSIP to reduce authentcaton tme an element of delay tme durng hando. HOTP s an OTP creaton algorthm based on event synchronzaton and the clent and authentcaton server share the secret key K. It uses C the ncreasng counter value and HMAC-SHA-1 hash algorthm to create the password. The ncreased value (C +1) s used to create a new password (6 dgts) durng the followng authentcaton. The OTP mechansm creates the sngle user password based on three parameters: hash algorthm secret key and challenge/counter. HOTP creates the password usng the authentcaton number (counter) - whch s remembered between the authentcaton server and the user - as the nput value of OTP and the authentcaton s performed only when the counter value matches. The counter parameter has the characterstcs of synchronzaton OTP (HOTP [5]) and the clent creates a new password wthout recevng the tem beforehand from the authentcaton server. HOTP performs clent authentcaton through one handshake usng the OTP creaton algorthm based on the event synchronzaton method. As dscussed above the SIP-NVG s the moble networks gateway to other networks. When a moble network roams among derent IP subnets the SIP-NVG not only keeps ongong sessons unbroken but also transmts data n a secure manner. There are two types of nterfaces owned by SIP-NVG: egress nterface and ngress nterface. A SIP-NVG attaches to the Internet through an egress nterface. Once a moble network moves to a new IP subnet the egress nterface of the SIP-NVG wll get a new IP address. On the other hand when an MN wants to jon a moble network t attaches to the ngress nterface of the SIP-NVG. In our desgn each moble network has only one SIP-NVG whch essentally s an MR wth SIP capablty. The proposed SIP-NVG s able to route SIP messages and data trac between ts egress nterface and ngress nterface by translatng the correspondng headers. MN SIP-NVG SIP Proxy 1 REGISTER 200 OK REGISTER REGISTER 200 OK REGISTER sp:hs.vpn.com SIP/2.0 From : <sp:mn_1@hs.vpn.com> To : <sp:mn_1@hs.vpn.com> Call-ID : 22018851@hs.vpn.com Cseq : 1 REGISTER Contact : <sp:mn_1@nemo.vpn.com> Content-Type : applcaton/sdp Content-Length : 0 UAR UAA Dameter Server REGISTER 200 OK MAR MAA REGISTER SIP Proxy 2 (SIP regstrar) REGISTER sp:hs.vpn.com SIP/2.0 From : <sp:mn_1@hs.vpn.com> To : <sp:mn_1@hs.vpn.com> Call-ID : 22018851@hs.vpn.com Cseq : 1 REGISTER Contact : <sp:sp-nvg@nemo.vpn.com> Content-Type : applcaton/sdp Content-Length : 0 Fgure 4. Message flows and translaton of REGISTER when moble network resdes n foregn network. Fg. 4 depcts the flow for regstraton when the moble network s n a foregn network. When an MN enters a moble network the MN gets a new IP address and regsters t wth the SIP-NVG. As shown n Fg. 4 the MN updates ts current locaton wth the SIP regstrar resdng n the home network by sendng the REGISTER wth the newly obtaned contact address. In ths example we assume the moble network resdes n a foregn network and the new address assgned for the MN s mn-1@nemo.vpn.com. In our proposed archtecture SIP Proxy 2 not only handles the sgnalng messages but also acts as the SIP regstrar. As llustrated n Fg. 4 the SIP-NVG translates the contact feld n the REGISTER from the MNs address nto the SIP-NVGs URI address whch s sp-nvg@hs.vpn.com. Also the SIP- NVG establshes a mappng table to record the regstraton nformaton for the MN. Hence each request targeted to the MN s redrected to the SIP-NVG. The proposed archtecture depcted n Fg. 3 adopts an ALG whch follows MIDCOM archtecture. We propose that the ALG only accepts commands from SIP Proxy 2 and provdes ISBN:978-0-9891305-6-1 2014 SDIWC 28

responses for the correspondng commands. When the ALG receves a specal ncomng RTP stream from the home network to an MN n the Internet t replaces the whole IP/UDP/RTP header wth a new one transforms the new RTP packet nto SRTP format and delvers the SRTP stream to the destnaton. In the reverse drecton the ALG receves the SRTP stream from the Internet and the ALG decrypts t and verfes t to decde whether the SRTP packet s vald. If the SRTP packet s decrypted and verfed successfully the RTP payload s carred by a new RTP header. The new RTP packet s then transmtted to the home network. Each sesson n the ALG requres sucent external and nternal resources. For example the external resource may nclude an external lstenng address external lstenng port external destnaton address and external destnaton port. Destnaton addresses and ports are provded by SIP Proxy 2. Only when all resources are ready does the sesson n the ALG start. When ether the external or nternal resource s reserved successfully the ALG wll reply wth the reserved lstenng address and port to SIP Proxy 2. 4 PERFORMANCE ANALYSYS In order to support secure communcaton n VPN the proposed SeSIP sends sgnalng messages carryng securty nformaton. It also sends sgnalng messages to mantan sesson contnuty durng hando. To evaluate the performance of the proposed SeSIP t s mportant to quantfy sgnalng cost. Smlar to that n [26] [27] [28] [29] the sgnalng cost functon comprses transmsson cost and processng cost. The transmsson cost s proportonal to the dstance between the two network nodes. The processng cost ncludes the cost to process messages verfy messages and so on. In our proposed SeSIP the nter-realm roamng of a moble network ncludes three types of hando: 1) From the ntranet (home network) to a foregn network 2) From a foregn network to another foregn network and 3) From a foregn network back to the ntranet. They are represented as respectvely. N subnets H hf H and H fh 3.2 Securty Vulnerabltes SIP authentcaton: Ths secton presents the qualtatve analyss of securty vulnerabltes n the proposed SeSIP. Integrty and confdentalty of SIP authentcaton messages are not protected. Therefore malcous users may sn trac to get the plantext or place a spam call. However n the proposed SeSIP the transport of SIP messages can be easly extended to ncorporate Transport Layer Securty (TLS) [22] so the transmsson of SIP messages can be protected. SIP parser attack: The free text format of SIP message could make parsng dcult. Attackers sendng a very large messages wth unnecessary headers and bodes can exhaust the resource of SIP server. The SeSIP may suer from such attack too. To solve ths problem the parser n the SeSIP can be desgned to check message sze and dscard the one whch exceeds the sze lmt. Also a practcal mplementaton provded by [23] [24] [25] can be adopted. Moble network Moble network Moble network H fh H H hf Home Network Foregn Network A new sesson arrves or an exstng sesson departs Fgure 5. Network topology for analyss. We assume that the network topology s confgured as shown n Fg. 5 such that the moble network returns to the ntranet after t moves across N 1 foregn networks. Hence when N s larger the moble network travels far away from ts home network before t returns [40]. For example the hando sequence can be shown as H H H H H. Table 2 lsts the parameters... hf fh used n the analyss. For a moble network let fm() t be a general densty functon for the network resdence tme t M n a subnet. k ISBN:978-0-9891305-6-1 2014 SDIWC 29

Let Et 1 wrtten: M. Its Laplace transform s For smplcty we denote g * fm( ) n the rest of the paper. Let k jn q and 0 q N. Then * st fm( s) e fm( t) dt. t0 Table 2. Parameter Defntons for Each Subsystem. Parameter Defnton Number of networks a moble network vsts before t N goes back to the ntranet. Sesson arrval rate for a moble network 1 Average sesson servce tme 1 Average network resdence tme c Maxmum number of ongong sessons n a moble network Probablty densty functon of We assume that the arrval of SIP sessons to the moble network follows a Posson process wth arrval rate. The servce tme of a sesson s exponentally dstrbuted wth mean 1. Smlar to that n [30] we defne ak ( ) as the probablty that a moble network wll move across k subnets between two events whle there are ongong sessons n the moble network. An event here s a new sesson arrval or an ongong sesson departure from the moble network. We denote E t S as the nterval between two consecutve events. Durng E t S there are ongong sessons n the moble network. Based on the property of sums of two ndependent Posson process E t S can be consdered as the nter arrval tme of a new Posson process. Therefore 1 0 1 c E ts 1 c (1) where c s the maxmum number of ongong sessons allowed n a moble network. Accordng to the above assumpton we have: * (1 fm( )) 1 k 0 a ( k) * 2 * k 1 1 fm ( ) fm ( ) k 0. (2) 2 (1 g ) N j q j q a ( jn q) ( g ) g yz x (3) g For demonstraton purpose we assume that the network resdence tme follows a Gamma dstrbuton. The Laplace transform of a Gamma random varable s expressed: f * m ( s). s Hence we obtan: g * fm ( ). (4) (5) In the proposed SeSIP when a moble network moves across networks t must perform regstraton wth the SIP Regstrar to update ts locaton. It also must send re-invite messages to the CNs f there are ongong sessons wth the MNs n the moble network. Hence the cost comprses two parts: the regstraton cost for SIPNVG and the re-invite cost for mantanng sesson contnuty. The regstraton cost s ndependent of the number of ongong sessons n the moble network because the SIP-NVG can regster wth the SIP Regstrar on behalf of the whole moble network. On the other hand the re- INVITE cost depends on the number of ongong sessons n the moble network. The cost ncreases when the number of ongong sessons ncreases. However because we desgn a URI lst embedded n one re-invite message the cost to really send a re-invite message to each ndvdual CN s nearly constant regardless of the number of ongong sessons n the moble network. Moreover clent authentcaton s performed through one handshake by usng HOTP-based authentcaton [5] when the REGISTER or INVITE s requested. Ths reduces the request/response number when the sgnalng message s processed thereby reducng the ISBN:978-0-9891305-6-1 2014 SDIWC 30

processng cost of the sgnalng. Table 3 lsts the parameters for hando sgnalng cost. Therefore we can denote the sgnalng cost for hando: S R L I hf f hf hf S R L I f S R L I fh h fh fh. (6) Durng E t S we assume that the moble network crosses k subnets as shown n Fg. 5. We defne as the number of subnets the moble network moved across from the tme t vsted the ntranet untl the tme the last event occurred. When 0 < < N the total sgnalng cost n the moble network durng E t S can be derved as: Table 3. Parameters for Hando Sgnallng Cost. Param Defnton eter S hf S S fh R h R f L hf L L fh I hf I I fh Average hando cost when a moble network moves from the home network to a foregn network wth ongong sessons. Average hando cost when a moble network moves from a foregn network to another foregn network wth ongong sessons. Average hando cost when a moble network moves from a foregn network to the home network wth ongong sessons. Average regstraton cost of a moble network (sent by SIP- NVG) when the moble network enters ts home network. Average regstraton cost of a moble network (sent by SIP- NVG) when the moble network enters a foregn network. Average cost for the frst part of re-invite when a moble network moves from ts home network to a foregn network. Average cost for the frst part of re-invite when a moble network moves from a foregn network to another foregn network. Average cost for the frst part of re-invite when a moble network moves from a foregn network to ts home network. Average cost for the second part of re-invite of a sesson when a moble network moves from ts home network to a foregn network. Average cost for the second part of re-invite of a sesson when a moble network moves from a foregn network to another foregn network. Average cost for the second part of re-invite of a sesson when a moble network moves from a foregn network to ts home network. C( N ) k 1 k Shf Sfh k 0 N N k 1 k S k a ( k) N N S ( S g S g S S )(1 g ) g. (7) g g N 1 hf fh N (1 ) If s exponentally dstrbuted the p.d.f of s: ( N 1)/2 1 1 2e e N 1 e 0 1 1 e 2 (8) ( N 1)/2 1 ( N ) 1 2e e N 1 e N 1. 1 1 e 2 Therefore C _ exponental ( N ) N 1 C ( N ) S 0 (1 g ) (1 g ) N 12e e (1 e )( S g S g S S ) g 1 N 1 (1 e )( Shf S ( S fh S ) g ) ( N 1) 2 1 1 N 1 hf fh ( N 1) 2 1 12e e e e (9) g g N1 2 N 1 N 1 N 1 2 As dscussed above the arrval of sessons to a moble network follows a Posson process and the sesson servce tme s exponentally dstrbuted. In addton there s a lmt c for the maxmum number of ongong sessons allowed n the moble network. Therefore we can model the number of ongong sessons n a moble network as an M/M/ c/c queung system. The steady state probablty that there are ongong sessons n the moble network s then gven by [31]: 1 c x P x (10)! x0 x! As a result the average hando-sgnalng cost per unt tme can be derved as: c C _ exponental P. (11) 0 ISBN:978-0-9891305-6-1 2014 SDIWC 31

The varables and P can be obtaned from (1) and (10). Further we consder the eect of the varance of the moblty pattern. We assume the average resdence tme s gamma dstrbuted [32] [33]. Therefore the varance s: 1 Var (12) 2 Table 4. Parameters for SeSIP Sgnallng Cost. Parameter Defnton a The processng cost for SIP regstraton at Node x x b x A xy B xy U M The processng cost for SIP INVITE message at Node x The transmsson cost of SIP regstraton between Node x and Node y The transmsson cost of a SIP INVITE message between Node x and Node y The total cost for SIP Proxy 1 to process and transmt UAR/UAA messages to the Dameter server The total cost for SIP Proxy 2 to process and transmt MAR/MAA messages to the Dameter server To evaluate the performance of the proposed SeSIP Table 4 lsts the parameters used n SeSIP Sgnalng Cost. where x and y can be mn; nvg; pro; reg; alg; or cn whch denote MN SIP-NVG SIP Proxy 1 SIP Proxy 2 (SIP Regstrar) ALG and CN respectvely. The costs can be calculated: R a a 2 A M h nvg reg nvg reg R a 2a a 2A 2 A U M f nvg pro reg nvg pro pro reg L 2b 3b 4b 2b 3B 3B hf nvg pro reg al g nvg pro pro reg 4 B B M reg alg reg cn L 2b 3b 2b b 3B 3B nvg pro reg alg nvg pro pro reg 2Bre M L 2b 3b b 3B 2B B fh nvg reg alg nvg reg reg alg reg cn M g alg I b b b b 2B 2 B hf mn nvg reg cn mn nvg reg cn I b b 2 B mn nvg mn nvg I b b 2B b b 2 B ; fh mn nvg mn nvg reg cn reg cn To compare the sgnalng cost to that of IETF MVPN we assume the Dameter MIPv4 applcaton [34] s used to authentcate the x-mip. Also we assume MN s n collocated mode. Analyss of an FA mode s not presented here because t has almost the same results. The subscrpts mn;mg; vpn; xha; and ha refer to MN Moble Gateway IPsec-based VPN gateway x- HA and -HA respectvely. Also the followng parameters are defned: Based on the sgnalng message flow shown n Fg. 2 the above cost can be calculated: M 2d 2d 2W 2W 2 H x mg xha mn mg mg xha M 2d 2d 2d d 2W o mg xha vpn ha mn mg 2W 2W 2W 2 H mg xha xha vpn vpn ha M d 2W 2 W ha mn mg mg ha T 2e 6e 6e 3e 6Z est mn mg xha vpn mn mg 6Zmg xha 6Zx ha vpn T Z Z e ter mn mg mg vpn vpn The hando cost of IETF MVPN when a moble network moves between networks s derved as D M M T D hf x o est M D M T x fh ter.. (13) In the archtecture we propose SIP-NVG manages the overall network moblty regsterng the whole moble network n the SIP Regstrar when t moves to a new subnet. If there s no SIP- NVG all MNs n the same moble network must update ther locatons separately. Ths ncreases sgnalng cost. We can re-defne the costs (6) when there s no SIP-NVG as follows. S mr L I hf f hf hf S mr L I f fh S mr L I fh h hh fh. (14) where m s the number of MNs connected to the moble network. In addton the HOTP authentcaton method [5] used n the proposed archtecture s an event synchronzaton method that performs clent authentcaton through a sngle handshake. In contrast the HTTP dgest authentcaton method adopted by many other securty protocols s based on the challenge- ISBN:978-0-9891305-6-1 2014 SDIWC 32

Sgnalng Cost(per unt Tme) response paradgm and requres two handshakes between the clent of the SIP server and the Dameter server. Ths s because the SIP Regstrar uses UAR/UAA and MAR/MAA commands for the Dameter server for user authentcaton and authorzaton when the clent of the SIP server transmts SIP REGISTER and INVITE messages. Therefore the cost ncurred n the use of HTTP dgest authentcaton can be calculated as follows. R 2a 2a 4A 2 M h nvg reg nvg reg R 2a 4a 2a 4A 4A f nvg pro reg reg pro pro reg 2U 2 M L 3b 5b 5b 2b 5B 5B hf nvg pro reg alg reg pro pro reg 4B B 2 M reg alg reg cn L 3b 5b 3b b 5B 5B nvg pro reg alg reg pro pro reg 2B 2 M reg alg L 3b 4b b 5B 2B B fh nvg reg alg nvg reg reg alg reg cn 2 M I b b b b 2B 2 B hf mn nvg reg cn mn nvg reg cn I b b 2 B mn nvg mn nvg I b b b b 2B 2 B. fh mn nvg reg cn mn nvg reg cn major objectves n the proposed SeSIP s to reduce the sgnalng cost for hando whle supportng the VPN. Table 5. Parameters for Performance Analyss. Parameter Defnton M The x-mip regstraton cost. x The -MIP regstraton cost when MN s located M o outsde the ntranet. The -MIP regstraton cost when MN s located nsde M the ntranet. T est The establshment cost of IPsec tunnel. T The termnaton cost of IPsec tunnel. ter d The processng cost for MIP regstraton at Node x. x e x The processng cost for IPsec message at Node x. The transmsson cost of MIP regstraton between W xy Node x and Node y. The transmsson cost of IPsec message between Node Z xy x and Node y. The total cost for x-ha to process and transmt H HAR/HAA and AMR/AMA messages to AAAF and AAAH. 4000 3500 3000 2500 2000 IETF-MVPN Wth SIP-NVG(use HTTP) Wthout SIP-NVG(use HTTP) 5 NUMERICAL RESULTS Ths secton provdes the numercal results for the analyss presented n Secton 4. The analyss was valdated by extensve smulatons usng ns-2 [35]. As dscussed n Secton 4 the sgnalng cost functon conssts of the transmsson cost and the processng cost. We assume that the transmsson cost s proportonal to the dstance between the source and destnaton nodes and the processng cost ncludes the processng and verfyng SIP messages [36] [37] [38] [39]. Also the transmsson cost of a wreless lnk s hgher than that of a wre lne. To llustrate performance reasonable values were chosen for the parameters as lsted n Table 5. Addtonally to compare our desgns sgnalng cost wth that of IETF MVPN we assumed the x-ha was optmally collocated wth the VPN gateway and AAAF and the -HA was collocated wth the SIP Proxy 2/Regstrar. Also the AAAH n IETF MVPN as collocated wth the Dameter server n the SeSIP. One of the 1500 1000 500 0 1 10 Average Resdence Tme Fgure 6. Comparson of varous sgnallng costs versus resdence tme(1). Fg. 6 presents a comparson among the sgnalng costs wth IETF MVPN wth and wthout SIP-NVG usng HTTP. Also Fg. 7 presents a comparson among the sgnalng costs wth SIP-NVG usng HTTP and usng HOTP. As defned above m s the number of MNs attached to the moble network. In addton we assume N 7 m 5 c 10 and 5. In the SIPbased protocol SIP re-invites and SIPs regstraton must be performed durng each hando. Therefore the sgnalng cost for a SIPbased protocol mght be hgher than for MIP. However Fg. 6 shows that a method wth SIP- NVG has lower sgnalng costs for hando than n ISBN:978-0-9891305-6-1 2014 SDIWC 33

Sgnalng Cost(per unt tme) Sgnalng Cost(per unt Tme) Sgnalng Cost(per unt tme) IETF MVPN. Ths s because IETF MVPN requres tme to establsh the three tunnels. Compared to the moble network wthout SIP- NVG the method wth SIP-NVG reduces hando sgnalng cost sgnfcantly snce SIP-NVG performs regstraton n the SIP Regstrar on behalf of the entre moble network when t moves to a new subnet whereas wthout SIP-NVG all MNs must update ther locatons ndvdually. technque reaches the maxmum number allowed n the moble network. Comparng c 10 and c 15 n the SIP-based technques more sessons exst n the moble network when c 10. Hence greater sgnalng cost occurs for a re-invite. Because movng from home network to foregn network causes hgher sgnalng cost than other types of handos revstng the home network frequently results n hgher sgnalng cost. 4000 3500 3000 Wth SIP-NVG and use HTTP SeSIP(Wth SIP-NVG and HOTP) 450 400 350 C=10 Wthout SIP-NVG (use HOTP) C=10 Wth SIP-NVG (use HTTP) C=10 Wth SIP-NVG (use HOTP) 2500 2000 1500 1000 500 0 1 10 Average Resdence Tme Fgure 7. Comparson of varous sgnallng costs versus resdence tme(2). 300 250 200 150 100 1 10 Average Resdence Tme(1/gamma) Fgure 8. Comparson of sgnallng cost wth and wthout SIP-NVG and usng HTTP or HOTP Method (C=10). And Fg. 7 shows that SeSIP(wth SIP-NVG usng HOTP) has lower sgnalng costs for hando than n SIP-NVG usng HTTP. Further our results show that the HOTP authentcaton method reduces sgnalng cost compared to the HTTP dgest authentcaton method by reducng the requred handshakes from two to one. Hando sgnalng cost decreases when the average network duraton tme ncreases.e. when the moble network has relatvely low moblty. Fg. 8 9 demonstrates the average sgnalng cost for hando versus the number of sessons n the moble network. The parameters are set as n Fg. 6 7 except that 0.1. Smlar to Fg. 6 7 the proposed SeSIP has less sgnalng cost for hando than wthout SIP-NVG usng HOTP or wth SIP- NVG usng the HTTP dgest method. We also that when ncreases the average cost for SIPbased solutons ncreases too. The reason s that wth more ongong sessons more re-invites are needed to mantan sesson contnuty. Besdes when s larger than 20 the costs of all technques presented n Fg. 8 9 reman almost constant. Ths s because when approaches 20 the number of ongong sessons wth each 500 450 400 350 300 250 200 150 100 C=15 Wthout SIP-NVG (use HOTP) C=15 Wth SIP-NVG (use HTTP) C=15 Wth SIP-NVG (use HOTP) 1 10 Average Resdence Tme(1/gamma) Fgure 9. Comparson of sgnallng cost wth and wthout SIP-NVG and usng HTTP or HOTP Method (C=15). 6 CONCLUSIONS Although the IETF standard has proposed a moble VPN archtecture t s desgned for the movement of a sgnal node only. In addton IETF MVPN has large overhead for transmttng realtme packets because t requres one IPsec tunnel and two MIP tunnels. On the other hand there has been no ecent way to support moble VPN n NEMO even though NEMO supports network moblty. Ths paper presents a novel method for ISBN:978-0-9891305-6-1 2014 SDIWC 34

supportng MVPN n NEMO that ensures that the sesson s mantaned contnuously when the whole network moves and t proposes usng the HOTP-based authentcaton method to shorten the processng tme of the sgnalng that contnuously occurs to mantan the sesson. In addton securty s enhanced n our desgn through the ntegraton of NEMO and VPN. We analyzed the desgn and performance of our proposed desgn and results ndcate that the proposed SeSIP based on SIP s well suted to real-tme servce. Although SIP-based moblty management can easly support routng optmzaton there may be an upswng n the hando sgnalng costs because many sgnalng messages are transmtted to mantan the sesson n progress wth SIP n NEMO. In the proposed SeSIP a URI lst s used to sgnfy the SIP proxy server nstead of transmttng sgnalng messages ndvdually to each node. Therefore the sgnalng cost s reduced. User authentcaton usng the exstng HTTP dgest authentcaton method requres many handshakes ncreasng the sgnalng cost. In contrast the proposed SeSIP usng HOTP-based authentcaton consderably reduces the number of handshakes needed wth the authentcaton server thus reducng the sgnalng cost. The SIP proxy server and the Dameter server are responsble for authentcaton and authorzaton. Also the ALG receves a command from the SIP proxy server to process the securty nformaton for the data transmsson dependng on MIDCOM archtecture. ALG s responsble for convertng and relayng the protected and unprotected data. Thus unauthorzed data cannot pass the ALG n the Internet. Ths paper examned a method for ecent management of group moblty and cost savngs for real-tme servces through the ntegraton of moble VPN and NEMO. NEMO currently n the early stage of research s expected to be further realzed through the convergence of varous technologes polces and methods such as the path optmzaton method for ecent servces mult-homng technology and methods for servces n the nclusve moblty network. These need to be researched n the perod ahead. For commercal servce research should also be conducted to develop technology to enable fast detecton of movement. 7 ACKNOWLEDGMENTS Ths research was supported by Next-Generaton Informaton Computng Development Program through the Natonal Research Foundaton of Korea (NRF) funded by the Mnstry of Scence ICT & Future Plannng (No.2010-0020737) and Basc Scence Research Program through the Natonal Research Foundaton of Korea (NRF- 2010-0024695). Also ths research was supported by the Mnstry of Trade Industry and Energy(MOTIE) KOREA through the Educaton Support program for Creatve and Industral Convergence (Grant Number N0000717). Correspondng author: Jongpl Jeong. 8 REFERENCES [1] V. Schena and G. Losquadro FIFTH Project Solutons Demonstratng New Satellte Broadband Communcaton System for Hgh Speed Tran Proc. IEEE Vehcular Technology Conf. pp. 2831-2835 May 2004. [2] WrelessCabn Project http://www.wrelesscabn.com 2011. [3] V. Devarapall R. Wakkawa A. Petrescu and P. Thubert Network Moblty (NEMO) Basc Support Protocol IETF RFC 3963 Jan. 2005. [4] S. Kent and R. Atknson Securty Archtecture for the Internet Protocol IETF RFC 2401 Nov. 1998. [5] D. MRah M. Bellare F. Hoornaert D. Naccache and O. RanenHOTP: An HMAC-Based One-Tme Password AlgorthmRFC 4226 December 2005. [6] S. Vaarala and E. Klovnng Moble IPv4 Traversal Across IPsec-Based VPN Gateways IETF RFC 5265 June 2008. 7. [7] D. Harkns and D. Carrel The Internet Key Exchange (IKE)IETF RFC 2409 Nov. 1998. [8] J.-C. Chen Y.-W. Lu and L.-W. Ln Moble Vrtual Prvate Networks wth Dynamc MIP Home Agent Assgnment Wreless Comm. and Moble Computng vol. 6 no. 5 pp. 601-616 Aug. 2006. [9] J.-C. Chen J.-C. Lang S.-T. Wang S.-Y. Pan Y.-S. Chen and Y.-Y. Chen Fast Hando n Moble Vrtual Prvate Networks Proc. IEEE Intl Symp. World of Wreless Moble and Multmeda Networks (WoWMoM 06) pp. 548-552 June 2006. [10] S.-C. Huang Z.-H. Lu and J.-C. Chen SIP-Based Moble VPN for Real-Tme Applcatons Proc. IEEE Wreless Comm. And Networkng Conf. (WCNC 05) pp. 2318-2323 Mar. 2005. [11] Z.-H. Lu J.-C. Chen and T.-C. Chen Desgn and Analyss of SIP-Based Moble VPN for Real-Tme Applcatons IEEE Trans. Wreless Comm. vol. 8 no. 11 pp. 5650-5661 Nov. 2009. [12] A. Dutta F. Vakl J.-C. Chen M. Taul S. Baba N. Nakajma and H. Schulzrnne Applcaton Layer Moblty Management Scheme for Wreless Internet ISBN:978-0-9891305-6-1 2014 SDIWC 35

Proc. IEEE Intl Conf. Thrd Generaton Wreless and beyond (3G Wreless) pp. 379-385 May 2001. [13] D. Val S. Paskals A. Kaloxylos and L. Merakos An Ecent Mcro-Moblty Soluton for SIP Networks Proc. IEEE GLOBECOM pp. 3088-3092 Dec. 2003. [14] M. Baugher D. McGrew M. Naslund E. Carrara and K. Norrman The Secure Real-Tme Transport Protocol (SRTP)IETF RFC 3711 Mar. 2004. [15] J. Arkko E. Carrara F. Lndholm M. Naslund and K. Norrman MIKEY: Multmeda Internet KEYng IETF RFC 3830 Aug. 2004. [16] P. Calhoun J. Loughney E. Guttman G. Zorn and J. ArkkoDameter Base Protocol IETF RFC 3588 Sept. 2003. [17] M. Garca-Martn M. Belnchon M. Pallares-Lopez C. Canales and K. Tamm Dameter Sesson Intaton Protocol (SIP) Applcaton IETF RFC 4740 Nov. 2006. [18] P. Srsuresh J. Kuthan J. Rosenberg A. Moltor and A. Rayhan Mddlebox Communcaton Archtecture and Framework IETF RFC 3303 Aug. 2002. [19] M. Handley and V. Jacobson SDP: Sesson Descrpton Protocol IETF RFC 2327 Apr. 1998. [20] J.-C. Chen and T. Zhang IP-Based Next-Generaton Wreless Networks. John Wley and Sons Jan. 2004. [21] H. Schulzrnne S. Casner R. Frederck and V. Jacobson RTP: A Transport Protocol for Real-Tme Applcatons IETF RFC 3550 July 2003. [22] E. Rescorla SSL and TLS: Desgnng and Buldng Secure Systems. Addson Wesley 2001. [23] D. Geneataks G. Kambouraks C. Lambrnoudaks T. Daguklas and S. Grtzals A Framework for Protectng a SIP-Based Infrastructure aganst Malformed Message Attacks Computer Networks vol. 51 no. 10 pp. 2580-2593 July 2007. [24] D. Geneataks and C. Lambrnoudaks An Ontology Descrpton for SIP Securty Flaws Computer Comm. vol. 30 no. 6 pp. 1367-1374 Mar. 2007. [25] D. Geneataks G. Kambouraks and T. Daguklas A Framework for Detectng Malformed Messages n SIP Networks Proc. 14th IEEE Workshop Local and Metropoltan Area Networks Sept. 2005. [26] J. Xe and I.F. Akyldz A Novel Dstrbuted Dynamc Locaton Management Scheme for Mnmzng Sgnalng Costs n Moble IP IEEE Trans. Moble Computng vol. 1 no. 3 pp. 163-175 July-Sep. 2002. [27] W. Ma and Y. Fang Dynamc Herarchcal Moblty Management Strategy for Moble IP Networks IEEE J. Selected Areas Comm. vol. 22 no. 4 pp. 664-676 May 2004. [28] R. Rummler Y.W. Chung and A.H. Aghvam Modelng and Analyss of an Ecent Multcast Mechansm for UMTS IEEE Trans. Vehcular Technology vol. 54 no. 1 pp. 350-365 Jan. 2005. [29] S. Fu M. Atquzzaman L. Ma and Y.-J. Lee Sgnalng Cost and Performance of SIGMA: A Seamless Handover Scheme for Data Networks Wreless Communcatons and Moble Computng vol. 5 no. 7 pp. 825-845 Nov. 2005. [30] Y.-B. Ln Reducng Locaton Update Cost IEEE/ACM Trans. Networks vol. 5 no. 1 pp. 25-33 Feb. 1997. [31] D. Gross and C.M. Harrs Fundmentals of Queueng Theory. John Wley and Sons 1998. [32] M.M. Zonooz and P. Dassanayake User Moblty Modelng and Characterzaton of Moblty Patterns IEEE J. Selected Areas Comm. vol. 15 no. 7 pp. 1239-1252 Sept. 1997. [33] Y. Fang and I. Chlamtac Teletrac Analyss and Moblty Modelng of PCS Networks IEEE Trans. Comm. vol. 47 no. 7 pp. 1062-1072 July 1999. [34] P. Calhoun T. Johansson C. Perkns T. Hller and P. McCann Dameter Moble IPv4 Applcaton RFC 4004 Aug. 2005. [35] The Network Smulator- ns-2 http://www.s.edu/nsnam/ns 2011. [36] J. Xe and I.F. Akyldz A Novel Dstrbuted Dynamc Locaton Management Scheme for Mnmzng Sgnalng Costs n Moble IP IEEE Trans. Moble Computng vol. 1 no. 3 pp. 163-175 July-Sep. 2002. [37] W. Ma and Y. Fang Dynamc Herarchcal Moblty Management Strategy for Moble IP Networks IEEE J. Selected Areas Comm. vol. 22 no. 4 pp. 664-676 May 2004. [38] R. Rummler Y.W. Chung and A.H. Aghvam Modelng and Analyss of an Ecent Multcast Mechansm for UMTS IEEE Trans. Vehcular Technology vol. 54 no. 1 pp. 350-365 Jan. 2005. [39] S. Fu M. Atquzzaman L. Ma and Y.-J. Lee Sgnalng Cost and Performance of SIGMA: A Seamless Handover Scheme for Data Networks Wreless Communcatons and Moble Computng vol. 5 no. 7 pp. 825-845 Nov. 2005. [40] T.C. Chen J.C. Chen Z.H. Lu Secure Network Moblty (SeNEMO) for Real-Tme Applcatons IEEE Trans. Moble Computng vol. 10 no. 8 Aug 2011. ISBN:978-0-9891305-6-1 2014 SDIWC 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information