IP Multimedia Subsystem (IMS) is considered to be one of the important features in Mobile Next Generation Networks (MNGN). It adds value to the mobile services and applications by integrating mobile network resources, such as location, billing and authentication. This is achieved by enabling a third party access to network resources. In previous work [1] we have presented a testbed to be used as platform for testing mobile application prior to actual deployment. We have chosen a novel IMS based MObile Mass EXamination (MOMEX) system to showcase the benefit of designing an IMS based mobile application. We identify two aspects essential to of the application namely security threats and delay analysis. In this paper we identify MOMEX security threats and suggest strategies to mitigate system vulnerabilities. We then
evaluate the performance of MOMEX system in terms of delay and security threats and vulnerabilities. The results presented show system performance limitation and tradeoffs.
Congestion and overload control techniques in massive M2M systems: a surveyapnegrao
Lilatul Ferdouse1, Alagan Anpalagan1* and Sudip Misra2
1 WINCORE Lab, Department of Electrical and Computer Engineering, Ryerson University, Toronto, Canada
2 School of Information Technology, Indian Institute of Technology, Kharagpur, India
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
Modern vehicles are increasingly being interconnected with computer systems, which collect information both from vehicular sources and Internet services. Unfortunately, this creates a no negligible attack surface, which extends when vehicles are partly operated via smart phones. In this letter, a hierarchically distributed control system architecture which integrates a Smartphone with classical embedded systems is presented, and an ad-hoc, end-to-end security layer is designed to demonstrate how a Smartphone can interact securely with a modern vehicle without requiring modifications to the existing in-vehicle network. Experimental results demonstrate the effectiveness of the approach.
Congestion and overload control techniques in massive M2M systems: a surveyapnegrao
Lilatul Ferdouse1, Alagan Anpalagan1* and Sudip Misra2
1 WINCORE Lab, Department of Electrical and Computer Engineering, Ryerson University, Toronto, Canada
2 School of Information Technology, Indian Institute of Technology, Kharagpur, India
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
Modern vehicles are increasingly being interconnected with computer systems, which collect information both from vehicular sources and Internet services. Unfortunately, this creates a no negligible attack surface, which extends when vehicles are partly operated via smart phones. In this letter, a hierarchically distributed control system architecture which integrates a Smartphone with classical embedded systems is presented, and an ad-hoc, end-to-end security layer is designed to demonstrate how a Smartphone can interact securely with a modern vehicle without requiring modifications to the existing in-vehicle network. Experimental results demonstrate the effectiveness of the approach.
Security is always important in data networks, but it is particularly critical in wireless networks such as
WiMAX. Authentication is the first element in wireless security that, if not well safeguarded, all following
security measures will be vulnerable. Denial of Service is one of the attacks that could target a WiMAX
network to make its operation inefficient. This paper is an investigation into a) the weakness and threats on
WiMAX security algorithms and b) the best method that could prevent DoS attacks prior to the
authentication algorithm.
The paper is presenting the architecture of WiMAX and identifying the main layers and sub layers that
these security algorithms are performing their functions from within. The paper incorporates the new
method with the authentication algorithm to improve the efficiency of the security of WiMAX.
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...ijngnjournal
The IP Multimedia subsystem (IMS) based on SIP as mechanism signalling and interfaces with other servers using OSA (Open Service Access) and CAMEL (Customized Applications for Mobile network Enhanced Logic).Is responsible for the interconnection of IP packets with other network, IMS support data communication services, voice, video, messaging and web-based technologies. In this work we present a distributed design of architecture that turns up some challenges of transparent mobility on the secured IMS architecture. We introduced the architecture with clustering database HSS and automatic storage of data files that give a secure access to database. This paper gives an overview of classification of security in IMS network and we show delay analysis comparison in signalling interworking with and without securing Gateway (SEG) in the registration of any UE in access network based IMS. We show that there is a tradeoff between the level of increasing system security and the potential delay incurred by mobility in Access Network .we conclude that this architecture is suitable for operators and services providers for the new
business models delivering ,the services based IMS Everywhere, anytime and with any terminals.
The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute
challenges and weaknesses before the security progress in MANET network. It causes weakness in security,
which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten
MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between
them will be concluded and architectural security solutions in MANET will beproposed.
Design of Intrusion Tolerance System based on Service Redundancy LevelIOSRJEEE
The Internet is an open space where a great number of computer systems are connected. Since many services are provided through the Internet, malicious users can easily intrude on any of those systems by using the vulnerabilities of the Internet. Although Intrusion Detection and Prevention System (IDPS) can be used to defend against such malicious activities, it is not always possible to completely protect a targeted system against the attacks. For this reason, Intrusion Tolerance Systems (ITS) has been proposed to maintain services even in threatening environments, where some malicious attacks have intruded into a system successfully. In this paper, we propose a new ITS based upon maintaining a service redundancy level to ensure that all services are properly provided to users even if a malicious intrusions such as VM (virtual machine) escape attack exists. The simulation results show that the proposed scheme can guarantee the operation of every ongoing service by maintaining the service redundancy level of all services
India is one of the countries which has the electronic voting machine for parliamentary and assembly polls. But in every poll election commission is facing so much of troubles and various types of issues through the election. The most familiar issue which is faced by the election commission is, no proper acknowledgement regarding the confirmation of casting the votes, duplication or illegal casting of votes. In this project all these issues has been handled and overcome with the perfect solution. The main advantage of this project is handling of data by using biometric system such as finger print and face recognition (is done by masking technique). This is used to ensure the security to avoid fake and repeating voting. It also enhances the accuracy and speed of the process. The system performs with perfect recognition on a face and thumb impression of all the eligible voters in a constituency, which is done as pre-polled procedure. During election, thumb impression and face templates of voters is given as an input to the system. This is then compared with the already stored database and available records. If the particular pattern matches with the record then the voters are allowed to vote but incase if it doesn’t match or in case of repetition, voters vote are denied or gets rejected. The result is instant and counting is done.
Metric for Evaluating Availability of an Information System : A Quantitative ...IJNSA Journal
The purpose of the paper is to present a metric for availability based on the design of the information
system. The availability metric proposed in this paper is twofold, based on the operating program and
network delay metric of the information system (For the local bound component composition the
availability metric is purely based on the software/operating program, for the remote bound component
composition the metric incorporates the delay metric of the network). The aim of the paper is to present a
quantitative availability metric derived from the component composition of an Information System, based
on the dependencies among the individual measurable components of the system. The metric is used for
measuring and evaluating availability of an information system from the security perspective, the
measurements may be done during the design phase or may also be done after the system is fully
functional. The work in the paper provides a platform for further research regarding the quantitative
security metric (based on the components of an information system i.e. user, hardware, operating
program and the network.) for an information system that addresses all the attributes of information and
network security.
A Trusted Integrity verification Architecture for Commodity ComputersEditor IJCATR
Trust is an indispensable part of the computing environment, the validity of any transaction or information depends heavily
on the authenticity of the information source. In this context, many mechanisms for ensuring the authenticity of the information source
were developed, including password verification and biometrics. But as the attacks are directed towards the computing platform and
the applications running on the computer, all these initial security mechanisms are not sufficient. It is essential to ensure before making
a secure transaction that the system is in a good state (or say some authorized state) and maintains its integrity throughout the
execution time. The emergence of the Trusted Platform Module (TPM) has added to the security feature of a computer. Mechanisms
are in place which guarantee system integrity but very little is known about the state of the applications running on them. We propose
a system which notifies the user if the integrity of an application is violated and stops it. Our system also compares the current system
state with a known good value to ensure platform integrity.
The purpose of this paper two fold. First and foremost it presents a background narrative on the origins, innovations and applications of novel structural automation technologies and the rarity of experts involved in research, development and practice of this field. The second part of this paper presents a rudimentary framework for a solution addressing this paucity – the creation of an interdisciplinary academic program at PAAET that will be the first ever in the region to address applied information communication technologies ICT in the design, planning, engineering and management of structural automation projects. In doing so, we need also to define the level of implementation. This field, as all fields in ICT, have been loosely defined and most applications carry less weight in its implementation than what should be applied. This paper gives an attempt to define an indexing scheme by which we can easily classify such implementation and generate a ranking by which we can safely define its level of ―Intelligence‖.International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A heterogeneous short-range communication platform for Internet of Vehicles IJECEIAES
The automotive industry is rapidly accelerating toward the development of innovative industry applications that feature management capabilities for data and applications alike in cars. In this regard, more internet of vehicles solutions are emerging through advancements of various wireless medium access-control technologies and the internet of things. In the present work, we develop a short-range communication–based vehicular system to support vehicle communication and remote car control. We present a combined hardware and software testbed that is capable of controlling a vehicle’s start up, operation and several related functionalities covering various vehicle metric data. The testbed is built from two microcontrollers, Arduino and Raspberry Pi 3, each of which individually controls certain functions to improve the overall vehicle control. The implementation of the heterogeneous communication module is based on the IEEE 802.11 and IEEE 802.15 medium access control technologies. Further, a control module on a smartphone was designed and implemented for efficient management. Moreover, we study the system connectivity performance by measuring various important parameters including the coverage distance, signal strength, download speed and latency. This study covers the use of this technology setup in different geographical areas over various time spans.
An intrusion detection algorithm for amiIJCI JOURNAL
Nowadays, using the smart metering devices for energy users to manage a wide variety of subscribers,
reading devices for measuring, billing, disconnection and connection of subscribers’ connection
management is an important issue. The performance of these intelligent systems is based on information
transfer in the context of information technology, so reported data from network should be managed to
avoid the malicious activities that including the issues that could affect the quality of service the system. In
this paper for control of the reported data and to ensure the veracity of the obtained information, using
intrusion detection system is proposed based on the support vector machine and principle component
analysis (PCA) to recognize and identify the intrusions and attacks in the smart grid. Here, the operation of
intrusion detection systems for different kernel of SVM when using support vector machine (SVM) and PCA
simultaneously is studied. To evaluate the algorithm, based on data KDD99, numerical simulation is done
on five different kernels for an intrusion detection system using support vector machine with PCA
simultaneously. Also comparison analysis is investigated for presented intrusion detection algorithm in
terms of time - response, rate of increase network efficiency and increase system error and differences in
the use or lack of use PCA. The results indicate that correct detection rate and the rate of attack error
detection have best value when PCA is used, and when the core of algorithm is radial type, in SVM
algorithm reduces the time for data analysis and enhances performance of intrusion detection.
A SECURITY FRAMEWORK FOR SOA APPLICATIONS IN MOBILE ENVIRONMENTIJNSA Journal
A Rapid evolution of mobile technologies has led to the development of more sophisticated mobile devices with better storage, processing and transmission power. These factors enable support to many types of application but also give rise to a necessity to find a model of service development. Actually, SOA (Service Oriented Architecture) is a good option to support application development. This paper presents a framework that allows the development of SOA based application in mobile environment. The objective of the framework is to give developers with tools for provision of services in this environment with the necessary security characteristics.
An Architectural Framework for Delivering Sip-As Multimedia Services Based on...josephjonse
This paper proposes a new scalable service-oriented architecture based on Open Service Gateway Initiative (OSGI) technology. A key part of this architecture is its SIP application as a service (SIP-AS). It relies on IMS core network supported by multi agents components implemented using Java Agent DEvelopment (JADE) platform. As a proof of concept, a real testbed/prototype has been developed to validate our approach. The validation process consisted of two phases: (i) configuration of the JADE/OSGi SIP-AS architecture to provide a televoting service and (ii) characterization and analysis of jitter, packet loss, load capacity and CPU utilization of the implemented architecture. Results demonstrate that this televoting service scales up and out enabling the elasticity of the architecture on the processing of
concurrent calls and dynamic load balancing.
Dashboard of intelligent transportation system (ITS) using mobile agents stra...IJECEIAES
Extracting accurate information from huge Transportation Database need to build efficiency Intelligent Transportation Systems ITS-Dashboard that should allow making correct decisions. The quality of decision and the achievement of performance depend on the quality of the information supplied. This information must be reliable, complete, pertinent and more to care about external attacks. Distributed Mobile Agent consists of autonomy of entities with capacities of perception, cooperation and action on their own environment. One of Agent function is the security of Authentication process by activation of notification system on Mobile Device. The main purpose of this paper is to make it consisting of an Agent Based Framework. The strategy is to exploit Mobile Agent capabilities in a Strict Notification Process when user validates his authentication request.
Security is always important in data networks, but it is particularly critical in wireless networks such as
WiMAX. Authentication is the first element in wireless security that, if not well safeguarded, all following
security measures will be vulnerable. Denial of Service is one of the attacks that could target a WiMAX
network to make its operation inefficient. This paper is an investigation into a) the weakness and threats on
WiMAX security algorithms and b) the best method that could prevent DoS attacks prior to the
authentication algorithm.
The paper is presenting the architecture of WiMAX and identifying the main layers and sub layers that
these security algorithms are performing their functions from within. The paper incorporates the new
method with the authentication algorithm to improve the efficiency of the security of WiMAX.
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...ijngnjournal
The IP Multimedia subsystem (IMS) based on SIP as mechanism signalling and interfaces with other servers using OSA (Open Service Access) and CAMEL (Customized Applications for Mobile network Enhanced Logic).Is responsible for the interconnection of IP packets with other network, IMS support data communication services, voice, video, messaging and web-based technologies. In this work we present a distributed design of architecture that turns up some challenges of transparent mobility on the secured IMS architecture. We introduced the architecture with clustering database HSS and automatic storage of data files that give a secure access to database. This paper gives an overview of classification of security in IMS network and we show delay analysis comparison in signalling interworking with and without securing Gateway (SEG) in the registration of any UE in access network based IMS. We show that there is a tradeoff between the level of increasing system security and the potential delay incurred by mobility in Access Network .we conclude that this architecture is suitable for operators and services providers for the new
business models delivering ,the services based IMS Everywhere, anytime and with any terminals.
The Ad Hoc mobile network (MANET) is a wireless network with properties which may constitute
challenges and weaknesses before the security progress in MANET network. It causes weakness in security,
which leads to increased attacks on MANET. In this paper the challenges and attacks likely to threaten
MANET will be investigated. As a corollary, security solutions will be discussed, the relationship between
them will be concluded and architectural security solutions in MANET will beproposed.
Design of Intrusion Tolerance System based on Service Redundancy LevelIOSRJEEE
The Internet is an open space where a great number of computer systems are connected. Since many services are provided through the Internet, malicious users can easily intrude on any of those systems by using the vulnerabilities of the Internet. Although Intrusion Detection and Prevention System (IDPS) can be used to defend against such malicious activities, it is not always possible to completely protect a targeted system against the attacks. For this reason, Intrusion Tolerance Systems (ITS) has been proposed to maintain services even in threatening environments, where some malicious attacks have intruded into a system successfully. In this paper, we propose a new ITS based upon maintaining a service redundancy level to ensure that all services are properly provided to users even if a malicious intrusions such as VM (virtual machine) escape attack exists. The simulation results show that the proposed scheme can guarantee the operation of every ongoing service by maintaining the service redundancy level of all services
India is one of the countries which has the electronic voting machine for parliamentary and assembly polls. But in every poll election commission is facing so much of troubles and various types of issues through the election. The most familiar issue which is faced by the election commission is, no proper acknowledgement regarding the confirmation of casting the votes, duplication or illegal casting of votes. In this project all these issues has been handled and overcome with the perfect solution. The main advantage of this project is handling of data by using biometric system such as finger print and face recognition (is done by masking technique). This is used to ensure the security to avoid fake and repeating voting. It also enhances the accuracy and speed of the process. The system performs with perfect recognition on a face and thumb impression of all the eligible voters in a constituency, which is done as pre-polled procedure. During election, thumb impression and face templates of voters is given as an input to the system. This is then compared with the already stored database and available records. If the particular pattern matches with the record then the voters are allowed to vote but incase if it doesn’t match or in case of repetition, voters vote are denied or gets rejected. The result is instant and counting is done.
Metric for Evaluating Availability of an Information System : A Quantitative ...IJNSA Journal
The purpose of the paper is to present a metric for availability based on the design of the information
system. The availability metric proposed in this paper is twofold, based on the operating program and
network delay metric of the information system (For the local bound component composition the
availability metric is purely based on the software/operating program, for the remote bound component
composition the metric incorporates the delay metric of the network). The aim of the paper is to present a
quantitative availability metric derived from the component composition of an Information System, based
on the dependencies among the individual measurable components of the system. The metric is used for
measuring and evaluating availability of an information system from the security perspective, the
measurements may be done during the design phase or may also be done after the system is fully
functional. The work in the paper provides a platform for further research regarding the quantitative
security metric (based on the components of an information system i.e. user, hardware, operating
program and the network.) for an information system that addresses all the attributes of information and
network security.
A Trusted Integrity verification Architecture for Commodity ComputersEditor IJCATR
Trust is an indispensable part of the computing environment, the validity of any transaction or information depends heavily
on the authenticity of the information source. In this context, many mechanisms for ensuring the authenticity of the information source
were developed, including password verification and biometrics. But as the attacks are directed towards the computing platform and
the applications running on the computer, all these initial security mechanisms are not sufficient. It is essential to ensure before making
a secure transaction that the system is in a good state (or say some authorized state) and maintains its integrity throughout the
execution time. The emergence of the Trusted Platform Module (TPM) has added to the security feature of a computer. Mechanisms
are in place which guarantee system integrity but very little is known about the state of the applications running on them. We propose
a system which notifies the user if the integrity of an application is violated and stops it. Our system also compares the current system
state with a known good value to ensure platform integrity.
The purpose of this paper two fold. First and foremost it presents a background narrative on the origins, innovations and applications of novel structural automation technologies and the rarity of experts involved in research, development and practice of this field. The second part of this paper presents a rudimentary framework for a solution addressing this paucity – the creation of an interdisciplinary academic program at PAAET that will be the first ever in the region to address applied information communication technologies ICT in the design, planning, engineering and management of structural automation projects. In doing so, we need also to define the level of implementation. This field, as all fields in ICT, have been loosely defined and most applications carry less weight in its implementation than what should be applied. This paper gives an attempt to define an indexing scheme by which we can easily classify such implementation and generate a ranking by which we can safely define its level of ―Intelligence‖.International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A heterogeneous short-range communication platform for Internet of Vehicles IJECEIAES
The automotive industry is rapidly accelerating toward the development of innovative industry applications that feature management capabilities for data and applications alike in cars. In this regard, more internet of vehicles solutions are emerging through advancements of various wireless medium access-control technologies and the internet of things. In the present work, we develop a short-range communication–based vehicular system to support vehicle communication and remote car control. We present a combined hardware and software testbed that is capable of controlling a vehicle’s start up, operation and several related functionalities covering various vehicle metric data. The testbed is built from two microcontrollers, Arduino and Raspberry Pi 3, each of which individually controls certain functions to improve the overall vehicle control. The implementation of the heterogeneous communication module is based on the IEEE 802.11 and IEEE 802.15 medium access control technologies. Further, a control module on a smartphone was designed and implemented for efficient management. Moreover, we study the system connectivity performance by measuring various important parameters including the coverage distance, signal strength, download speed and latency. This study covers the use of this technology setup in different geographical areas over various time spans.
An intrusion detection algorithm for amiIJCI JOURNAL
Nowadays, using the smart metering devices for energy users to manage a wide variety of subscribers,
reading devices for measuring, billing, disconnection and connection of subscribers’ connection
management is an important issue. The performance of these intelligent systems is based on information
transfer in the context of information technology, so reported data from network should be managed to
avoid the malicious activities that including the issues that could affect the quality of service the system. In
this paper for control of the reported data and to ensure the veracity of the obtained information, using
intrusion detection system is proposed based on the support vector machine and principle component
analysis (PCA) to recognize and identify the intrusions and attacks in the smart grid. Here, the operation of
intrusion detection systems for different kernel of SVM when using support vector machine (SVM) and PCA
simultaneously is studied. To evaluate the algorithm, based on data KDD99, numerical simulation is done
on five different kernels for an intrusion detection system using support vector machine with PCA
simultaneously. Also comparison analysis is investigated for presented intrusion detection algorithm in
terms of time - response, rate of increase network efficiency and increase system error and differences in
the use or lack of use PCA. The results indicate that correct detection rate and the rate of attack error
detection have best value when PCA is used, and when the core of algorithm is radial type, in SVM
algorithm reduces the time for data analysis and enhances performance of intrusion detection.
A SECURITY FRAMEWORK FOR SOA APPLICATIONS IN MOBILE ENVIRONMENTIJNSA Journal
A Rapid evolution of mobile technologies has led to the development of more sophisticated mobile devices with better storage, processing and transmission power. These factors enable support to many types of application but also give rise to a necessity to find a model of service development. Actually, SOA (Service Oriented Architecture) is a good option to support application development. This paper presents a framework that allows the development of SOA based application in mobile environment. The objective of the framework is to give developers with tools for provision of services in this environment with the necessary security characteristics.
An Architectural Framework for Delivering Sip-As Multimedia Services Based on...josephjonse
This paper proposes a new scalable service-oriented architecture based on Open Service Gateway Initiative (OSGI) technology. A key part of this architecture is its SIP application as a service (SIP-AS). It relies on IMS core network supported by multi agents components implemented using Java Agent DEvelopment (JADE) platform. As a proof of concept, a real testbed/prototype has been developed to validate our approach. The validation process consisted of two phases: (i) configuration of the JADE/OSGi SIP-AS architecture to provide a televoting service and (ii) characterization and analysis of jitter, packet loss, load capacity and CPU utilization of the implemented architecture. Results demonstrate that this televoting service scales up and out enabling the elasticity of the architecture on the processing of
concurrent calls and dynamic load balancing.
Dashboard of intelligent transportation system (ITS) using mobile agents stra...IJECEIAES
Extracting accurate information from huge Transportation Database need to build efficiency Intelligent Transportation Systems ITS-Dashboard that should allow making correct decisions. The quality of decision and the achievement of performance depend on the quality of the information supplied. This information must be reliable, complete, pertinent and more to care about external attacks. Distributed Mobile Agent consists of autonomy of entities with capacities of perception, cooperation and action on their own environment. One of Agent function is the security of Authentication process by activation of notification system on Mobile Device. The main purpose of this paper is to make it consisting of an Agent Based Framework. The strategy is to exploit Mobile Agent capabilities in a Strict Notification Process when user validates his authentication request.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
AN ARCHITECTURAL FRAMEWORK FOR DELIVERING SIP-AS MULTIMEDIA SERVICES BASED ON...ijngnjournal
This paper proposes a new scalable service-oriented architecture based on Open Service Gateway Initiative (OSGI) technology. A key part of this architecture is its SIP application as a service (SIP-AS). It relies on IMS core network supported by multi agents components implemented using Java Agent DEvelopment (JADE) platform. As a proof of concept, a real testbed/prototype has been developed to validate our approach. The validation process consisted of two phases: (i) configuration of the JADE/OSGi SIP-AS architecture to provide a televoting service and (ii) characterization and analysis of jitter, packet loss, load capacity and CPU utilization of the implemented architecture. Results demonstrate that this televoting service scales up and out enabling the elasticity of the architecture on the processing of concurrent calls and dynamic load balancing.
The rapid growth that has taken place in Computer Vision has been instrumental in driving the advancement of Image processing techniques and drawing inferences from them. Combined with the enormous capabilities that Deep Neural networks bring to the table, computers can be efficiently trained to automate the tasks and yield accurate and robust results quickly thus optimizing the process. Technological growth has enabled us to bring such computationally intensive tasks to lighter and lower-end mobile devices thus opening up a wide range of possibilities. WebRTC-the open-source web standard enables us to send multimedia-based data from peer to peer paving the way for Real-time Communication over the Web. With this project, we aim to build on one such opportunity that can enable us to perform custom object detection through an android based application installed on our mobile phones. Therefore, our problem statement is to be able to capture real-time feeds, perform custom object detection, generate inference results, and appropriately send intruder alerts when needed. To implement this, we propose a mobile-based over-the-cloud solution that can capitalize on the enormous and encouraging features of the YOLO algorithm and incorporate the functionalities of OpenCV’s DNN module for providing us with fast and correct inferences. Coupled with a good and intuitive UI, we can ensure ease of use of our application.
The rapid growth that has taken place in Computer Vision has been instrumental in driving the advancement of Image processing techniques and drawing inferences from them. Combined with the enormous capabilities that Deep Neural networks bring to the table, computers can be efficiently trained to automate the tasks and yield accurate and robust results quickly thus optimizing the process. Technological growth has enabled us to bring such computationally intensive tasks to lighter and lower-end mobile devices thus opening up a wide range of possibilities. WebRTC-the open-source web standard enables us to send multimedia-based data from peer to peer paving the way for Real-time Communication over the Web. With this project, we aim to build on one such opportunity that can enable us to perform custom object detection through an android based application installed on our mobile phones. Therefore, our problem statement is to be able to capture real-time feeds, perform custom object detection, generate inference results, and appropriately send intruder alerts when needed. To implement this, we propose a mobile-based over-the-cloud solution that can capitalize on the enormous and encouraging features of the YOLO algorithm and incorporate the functionalities of OpenCV’s DNN module for providing us with fast and correct inferences. Coupled with a good and intuitive UI, we can ensure ease of use of our application.
Online Signature Authentication by Using Mouse Behavior Editor IJCATR
Several large-scale parole leakages exposed users to associate unprecedented risk of speech act and abuse of their data. associate inadequacy of password-based authentication mechanisms is turning into a serious concern for the complete data society. carries with it 3 major modules: (1) Mouse–Behavior dynamics Capture, (2) Feature Construction, and (3) coaching or Classification. the primary module serves to make a taking mouse behavior user signs. The second module is employed to extract holistic and procedural options to characterize mouse behavior and to map the raw options into distance-based options by exploitation numerous distance metrics. The third module, within the coaching section, applies neural network on the distance-based feature vectors to reckon the predominant feature elements, then builds the user’s profile employing a one-class classifier. within the classification section, it determines the user’s identity exploitation the trained classifier within the distance-based feature exploitation NN. A four Digit OTP is generated to the user’s email ID. The user are going to be giving the ‘2’ digit OTP and therefore the server are going to be giving balance ‘2’ digit OTP. Users ‘2’ digit OTP is verified by the server and contrariwise.
The Difference Impact on QoS Parameters between the IPSEC and L2TPAM Publications
Many of the networks are existing but little of them that believe the quality and security together, the secure transmission of the information with high quality remains the primary goal of all engineers, which is considered the ideal goal of this theory either in fact, get a high quality of service comes at the expense of security and vice versa, has been expressed networks fiber optic for the best possible speed while maintaining a good level of security. In the Internet network, person-to-person communication can be enhanced with high quality images and videos, and access to information and services on public and private networks will be enhanced by higher data rates, quality of service (QoS), security measures, location-awareness, energy efficiency, and new flexible communication capabilities. So some networks are characterized by the QOS offered in addition to the security that we will discuss extensively later. This distinction is linked to the quality of communication and service over the network and security[1]. The quality of a network is evaluated on the basis of the quality of service, and especially on its security features. The use of security mechanisms is important in knowing the identity, saving the information, and ensuring that there is no tampering.in this research we try to ensure the security for QoS with two different methods using the Tunnel like the L2TP and IPSec that mean the security of layer two and three of OSI model, and we compared the differential impact between the two types of security on QoS parameters.
SIP-Based Mobility Management for LTE-WiMAX-WLAN Interworking Using IMS Archi...CSCJournals
In this paper, we propose an architecture framework for interworking of Long Term Evolution (LTE), Worldwide Interoperability for Microwave Access (WiMAX) and Wireless Local Area Network (WLAN) technologies. The aim is to offer users of various networks seamless high quality IP-based multimedia services access anywhere at any time. IP Multimedia Subsystem (IMS) is used in the proposed architecture for providing a platform through which telecommunications operators can merge the various networks. A Session Initiation Protocol (SIP) REFER method which provides uninterrupted service continuity is introduced. The proposed LTE-WiMAX and LTE-WLAN tight coupled interworking is compared with the UMTS- WiMAX and UMTS-WLAN tight coupled interworking. The two heterogeneous networks are simulated using OPNET Modeler 17.1. Various metrics are obtained to test the performance of the proposed technique. Results show that successful VoIP session handoffs with acceptable Quality of Services (QoS) levels can be performed. Results also show that the proposed architecture outperforms the pervious architecture.
The Geoquorum approach for implementing atomic read/write shaved memory in mobile ad hoc networks. This
problem in distributed computing is revisited in the new setting provided by the emerging mobile computing technology. A
simple solution tailored for use in ad hoc networks is employed as a vehicle for demonstrating the applicability of formal
requirements and design strategies to the new field of mobile computing. The approach of this paper is based on well
understood techniques in specification refinement, but the methodology is tailored to mobile applications and help designers
address novel concerns such as logical mobility, the invocations, specific conditions constructs
Formal Specification for Implementing Atomic Read/Write Shared Memory in Mobi...ijcsit
The Geoquorum approach for implementing atomic read/write shaved memory in mobile ad hoc networks. This
problem in distributed computing is revisited in the new setting provided by the emerging mobile computing technology. A
simple solution tailored for use in ad hoc networks is employed as a vehicle for demonstrating the applicability of formal
requirements and design strategies to the new field of mobile computing. The approach of this paper is based on well
understood techniques in specification refinement, but the methodology is tailored to mobile applications and help designers
address novel concerns such as logical mobility, the invocations, specific conditions constructs. The proof logic and
programming notation of mobile UNITY provide the intellectual tools required to carryout this task. Also, the quorum
systems are investigated in highly mobile networks in order to reduce the communication cost associated with each distributed
operation.
ANALYSIS OF NETWORK PERFORMANCE MANAGEMENT DASHBOARDIAEME Publication
Analysis of performance availability is very important to help improve network
performance. This is due to developing services to be used by customers. In performance
availability it is known that there are many problems that occur in each event in the
field. In achieving the optimal level in carrying out the implementation and support
processes of the performance management dashboard, an analysis is needed to develop
management and control in the networking division with the aim of generating
utilization in the implementation and support processes to align with the business needs
of PT ABC. The existing reference model is a reference model that refers to the
functional area of FCAPS. The FCAPS model consists of five functional areas,
including fault management, configuration management, accounting management,
performance management, and security management. In general, companies have
implemented FCAPS on failure issues and configurations (fault and configuration).
Security / security has relied on other tools that are not integrated in the FCAPS model
as a whole. The basic principle is, even though there are five elements from FCAPS,
one element can influence the success of other elements.
Secure and efficient handover authentication and detection of spoofing attackeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSijwmn
With the surging of mobile applications, mobile security draws more and more attentions from researchers
in various areas. Due to the lack of quality assurance approaches in mobile computing, many mobile
applications suffer the vulnerabilities and security flaws. In this paper, we proposed a model based unit
testing approach on the android security properties using JUnit. Both behavior and structure model of the
android application were developed on the Unified Modeling Language (UML) – behavior is described in
state diagram, while structure is described in class diagram. Our approach focus on two common security
groups – the access control and authentication properties. Both groups are represented in the operations
defined in the class diagrams and dynamic behaviors are captured (partially) in the state diagram. A set of
well defined test cases is developed to validate the desired properties based on the class diagram. All
properties on the class diagram and state diagram are described in Object Constraint Language (OCL) – a
formal specification language on the first order logic and set theory.The results of this research will
provide a sound foundation towards the specification based unit testing on mobile security.
Trend-Based Networking Driven by Big Data Telemetry for Sdn and Traditional N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and improve the performance of the network services, but organizations use different network management tools to understand and visualize the network traffic with limited abilities to dynamically optimize the network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking the network to set the expected behavior for comparison and trend analysis. Moreover, this research provides a proof of concept of how trend analysis results are actioned in both a traditional network and a software-defined network (SDN) to achieve dynamic, automated load balancing.
TREND-BASED NETWORKING DRIVEN BY BIG DATA TELEMETRY FOR SDN AND TRADITIONAL N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action
based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and
improve the performance of the network services, but organizations use different network management
tools to understand and visualize the network traffic with limited abilities to dynamically optimize the
network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web
application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking
the network to set the expected behavior for comparison and trend analysis. Moreover, this research
provides a proof of concept of how trend analysis results are actioned in both a traditional network and
a software-defined network (SDN) to achieve dynamic, automated load balancing.
PERFORMANCE PREDICTION OF 5G: THE NEXT GENERATION OF MOBILE COMMUNICATIONijngnjournal
The 5G standard is a mobile communication of the 5th generation, which presupposes an increase of the information exchange speed up to 10 Gbit/s. It is 30 times quicker than the speed of 4G network. It is a new stage in the development of technologies connecting society. This standard will provide an unlimited access to the network for individual users and devices. When developing the 5G standard, the advanced opportunities of LTE and HSPA, as well as other technologies of a radio access focused on the solution of specific objectives are considered. The main advantage of the mass introduction of the 5G communication development represents the so-called Internet of Things (IoT). There the devices and not people will be the main consumers of traffic. The functional requirements of5G networks, their speed, and its traffic parameters for HD video services and massifs of M2M-devices are analyzed in the paper. They will have been the most demandedones by 2020.
PERFORMANCE EVALUATION OF VERTICAL HARD HANDOVERS IN CELLULAR MOBILE SYSTEMSijngnjournal
With the rapid increase of new and diverse cellular mobile services, the overlapping of cells has become typical in the majority of the coverage area of the network. Vertical handovers occur between two layers of cells when a user is switched from one layer to the other. In this paper we investigate the influence of network parameters on vertical hard handover performance in a cell environment. The work considers two layers of cells: a layer of macrocells and a layer of microcells. Handover requests enter the macrocell from neighbor macrocells and from microcells that belong to a different layer. Using Markov chain analysis and simulation we calculate network performance parameters such as mean queue delay, handover dropping probability and channel utilization. We also compare the handover performance for the macrocell and macrocell traffic separately. Our results show the influence of total channels, maximum queue size and handover request arrival rate on handover performance. They also show that when the traffic from each layer is treated with equal priority in the system, the performance of each layer is comparable.
PERFORMANCE EVALUATION OF VERTICAL HARD HANDOVERS IN CELLULAR MOBILE SYSTEMSijngnjournal
With the rapid increase of new and diverse cellular mobile services, the overlapping of cells has become typical in the majority of the coverage area of the network. Vertical handovers occur between two layers of cells when a user is switched from one layer to the other. In this paper we investigate the influence of network parameters on vertical hard handover performance in a cell environment. The work considers two layers of cells: a layer of macrocells and a layer of microcells. Handover requests enter the macrocell from neighbor macrocells and from microcells that belong to a different layer. Using Markov chain analysis and simulation we calculate network performance parameters such as mean queue delay, handover dropping probability and channel utilization. We also compare the handover performance for the macrocell and macrocell traffic separately. Our results show the influence of total channels, maximum queue size and handover request arrival rate on handover performance. They also show that when the traffic from each layer is treated with equal priority in the system, the performance of each layer is comparable.
COMPARISON OF RADIO PROPAGATION MODELS FOR LONG TERM EVOLUTION (LTE) NETWORKijngnjournal
This paper concerns about the radio propagation models used for the upcoming 4th Generation (4G) of cellular networks known as Long Term Evolution (LTE). The radio wave propagation model or path loss model plays a very significant role in planning of any wireless communication systems. In this paper, a comparison is made between different proposed radio propagation models that would be used for LTE, like Stanford University Interim (SUI) model, Okumura model, Hata COST 231 model, COST Walfisch-Ikegami & Ericsson 9999 model. The comparison is made using different terrains e.g. urban, suburban and rural area.SUI model shows the lowest path lost in all the terrains while COST 231 Hata model illustrates highest path loss in urban area and COST Walfisch-Ikegami model has highest path loss for suburban and rural environments.
IMPLEMENTATION AND COMPARISION OF DATA LINK QUALITY SCHEME ON ODMRP AND ADMR ...ijngnjournal
An ad hoc network is a collection of wireless mobile nodes dynamically forming a temporary network without the use of any fixed network infrastructure or centralized administration. In order to enable communication within the network, a routing protocol is needed to discover routes between nodes. The primary goal of ad hoc network routing protocols is to establish routes between node pairs so that messages may be delivered reliably and in a timely manner. The objective of any routing protocol is to have packet delivered with least possible cost in terms of receiving power, transmission power, battery energy consumption and distance. All these factors basically effect the establishment of link between the mobile nodes and liability and stability of these links. In this paper, we implement a data link quality scheme on two protocols ODMRP and ADMR and compare them on the bases link quality and link stability.
The Performance of a Cylindrical Microstrip Printed Antenna for TM10 Mode as...ijngnjournal
A temperature is one of the parameters that have a great effect on the performance of microstrip antennas for TM10 mode at 2.4 GHz frequency range. The effect of temperature on a resonance frequency, input impedance, voltage standing wave ratio, and return loss on the performance of a cylindrical microstrip printed antenna is studied in this paper. The effect of temperature on electric and magnetic fields are also studied. Three different substrate materials RT/duroid-5880 PTFE, K-6098 Teflon/Glass, and Epsilam-10 ceramic-filled Teflon are used for verifying the new model.
Optimization of Quality of Service Parameters for Dynamic Channel Allocation ...ijngnjournal
As the spectrum for wireless transmission gets crowded due to the increase in the users and applications, the efficient use of the spectrum is a major challenge in today’s world. A major affecting factor is the inefficient usage of the frequency bands. Interference in the neighboring cells affects the reuse of the frequency bands. In this paper, some of the quality of service parameters such as residual bandwidth, number of users, duration of calls, frequency of calls and priority are considered. This paper presents work based on the optimization of dynamic channel allocation using genetic algorithm (GA). This attempts to allocate the channel to users such that overall congestion in the network is minimized by reusing already allocated frequencies. The working of Genetic Algorithm which is used in the optimization procedure is also explained. The optimized channel is then compared with a non-optimized channel to check the efficiency of the genetic algorithm.
PURGING OF UNTRUSTWORTHY RECOMMENDATIONS FROM A GRIDijngnjournal
In grid computing, trust has massive significance. There is lot of research to propose various models in providing trusted resource sharing mechanisms. The trust is a belief or perception that various researchers have tried to correlate with some computational model. Trust on any entity can be direct or indirect. Direct trust is the impact of either first impression over the entity or acquired during some direct interaction. Indirect trust is the trust may be due to either reputation gained or recommendations received from various recommenders of a particular domain in a grid or any other domain outside that grid or outside that grid itself. Unfortunately, malicious indirect trust leads to the misuse of valuable resources of the grid. This paper proposes the mechanism of identifying and purging the untrustworthy recommendations in the grid environment. Through the obtained results, we show the way of purging of untrustworthy entities.
A SURVEY ON DYNAMIC SPECTRUM ACCESS TECHNIQUES FOR COGNITIVE RADIOijngnjournal
Cognitive radio (CR) is a new paradigm that utilizes the available spectrum band. The key characteristic of CR system is to sense the electromagnetic environment to adapt their operation and dynamically vary its radio operating parameters. The technique of dynamically accessing the unused spectrum band is known as Dynamic Spectrum Access (DSA). The dynamic spectrum access technology helps to minimize unused spectrum bands. In this paper, main functions of Cognitive Radio (CR) i.e. spectrum sensing, spectrum management, spectrum mobility and spectrum sharing are discussed. Then DSA models are discussed along with different methods of DSA such as Command and Control, Exclusive-Use, Shared Use of Primary Licensed User and Commons method. Game-theoretic approach using Bertrand game model, Markovian Queuing Model for spectrum allocation in centralized architecture and Fuzzy logic based method are also discussed and result are shown.
HYBRID LS-LMMSE CHANNEL ESTIMATION Technique for LTE Downlink Systemsijngnjournal
In this paper, we propose to improve the performance of the channel estimation for LTE Downlink systems under the effect of the channel length. As LTE Downlink system is a MIMO-OFDMA based system, a cyclic prefix (CP) is inserted at the beginning of each transmitted OFDM symbol in order to mitigate both intercarrier interference (ICI) and inter-symbol interference (ISI). The inserted CP is usually equal to or longer than the channel length. However, the cyclic prefix can be shorter because of some unforeseen channel behaviour. Previous works have shown that in the case where the cyclic prefix is equal to or longer than the channel length, LMMSE performs better than LSE but at the cost of computational complexity .In the other case, LMMSE performs also better than LS only for low SNR values. However, LS shows better performance for LTE Downlink systems for high SNR values. Therefore, we propose a hybrid LS-LMMSE channel estimation technique robust to the channel length effect. MATLAB Monte –Carlo simulations areused to evaluate the performance of the proposed estimator in terms of Mean Square Error (MSE) and Bit Error Rate (BER) for 2x2 LTE Downlink systems.
SERVICES AS PARAMETER TO PROVIDE BEST QOS : AN ANALYSIS OVER WIMAXijngnjournal
In this paper it is proposed to provide the QoS to the user by using the degradation of service under hostile environment being itself be a parameter to improve the QoS. Here the relation between the service and environment of its best performance drawn on the basis of simulation and analysis .The service then taken as a parameter to decide present environment of the user and to take measurable steps to improve the QoS either doing handover to nearby station or increasing power or to provide some marginal bandwidth etc.All analysis done over a WiMax network i.e. being designed and simulated using the Qualnet wireless simulator.
ENSURING QOS GUARANTEES IN A HYBRID OCS/OBS NETWORKijngnjournal
The bursting aggregation assembly in edge nodes is one of the key technologies in OBS (Optical Burst Switching) network, which has a direct impact on flow characteristics and packet loss rate. An optical burst assembly technique supporting QoS is presented through this paper, which can automatically adjust the threshold along with the increasing and decreasing volume of business, reduce the operational burst, and generate corresponding BDP (Burst Data Packet) and BCP (Burst Control Packet). In addition to the burst aggregation technique a packet recovery technique by restoration method is also described. The data packet loss due to the physical optical link failure is not currently included in the QoS descriptions. This link failure is also a severe problem which reduces the data throughput of the transmitter node. A mechanism for data recovery from this link failure is vital for guaranteeing the QoS demanded by each user. So this paper will also discusses a specific protocol for reducing the packet loss by utilizing the
features of both optical circuit switching (OCS) and Optical Burst switching (OBS) techniques
OPTIMIZATION OF QOS PARAMETERS IN COGNITIVE RADIO USING ADAPTIVE GENETIC ALGO...ijngnjournal
Genetic algorithm based optimization rely on explicit relationships between parameters, observations and criteria. GA based optimization when done in cognitive radio can provide a criteria to accommodate the secondary users in best possible space in the spectrum by interacting with the dynamic radio environment at real time. In this paper we have proposed adaptive genetic algorithm with adapting crossover and mutation parameters for the reasoning engine in cognitive radio to obtain the optimum radio configurations. This method ensure better controlling of the algorithm parameters and hence the increasing the performance. The main advantage of genetic algorithm over other soft computing techniques is its multi – objective handling capability. We focus on spectrum management with a hypothesis that inputs are provided by either sensing information from the radio environment or the secondary user. Also the QoS requirements condition is also specified in the hypothesis. The cognitive radio will sense the radio frequency parameter from the environment and the reasoning engine in the cognitive radio will take the required decisions in order to provide new spectrum allocation as demanded by the user. The transmission parameters which can be taken into consideration are modulation method, bandwidth, data rate, symbol rate, power consumption etc. We simulated cognitive radio engine which is driven by genetic algorithm to determine the optimal set of radio transmission parameters. We have fitness objectives to guide one system to an optimal state. These objectives are combined to one multi – objective fitness function using weighted sum approach so that each objective can be represented by a rank which represents the importance of each objective. We have transmission parameters as decision variables and environmental parameters are used as inputs to the objective function. We have compared the proposed adaptive genetic algorithm (AGA) with conventional genetic algorithm (CGA) with same set of conditions. MATLAB simulations were used to analyze the scenarios
HIGH PERFORMANCE ETHERNET PACKET PROCESSOR CORE FOR NEXT GENERATION NETWORKSijngnjournal
As the demand for high speed Internet significantly increasing to meet the requirement of large data transfers, real-time communication and High Definition ( HD) multimedia transfer over IP, the IP based network products architecture must evolve and change. Application specific processors require high
performance, low power and high degree of programmability is the limitation in many general processor based applications. This paper describes the design of Ethernet packet processor for system-on-chip (SoC) which performs all core packet processing functions, including segmentation and reassembly, packetization classification, route and queue management which will speedup switching/routing performance making it
more suitable for Next Generation Networks (NGN). Ethernet packet processor design can be configured for use with multiple projects targeted to a FPGA device the system is designed to support 1/10/20/40/100 Gigabit links with a speed and performance advantage. VHDL has been used to implement and simulated the required functions in FPGA
ESTIMATION AND COMPENSATION OF INTER CARRIER INTERFERENCE IN WIMAX PHYSICAL L...ijngnjournal
WiMAX is Wireless Interoperability for Microwave Access has emerged as a promising solution for transmission of higher data rates for fixed and mobile applications. IEEE 802.16d and e are the standards proposed by WiMAX group for fixed and mobile. As the wireless channel have so many limitation Such as Multipath, Doppler spread, Delay spread and Line Of Sight (LOS)/Non Line Of Sight (NLOS) components. To attain higher data rates the Multi Carrier System with Multiple Input and Multiple Output (MIMO) is incorporated in the WiMAX. The Orthogonal Frequency Division Multiplexing (OFDM) is a multi carrier technique used with the WiMAX systems. In OFDM the available spectrum is split into numerous narrow band channels of dissimilar frequencies to achieve high data rate in a multi path fading environment. And all these sub carriers are considered to be orthogonal to each other. As the number of sub carriers is increased there is no guarantee of sustained orthogonality, i.e. at some point the carriers are not
independent to each other, and hence where the orthogonality can be loosed which leads to interference and also owing to the synchronization between transmitter and receiver local oscillator, it causes interference known as Inter Carrier Interference (ICI). The systems uses MIMO-OFDM will suffer with the effects of ICI and Carrier Frequency Offset (CFO) “ε”. However these affect the power leakage in the midst of sub carriers, consequently degrading the system performance. In this paper a new approach is proposed in order to reduce the ICI caused in WiMAX and improve the system performance. In this scheme at the transmitter side the modulated data and a few predefined pilot symbols are mapped onto the non
neighboring sub carriers with weighting coefficients of +1 and -1. With the aid of pilot symbols the frequency offset is exactly estimated by using Maximum Likelihood Estimation (MLE) and hence can be minimized. At demodulation stage the received signals are linearly combined along with their weighted
coefficients and pilot symbols, called as Pilot Aided Self Cancellation Method (PASCS). And also to realize the various wireless environments the simulations are carried out on Stanford University Interim (SUI) channels. The simulation results shows that by incorporating this method into WiMAX systems it performs better when the Line Of Sight (LOS) component is present in the transmission and also it improves the Bit Error Rate (BER) and Carrier to Interference Ratio (CIR). The CIR can be improved 20 dB. In this paper the effectiveness of PASCS scheme is compared with the Self Cancellation Method (SCM). It provides accurate estimation of frequency offset and when residual CFO is less significant the ICI can be diminished successfully.
OPTIMUM EFFICIENT MOBILITY MANAGEMENT SCHEME FOR IPv6 ijngnjournal
Mobile IPv6 (MIPv6) and Hierarchical Mobile IPv6 (HMIPv6) both are the mobility management solutions proposed by the Internet Engineering Task Force (IETF) to support IP Mobility. It’s been an important issue, that upon certain condition, out of MIPv6 and HMIPv6 which one is better. In this paper an Optimum Efficient Mobility Management (OEMM) scheme is described on the basis of analytical model which shows that OEMM Scheme is better in terms of performance and applicability of MIPv6 and HMIPv6. It shows that which one is better alternative between MIPv6 and HMIPv6 and if HMIPv6 is adopted it chooses the best Mobility Anchor Point (MAP). Finally it is illustrated that OEMM scheme is
better than that of MIPv6 and HMIPv6.
INVESTIGATION OF UTRA FDD DATA AND CONTROL CHANNELS IN THE PRESENCE OF NOISE ...ijngnjournal
In this paper, the main aim is to design and simulate UTRA FDD control channel in the presence of noise and wireless channel by using FDD library/Matlab box set that can be used to design and implement some
systems. Moreover, a test and verification of the library is achieved with different channel models such as Additive White Gaussian Noise (AWGN), fading and moving channel models. FDD library are employed to design whole transmitter and receiver. Then we had tested AWGN channel and some other channel models.
Also we illustrated what are control channels DCCH and the other one as understanding the whole system. Moreover, the standards have been covered as well as implemented the whole transmit and receive chain plus the generation of DPCH, DPCCH channel. we had tested the performance against the AWGN noise.
Then we have studied different channel models that are defined in the standard, used the few of them like the fading channel and moving channel. We have tried to compare the performance in terms of Monte Carlo simulation by producing the BER curves. We have also change some channel parameters like phase, number of multipaths and we have tried to see the performance of the model in the presence of actual channel model.
TOWARDS FUTURE 4G MOBILE NETWORKS: A REAL-WORLD IMS TESTBEDijngnjournal
In the near future, current mobile communication networks will converge towards an All-IP network in order to provide richer applications, stronger customer satisfaction, andfurther return on investment for the industry. However, such a convergence induces a strong level of complexity when handling interoperability between different operators and different handset vendors. In this context, the 3GPP consortium is working on the standardization of the convergence, and IMS is emerging as the internationally agreed upon standard that is multi-operator and multi-vendor. In this paper, we shed further light on the subtleties of IMS, and we delineate a blueprint for the implementation of a real-world
IMS testbed. An open source Presence Server is deployed as well. The operation of the IMS testbed and the Presence Server are checked to assess their conformance with 3GPP standards. A simple third party application is developed on top the IMS testbed to further assess its operation.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
TOP 10 B TECH COLLEGES IN JAIPUR 2024.pptxnikitacareer3
Looking for the best engineering colleges in Jaipur for 2024?
Check out our list of the top 10 B.Tech colleges to help you make the right choice for your future career!
1) MNIT
2) MANIPAL UNIV
3) LNMIIT
4) NIMS UNIV
5) JECRC
6) VIVEKANANDA GLOBAL UNIV
7) BIT JAIPUR
8) APEX UNIV
9) AMITY UNIV.
10) JNU
TO KNOW MORE ABOUT COLLEGES, FEES AND PLACEMENT, WATCH THE FULL VIDEO GIVEN BELOW ON "TOP 10 B TECH COLLEGES IN JAIPUR"
https://www.youtube.com/watch?v=vSNje0MBh7g
VISIT CAREER MANTRA PORTAL TO KNOW MORE ABOUT COLLEGES/UNIVERSITITES in Jaipur:
https://careermantra.net/colleges/3378/Jaipur/b-tech
Get all the information you need to plan your next steps in your medical career with Career Mantra!
https://careermantra.net/
HEAP SORT ILLUSTRATED WITH HEAPIFY, BUILD HEAP FOR DYNAMIC ARRAYS.
Heap sort is a comparison-based sorting technique based on Binary Heap data structure. It is similar to the selection sort where we first find the minimum element and place the minimum element at the beginning. Repeat the same process for the remaining elements.
Online aptitude test management system project report.pdfKamal Acharya
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesn’t matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examinee’s simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
A review on techniques and modelling methodologies used for checking electrom...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION SYSTEM
1. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
DOI : 10.5121/ijngn.2012.4101 1
SECURITY ANALYSIS AND DELAY EVALUATION FOR
SIP-BASED MOBILE MASS EXAMINATION SYSTEM
Ahmad Barnawi1
, Abdulrahman Altalhi2
, Nadine Akkari3
and Muhammad Emran4
Faculty of computing and information technology, King Abdulaziz University, KSA
1
ambarnawi@kau.edu.sa 2
ahaltalhi@kau.edu.sa
3
nakkari@kau.edu.sa
4
memran@kau.edu.sa
ABSTRACT
IP Multimedia Subsystem (IMS) is considered to be one of the important features in Mobile Next
Generation Networks (MNGN). It adds value to the mobile services and applications by integrating mobile
network resources, such as location, billing and authentication. This is achieved by enabling a third party
access to network resources. In previous work [1] we have presented a testbed to be used as platform for
testing mobile application prior to actual deployment. We have chosen a novel IMS based MObile Mass
EXamination (MOMEX) system to showcase the benefit of designing an IMS based mobile application. We
identify two aspects essential to of the application namely security threats and delay analysis. In this paper
we identify MOMEX security threats and suggest strategies to mitigate system vulnerabilities. We then
evaluate the performance of MOMEX system in terms of delay and security threats and vulnerabilities. The
results presented show system performance limitation and tradeoffs.
KEYWORDS
IMS, SIP, mobile application, performance evaluation
1. INTRODUCTION
Driven by competition from application warehouses i.e. Over the Top players, standardization
body, such as 3GPP, has paid enormous attention to develop an interface for third parties to
access the mobile network to deploy applications that will make life much easier for mobile users.
This business model will also make sure that mobile operator can secure some revenues out of the
traffic going through their networks [1]. IP Multimedia Subsystem (IMS) is considered as the
cornerstone for NGN. IMS is best described as the glue between the “global” applications world
(Internet) and the mobile world. The IMS was designed to enable third party developers to deploy
their applications over mobile networks. According to the standards, IMS is defined in the form
of reference architecture to enable delivery of next-generation communication services of voice,
data, video, wireless, and mobility over an Internet Protocol (IP) network [1]. Signaling in IMS
network is based on a Session Initiation Protocol (SIP). The SIP based architecture provides a
multiservice environment with multimedia capabilities. IMS contains Home Subscriber Server
(HSS), which is the central storage area for user-related information such as his/her security
related information or the service to which the user is subscribed to. It is also consists of the
Serving Call Session Control Function (S-CSCF) which acts as the central node of the signalling
2. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
2
plane. S-CSCF on one hand is connected to the Application Server that hosts the application and
on the other it is connected to HSS and the mobile IMS either through the Proxy CSCF (P-SCSF)
if the client resides in its own area of serving or Interrogator CSCF (I-SCSF) if a client is being
served by another S-CSCF.
This funded research project is aimed toward the development of a testbed for Next Generation
Networks (NGN). The testbed is to be used for testing mobile applications prior to actual
deployment. The benefits of such testbed are enormous. For start it would enable third party
application developer to test applications in realistic environment prior to deployment. The
testbed will also facilitate studying the traffic and signaling in NGN network to optimize system
performance.
Along with testbed development, we showcase the advantages of IMS based mobile application
by developing a Mobile Mass Examination (MOMEX) system. MOMEX System expedites the
examination process for mass students by automating various activities in an examination such as
exam paper setting, scheduling and allocating examination time and evaluation etc.
The MOMEX system will assess to students by conducting mobile based objective exam. This
will be highly customizable for any university who acquired to adopt similar IMS based
examination system and faculties to create their own dashboard (create set of questions, creates
groups, adds related students into the groups, schedule exams, etc.). Further, the exams will be
associated with specific groups so that only associated students can appear for the test; result will
be notified to the student either through SMS/email as shown in Figure 1.
IMS based applications inherits several security challenges for both infrastructure providers and
mobile users. Thus security for MOMEX system has to be taken care of due to the nature of the
application. In this paper, we provide an overview of the IMS based application architecture and
the security challenges that it raises. It is intended as a case study basis for assessing security
threats and counter measures to secure NGN mobile applications.
As a distributed system, performance evaluation of a heterogeneous system such as the IMS is a
none trivial problem. It also appears that signaling delay associated with SIP messages, have
concerned mobile operators about the viability of SIP services over the UMTS air interface [2]. In
this paper we provide an insight into the SIP based applications performance, focusing on the
MOMEX system. We furthermore study the effect of security threats on the overall delay. Results
of a performance evaluation of the registration and set up signaling scenarios are presented in
terms of time delay through the IMS network components.
The paper is organized as follows. In section 2, an overview in Mobile Exam Examination system
is presented. In section 3, Security Risk Analysis for SIP Based IMS Exam Application is
conducted. In section 4, we summarize the system vulnerabilities and counter measures. In
section 5, an application layer security gateway solution is proposed. Section 6 presents the delay
analysis in function of the student’s registration and set up phases. Next, the IMS delay is
analysed to determine the delay bottleneck of the system. In section 8, performance evaluation
and related results are presented. Finally related security vulnerabilities are studied in function of
the delay analysis. At the end, we conclude and discuss future works.
2. MOBILE MASS EXAMINATION (MOMEX) SYSTEM
SIP based Mobile Examination scenario is based on the following High Level Operations which
are illustrated in the following figure 1 and explained below [3].
3. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
3
• Step 1 & 2: The exam will be scheduled by the teacher to be triggered to specified
recipients (UA) on the specified time.
• Step 3: User authentication by the application server and exam submission by the client
will be carried out in this step.
• Step 4: Informing the students for the examination results.
• Step 5: After automated evaluation sending results back to the teacher for further
clarifications or manual corrections.
.
Figure 1. Mobile exam use case
The MOMEX will typically be deployed over IMS based system. The IMS main Components are
listed as follows:
CSCF: The Call State Control Function (CSCF) is the heart and soul of the IMS. SIP (Session
Initial Protocol) is used as signaling protocol for establishing, controlling, modifying and
terminating sessions between two or more the SIP routing machinery. CSCF can be further
divided into 3 subcomponents mainly P-CSCF, I-CSCF, S-CSCF.
The Proxy –CSCF (P-CSCF): is the first point of contact for user with the IMS and act as an
outbound/inbound SIP proxy server. This means that all the requests initiated by the IMS terminal
or destined for the IMS terminal traverse the P-CSCF. The P-CSCF includes several functions,
some of which are related to security. Since SIP is a text based protocol and sometimes SIP
message can be large so the P-CSCF also includes a compressor and a de-compressor of SIP
messages using SigComp, which reduces the round-trip over slow radio links. It may also include
a PDF (Policy Decision Function), which authorizes media plane resources e.g. quality of service
(QoS) over media plane.
Interrogating-CSCF (I-CSCF): I-CSCF is used to conceal network details from other operators,
determining routing within the trusted domain and thus helps to protect the S-CSCF and the HSS
from unauthorized access by other networks.
Serving-CSCF (S-CSCF): The S-CSCF acts as a registrar. It controls subscriber’s service
(handling registration processes, making routing decisions and maintaining session states, etc) on
every session that the user initiates.
The Home Subscriber Server (HSS): Is the master data storage for all subscribers and service
related data of the IMS. The main data stored include user identities, registration information,
location of the subscriber device, the services a subscriber is allowed to access and other service-
triggering information.
4. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
4
Application Server (AS): AS is not a part of IMS Core, AS is a SIP unit that hosts and executes
services depending upon the services subscribed to and invoked by the user. The ASs offer APIs
like SIP servlet, Parlay for application execution.
Figure 2. IMS-SIP based components of the Mobile Exam Application Infrastructure
Source [3]
3. SECURITY RISK ANALYSIS FOR SIP BASED IMS EXAM APPLICATION
Here we conduct an analysis aimed at evaluating security threats for MOMEX system. We start
with listing the threats and scenarios of occurrence and we end up with proposal addressing
common security threats.
3.1. General Type of the possible attacks on the IMS components
The title is to Attack on SIP based network can be categorized into passive versus active attacks,
Internal versus external attacks, single source versus multisource attacks. Security Analysis shows
that following are the possible risk factors that should be taken care of in designing Mobile Exam
Application.
3.1.1. Gateway attacks
Different access technologies are being converged on IMS platform which need conversion of the
content from one access technology to the other. This conversion is achieved by the gateways that
require some level of conversion in content forms, which is legitimate manipulation of the
content. These are the most vulnerable hosts in the IMS network specifically, signaling gateway
(SGW), Media Gateway Control Function (MGCF) and Media Gateway (MGW). [4] The content
conversion should be integrity checked otherwise some intruder may perform an inverse
conversion from a malicious script that may look legal contents which could harmful after
conversion for the network.
IMS Client mobile / desktop
SIP AS XDMS
HSS
P-CSCF
S-CSCFI-CSCF
5. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
5
Figure 3. Gateway Attack
3.1.2. Denial of Service (DoS) attack on User Agent (UA)
In IMS infrastructure an individual user could be held under the DoS attack. Due to DoS attack
the required bandwidth for the UA will be consumed by the attack initiating malicious machines.
IMS security mechanism should be capable enough to guard against DoS attack especially when
user is trying to access the exam [4]. An attacker can issue a large number of fake requests which
can be targeted to SIP network device to consume its resources and not allow it to access the
exam from the exam application server.
3.1.3. Application Servers security
As the third party application servers are accessible on the IMS network. The more are the
chances that UAs are getting affected from suspicious attacks which indirectly can affect the
security of the application servers. User agent security should be taken care of by applying the
proper authentication mechanisms which is important for the security of application servers [4].
3.1.4. Presence Consideration and Identity Risk
Wide range of social networking applications on IMS network pose more security risks on IMS
UAs. For example IMS user agent presence data may disclose some of the attributes of UA to
others like current status, availability and location of UA. Presence data must be safeguard
against eavesdropping and should only be accessible by legitimate users, who have permission to
access private data [4]. In IMS HSS is the component which stores the user’s profiles. User
defined groups should be managed by the IMS instead of users so their security can be taken care
off.
3.1.5. Hijacking of SIP Registration
The SIP registration session can be hijacked by a hijacker during the SIP user registration
process:
1. By launching DOS attack on user machine the legitimate user’s registration can be
disabled.
6. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
6
2. Hacker can send a registration request with attacker’s IP address instead of the legitimate
user’s address to get registered on.
3. Attacker changes the IP address in the header by replacing its own IP with the IP of the
original user’s IP.
4. By these steps the attacker can gain access to the network and SIP messages are read by
the hacker clearly.
5. Because SIP messages are being sent in clear text and no SIP message authentication is
built into the protocol that is why the attack is made possible.
For Sip Registration Hijacking attack the security measure should be taken at the application
level. The proper way of authentication and SIP Optimized firewall should be used to secure the
SIP components. [5] SIP registration Hijacking is shown in figure 4.
Figure 4. Student Registration Session Hijacking by Attacker
3.1.6. Eavesdropping
Internet tools like Ethereal and Wire shark could be used to make eavesdropping possible for the
traffic based on SIP signaling protocol. SIP messages are sent in plain text which is easy to
capture and analyzed by the sniffer.
By intercepting the signaling and associated media streams of a VOIP conversation could help in
eavesdropping. Media streams are usually carried over UDP and RTP. Packet sniffing tools can
capture and decode RTP packets.
IPSEC could be one solution for the IP packets secure encryption making them safe from
unauthorized access or modifications. By using shared keys between the parties IPSEC can
provide the secure path for communication between the SIP Users.
Eavesdropping should be handled at the application layer by applying proper security measures
otherwise the rough UA can listen the conversation of the VOIP enabled UA [5].
3.1.7. Proxy Impersonation
In Proxy Impersonation attack the attacker can trick the proxies to communicate with the rouge
proxy. If the attacker can successfully impersonate the proxy, he can have the full access to the
SIP messages and is in complete control of the session. Lack of strong authentication and
communication using UDP is the reason for proxy impersonation attack. A rouge proxy can insert
Hijacked IMS Session
Student request for
Registration to Proxy is
Hijacked by Attacker
Attacker Spoofing Student
Request, Steeling the Student
Parameters
Communication on Hijacked Media by
the attacker to the Exam Server
Student Registration Session Hijacking by the Attacker
Student P-CSCF
Attacker
Student
Exam’s
Server
P-CSCF
Exam
Server Teacher
7. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
7
itself into the communication by using either Domain Name Service (DNS) spoofing, Address
resolution protocol (ARP) cache spoofing or by simply changing the proxy address for a SIP User
Agent. Proxy Impersonation attack is shown in figure 5.
Figure 5. Proxy Impersonation Attack
DNS spoofing can be used to redirect the outgoing call to a particular domain. ARP cache
spoofing is an attack on the internal switch which can trick the UA to communicate with a rough
proxy on the internal network. The calls from the user agent can be intercepted by the attacker
[6].
3.1.8. Session Tear down (Bye Attack)
The “Bye” message can be crafted and sent by an attacker as man in the middle attack to tear
down the ongoing exam session. This message can be crafted by learning the necessary session
parameters which are Session ID, RTP Port etc. To mitigate this type of attack the security for the
session parameters must be made mandatory by encrypting the message. Either Transport Layer
Security (TLS) or IPSec can be employed to provide security measures against such type of attack
[7]. Session teardown or Bye attack is shown in the figure 6.
Figure 6. Session Tear down (Bye Attack)
3.1.9. DoS Attack on Application Server
SIP is susceptible to threats and vulnerabilities which exist in the Internet realm. [8]. SIP
architecture components and devices should be made secure against denial of service attacks. One
of the possible methods to create DOS attack can be launched by creating a large number of
requests against any SIP component so it cannot provide useful service. The examination server
can be the potential target of such attacks.
IMS
IMS
8. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
8
3.1.10. Reflection distributed DOS (RDDOS)
Reflection distributed DOS (RDDOS) attack can also be a threat and launched by using attack
reflectors, which create a large number of requests against the target SIP component. Weak areas
in SIP based network can be exploited as vulnerabilities of the network which could help the
attacker to gain access to the network and could cause potential security threats for the system [7].
If no appropriate security mechanism is in place then attacker may easily find any appropriate
parameter needed to launch any of the above mentioned types of attacks. Security analysis
indicates that proper security mechanisms are required in SIP based networks for exam
application to provide confidentiality, integrity, Authentication, Authorization and Accounting
(AAA) services.
4. Summary of attacks and counter measures
The increasing need of security concerns have focused on securing both the components of IMS
architecture and the application servers as well. In this part in the following table we have
summarized the possible security threats and their vulnerabilities for mobile exam application.
Also we discussed possible countermeasure for the security of mobile exam application. On
Internet thousands of messages can be generated or tailored and sent to attack applications
servers. To handle the multimedia sessions on Internet and 3G Networks SIP is adopted as
signaling protocol. SIP specification does not include any specific security mechanisms. The
utilization of other well-known Internet security mechanisms is suggested. Following security
methods are described in [7] which can help us in securing our exam application.
4.1. IPSec and SIP
For lack of authentication mechanism in SIP, proper security measures should be taken care of at
application development time. “IPSec in SIP can safeguard signaling and data from various
network vulnerabilities, provided that some sort of trust (e.g. pre-shared keys, certificates) has
been established beforehand between the communicating parties.” [7] .This could be achieved by
the use and sharing of proper keys during the authentication phase between the student agent and
exam application server.
4.2. Transport Layer Security (TLS)
TLS support is not yet fully implemented in current SIP UAs [7]. On SIP components, Transport
Layer Security (TLS) standard should be enforced to provide strong authentication and
encryption between these SIP components. Secure RTP (SRTP) can also be used as a standard for
media gateway protection. The firewalls should also support TLS as a security measure to
incorporate the secure authentication.
4.3. Authentication, Authorization and Accounting Services in SIP
It is more convenient for SIP entities to communicate with an authentication, authorization and
accounting (AAA) server than attempting to store users’ credentials and profiles locally as
required by the HTTP digests [7]. In hardware based solutions for the sack of IMS security
numerous devices such as SIP optimized firewalls can be used to protect the SIP systems from
attacks. Session border controllers (SBC) and other application specific gateways are all part of
the proposed security measures which could be taken to protect the exam application from the
above mentioned threats.
9. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
9
5. PROPOSED SOLUTION
In our proposed solution we have deployed Application Level Gateway (ALG) and firewall in
order to make secure communication on IMS network. ALG is deployed exact before SIP
application server and packet filtering firewall is deployed between the Internet client and IMS
network. Firewall could help in packet filtering or can provide state full firewall functionalities.
SIP traffic should be passed through the firewall and directed towards the ALG in order to be
checked by the ALG before getting into SIP application server.
Application Level Gateway will help in deep packet inspection of all the packets directed towards
it. Application specific protocols are being supported by the ALG. An ALG can allow firewall
traversal with SIP back to back user agent (B2BUA). SIP sessions can be passed to the ALG
instead of the firewall if the firewall has its SIP traffic terminated on an ALG. NAT traversal is
another issue for SIP which can also be solved with ALG. Information within the SIP messages
can be rewritten by a NAT with a built in ALG and can hold address bindings until the session
terminates.
An ALG plays here the roll similar to a proxy as it is being deployed between the client and the
server and it facilitates the information exchange. The only difference between the Proxy and the
ALG is that ALG performs its function by intercepting the messages without the application
being configured to use it whereas the Proxy needs to be configured in the client application to be
used by the client. In case of Proxy the client explicitly connects to the proxy rather than the real
server [8].
Figure 7. Firewall and ALG Deployment in IMS Networks
10. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
10
Table 1. Security Threats Comparison
Security Threat Target Vulnerability
SIP Registration
Hijacking
UAs, Media Gateway (MG),
Interactive Voice Response
(IVR), VOICE Mail System
User Agent Messages
Spoofing
Eavesdropping SIP Message
User Agent / Proxy
Message Spoofing
Proxy Impersonation Proxy Proxy Messages Spoofing
Session Tear Down
Attack (Bye Attack)
User Agent (UA) Lack of Authentication
VOIP Server Attack User Agent (UA) Lack of Authentication
6. DELAY ANALYSIS
In order to evaluate the performance of the exam system, the end-to-end delay from the access
network to the Exam AS over the IMS network will be analyzed. The IMS-based exam will be
based on the core IMS for student registration and the Exam server for exam delivery. Accessing
the system will be through the access network where the mobile is launching the request. This
Student-to-server delay is calculated starting from the student registration with the SCSCF and
ending up with the exam being delivered to the student. This process includes students accessing
the Exam access server from any access network and then requesting the exam. According to the
exam system, student should first register and be authenticated before the AS accept the student
invitation and to open the exam session. At this point all the http and RTP messages will be
exchanged. Thus the total delay in study is the signaling delay composed of the registration and
set up phases that took place before the user starts the exam session. Accordingly, the total delay
is viewed to be equal to the time taken by the registration and set up signaling in the access
network and IMS network as per equation (1).
(1)
From equation (1), the IMS delay and the access network delay need to be considered for both the
registration and the set up phases. The access network delay will be considered as negligible as
we will assume the students will be accessing the IMS through a high data rates network.
We will evaluate the total delay in the IMS networks considering separately the registration and
the set up phases.
We will build our model based on the queuing theory and we will study the system performance
in function of the related parameters such as arrival rate, waiting probability, number of students,
etc. The purpose of the study is to specify what will be the bottleneck of the system, which
system parameters will contribute in the total delay and what could overflow the serving points of
the system.
6.1 SIP registration phase
Figure 8. SIP signaling example for registratioon phase
The main components of the IMS network is as shown in figure 8. The P-CSCF is the entry proxy
point for all SIP messages from end-points to the rest of the IMS network. It could be in the
11. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
11
home network or may reside in the visited network. The P-CSCF determines what I-CSCF to
send SIP messages to, which could be an I-CSCF in its own network or another I-CSCF across an
administrative domain [9]. The Interrogating-CSCF (I-CSCF) is responsible for finding the S-
CSCF at registration. The main function of the I-CSCF is to proxy between the P- and S-CSCF
[9]. The Serving-CSCF (S-CSCF) is responsible for interfacing with the Application Servers
(AS).
When receiving a registration request as a SIP message from an I-CSCF, the S-CSCF will query
the HSS via Diameter protocol to register the terminal as being currently served by itself [9].
The Home Subscriber Server HSS provides information to the I-CSCF for locating the S-CSCF. It
provides service profile information to the S-CSCF. The registration phase is made of a “REG”
SIP messages sent from P, C, to S –CSCF. A UA client sends REGISTER message to inform a
SIP server of its location. While processing the message, the response is “401 Unauthorized” as
the user agent needs to authenticate. It therefore resends the REGISTER request again with
authentication information and thus receives “200 OK” SIP message sent on the reverse way as
shown in figure 8.
6.2 SIP set up phase
As per figure 9, a student has to register with the IMS core network per every mobile exam
session setup. After registration, the user selects the exam service by sending to the S-CSCF an
INVITE message, which is forwarded to the appropriate AS after resolving its destination address
[10]. In the INVITE message, a caller sends this message to request that another endpoint join a
SIP session such as AS. AS is the Application Server where Mobile Exam service is applied. The
S-CSCF sends a SIP TRYING message “100 OK’ to the user for a waiting state. SIP INVITE is
processed toward the AS as shown in figure 9. 200 OK response means that the request was
successful. ACK is a SIP UA response to an INVITE.
Figure 9.SIP set up messages
12. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
12
7. IMS DELAY ANALYSIS
As per (1), the total delay consists of calculating the Access network delay and the IMS delay
where the access network delay will be considered negligible with the assumption that the
students will be accessing the IMS through a high data rates network.
We will evaluate the total delay in the IMS networks as per equations (2) considering separately
the registration and the set up phases.
The propagation delay is affected by the distance between the nodes and the channel
characteristics. This parameter is considered negligible.
7.1 Queuing delay
In order to evaluate the queuing delay which contributes in both the registration and setup phases,
each entity in the IMS network is modelled as M/M/1 as P,C and I-CSCF are responsible to
process SIP messages and forward them from one node to another as per figure 11. Thus, we
modelled the PCSCF as M/M/1 since PCSCF will be the first node that will accept the REG
message from the UE. In this case, this system will not have loss due to the infinite buffer which
will handle all the registration requests. Other CSCF nodes are modelled as the M/M/1/ as well
contributing in M/M/1 cascaded model.
Figure 10 shows the overall scenario illustrated in the given queuing system. In this model, the
total delay will be equal to the serving delay and the queuing delay within every node. In
addition, the following assumptions were made:
• The students initiate a connection to the network as a Poisson process with an intensity of
λ where λ is the arrival rate.
• The service time distribution of the CSCF nodes is exponentially distributed with mean of
mean service rate assumed to be greater than the mean arrival rate.
Figure 10. Queuing system for registration
The registration end-to-end delay is equal to the queuing delay in P-CSCF, I-CSCF, SCSCF and
the serving delay in P-CSCF, I-CSCF, S-CSCF. The communication with the AS consists of
sending SIP Invite message from UE to AS. The end-to end queuing delay:
Queueing delay = waiting time (P,I,S,) (3)
Where P,I, and S denotes P-CSCF, I-CSCF, and S-CSCF respectively. As per [11], waiting time
at a node n is given by:
(3.1)
Where λ denotes the arrival rate of P-CSCF and the P denotes the service rate of P_CSCF.
13. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
13
Where the coefficients 2, 4, 4, and 2 are the number of messages that are to be processed by the
involved node such as the UA, P-SCSF, ICSCF and S-CSCF respectively. In the same way, the
queuing delay could be calculated for the IMS setup delay as:
Where Wn is the packet queuing delay at node n, and the coefficients are the numbers of messages
that are to be processed by the involved nodes such as UA, P-SCSF, ICSCF and S-CSCF and AS
respectively. Based on the above equations, the total delay could be finally calculated in function
of the waiting time, in both the registration and the set up processes.
8. PERFORMANCE EVALUATION
As we calculated the queuing delay for both the registration and the setup phases, each entity in
the IMS has its own unit processing cost in addition to the cost of searching within the
information table such as in HSS node. We need to consider the HSS processing delay that
depends on the address lookup delay. As the processing cost will increase with respect to the
number of users which corresponds to an increase in the number of entries in the table thus an
increased processing time as per [12]. The processing time for the HSS node is given by:
Where CIMS_NODE is the processing cost per IMS node, K’ is in function of the unit processing cost
value for every entity and the number of packets per request, K is the system dependent constant,
R is the ration of the number of bits in the address to the machine word size in bits and N is the
number of entries per table [10]. Figure 11 shows the effect of increasing the number of users on
the processing time. The processing time will double for a 10 times increase in the number of
users N.
Figure 11. Processing time (sec) Vs Number of users
The waiting time depends on the integer coefficients which show that not only the arrival rate will
affect the waiting time but also the number of the SIP exchanged messages processed at each
14. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
14
node. Thus to minimize the registration delay, the bottleneck is to reduce the waiting time at each
node which is in turn affected by the arrival rata. An increased arrival rate will result in an
increase in the queue size and increase in the queuing time. On the other hand, the reduction of
the SIP messages could result in less waiting time. Similarly, for the setup delay, the waiting time
will increase with the increased arrival rate but will be mainly affected by the coefficient
corresponding to the number of messages exchanged at each IMS node. Thus the waiting time is
higher due to the higher number of messages involved in the setup delay. In addition, an increase
in the arrival rate will affect more the setup time as compared to the registration time. Thus the
total delay is highly affected by the setup delay rather than the registration delay as per figure 12.
Thus the total signaling delay is due to the setup delay.
Figure 12. Registration and set up queuing cost versus arrival rate
9. SECURITY VIOLATIONS
For both registration and setup delay as calculated in the cascaded queuing model, we will study
first the delay conditions at the system entry P-SCSCF and at the AS EXAM that may indicate a
possible security violation. As per figure 13, we will consider security violation at the main entry
point P-CSCF of the IMS queuing system. The I-CSCF and S-CSCF nodes will not be considered
in this study since they will simply forward the messages from the P-CSCF to the AS exam
server. At the end of the queue, the AS will be considered as another possible point possible
security violations where delay should be evaluated in order to study the server performance.
At the P-CSCSF node we will consider the following measures: First the number of accepted
registration should be controlled. When the number of students is known, the registration requests
number could be limited. When denial of service is launched, more registration requests will be
initiated toward the P-CSCF thus security violation could be recorded. Thus the probability of
keeping the number of accepted registration less than the number of students n should be highly
tracked.
Second, the time required to access the P-CSCF is critical since more time means possible
violation of user account which results in more processing at P-CSCF node and more waiting
time for the registration request in the P-CSCF system (buffer+ server).
15. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
15
Accepted registration: The maximum number of users in the system should be less than a number
n after which no more users will be accepted in the system.
When a denial of service occurs, a number of registration requests may flood the system. Due to
the PCSCF being over flowed, the number of users in the system should be less than a number n.
Thus in order to ensure all the registration will be accepted, we need to calculate:
Figure 13. Delay measures at security violations points
Where ρ is the system utilization given by equation (6) as:
Thus the probability that the number of registration requests exceeds a threshold n after which the
calls will be denied is:
Probability (Overflow)=1 - P(number of registration requests in system ≤ n = ρn+1
) (7)
Figure 14 shows that, for a given n, the overflow probability will increase with increased ρ
(varying from 0.1 to 0.9). Thus, higher utilization means busy server, less probability of being
within the accepted number of registrations, more probability to exceed the threshold. Thus when
ρ exceeds 0.75, the overflow probability will increase indicating a server being busy starting to
reject student’s registrations.
16. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
16
Figure 14. P-CSCSF node Overflow Probability Vs ρ
For the time required to access the P-CSCF node, the time spent in the system is to be controlled.
Based on the following:
Waiting time in the system (Tq) = Waiting time buffer+ Waiting time server
The probability of the waiting time should be kept less than a threshold T where T corresponds to
maximum waiting time for registration requests at the P-CSCG node, when this threshold is
exceeded, the probability of the server being busy is higher which will contribute in more waiting
time thus the probability of a possible security violation is exceeded when the threshold is not
maintained.
Where t is chosen to be less than a threshold T considering that a security attack would result in
higher waiting time. Thus “t” is simply the value below the threshold corresponding to normal
conditions of processing (waiting time) of the P-CSCF with no proxy overflow.
If t is exceeded, this means that server processing time is higher and a possible attack (student
account violation, for example) has been encountered. Figures 15 and 16 show the probability of
the waiting time in function of t for a low value of ρ (0.1) and high value of ρ (0.9) respectively.
With increasing t, the waiting time will increase. Higher probability of exceeding T is in case ρ is
high where the probability to be less than t is low and accordingly the system may be under
attack. On the other hand, low ρ, the system will encounter less waiting time thus higher
probability to stay within the threshold hence lower probability for the system to be overflowed or
vulnerable to risks.
Exam AS: On the AS, we need to control number of registration requests in the buffer since after
the buffer stage, requests will be served at the AS. So in order not to overflow the AS and before
the server is overflowed, the number of registration requests in the buffer should be controlled.
Thus the probability of the number of registration requests in the buffer should be kept less than n
where n is the number of students as per the following equation:
17. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
17
Figure 15. Waiting Probability Vs t with low ρ
Figure 16. Waiting Probability Vs t with high ρ
Thus the probability of exceeding the number n of registration requests is ρ n+2
as per the P-CSCSF
analysis, the overflow probability is increased with increasing n. Thus n should be kept less than
the threshold that may overflow the server and cause the AS not to respond to the student’s
requests. In this context, exceeding the threshold will occur at higher system utilization ρ. Thus
when kept at a low level the system should not suffer from any delay. In addition the AS server
should not reject any registration or set up request due to server overflow. In addition, as per the
P-CSCF delay limitations, the total time spent in the system (AS) should be less than a threshold t
otherwise more security measures should be taken (possibility of security attacks). The time spent
in the system (buffer + server) should be less than the normal condition time t. Thus probability
(waiting time in the system ≤ t) will give the same results as per P-CSCF node. Table 2
summarizes the delays effects and related management based on the specified sources.
18. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
18
Table 2. Delay effects and management
Source of
latency
Latency effect Latency management
Propagation Negligible at the
node level
Shorter distance between the nodes
Transmission Negligible at the
access network level
Faster access networks
Queuing Waiting time for
both registration and
set up
Accept invitation up to threshold n
Registration waiting time do not exceed T
Increased waiting
time
AS overflow or P-
CSCF Overflow
Check for possible violations.
Increased service
time
System may start to
reject new requests
Check for possible violations before no more
requests could be accepted.
10. CONCLUSIONS
In this paper we have analyzed different security threats for IP Multimedia Subsystem
architecture. A detailed analysis of security threats is presented and proposed a solution for the
security of Mobile Exam Application by deploying the firewall and Application Level Gateway.
The proposed solution can better secure the IMS infrastructure by providing the security in two
folds first firewall can filter the malicious traffic on network and transport layer and later ALG
can help in mitigating the application layer attacks. In addition, a delay analysis was conducted
to study the system performance and eliminate the possible security vulnerabilities based on the
type of latency and the possible source of delay. Results showed that the security violations could
be avoided by limiting the number of accepted registrations that the system will process and
defining the maximum waiting time that a request could take based on the current number of
students and related waiting time under normal system conditions.
ACKNOWLEDGEMENTS
The authors would like to thank King Abdulaziz City for Science and Technology (KACST),
Saudi Arabia for funding this ongoing research project number 29-324.
REFERENCES
[1] Thoren, " Rethinking mobile communication: It’s not about bit speed", Feb. 2007
(http://www.ericsson.com/ericsson/corpinfo/publications/ericsson_business_review/pdf/207/not_abou
t_speed.pdf)
[2] Dirk Pesch, Maria Isabel Pous, Gerry Foster, "Performance evaluation of SIP-based multimedia
services in UMTS", Computer Networks, Volume 49, Issue 3, 19 October 2005, Pages 385-403
[3] Barnawi, “Deploying SIP-based Mobile Exam Application onto Next Generation Network testbed”,
Electronics, Communications and Photonics Conference (SIECPC), 2011 Saudi International, 16 June
2011.
[4] Hunter, “Security Issues with the IP Multimedia Subsystem (IMS)”, Version 1.0, September 1, 2007.
[5] Mark, “VOIP Vulnerabilities – Registration Hijacking” Secure Logix Corporation, 01 June 2005.
19. International Journal of Next-Generation Networks (IJNGN) Vol.4, No.1, March 2012
19
[6] Mark, “Basic Vulnerability Issues for SIP Security” Secure Logix Corporation, 01 March 2005.
[7] Geneiatakis, “Survey of Security Vulnerabilities Session Initiation Protocol”, IEEE Communications
Survey & Tutorials, Volume 8, No.3, 3rd Quarter 2006.
[8] http://en.wikipedia.org/wiki/Application_Layer_Gateway accessed on 24th December 2011.
[9] Keith Drage, SIP and the application of SIP as used in 3GPP, Lucent Technologies.
[10] W.Jianhui, J.Hao, Wu Wenguang, “A novel queuing model for IMS- based IPTV system”, IC-
BNMT2009.
[11] J. Medhi, Stochastic Models in Queueing Theory. Academic Press, 2003.
[12] N.Psimogiannos, A.ggeliki, D.Vergados,”An IMS-based network architecture for WiMAX-UMTS
and WiMAX-WLAN interworking”, Conputer Communications, 2010.
Authors
Dr. Ahmed Barnawi received his BSc in Electrical Engineering from King Abdul-Aziz University in
2000, his degree in Communication Engineering from University of Manchester Institute of Science and
Technology (UMIST) in 2002, and his PhD degree in Mobile Communications from Bradford University in
2006. Currently, Dr. Barnawi is an Assistant Professor at the Department of Computer Science, King
Abdul-Aziz University, Jeddah, Saudi Arabia. His current research interests include Mobile Next
Generation Network, Cognitive Radio and Wireless Ad hoc and Sensor Networks.
Dr. Abdulrahman Altalhi is an assistant professor of Information Technology at King Abdul-Aziz
University. He has obtained his Ph.D. in Engineering and Applied Sciences (Computer Science) from the
University of New Orleans on May of 2004. He served as the chairman of the IT department for two years
(2007-2008). Currently, he is the Vice Dean of the College of Computing and Information Technology. His
research interest include: Wireless Networks, Software Engineering, and Computing Education.
Dr. Nadine Akkari received his BSc and Msc in computer engineering from University of balamand,
Lebanon in 1999 and a diploma in specialized study in telecommunications networks from Engineering
School of Beirut, Saint Joseph University, Lebanon in 2001. She received her PhD degree in Mobility and
QoS Management in next generation networks in 2006 from National Superior School of
telecommunications (ENST), Paris, France. Currently, Dr. Akkari is an Assistant Professor at the
Department of Computer Science, King Abdulaziz University, Jeddah, Saudi Arabia. Her current research
interests include Next Generation Networks, mobility management and Cognitive Radio.
Muhammad Emran is working as Lecturer in Computer Science Department of King Abdul Aziz
University, Jeddah, Saudi Arabia. He has completed Master in Computer Science from Quaid-i-Azam
University, Islamabad Pakistan in 1997. Then he completed his MS (CS) with specialization in Computer
Networks from COMSATS Institute of Information Technology, Lahore Pakistan in 2006. His research
interests are in IP Multimedia Subsystem, Wireless and Mobile Computing and Network Security.