The Session Initiation Protocol (SIP) is the de facto standard for multimedia multiparty sessions signaling in Next Generation Networks (NGN). It is at the basis of a wide range of IP multimedia services. SIP specification and current usage relies on centralized servers. However, research has recently started on the integration of Peer-to-Peer (P2P) principles into SIP for harnessing the benefits of decentralization. The contribution of this thesis is fourfold. Firstly, this thesis contributes to this research by proposing a novel architecture for P2P SIP. Our architecture is an overlay composed of a set of self-organized proxies and distributed registrars. Unlike other architectures proposed so far, our proposal does not require an extension to SIP messages and is P2P middleware-independent. This eases implementation, interoperability with legacy, and ensures portability. Secondly, the thesis discusses the routing issues related to such environment. Indeed, introducing proxies in a P2P SIP overlay raises two important issues namely the proxy topology building and proxy-level routing. Thanks to proxy topology building, a proxy joining the P2P SIP finds its neighbors in the network of proxies. Proxy-level routing enables messages to be correctly routed in the network built by proxy topology building. This part of the thesis proposes a new framework for proxy topology building and proxy-level routing in our proposed architecture. Our framework is P2P infrastructure independent and general enough to be used by any P2P SIP architecture that meets a minimal set of requirements. It relies on a simple algorithm that builds the network of proxies as a ring, and on routing algorithms specially designed for the ring topology. Thirdly, the thesis handles the Network Address Translation (NAT) traversal problem. Whereas P2P SIP architectures come with several benefits, they inherit NAT traversal issues from SIP world. NAT traversal issues occur because SIP messages must carry important communication parameters, including the IP address and port number to be used for signaling and media streams. SIP clients behind NAT device are not aware of how they are seen from the public network. Consequently, SIP packets sent by a client behind a NAT device, contain private IP addresses in the message headers and in the message body. These addresses being private, cannot be used by the destination node for answering. Then, we propose in this thesis, an efficient solution that enables nodes behind a NAT device to participate in the P2P SIP network. Fourthly, effective operation of our architecture relies on collaboration between the nodes playing important roles such as, proxy and registrar servers. Therefore, we provide solutions for identifying and alleviating non-cooperative behavior. We focus on proxy servers because they perform an important role in the transmission of signaling messages. Proxy servers can misbehave by misrouting the signaling messages or by hijacking SIP call sessions. This thesis proposes techniques to secure the routing of SIP signaling messages.
A MIDDLEWARE-INDEPENDENT AND SECURE PEER-TO-PEER SIP ARCHITECTURE (MISE-P2PSIP) / Y.p.e. Houngue ; relatore: E. Damiani ; correlatore: R. Glitho : direttore della scuola di dottorato: E. Damiani. Universita' degli Studi di Milano, 2012 Mar 06. 23. ciclo, Anno Accademico 2010. [10.13130/houngue-yenukunme-pelagie-elyse_phd2012-03-06].
A MIDDLEWARE-INDEPENDENT AND SECURE PEER-TO-PEER SIP ARCHITECTURE (MISE-P2PSIP)
Y.P.E. Houngue
2012
Abstract
The Session Initiation Protocol (SIP) is the de facto standard for multimedia multiparty sessions signaling in Next Generation Networks (NGN). It is at the basis of a wide range of IP multimedia services. SIP specification and current usage relies on centralized servers. However, research has recently started on the integration of Peer-to-Peer (P2P) principles into SIP for harnessing the benefits of decentralization. The contribution of this thesis is fourfold. Firstly, this thesis contributes to this research by proposing a novel architecture for P2P SIP. Our architecture is an overlay composed of a set of self-organized proxies and distributed registrars. Unlike other architectures proposed so far, our proposal does not require an extension to SIP messages and is P2P middleware-independent. This eases implementation, interoperability with legacy, and ensures portability. Secondly, the thesis discusses the routing issues related to such environment. Indeed, introducing proxies in a P2P SIP overlay raises two important issues namely the proxy topology building and proxy-level routing. Thanks to proxy topology building, a proxy joining the P2P SIP finds its neighbors in the network of proxies. Proxy-level routing enables messages to be correctly routed in the network built by proxy topology building. This part of the thesis proposes a new framework for proxy topology building and proxy-level routing in our proposed architecture. Our framework is P2P infrastructure independent and general enough to be used by any P2P SIP architecture that meets a minimal set of requirements. It relies on a simple algorithm that builds the network of proxies as a ring, and on routing algorithms specially designed for the ring topology. Thirdly, the thesis handles the Network Address Translation (NAT) traversal problem. Whereas P2P SIP architectures come with several benefits, they inherit NAT traversal issues from SIP world. NAT traversal issues occur because SIP messages must carry important communication parameters, including the IP address and port number to be used for signaling and media streams. SIP clients behind NAT device are not aware of how they are seen from the public network. Consequently, SIP packets sent by a client behind a NAT device, contain private IP addresses in the message headers and in the message body. These addresses being private, cannot be used by the destination node for answering. Then, we propose in this thesis, an efficient solution that enables nodes behind a NAT device to participate in the P2P SIP network. Fourthly, effective operation of our architecture relies on collaboration between the nodes playing important roles such as, proxy and registrar servers. Therefore, we provide solutions for identifying and alleviating non-cooperative behavior. We focus on proxy servers because they perform an important role in the transmission of signaling messages. Proxy servers can misbehave by misrouting the signaling messages or by hijacking SIP call sessions. This thesis proposes techniques to secure the routing of SIP signaling messages.File | Dimensione | Formato | |
---|---|---|---|
phd_unimi_R07911.pdf
Open Access dal 27/04/2012
Tipologia:
Tesi di dottorato completa
Dimensione
5.65 MB
Formato
Adobe PDF
|
5.65 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.