The document discusses security in VoIP systems. It proposes a methodology to assess the strengths and weaknesses of a specific VoIP implementation's security features. A test bed was created to analyze security threats, quality of service parameters, and quality of experience metrics under different conditions. Experiments were conducted and results showed relationships between various factors like delay, jitter and mean opinion scores. Next steps include adding a SIP application security device and attack simulator to repeat experiments and evaluate security configurations that maintain acceptable quality of experience.
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesMarco Balduzzi
Radio-enabled technologies are being increasingly adopted to enable large-scale connectivity of internet-of-things devices. Many industrial and critical installations, including manufacturing, logistics, transportation and several other businesses impacting on both society and human living, rely on radio-communication to fulfill the needs of increased efficiency, performance and cost reduction. However, recent research has shown that vendors not always take appropriate precautions in designing or implementing these technologies, leaving to miscreants the possibility of abusing vulnerable or badly designed systems. By relying on concrete examples of research that we conducted on several radio-enabled technologies and devices, we discuss how research could help anticipating potential risks and threats, and foster an improved security and protection.
Capable of analyzing Vo LTE or IMS SIP logs and trouble shooting and debugging Volte or IMS SIP issues. Capable of code tracing and modifying for Vo LTE or IMS SIP issues. Volte or IMS related features design enhancement and implementation. Able to read and understand the Wireshark Traces
Working experience in IMS/VOLTE nodes Nokia nodes (CFX5000-(P-CSCF, I-CSCF, S-CSCF,E-CSCF,I-BCF,BGCF)BGW ) TAS, HSS) &MRF, QNPDP, MGCF ,SMSC,CRBT ,MCA STP, having knowledge on end to end call flow including IMS Registration. Knowledge of IMS to IMS call flow, SIP call flows
Good working experience on Wireshark. To check traces
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramFRSecure
Domain 4: Communication and Network Security -Review
•Network Architecture and Design
•Fundamentals
•OSI Model
•TCP/IP Model
•Encapsulation(speaking of which)
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesMarco Balduzzi
Radio-enabled technologies are being increasingly adopted to enable large-scale connectivity of internet-of-things devices. Many industrial and critical installations, including manufacturing, logistics, transportation and several other businesses impacting on both society and human living, rely on radio-communication to fulfill the needs of increased efficiency, performance and cost reduction. However, recent research has shown that vendors not always take appropriate precautions in designing or implementing these technologies, leaving to miscreants the possibility of abusing vulnerable or badly designed systems. By relying on concrete examples of research that we conducted on several radio-enabled technologies and devices, we discuss how research could help anticipating potential risks and threats, and foster an improved security and protection.
Capable of analyzing Vo LTE or IMS SIP logs and trouble shooting and debugging Volte or IMS SIP issues. Capable of code tracing and modifying for Vo LTE or IMS SIP issues. Volte or IMS related features design enhancement and implementation. Able to read and understand the Wireshark Traces
Working experience in IMS/VOLTE nodes Nokia nodes (CFX5000-(P-CSCF, I-CSCF, S-CSCF,E-CSCF,I-BCF,BGCF)BGW ) TAS, HSS) &MRF, QNPDP, MGCF ,SMSC,CRBT ,MCA STP, having knowledge on end to end call flow including IMS Registration. Knowledge of IMS to IMS call flow, SIP call flows
Good working experience on Wireshark. To check traces
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramFRSecure
Domain 4: Communication and Network Security -Review
•Network Architecture and Design
•Fundamentals
•OSI Model
•TCP/IP Model
•Encapsulation(speaking of which)
Domain 3: Security Engineering - Review (Part 2)
Virtualization and Distributed Computing, System Vulnerabilities, Threats and Countermeasures, Cornerstone Cryptographic Concepts, History of Cryptography, Types of Cryptography and Cryptographic Attacks
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
Learn how it is possible to prove low-level software component and TEE security, as well as the Goodix driver example demoed in the webinar.
Check out the webinar replay here: https://www.youtube.com/watch?v=nG3DlejBd3k
Visit our website trust-in-soft.com for more information!
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
FRSecure has a goal of changing a broken industry. There are many ways to accomplish this endeavor such as setting high assessment standards, using proprietary reporting methods that are easy to understand to hiring expert talent just to name a few. However, one unique approach FRSecure uses to bring about change is our CISSP Mentor Program. By design the program is provided at no cost to anyone with an interest in the information security industry.
Silicon Labs' Vice President of Software, Skip Ashton, evaluated CPU loading at ARM TechCon.
Abstract: The growth of devices connected to each other and the internet and the growth of wireless and security protocols means these embedded ARM processors are doing more and more processing. While developers and designers have focused on energy efficiency, evaluation of processor loading can also reveal design improvements and power savings.
Learn more about Silicon Labs products: http://bit.ly/1QKDOF4
Django Meetup Bogotá. Class Based Views con ejemplos. Class Based Views with examples.
Código fuente: https://bitbucket.org/vero4ka/cbvexamples
Class Based Views with examles.
Domain 3: Security Engineering - Review (Part 2)
Virtualization and Distributed Computing, System Vulnerabilities, Threats and Countermeasures, Cornerstone Cryptographic Concepts, History of Cryptography, Types of Cryptography and Cryptographic Attacks
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
Learn how it is possible to prove low-level software component and TEE security, as well as the Goodix driver example demoed in the webinar.
Check out the webinar replay here: https://www.youtube.com/watch?v=nG3DlejBd3k
Visit our website trust-in-soft.com for more information!
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
FRSecure has a goal of changing a broken industry. There are many ways to accomplish this endeavor such as setting high assessment standards, using proprietary reporting methods that are easy to understand to hiring expert talent just to name a few. However, one unique approach FRSecure uses to bring about change is our CISSP Mentor Program. By design the program is provided at no cost to anyone with an interest in the information security industry.
Silicon Labs' Vice President of Software, Skip Ashton, evaluated CPU loading at ARM TechCon.
Abstract: The growth of devices connected to each other and the internet and the growth of wireless and security protocols means these embedded ARM processors are doing more and more processing. While developers and designers have focused on energy efficiency, evaluation of processor loading can also reveal design improvements and power savings.
Learn more about Silicon Labs products: http://bit.ly/1QKDOF4
Django Meetup Bogotá. Class Based Views con ejemplos. Class Based Views with examples.
Código fuente: https://bitbucket.org/vero4ka/cbvexamples
Class Based Views with examles.
The agar wood industry yet to utilize in bangladeshMd. Joynal Abdin
Agar wood is one of the most expensive non-timber wood products of the world. It has a series of names
around the Asia and Pacific region. Bangladesh is producing three major products namely Agar-wood, Agar-oil
and Agar dust/powder in Agar wood sector. It has multidimensional uses in perfume, cosmetics and medicine
sector. Agar wood has traditional, religious moreover cultural uses in different parts of the world. Major Agar wood
producing countries are India, Malaysia, Indonesia, Vietnam, Cambodia, Laos, Brunei, Singapore and Bangladesh.
Major market/consumers of Agar wood are the Middle East (UAE, KSA and other Arabian countries) and North East
Asian countries (Taiwan, Japan and Korean Republic). It has a long history in Moulvi Bazar and nearby districts of
Bangladesh too. A very few constraints are creating hurdles toward flourishing this sector in Bangladesh. In this
study we would be very much concentrated to identify development barriers of Agar wood sector in Bangladesh and
generate few recommendations in this regard. Proper regulatory support from the government could play a very vital
role to make it one of the major foreign currency earning sectors for Bangladesh.
An Analysis of SAFTA in the Context of BangladeshMd. Joynal Abdin
An Analysis of SAFTA in the Context of Bangladesh. In this Working Paper (No. 6 of the Bangladesh Development Research Working Paper Series), Md. Joynal Abdin focuses on a review of the progress made with SAFTA, what Bangladesh’s prospects are in SAFTA, and how SAFTA can be made more active. It provides the historical background about the various initiatives within South Asia, reviews the actual trade data, and reviews the main trade restrictions within SAFTA. It also provides a set of recommendations based on this analysis.
The Bangladeshi Agarwood Industry: Development Barriers and a Potential Way...Md. Joynal Abdin
Agarwood (which has various names around the Asia and Pacific region) is one of the most
expensive non-timber wood products of the world. Bangladesh is producing three major
products namely agar-wood, agar-oil and agar dust. It has many uses in the cosmetics
(especially perfume) and medicine sectors. Agarwood has traditional, religious moreover
cultural uses in different parts of the world. In addition to various Asian countries, agarwood
has a long history in Bangladesh, especially in Moulvibazar and nearby districts. However, a
few constraints are creating hurdles for a flourishing agarwood sector in Bangladesh. This
paper provides first some background on the agarwood sector in Bangladesh and concentrates
then on identifying development barriers of the agarwood sector in Bangladesh. Based on the
identified development barriers, it then suggests a few recommendations. Proper regulatory
support from the government could play a vital role to make it one of the major foreign
currency earning sectors for Bangladesh.
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
주최 : 한국전기연구원 전문가 자문 발표
발표장소 : 한국전기연구원
발표주제 :전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
발표일:2009년 10월 20일
발표자 : 강장묵(세종대학교 정보통신공학과 BK사업단 소속 교수)
redsea@sejong.ac.kr
mooknc@gmail.com
A big challenge for mobile network operators in the new, ever-evolving 5G era is the signaling security of the standardized protocols used in order to exchange data. Telecommunication companies face this challenge and have to be on the verge every time there is a potential hacker attack. What is the best way to approach these striking threats and even to be ready before it occurs?
In our webinar, Positive Technologies will offer you several breakthrough strategies on how to deal with security flaws in telecom.
Our expert will show you the evolution of protocol security, share insights into the potential activities of a hacker and give useful advice about compliance with security standards.
We have evolved an IT system that is ubiquitous and pervasive and integrated into most aspects of our lives. Many of us are working on 4th and 5th level refinements in efficiency and functionality. But, we stand on the shoulders of those who came before and this restricts our freedom of action. The prior work has left us with an ecosystem which is the living embodiment
of our state-of-the-art. While we work on integration, refinement, broader application and efficiency, the results must move seamlessly into the ecosystem. Fundamental concepts are
being researched in the lab and may rebuild the world we all live in, until that happens, we must work within the ecosystem.
LAS16-300K2: Overview of IoT Zephyr
Speakers: Geoff Thorpe
Date: September 28, 2016
★ Session Description ★
Title: Overview of IoT Zephyr
Bio:
Geoff Thorpe heads up security within the Microcontroller group of NXP, where the intersection of device security and network security gives him a headache commonly known as “IoT”. His early experience with security topics was very software-centric, as a long-standing member of the OpenSSL team and a contributor to related open source projects. After many years veering off into semiconductors and hardware architecture, his software-bias has been domesticated to some extent but not eradicated.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-300k2
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-300k2/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
7. Security in VoIP Systems QoE vs QoS VoIP PSTN QoE QoE QoS
8. The Voice Quality Blanket Struggle Security in VoIP Systems All these factors are related each other and determine the user experience QoE Delay/Jitter
13. Security in VoIP Systems Thanks for your attention and enjoy your stay in Capri
Editor's Notes
PROPOSED METHODOLOGY This methodology has to provide the Telecommunication Engineer with means to plan the necessary changes in the network/VoIP platform, eventually reaching a higher level of security. The SUT has to be simulated accordingly to the procedure, to test the changes effects before doing their actual implementation. This methodology will take in account the right balance between security instruments and the required QoS/QoE for real time operations. To do that both QoS (core network objective point of view) and QoE (End User subjective point of view) have to be considered in a way that should lead to a good balance between network security-efficiency and customer service-satisfaction.
The idea behind this implementation was to reproduce , on a small scale , most of the issues a VoIP user could expe rience during the life-cicle of the multimedia service he’s getting from the Telco (QoE), and for the carrier the main problems the Management and Engineering team are facing in their day by day work (QoS). We measure, under different WAN connection situations (i.e. Jitter, Delay, Echo, Packet Loss are some of the buttons we modify in order to see how the VoIP infrastructure behaves), VoIP application level parameters. We built an experimental table reporting the test results in terms of QoE and QoS, for the whole set of different WAN/LAN situation simulated in the test bed.
Service Availability. An attack able to compromise service availability is the most significant VoIP security threats to VoIP networks. It has the potential to quickly impact customers, resulting in lost revenues, system downtime, lost productivity and unplanned maintenance costs. It’s a major concern for service providers providing public services such Emergency call. DoS, viruses and worms DoS, virus and worm-based threats will also use VoIP specific protocols and VoIP application vulnerabilities. Attacks will usually target critical VoIP applications/devices such as end-user phones and soft-clients, call managers, authentication servers and billing applications. Service Integrity . Service integrity threats are focused on compromising VoIP services through toll fraud , identity theft and other fraudulent actions IP TV could record the content of the broadcast and then sell it illegally. A toll fraud can be committed via a VoIP phone that is registered using a stolen or guessed user account and password. Spit has become a major concern in the data security world as millions of unwanted messages are sent around the world. On the contrary of e-mail SPAM, combating SPIT is much more difficult due to the real-time nature of voice services. Eavesdropping on signaling and media paths enables attackers to obtain sensitive business or personal information . Various man-in-the-middle attacks altering the content of the conversation could be launched. Examples of these attacks are insertion and disruption, masquerading, registration hijacking, impersonation and replay. Computational time is the link between the two groups
Test Cases : Let us consider the Test Case #01 , which is really self-explicative in terms of results. Fixing the Delay of the WAN Network to 0 ms, we could find a theoretical limit for the Packet Loss Ratio (PLR) on an IP Network supporting VoIP services (the validity of which can be took as general for G.711A codec): if the value of PLR goes beyond 2% , it is likely to have troubles with the QoE, as perceived by the End User. In fact, despite no jitter and delay are present during the test, the QoE goes down to the limits of acceptability (MOS=3.1-3.2) for a phone call. This is taking us to one simple but important conclusion: if the IP vector is not able to grant a PLR lower than about 1.2 % , then it cannot bear real time services such as VoIP. We take now a brief look at the results of Test Cases #2 and #3 , in which we tried to simulate a “real life” situation for a general-use IP Network. The measured values of the QoS parameters are in accordance with the experience in real network implementation (i.e. carrier networks). Focusing the attention on QoS, with specific reference to jitter, we notice that a slight increase in the value of jitter causes a significant decrease of QoE , which results in an unacceptable quality when the jitter buffer of the receiver is 20 ms , being just at the bottom boundary for a jitter buffer equal to 60 ms . Example: Take as an example an x-DSL/ATM connection, with a VoIP communication using a G.711A kind of codec: if this is the case then the bandwidth consupmtion, for a sampling time of 20ms , is about 100 kbps ; if you wanna spare bandwidth (50 kbps) you’re gonna use G.729 codec but the drawback is the following: as soon as you loose packets , you’re losing roughly the double of information contents (semantyc wise) you should lose in the case of G.711A Considerations: When the IP vector has enough room in terms of bandwidth the VoIP infrastructure using such a network is able to compensate efficiently for impairements which show up within the network. On the other hand, when the residual available bandwith is <= 10% of the total, then every impairement event becomes highly disruptive in terms of QoE , for the whole set of calls being active on this very line. I.e. a small amount of Jitter can take down the MOS to an unacceptable value (this problem could be partially recovered by an increment of the Jitter buffer, but this intervention is limited to a total maximum of 100 ms; the same should happen for a small value of PLR [ PLR = (lost packtes+late packets)/sent packets ]. Exactly the same result should the RTT Delay increase a little bit (this is very much related to devices’ computational time). When using an IPSec tunnel you have to take in account the additional overhead due to the security encryption, so the bandwidth consumption will be greater of about 30% with respect to an uncrypetd transmission. Limits: Taking in account one parameter at time , the limits being figured out by experimental approach are the following: PLR = 2% (this value refers to G.711A; if you deal with G.729 it has to be significantly lower: < 1 % ) RTT avarage Delay = 400 ms Avarage Jitter = 7 ms (JB = 20ms) | 12 ms (JB = 60ms) | 17 ms (JB = 100ms) If you go beyond one of the above values your QoE will result unacceptable .
LANForge Ice (by Candela Technologies): Wan impairement simulator Hammer Call Analyzer (by Empirix): MOS-Rfactor & troubleshooting Jperf (by SourceForge): Measure throughput and latency as number of threads grow Can be used to measure performance of any Java code Perfect for measuring the impact of performance optimizations Shows average duration and throughput (invocations per second) IP-Ping SIP Info: The purpose of the INFO message is to carry mid-session information between SIP user agents