Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | hendra-herdiana |
View: | 229 times |
Download: | 0 times |
of 22
8/3/2019 5. Voip Sip Abe
1/22
2011 NTT Information Sharing Platform Laboratories
Current NTT PracticesRegarding VoIP Implementation
and SIP SecurityTrial of SIP Security Sharing Session
October 18, 2011
Tsuyoshi Abe
NTT Information Sharing Platform Laboratories, NTT Corporation
8/3/2019 5. Voip Sip Abe
2/22
2 2011 NTT Information Sharing Platform Laboratories
Contents
NTT Laboratories
NTTs NGNServices
Security
SIP Session Control
NTT-CERT (Mr. Kamiyas presentation)
8/3/2019 5. Voip Sip Abe
3/22
3 2011 NTT Information Sharing Platform Laboratories
Introduction to NTT Labs.
8/3/2019 5. Voip Sip Abe
4/22
4 2011 NTT Information Sharing Platform Laboratories
NTT Group
Nippon Telegraph and Telephone
Corporation (Holding Company)
Operating revenues: 390.3 billion yen
Number of employees: 2,900
[Major businesses]
- Planning management strategies for the NTT Group
- Encouraging fundamental R&D efforts
NTTs Voting Rights Ratio: 100%
NTT East Corporation
Op. revenues: 1.96 trillion yen No. of employees: 5,900
NTTs Voting Rights Ratio: 100%
NTT West CorporationOp. revenues: 1.76 trillion yen No. of employees: 5,500
NTTs Voting Rights Ratio: 100%
NTT Communications CorporationOp. revenues: 1.33 trillion yen No. of employees: 8,150
NTTs Voting Rights Ratio: 54.2%
NTT Data CorporationOp. revenues: 1.16 trillion yen No. of employees: 50,000
NTTs Voting Rights Ratio: 66.4%
NTT DOCOMO, INC.Op. revenues: 4.22 trillion yen No. of employees: 22,950
NTT Group develops businesses
in broad fields as a forerunner to
the ubiquitous broadband era.
(Above figures based on fiscal 2010 year-end)
Total assets: 19.67 trillion yenOperating revenues: 10.18 trillion yenNumber of employees: 219,350Number of consolidated subsidiaries: 756
8/3/2019 5. Voip Sip Abe
5/22
5 2011 NTT Information Sharing Platform Laboratories
NTT (Holding Company)
No. of employees: about 500
No. of employees: about 1,500
No. of employees: about 1,000
8/3/2019 5. Voip Sip Abe
6/22
6 2011 NTT Information Sharing Platform Laboratories
NTT R&D
Yokosuka
Musashino
Atsugi
Keihanna
Tsukuba
R&D of application
services
Yokosuka
R&D of network technologies,environment & energy technologies
R&D of cutting-edgetechnologies
No. of employees:
about 300
NGN security
NGN access NW
NGN core NW
8/3/2019 5. Voip Sip Abe
7/227 2011 NTT Information Sharing Platform Laboratories
We are undertaking R&D of service platform technologies that will
enable a wide range of application services to be provided on NTT's world-leading
broadband network.
[Main research areas]
1. Cloud computing that capitalizes on NTT's strengthsOur cloud computing technology called CBoC makes it possible to satisfy non-functional
requirements suchas system scale-out, quality, operability, and security, by capitalizing on
NTT's strengths in networks, security technologies, operations, etc.
2. Reliable technology contact point to deal with a variety of NW threatsNTT-CERT accumulates information centrally and then shares information regarding
security-related incidents. It runs systematically and promptly a cycle of operations from
preventing the occurrence of incidents, to detection, resolution, minimization of damage, and
preventing recurrence.
3. Activities to become a CoE in information securityWe have successfully produced world-leading research results such as Camellia, Japan's first
standard cryptography adopted for the Internet, and PSEC-KEM, an elliptic curve
cryptography that has been highly rated in Europe for its high security and performance.
Information Sharing Platform Labs.
40 members
8/3/2019 5. Voip Sip Abe
8/228 2011 NTT Information Sharing Platform Laboratories
NTTs NGN (Next Generation Network)
8/3/2019 5. Voip Sip Abe
9/229 2011 NTT Information Sharing Platform Laboratories
Introduction to NTTs NGN
NTT started commercial NGN service in March
2008 As of March 2010, 2.2 million NGN customers
Services provided by NTT group through NGN
Internet access
IP telephony
IPTV, VoD, etc.
IP telephony and IPTV communications quality are
guaranteed in NGN NTT maintains security of NGN
8/3/2019 5. Voip Sip Abe
10/2210 2011 NTT Information Sharing Platform Laboratories
Overview of NTT's NGN
NTTs NGNSince 2008
Customer
2.2 million customers as of March 2010
ISPs(Internet ServiceProviders)
Internet
ISPs(Internet Service
Providers)
ISPs(Internet service
providers)
PSTN(Public switched
telephone networks)
Signaling/Mediagateway
Edgerouter
Edgerouter
Gatewayrouter
Homegateway
IPTV & VoDservice provider
NNI(Network-network interface)
UNI(User-network interface)
SNI(Application server-network interface)
8/3/2019 5. Voip Sip Abe
11/2211 2011 NTT Information Sharing Platform Laboratories
NTTs NGN Services
8/3/2019 5. Voip Sip Abe
12/2212 2011 NTT Information Sharing Platform Laboratories
NTTs NGN Services for Home Users
Services Quality Protocol (Codec)
Internet access Best effort (Max. 200 Mbps) IPv4
IPv6 (since 2011)IP telephony Normal phone
(3.4 kHz)
Guaranteed (64 kbps) SIPRTP (G.711 u-low)IPv4
High-quality phone(7 kHz)
Guaranteed (96 kbps) SIPRTP (G.711.1)
IPv4
Video phone Guaranteed (2 Mbps) SIPRTP (MPEG4-Visual)IPv4
Digital IPTV Guaranteed (9 Mbps) MLDv2RTP (H.264)
IPv6
Video on demand Best effort (7 Mbps) RTP (H.264)IPv6
Data transfer(since 2010)
Guaranteed (Max. 1 Mbps) SIPHTTP/SOAPIPv4
8/3/2019 5. Voip Sip Abe
13/2213 2011 NTT Information Sharing Platform Laboratories
Other Services Related to Security
Security suite software
NTT provides security suite software for PCs to NGNcustomers with anti-virus software venderscooperation.
VPN services for business users
NTT provides virtual private network services in theNGN, without going through the Internet
8/3/2019 5. Voip Sip Abe
14/2214 2011 NTT Information Sharing Platform Laboratories
NTTs NGN Security
8/3/2019 5. Voip Sip Abe
15/2215 2011 NTT Information Sharing Platform Laboratories
NGN Security Trust Model (ITU-T Y.2701)
(Network borderelements)
Home gatewayEdge router/Gateway router
(Servers, etc.)
Defend againstdiverse attacks from
untrusted zone
8/3/2019 5. Voip Sip Abe
16/2216 2011 NTT Information Sharing Platform Laboratories
NTTs NGN Security
Security measures at network border elements(Edge routers/Gateway routers)
1. Access control for entire network
2. Mitigate attacks by preventing spoofing3. Protect SIP-controlled communications
Security measures at each element in NGN
(Servers, etc.)4. Vulnerability management
5. Rate limiting, etc.
Multilayer defense approach
8/3/2019 5. Voip Sip Abe
17/2217 2011 NTT Information Sharing Platform Laboratories
NTTs NGN Security (2)
Elements in NTTs NGN4.Vulnerability management5.Rate limiting, etc.
Customer
ISPs(Internet ServiceProviders)
Internet
ISPs(Internet Service
Providers)
ISPs(Internet service
providers)
PSTN(Public switchedtelephone networks)
Edgerouter
Edgerouter
Homegateway
IPTV & VoDservice provider
1. Block packets from/to address spaces in NGN.
2. Block packets that misrepresentsource IP address.
3. Open/close pinhole based oninstructions from SIP sessioncontrol server.
Signaling/Mediagateway
Gatewayrouter
8/3/2019 5. Voip Sip Abe
18/2218 2011 NTT Information Sharing Platform Laboratories
Signaling protocol Protocol in network
Access control based onAuthentication:
Exclude illegal access usingline level authentication
Secure control in the network:
(Protocol in network is not influencedby user protocol)
QoS control/Congestion control
Routing
Secure communicationbetween users:
Restrict excessive traffic
User traffic (Transparent between users)
Edge router Relay node Relay node
NGN
Protocol separation
Illegal access,
Excessive traffic
Excessivetraffic
Edge router
User User
Line level
authentication
Restrict excessive traffic
SIP sessioncontrol server
Harmfulinfluence
NTTs NGN Security (3)
8/3/2019 5. Voip Sip Abe
19/2219 2011 NTT Information Sharing Platform Laboratories
SIP Session Control in NTT'sNGN
8/3/2019 5. Voip Sip Abe
20/2220 2011 NTT Information Sharing Platform Laboratories
SIP Session Control in NTT's NGN
Communication quality of NTT's NGN services
using SIP are guaranteed Requested bandwidths for session described inSIP messages are reserved
Priority forwarding is performed for reserved-session data packets
Guaranteed sessions are protected from
congestion-type DoS attacks
8/3/2019 5. Voip Sip Abe
21/2221 2011 NTT Information Sharing Platform Laboratories
NTT's NGN
SIP Session Control in NTT's NGN
Edgerouter
Homegateway
Session controlserver
SIP
H.248/Megaco
Edgerouter
Homegateway
Media stream
Marking each IP packet by DiffservPriority forwarding is performed
according to the Diffserv
Reserve requested bandwidth
and control edge router
Protected from congestion-type DoS attacks
8/3/2019 5. Voip Sip Abe
22/2222 2011 NTT Information Sharing Platform Laboratories
Summary
NTT's NGN services
IPv4/IPv6 Internet access (best effort) IP telephony (guaranteed)
Digital IPTV (guaranteed)
NTT's NGN security at edge routers
Access control
Preventing spoofing
Protection of SIP-controlled communications
SIP session control
Session control servers and edge routers managebandwidth