5. Voip Sip Abe

8/3/2019 5. Voip Sip Abe

1/22

2011 NTT Information Sharing Platform Laboratories

Current NTT PracticesRegarding VoIP Implementation

and SIP SecurityTrial of SIP Security Sharing Session

October 18, 2011

Tsuyoshi Abe

NTT Information Sharing Platform Laboratories, NTT Corporation


2/22

2 2011 NTT Information Sharing Platform Laboratories

Contents

NTT Laboratories

NTTs NGNServices

Security

SIP Session Control

NTT-CERT (Mr. Kamiyas presentation)


3/22


Introduction to NTT Labs.


4/22


NTT Group

Nippon Telegraph and Telephone

Corporation (Holding Company)

Operating revenues: 390.3 billion yen

Number of employees: 2,900

[Major businesses]

- Planning management strategies for the NTT Group

- Encouraging fundamental R&D efforts

NTTs Voting Rights Ratio: 100%

NTT East Corporation

Op. revenues: 1.96 trillion yen No. of employees: 5,900


NTT West CorporationOp. revenues: 1.76 trillion yen No. of employees: 5,500


NTT Communications CorporationOp. revenues: 1.33 trillion yen No. of employees: 8,150

NTTs Voting Rights Ratio: 54.2%

NTT Data CorporationOp. revenues: 1.16 trillion yen No. of employees: 50,000

NTTs Voting Rights Ratio: 66.4%

NTT DOCOMO, INC.Op. revenues: 4.22 trillion yen No. of employees: 22,950

NTT Group develops businesses

in broad fields as a forerunner to

the ubiquitous broadband era.

(Above figures based on fiscal 2010 year-end)

Total assets: 19.67 trillion yenOperating revenues: 10.18 trillion yenNumber of employees: 219,350Number of consolidated subsidiaries: 756


5/22


NTT (Holding Company)

No. of employees: about 500

No. of employees: about 1,500

No. of employees: about 1,000


6/22


NTT R&D

Yokosuka

Musashino

Atsugi

Keihanna

Tsukuba

R&D of application

services

Yokosuka

R&D of network technologies,environment & energy technologies

R&D of cutting-edgetechnologies

No. of employees:

about 300

NGN security

NGN access NW

NGN core NW


7/227 2011 NTT Information Sharing Platform Laboratories

We are undertaking R&D of service platform technologies that will

enable a wide range of application services to be provided on NTT's world-leading

broadband network.

[Main research areas]

1. Cloud computing that capitalizes on NTT's strengthsOur cloud computing technology called CBoC makes it possible to satisfy non-functional

requirements suchas system scale-out, quality, operability, and security, by capitalizing on

NTT's strengths in networks, security technologies, operations, etc.

2. Reliable technology contact point to deal with a variety of NW threatsNTT-CERT accumulates information centrally and then shares information regarding

security-related incidents. It runs systematically and promptly a cycle of operations from

preventing the occurrence of incidents, to detection, resolution, minimization of damage, and

preventing recurrence.

3. Activities to become a CoE in information securityWe have successfully produced world-leading research results such as Camellia, Japan's first

standard cryptography adopted for the Internet, and PSEC-KEM, an elliptic curve

cryptography that has been highly rated in Europe for its high security and performance.

Information Sharing Platform Labs.

40 members



NTTs NGN (Next Generation Network)



Introduction to NTTs NGN

NTT started commercial NGN service in March

2008 As of March 2010, 2.2 million NGN customers

Services provided by NTT group through NGN

Internet access

IP telephony

IPTV, VoD, etc.

IP telephony and IPTV communications quality are

guaranteed in NGN NTT maintains security of NGN



Overview of NTT's NGN

NTTs NGNSince 2008

Customer

2.2 million customers as of March 2010

ISPs(Internet ServiceProviders)

Internet

ISPs(Internet Service

Providers)

ISPs(Internet service

providers)

PSTN(Public switched

telephone networks)

Signaling/Mediagateway

Edgerouter

Edgerouter

Gatewayrouter

Homegateway

IPTV & VoDservice provider

NNI(Network-network interface)

UNI(User-network interface)

SNI(Application server-network interface)



NTTs NGN Services



NTTs NGN Services for Home Users

Services Quality Protocol (Codec)

Internet access Best effort (Max. 200 Mbps) IPv4

IPv6 (since 2011)IP telephony Normal phone

(3.4 kHz)

Guaranteed (64 kbps) SIPRTP (G.711 u-low)IPv4

High-quality phone(7 kHz)

Guaranteed (96 kbps) SIPRTP (G.711.1)

IPv4

Video phone Guaranteed (2 Mbps) SIPRTP (MPEG4-Visual)IPv4

Digital IPTV Guaranteed (9 Mbps) MLDv2RTP (H.264)

IPv6

Video on demand Best effort (7 Mbps) RTP (H.264)IPv6

Data transfer(since 2010)

Guaranteed (Max. 1 Mbps) SIPHTTP/SOAPIPv4



Other Services Related to Security

Security suite software

NTT provides security suite software for PCs to NGNcustomers with anti-virus software venderscooperation.

VPN services for business users

NTT provides virtual private network services in theNGN, without going through the Internet



NTTs NGN Security



NGN Security Trust Model (ITU-T Y.2701)

(Network borderelements)

Home gatewayEdge router/Gateway router

(Servers, etc.)

Defend againstdiverse attacks from

untrusted zone



NTTs NGN Security

Security measures at network border elements(Edge routers/Gateway routers)

1. Access control for entire network

2. Mitigate attacks by preventing spoofing3. Protect SIP-controlled communications

Security measures at each element in NGN

(Servers, etc.)4. Vulnerability management

5. Rate limiting, etc.

Multilayer defense approach



NTTs NGN Security (2)

Elements in NTTs NGN4.Vulnerability management5.Rate limiting, etc.

Customer

ISPs(Internet ServiceProviders)

Internet

ISPs(Internet Service

Providers)

ISPs(Internet service

providers)

PSTN(Public switchedtelephone networks)

Edgerouter

Edgerouter

Homegateway

IPTV & VoDservice provider

1. Block packets from/to address spaces in NGN.

2. Block packets that misrepresentsource IP address.

3. Open/close pinhole based oninstructions from SIP sessioncontrol server.

Signaling/Mediagateway

Gatewayrouter



Signaling protocol Protocol in network

Access control based onAuthentication:

Exclude illegal access usingline level authentication

Secure control in the network:

(Protocol in network is not influencedby user protocol)

QoS control/Congestion control

Routing

Secure communicationbetween users:

Restrict excessive traffic

User traffic (Transparent between users)

Edge router Relay node Relay node

NGN

Protocol separation

Illegal access,

Excessive traffic

Excessivetraffic

Edge router

User User

Line level

authentication

Restrict excessive traffic

SIP sessioncontrol server

Harmfulinfluence

NTTs NGN Security (3)



SIP Session Control in NTT'sNGN



SIP Session Control in NTT's NGN

Communication quality of NTT's NGN services

using SIP are guaranteed Requested bandwidths for session described inSIP messages are reserved

Priority forwarding is performed for reserved-session data packets

Guaranteed sessions are protected from

congestion-type DoS attacks



NTT's NGN

SIP Session Control in NTT's NGN

Edgerouter

Homegateway

Session controlserver

SIP

H.248/Megaco

Edgerouter

Homegateway

Media stream

Marking each IP packet by DiffservPriority forwarding is performed

according to the Diffserv

Reserve requested bandwidth

and control edge router

Protected from congestion-type DoS attacks



Summary

NTT's NGN services

IPv4/IPv6 Internet access (best effort) IP telephony (guaranteed)

Digital IPTV (guaranteed)

NTT's NGN security at edge routers

Access control

Preventing spoofing

Protection of SIP-controlled communications

SIP session control

Session control servers and edge routers managebandwidth

Date post:	06-Apr-2018
Category:	Documents
Upload:	hendra-herdiana
View:	229 times
Download:	0 times

5. Voip Sip Abe

Documents