1 Detecting Script-to-Script Interactions in Call Processing Language Masahide Nakamura, Ken-ichi Matsumoto, Grad. School of Information Science, Nara.

Slides:

Advertisements

Similar presentations

Insert Tradeshow or Event Name -- Date Insert Presentation Title Realities of Multi-Domain Gateway Network Management Jonathan Rosenberg.

Advertisements

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

AIMS Workshop Heidelberg, 9-11 March /20 A Telecom and IP Project from ETSI Gerald Meyer

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Slide 1 Feature Interactions between SIP Call Control Services Mario Kolberg University of Stirling.

Where should services reside in Internet Telephony Systems? Xiaotao Wu, Henning Schulzrinne {xiaotaow, Department of Computer Science,

1 Intertex Demo at Spring VON 2004 Booth 809 Did you think VoIP was just old telephony somewhat cheaper? Not with the IX66! Live IP communication is much.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

SIP Programming : SIP has texture encoding feature. [1] SIP allows third parties or user to program SIP follows HTTP programming model.

Voice over Internet Protocol (VoIP) Training and Development.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Design and Implementation of SIP-aware DDoS Attack Detection System.

VIP-2/4/8/16/24 port Series P2P Configuration H.323/ SIP Internet Telephony Gateway Copyright © PLANET Technology Corporation. All rights.

The Internet & The World Wide Web Notes

1 CCM Deployment Models Wael K. Valencia Community College.

Detection and Resolution of Anomalies in Firewall Policy Rules

SIP Explained Gary Audin Delphi, Inc. Sponsored by

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Features and Applications for Multisite Deployments

Fall VON - September 28, 1999 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S SIP - Ready to Deploy Jim Nelson,

How Will You Be Developing Your Next Application? (SIP-01)

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Common Devices Used In Computer Networks

1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.

Features, Policies and Their Interactions Joanne M. Atlee Department of Computer Science University of Waterloo.

Integrating VoiceXML with SIP services

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Iptel not telip 1 03/19/99 Internet Telephony: not Telephony over Internet Jonathan Rosenberg Bell Laboratories Spring VoN 99.

Network Devices.

© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. Voice Peering Steve Heap Chief Technology Officer.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Introduction to SIP Based ENUM IP Telephony Infrastructure 資策會網路及通訊實驗室 Conference over IP Team 楊政遠博士

Emerging Technologies. Emerging Technology Overview  Emerging technologies are those which are just beginning to be adopted or are at the initial acceptance.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

Draft-khan-ip-serv-peer-arch-03.txt SPEERMINT Peering Architecture IETF-66, Montreal, Canada Sohel Khan, Ph.D. Technology Strategist.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

SIPPING - IETF 62 - Minneapolis (March 2005) LESS effort, more services Xiaotao Wu Henning Schulzrinne Dept. of Computer Science Columbia University.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Review: –Ethernet What is the MAC protocol in Ethernet? –CSMA/CD –Binary exponential backoff Is there any relationship between the minimum frame size and.

Voice over IP by Rahul varikuti course instructor: Vicky Hsu.

VoN September ‘98 1 9/17/98 VoN Standards Update Jonathan Rosenberg Bell Laboratories September 17, 1998.

Omar A. Abouabdalla Network Research Group (USM) SIP – Functionality and Structure of the Protocol SIP – Functionality and Structure of the Protocol By.

ESERL Feature Interaction Management in Parlay/OSA Using Composition Constraints and Configuration Rules Alessandro (Alex) De Marco, Ferhat Khendek Dept.

1 Representing New Voice Services and Their Features Ken Turner University of Stirling 11th June 2003.

Toshiba Confidential 1 Presented by: Philipe BC Da’Silva SESSION INITIATION PROTOCOL.

Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,

The Session Initiation Protocol - SIP

1 Authorization Sec PAL: A Decentralized Authorization Language.

Securing Access to Data Using IPsec Josh Jones Cosc352.

سمینار تخصصی What is PSTN ? (public switched telephone network) تیرماه 1395.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

SIP Programming : SIP has texture encoding feature.[1]

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

On-Site PBX Vs Hosted PBX.

IP Telephony (VoIP).

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

Chapter 4 Data Link Layer Switching

Session Initiation Protocol (SIP)

Where should services reside in Internet Telephony Systems?

Firewalls Routers, Switches, Hubs VPNs

Voice Over Internet Protocol

Service Creation Using SIP

Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.

OpenSec：Policy-Based Security Using Software-Defined Networking

Presentation transcript:

1 Detecting Script-to-Script Interactions in Call Processing Language Masahide Nakamura, Ken-ichi Matsumoto, Grad. School of Information Science, Nara Institute of Science and Technology Ken-ichi Matsumoto, Tohru Kikuno Graduate School of Information Science and Technology, Osaka University

2 Internet Telephony Widely studied at protocol level (SIP, H323) Advanced telecom services integrated with data services Decentralized service/feature management 7040 PSTN/IN network PSTN Switch VoIP Gateway LAN IP network End systems Signaling server Service LAN End systems Signaling server Signaling server VoIP Gateway SCP IN features/services Phones Concerns are shifting to service level.

3 Two Approaches for Service Provision 7040 PSTN/IN network PSTN Switch VoIP Gateway LAN IP network End systems Signaling server LAN End systems Signaling server Signaling server VoIP Gateway SCP IN features/services Phones (a) Network Convergence Activate IN features/services through API (e.g., JAIN). (b) Programmable Services End-users define and deploy own features/services.

4 Call Processing Language (CPL) An XML-based language for programmable service in the Internet Telephony. RFC 2824 of IETF (proposed standard ) DTD-based syntax definition (also, XML-schemas) Mainly for switching / network services (for SIP, H.323) Some security considerations Prohibits loops, recursive calls, activations of external programs. Commercial and open-source implementations (e.g., VOCAL) Each user describes own customized service in a CPL script. Then, install the script in the local signaling server. Powerful and flexible service creation.

5 Drawbacks of Programmable Service (a) Service description by naive users The DTD-based syntax definition cannot guarantee the semantic correctness of a CPL script. There are many ways to make CPL scripts semantically wrong Cause ambiguity, redundancy, inconsistency (b) Services in the Signaling servers distributed on the Internet can be added, deleted or modified at anytime It is impossible to enumerate all possible services FI detection and resolution by off-line analysis cannot be performed

6 Goal of research Characterize semantic warnings in CPL script (a) Establish a guideline to guarantee semantic correctness for each single CPL script (b) Propose algorithm to detect FIs among all scripts involved in a call at run time Characterize FIs as the semantic warnings over multiple CPL scripts

7 CPL Script Switches represent conditional branches,,, and Location Modifiers add/remove locations,, Signaling operations cause signaling events, and Full specification is found in RFC

8 Describing Services with CPL(1) Alice wants to receive incoming calls only from domain example.com. Alice wants to reject all calls from crackers.org. Alice wants to redirect any other calls to her voice mail proxy example.com reject redirect Example requirement

9 Describing Services with CPL(2) <location url= DTD = (Data Type Definition) Begins with, ends with Subaction = Subroutine proxy example.com example.com example.com reject example.com redirect

10 Semantic warnings 1. Multiple forwarding addresses 2. Unused subactions 3. Call rejection in all paths 4. Address set after address switch 5. Overlapped conditions in single switch 6. Identical switches with the same parameters 7. Overlapped conditions in nested switches 8. Incompatible conditions in nested switches

11 Address set after address switch (ASAS) Definition: When and tags are specified as outputs of, the same address evaluated in the is set in the block. <reject status="reject" reason="I don't call Bob" /> address-switch otherwise Alice’s outgoing CPL address = Location setting reject Inconsistent destination Alice

12 Overlapped Conditions in Single Switches (OCSS) Definition: The condition is overlapped among the multiple output tags of a switch. <location url= <location url= example.com contains = bob Pattara’s CPL Unreachable terminal is = bobby somewhere instance.net example.com

13 Feature Interaction in CPL script Even if each individual script is free from semantic warnings (semantically safe), FIs can occur when multiple scripts are executed simultaneously at run time. SU-type interactions ( e.g., CW&TWC ) do not occur. Each user can have a single CPL script at a time. Interactions occur between different scripts owned by different users.

14 Example of FI in multiple CPL scripts example.com example.com Alice’s outgoing script Chris’s incoming script instance.com example.com Semantically safe Define the FIs as semantic warnings over multiple scripts redirect reject Semantically safe Address Set after Address Switch (ASAS) Alice’s outgoing script reject redirect example.com Chris’s incoming script FI occurs

15 FI detection Problem FI definition: CPL script s and t interact with respect to a call scenario c s and t are semantically safe, but s t is NOT semantically safe ( is combine operator) FI detection Problem: Detect FIs among multiple CPL scripts involved in a call with a call scenario c. Input and Output: Input: CPL script s of the call originator, and a call scenario c Output: FI occurs or not cc Detect FIs as the semantic warnings over multiple CPL scripts

16 script s Combine Operator c Combined script r = s t script t c To get a combined behavior of two (successively proxied) scripts, we present the combine operator Definition: Substituting the nodes in s that is executed in the call scenario c, with incoming actions of t script r

17 ab c d proxy redirect FI Involved in More than 2 Scripts A call could involved more than two scripts. (2) a b c (4) a c d cc (1) a (3) a c c Proposed Algorithm Succ(s 0, c) We check semantic warnings for these four combination ab c d A feature interaction occurs w.r.t. s 0 and c  There exists some k s.t. s 0 s 1 … s k is not safe. ccc Generalized FI Definition

18 Example of FI Detection Alice’s Script (S1) Chris’s Script (S2) Originator: Alice Call Scenario: Alice calls Chris S1 S2 c Input { semantically safe FI occurs ASAS S2S1 (1) S1 (2) S1 S2 c

19 Tool Support (a) CPL Checker(b) FI Simulator

20 Conclusion and Future Work New eight semantic warnings. Definition of FI in CPL programmable environment. Algorithm Succ to detect FIs involved in a call. Future work Run-time FI detection mechanism. Evaluation of how many FIs can be covered FI between programmable services and ready-made services.

21 Intra-Server Call LAN End systems Signaling server SA LAN End systems Signaling server Signaling server SB Compute Succ Relatively easy to detect FI. FI detector in VOCAL front-end.

22 Global FI Detecting Server For public Internet Quite difficult to realize due to privacy/authentication. Resolution - ABSOLUTELY NO WARRANTY policy? For dedicated service Possibility to use dedicated servers and channels. LAN End systems Signaling server SASC LAN End systems Signaling server Signaling server SB FI detecting server Upload CPL scripts Compute Succ

23 Multiple forwarding addresses (MF) Definition: After multiple addresses are set by tags, or comes. CPL <location url= <location url= Proxy Immediately answer Unreachable Terminal

24 Identical switches with the same parameters (IS) Definition: After a switch tag with a parameter, the same switch with the same parameter comes. address-switch is=“home.org” address-switch is = “home.org” CPL home.org Unreachable Unreachable and redundant script

25 Call rejection in all paths (CR) Definition: All execution paths terminate at. <reject status="reject" reason="I don’t accept call from alice" /> <reject status="reject" reason="I don’t accept call from Pattara" /> <reject status="reject" reason="I don’t accept call from anyone" /> others CPL reject No call processing

26 Unused Subactions (US) Definition: Subaction exists, but does not. Redundant script

27 Successive Algorithm A call scenario could involve more than two scripts, because of successive redirect and proxy Compute a set of scripts to be combined by proposed algorithm Successive Input and output Input: call originator, call scenario Output: a set of scripts to be combined Identify processing type and next address in scripts Processing type: how is the call processed (proxy, redirect, reject, or connected to end system) Next address: where the call is directed next Create a set of script, according to processing type