改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

Slides:

Advertisements

Similar presentations

A New Method for Symmetric NAT Traversal in UDP and TCP

Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

P2P and NAT How to traverse NAT Davide Carboni ©

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

NAT and NAT Traversal SEng490 Directed Study Haoran Song Supervised by Dr. Jianping Pan.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

CS 5565 Network Architecture and Protocols

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-01)draft-wang-tram-turnlite-01 Aijun Wang (China Telecom) Bing Liu.

Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

ICST 2011 Interconnecting ZigBee and 6LoWPAN Wireless Sensor Networks for Smart Grid Applications Advisor: Quincy Wu Speaker: Chia-Wen Lu National Chi.

PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.

1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

Mint: A Cost-effective Network-address Translation Architecture with Multiple Inexpensive NAT Servers Chun-Chao Yeh and Chun-Wei Chiu Department of Computer.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Interactive Connectivity Establishment : ICE

Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,

jitsi. org advanced real-time communication.

Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

HIP-Based NAT Traversal in P2P-Environments

Network Address Translation (NAT)

CS 3700 Networks and Distributed Systems

NAT Traversal in HIP Xiang LIU TML/HIIT 1.

An Analysis on NAT Security

Planning the Addressing Structure

Sensors Journal, IEEE, Issue Date: May 2013,

Usurp: Distributed NAT Traversal for Overlay Networks

NAT (Network Address Translation)

Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University

Easy4ip，briefly, it is a platform to help you connect your device and remote client more easier. Then, it can provide other service like cloud upgrade,

Speaker: Hui-Hsiung Chung Date:

Instructor Materials Chapter 9: NAT for IPv4

Multiple Addresses in Transport - For Discussion

Routing and Switching Essentials v6.0

IPSec VPN Chapter 13 of Malik.

NET323 D: Network Protocols

Skype P2P communication

Routing and Switching Essentials v6.0

CS 3700 Networks and Distributed Systems

Instructor Materials Chapter 9: NAT for IPv4

NET323 D: Network Protocols

NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University

CPEG514 Advanced Computer Networkst

Chapter 11: Network Address Translation for IPv4

Tareq Khan, Ph.D. Assistant Professor,

Request for Comments(RFC) 3489

Presentation transcript:

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維博士 2017/6/29

Outline Introduction Background Proposed Method Network Address Translator (NAT) UDP Hole Punching Proposed Method Experiment and Result Analysis Conclusion Reference

Introduction

Introduction The IPv4 address is not enough and IPv6 is still not widespread. The necessary of IP address in IoT environment. Improve the existed NAT traversal method – UDP hole punching. Make an smart home IoT application to verify the usability of the proposed method.

Background

Network Address Translator (NAT) Translate private IP addresses to a global IP address.

Network Address Translator (NAT) In general, there are for types of NAT. Full Cone NAT Restricted Cone NAT Port Restricted Cone NAT Symmetric NAT

Full Cone NAT

Restricted Cone NAT

Port Restricted Cone NAT

Symmetric NAT

UDP Hole Punching Technique

Proposed Method

Proposed Method Establish TCP connection to make sure the client can receive control message from server. Predict the next port number used by Symmetric NAT. Create a number of mappings (holes) of NAT to increase success rate. Add two retry process. 現在有許多穿越NAT的方法像是UPnP ICE ALG TURN等等我簡單介紹一下TURN TURN足以穿透Symmetric NAT 防火牆，他的運作原理是: Sender先將他想送的資料全部送給有Global IP地址的TURN Server， TURN Server再把資料轉送給Receiver。雖然這樣可以穿越防火牆，但已經喪失了P2P通訊的特色，變成Client-Server模式，Server須承擔所有頻寬。因此，這個解決辦法應該是在萬不得已下才能考慮使用的。那因為這一篇PAPER有用到STUN的概念，因此下一頁我會詳細說明STUN

I. Register Phase

II. Port Prediction Phase

III. Hole Punching Phase

IV. Peer-to-Peer Connection Phase

Experiment and Result Analysis

Experiment Step Use the “Stun client” application downloaded from Google Play to determine the type of 7 NAT device.

Experiment Step (con’t) Implement the original and proposed method. Use the methods 10 times per combinations of NAT devices to traverse the NAT. In each try, if two peers got packet from another, then success, otherwise fail.

Architecture

Success Rate (Original Method) O = 100%, X = 0% in 10 tries

Success Rate (Proposed Method) O = 100%, X = 0% in 10 tries

Time Cost (Original Method)

Time Cost (Proposed Method)

Experiment Step (con’t) A smart-home IoT application to verify the usability of the proposed method – A remote doorbell monitoring system. Two android phones, one acts doorbell, the other one acts monitor.

Experiment Step (con’t)

Conclusion

Conclusion This proposed an improved UDP hole punching technique. The proposed method gets higher successful rate than the original one. Although it increases the cost of time, but the overhead can be ignored by human in most cases. The method can be applied to Android phone application and to smart home IoT environment.

References P. Srisuresh, B.Ford, D.Kegel, “State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs),” RFC- 5128, 2008 Wei, Y., Yamada, D., Yoshida, S., Goto, S., “A New Method for Symmetric NAT Traversal in UDP and TCP Network”, 2008 Kuan-Lin Chen, Shaw-Hwa Hwang, Cheng-Yu Yeh, "Symmetric NAT Traversal Method for Session Initial Protocol (SIP)", Applied Mechanics and Materials, pp. 2836-2839, 2013. Ha Tran Thi Thu, Jaehyung Park, Yonggwan Won, Jinsul Kim, ”Combining STUN Protocol and UDP Hole Punching Technique for Peer-To-Peer Communication across Network Address Translation”, IT Convergence and Security (ICITCS) International Conference, 2014

進度報告未完成進度論文初稿 App優化

Thanks.