Data Control Application for Telecommunication Operators

makeshiftklipInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

77 εμφανίσεις


Academic Advisor:

Dr. Yuval
Elovici


Professional Advisor:

Yuri
Granovsky


Team:

Yuri
Manusov

Yevgeny

Fishman

Boris
Umansky


Background


VoIP

-

a general term for a family of transmission
technologies for delivery of voice communications over IP
networks.



SIP

-

The
S
ession

I
nitiation

P
rotocol is a signaling
protocol, widely used for controlling multimedia
communication sessions such as voice and video calls over
Internet Protocol (IP).



JSLEE

-

J
ava
S
ervice
L
ogic

E
xecution

E
nvironment
. A Java
standard for high throughput, low latency event processing
application environment (Application Server).


Problem Domain


More and more telecommunication providers use VoIP
infrastructure.


Eavesdropping to someone conversation is very simple
(requires connection to internet and packet capture
software).


Spam over the phone becomes more and more
popular.


Business clients are interested in more secured
telecommunication services.


Telecommunication providers interested to supply
them with these services.

Current Situation


Nowadays SIP(Session Initiation Protocol) is widely
used for VoIP.


The caller sends a request to SIP server with the callees
nickname, receives its IP as a response and establishes
P2P communication between two hosts.

Conversation

Current Situation(cont.)


There are couple solutions for VoIP security available
nowadays.


SRTP and ZRTP protocols are both secured type of RTP
(Real
-
time Transport Protocol), which is the 4
th

layer in
VoIP.


Main problems of these protocols:


Clients shall perform initial master key exchange.


Not all SIP clients supports these protocols.


Special hardware for every client required to create strong
master key.


There is no well known service for communication control
management.


Telecommunication Provider Server

Proposed Solution

JBOSS Server

JSLEE Server

SIP Resource Adapter

Communication
Control Application

IP Host 1

SIP Client

Enabler

IPSec
Module

IP Host 2

SIP Client

Enabler

IPSec
Module

Data Storage

Control Rules
Manager

SIP Request Event

Pre
-
shared Key

Pre
-
shared Key

Configuration

Configuration

IPSec Communication

Project Requirements

[R1] Rule Based Authorization

The system shall provide specified authorization of users

according to the rules kept in the configuration storage, as

were configured by the dynamic configuration.

[R2] Dynamic Configuration

The system shall provide users with the ability to control

the configuration of the system services, more specifically,

the rules of the authorization service, and the rules of the

security service.


Project Requirements(cont.)

[R
3
] Security


The system shall provide users with the ability to
establish IPSec secured session, or an unsecured
session, according to the rules kept in the
configuration storage, as were configured by the
dynamic configuration.

Communication Control
Application Requirements

The Communication Control Application

shall contain the following
components:


[R
17
]

Rule Based Policy Manager



The Rule based policy manager shall apply the rules that appear

in the configuration storage. For a certain communication

initiation process from a caller to a callee the policy manager

should do the following:



[R
18
]

The Rule Based Policy Manager shall apply the



authorization rules.



[R
19
]

The Rule Based Policy Manager shall apply the security


rules for that communication.


[R
20
]
Communication Services



The Communication Control Application shall provide the caller

client module with SIP responses for the initiation of the call to

the callee client module.





Control Rules Manager


[R
21
]Control Rules Manager



The

Control Rules Manager

shall provide the user

with a
graphical user interface

that will enable

the configuration (addition / modification /

deletion) of the rules that were stated above,

and

saving them into the configuration storage.


Configuration Storage

The configuration storage shall store all info needed by the Communication
Control Application, while meeting the following requirements:

[R
22
]Storage Type:


All of the server side data shall be stored on SQL type storage server.

[R
23
]Data security:


All data stored on the server should be password secured.


[R
24
]Connection to Communication Control Application:


Data Storage shall be connected to Communication Control Application using
ODBC.

[R
25
]Communication Control Application Related Data:


Data storage shall store persistence data relevant to the Communication
Control Application:


For each registered user Data Storage shall store his encryption key.


Rule Based Configurations: All of the Rule Based Configurations, as described
in, shall be stored in Data Storage.


Enabler Requirements


Main responsibilities of the enabler are:


[R
27
]

Secrecy



All information received by the enabler shall be decrypted using

the user encryption key.



[R
28
]

IPSec configuration:



Enabler shall be able to establish IPSec connection between its

own IP host and target of the requested call configuring the IPSec

module according to data received from Communication Control

Application.


[R
29
]
Communication with Communication Control Application:



All the communications between the enabler and

Communication Control Application shall be according to

defined protocol. The information sent by this protocol shall

contain the type of the security (secured/ unsecured) and the

information necessary to establish a communication with that

type of security.


Non Functional Requirements

Speed


The system shall process each request in under
10
seconds.

Throughput


According to JSLEE Server specifications the system shall be able to
handle
500
transactions per second.

Reliability


Each communication that was required to be secured shall be secured.


Each call that is supposed to be authorized shall take place.


Each call that isn’t supposed to be authorized shall not take place.

Portability


In the scope of our project the system won’t be portable, but in future
development the enabler can be adjusted to all available OS, and then
the system can run on any device that has JRE.


Use Case Diagram

Main Use Case



Primary actors
:


Caller, Callee

Description
:


Caller initiates a call by sending a request to the server with the callee username.

Trigger
:


The Caller sends a request for a call to the server.

Pre
-
conditions
:


The Caller and the Callee are registered with the system.


The enabler is installed on the Caller’s and the
Callee’s

IP Hosts, and listening to
messages from the Communication Control Application.


The Communication Control Application is running.


The Communication Control Application is listening to SIP messages through SIP RA.


The combination of caller and callee authorization rules allows the establishment of the
call.


The combination of caller and callee security policy rules requires a secured call.

Post
-
conditions
:


A secured called is established between the caller and the callee.






The End