A MIDDLEWARE-INDEPENDENT AND SECURE PEER-TO-PEER SIP ARCHITECTURE (MISE-P2PSIP) [article]

YENUKUNME PELAGIE ELYSE HOUNGUE
2012
To my parents who have supported me all the way since the beginning of my studies. Abstract A Middleware-Independent and SEcure Peer-to-Peer SIP architecture (MISE-P2PSIP) The Session Initiation Protocol (SIP) is the de facto standard for multimedia multiparty sessions signaling in Next Generation Networks (NGN). It is at the basis of a wide range of IP multimedia services. SIP specification and current usage relies on centralized servers. However, research has recently started on the
more » ... n of Peer-to-Peer (P2P) principles into SIP for harnessing the benefits of decentralization. The contribution of this thesis is fourfold. Firstly, this thesis contributes to this research by proposing a novel architecture for P2P SIP. Our architecture is an overlay composed of a set of self-organized proxies and distributed registrars. Unlike other architectures proposed so far, our proposal does not require an extension to SIP messages and is P2P middlewareindependent. This eases implementation, interoperability with legacy, and ensures portability. Secondly, the thesis discusses the routing issues related to such environment. Indeed, introducing proxies in a P2P SIP overlay raises two important issues namely the proxy topology building and proxy-level routing. Thanks to proxy topology building, a proxy joining the P2P SIP finds its neighbors in the network of proxies. Proxy-level routing enables messages to be correctly routed in the network built by proxy topology building. This part of the thesis proposes a new framework for proxy topology building and proxy-level routing in our proposed architecture. Our framework is P2P infrastructure independent and general enough to be used by any P2P SIP architecture that meets a minimal set of requirements. It relies on a simple algorithm that builds the network of proxies as a ring, and on routing algorithms specially designed for the ring topology. Thirdly, the thesis handles the Network Address Translation (NAT) traversal problem. Whereas P2P SIP architectures come with several benefits, they inherit NAT traversal issues from SIP world. NAT traversal issues occur because SIP messages must carry important communication parameters, including the IP adiv dress and port number to be used for signaling and media streams. SIP clients behind NAT device are not aware of how they are seen from the public network. Consequently, SIP packets sent by a client behind a NAT device, contain private IP addresses in the message headers and in the message body. These addresses being private, cannot be used by the destination node for answering. Then, we propose in this thesis, an efficient solution that enables nodes behind a NAT device to participate in the P2P SIP network. Fourthly, effective operation of our architecture relies on collaboration between the nodes playing important roles such as, proxy and registrar servers. Therefore, we provide solutions for identifying and alleviating non-cooperative behavior. We focus on proxy servers because they perform an important role in the transmission of signaling messages. Proxy servers can misbehave by misrouting the signaling messages or by hijacking SIP call sessions. This thesis proposes techniques to secure the routing of SIP signaling messages. v vi sur un algorithme simple qui construit le réseau des proxys en anneau, et sur des algorithmes de routage spécialement conçus pour la topologie en anneau. Troisièmement, la thèse traite le problème de la traduction d'adresses (Network Address Translation). En effet, bien que les architectures P2P SIP viennent avec plusieurs avantages, ils héritent le problème de traduction d'adresses proprè a la technologie SIP. Ce problème survient parce que les messages SIP doivent transporter des paramètres de communication importants, y compris l'adresse IP et le numéro de port utilisés pour les flux de signalisation et de média. Les clients SIP se trouvant derrière un dispositif NAT, ne sont pas conscients de la façon dont ils sont vus depuis le réseau public. Par conséquent, les paquets SIP envoyés par un client derrière un périphérique NAT, contiennent des adresses IP privées dans les en-têtes et dans le corps des messages. Ces adressesétant privées, ne peuvent pasêtre utilisées par le noeud de destination dans sa réponse. Ainsi, nous proposons dans cette thèse une solution efficace permettant aux noeuds derrière un périphérique NAT de pouvoir participer au réseau P2P SIP. Quatrièmement, le bon fonctionnement de notre architecture repose sur une bonne collaboration entre les noeuds jouant des rôles importants tels que, les serveurs proxy et les serveurs d'enregistrement. Par conséquent, nous proposons des solutions permettant d'identifier et d'atténuer les comportements non coopératifs. Nous nous concentrons sur les serveurs proxy, car ils jouent un rôle très important dans la transmission des messages de signalisation. Les serveurs proxy peuvent mal se comporter en optant pour un mauvais acheminement des messages de signalisation ou en détournant les sessions d'appels SIP. Cette thèse propose des techniques pour sécuriser l'acheminement des messages de signalisation SIP.
doi:10.13130/houngue-yenukunme-pelagie-elyse_phd2012-03-06 fatcat:le3h4ncgy5a7xlkgzobfnmfmjq