The Experts below are selected from a list of 72 Experts worldwide ranked by ideXlab platform
Victor Pascual - One of the best experts on this subject based on the ideXlab platform.
-
A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents
2014Co-Authors: Victor PascualAbstract:In many SIP deployments, SIP entities exist in the SIP signaling path between the originating and final terminating endpoints, which go beyond the definition of a SIP proxy, performing functions not defined in Standards Track RFCs. The only term for such devices provided in RFC 3261 is for a Back-to-Back User Agent (B2BUA), which is defined as the logical concatenation of a SIP User Agent Server (UAS) and User Agent Client (UAC). There are numerous types of SIP B2BUAs performing different roles in different ways; for example, IP Private Branch Exchanges (IPBXs), Session Border Controllers (SBCs), and Application Servers (ASs). This document identifies several common B2BUA roles in order to provide taxonomy other documents can use and reference. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by th
-
A Taxonomy of Session Initiation Protocol (SIP) Back-to-Back User Agents
2013Co-Authors: Hadriel Kaplan, Victor PascualAbstract:In many SIP deployments, SIP entities exist in the SIP signaling path between the originating and final terminating endpoints, which go beyond the definition of a SIP proxy, performing functions not defined in Standards Track RFCs. The only term for such devices provided in RFC 3261 is for a Back-to-Back User Agent (B2BUA), which is defined as the logical concatenation of a SIP User Agent Server (UAS) and User Agent Client (UAC). There are numerous types of SIP B2BUAs performing different roles in different ways; for example, IP Private Branch Exchanges (IPBXs), Session Border Controllers (SBCs), and Application Servers (ASs). This document identifies several common B2BUA roles in order to provide taxonomy other documents can use and reference.
Unrecognized - One of the best experts on this subject based on the ideXlab platform.
-
Best Current Practices for a Session Initiation Protocol (SIP) Transparent Back-To-Back User-Agent (B2BUA)
2007Co-Authors: UnrecognizedAbstract:A SIP Back-To-Back User Agent (B2BUA) refers to the concatenation of a SIP User Agent Client (UAC) and a SIP User Agent Server (UAS). A transparent B2BUA is a particular type of B2BUA that forwards SIP messages in a SIP proxy-like way, and that also benefits from some features of a User Agent (UA) element. This document recommends best current practices for the implementation of such a transparent B2BUA. Developing transparent B2BUAs that meet this set of requirements will greatly increase the likelihood that SIP applications will function properly.
-
Session Initiation Protocol (SIP) INVITE with Conference Info
2007Co-Authors: UnrecognizedAbstract:This specification defines a mechanism that allows a SIP User Agent Client (UAC) to provide a conference server with the initial conference information and policy using an INVITE-contained conference-info.
Neco Ventura - One of the best experts on this subject based on the ideXlab platform.
-
A SIP-based Web Session Migration Service
2015Co-Authors: Michael Adeyeye, Neco Ventura, David HumphreyAbstract:Abstract-Web session handoff is one of the ways of improving the web browsing experience; other ways include the use of bookmarks and web history synchronization between two PCs. This paper discusses the implementation and evaluation of a SIP-based web session migration service. A graphical tool, which is called Data Flow Diagram, is used to describe how the session migration service works. This work is compared with other existing web session migration approaches. In addition, the large scale deployment and limitations of the service are also discussed. Although all web sessions could not be migrated, the session mobility service worked in a Peer-to-Peer environment and offered SIP functionalities within web browsers. That is, a web browser can now act as an adaptive User Agent Client to surf the Internet and set-up multimedia sessions like a SIP Client. In summary, it is a novel approach to web session migration in which SIP is used to transfer session data. It also borrowed SIP Mobility mechanisms to introduce new service, namely content sharing and session handoff, to the web browsing experience
-
a sip based web Client for http session mobility and multimedia services
Computer Communications, 2010Co-Authors: Michael Adeyeye, Neco VenturaAbstract:This work leverages Session Initiation Protocol (SIP) transportation and mobility mechanism to transfer session data between two Web browsers. In addition, a Web browser can now act as an adaptive User Agent Client to surf the Internet and make voice calls as a SIP Client. It is a novel work that uses SIP to transfer session data between Web browsers and borrows SIP Mobility types to introduce new service namely, content sharing and session hand-off, to the Web browsing experience. Referred to as a SIP-based HTTP session mobility service, it offers personal mobility to end Users, and facilitates session mobility in Web browsing. While content sharing refers to the ability to view the same Web resource on two Web browsers and does not require moving session data, session hand-off refers to the migration of a Web session with its session data (cookies, hidden form elements and rewritten URL) to another Web browser. Results showed that the integration of SIP into a Web browser does not degrade the performance of a Web browser. Results also showed that the service could not work on all websites because of the Same Origin Policy (SOP) used by Web browsers to transfer cookies. The hybrid-based architectural scheme proposed and implemented here is compared with other existing Web session migration schemes. On the service commercialization, if the privacy and security of session data could be guaranteed by the implementers, a flat rate could be periodically charged regardless of the varying session data sizes. In another sense, it could be rendered as a Value Added Service (VAS) to customers.
Michael Adeyeye - One of the best experts on this subject based on the ideXlab platform.
-
A SIP-based Web Session Migration Service
2015Co-Authors: Michael Adeyeye, Neco Ventura, David HumphreyAbstract:Abstract-Web session handoff is one of the ways of improving the web browsing experience; other ways include the use of bookmarks and web history synchronization between two PCs. This paper discusses the implementation and evaluation of a SIP-based web session migration service. A graphical tool, which is called Data Flow Diagram, is used to describe how the session migration service works. This work is compared with other existing web session migration approaches. In addition, the large scale deployment and limitations of the service are also discussed. Although all web sessions could not be migrated, the session mobility service worked in a Peer-to-Peer environment and offered SIP functionalities within web browsers. That is, a web browser can now act as an adaptive User Agent Client to surf the Internet and set-up multimedia sessions like a SIP Client. In summary, it is a novel approach to web session migration in which SIP is used to transfer session data. It also borrowed SIP Mobility mechanisms to introduce new service, namely content sharing and session handoff, to the web browsing experience
-
a sip based web Client for http session mobility and multimedia services
Computer Communications, 2010Co-Authors: Michael Adeyeye, Neco VenturaAbstract:This work leverages Session Initiation Protocol (SIP) transportation and mobility mechanism to transfer session data between two Web browsers. In addition, a Web browser can now act as an adaptive User Agent Client to surf the Internet and make voice calls as a SIP Client. It is a novel work that uses SIP to transfer session data between Web browsers and borrows SIP Mobility types to introduce new service namely, content sharing and session hand-off, to the Web browsing experience. Referred to as a SIP-based HTTP session mobility service, it offers personal mobility to end Users, and facilitates session mobility in Web browsing. While content sharing refers to the ability to view the same Web resource on two Web browsers and does not require moving session data, session hand-off refers to the migration of a Web session with its session data (cookies, hidden form elements and rewritten URL) to another Web browser. Results showed that the integration of SIP into a Web browser does not degrade the performance of a Web browser. Results also showed that the service could not work on all websites because of the Same Origin Policy (SOP) used by Web browsers to transfer cookies. The hybrid-based architectural scheme proposed and implemented here is compared with other existing Web session migration schemes. On the service commercialization, if the privacy and security of session data could be guaranteed by the implementers, a flat rate could be periodically charged regardless of the varying session data sizes. In another sense, it could be rendered as a Value Added Service (VAS) to customers.
I. Hussain - One of the best experts on this subject based on the ideXlab platform.
-
a survey on registration hijacking attack consequences and protection for session initiation protocol sip
Computer Networks, 2020Co-Authors: Makhdoom Muhammad Naeem, I. Hussain, Malik Muhammad Saad MissenAbstract:Abstract Today, many organizations are transforming their traditional telephone services into Voice over Internet Protocol (VoIP) systems. These services are simple to implement, but they are often vulnerable to attacks because they are packet-switched IP networks to support the circuit-switched used for voice communication. SIP is widely used as a signaling protocol to facilitate video and voice communication, as well as for more multimedia applications. However, it is not protected against various types of attacks because of its open nature and lack of a clear line of defense against the growing number of security threats. Among these risks, registration hijacking assaults, known by its harmful effect, attack both the User Agent Server (UAS) and the User Agent Client (UAC). In particular, the REGISTER message is evaluated as one of the main reasons of registration hijacking assaults in SIP. An attacker who deactivates the SIP registration of a valid User and replaces it with the logical address of the hacker. This allows the hacker to block incoming calls as well as redirect, replay or end calls at will. In this survey, we present a complete study of the registration attack against SIP, communicating its different alternatives and analyzing its consequences. We have also categorized current solutions based on the different registration hijacking attack approaches they face, their types, and their targets. In addition, We conduct an in-depth review of the robustness and inefficiency of these solutions, as well as an in-depth analysis of each one’s basic assumptions to better understand their limitations. Finally, we recommend protecting the UAC registration method against registration-hijacking by using the Media Access Control (MAC) address to improve the efficiency of the studied solutions.
-
A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol SIP
Security and Communication Networks, 2015Co-Authors: I. Hussain, Soufiene Djahel, Zonghua Zhang, Farid Nait-abdesselamAbstract:Session Initiation Protocol SIP is widely used as a signaling protocol to support voice and video communication in addition to other multimedia applications. However, it is vulnerable to several types of attacks because of its open nature and lack of a clear defense line against the increasing spectrum of security threats. Among these threats, flooding attack, known by its destructive impact, targets both of SIP User Agent Server UAS and User Agent Client UAC, leading to a denial of service in Voice over IP applications. In particular, INVITE message is considered as one of the major root causes of flooding attacks in SIP. This is due to the fact that an attacker may send numerous INVITE requests without waiting for responses from the UAS or the proxy in order to exhaust their respective resources. Most of the devised solutions to cope with the flooding attack are either difficult to deploy in practice or require significant changes in the SIP servers implementation. Apart from these challenges, flooding attacks are much more diverse in nature, which makes the task of defeating them a real challenge. In this survey, we present a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences. We also classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets. Moreover, we conduct a thorough investigation of the main strengths and weaknesses of these solutions and deeply analyze the underlying assumptions of each of them for better understanding of their limitations. Finally, we provide some recommendations for enhancing the effectiveness of the surveyed solutions and address some open challenges. Copyright © 2015 John Wiley & Sons, Ltd.
