180 likes | 299 Views
Data Control Application for Telecommunication Operators. Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky. Background.
E N D
Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky
Background • VoIP - a general term for a family of transmission technologies for delivery of voice communications over IP networks. • SIP - The SessionInitiationProtocol is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). • JSLEE - Java Service LogicExecutionEnvironment. A Java standard for high throughput, low latency event processing application environment (Application Server).
Problem Domain • More and more telecommunication providers use VoIP infrastructure. • Eavesdropping to someone conversation is very simple (requires connection to internet and packet capture software). • Spam over the phone becomes more and more popular. • Business clients are interested in more secured telecommunication services. • Telecommunication providers interested to supply them with these services.
Current Situation • Nowadays SIP(Session Initiation Protocol) is widely used for VoIP. • The caller sends a request to SIP server with the callees nickname, receives its IP as a response and establishes P2P communication between two hosts. Callees nickname Callees IP Conversation
Current Situation(cont.) • There are couple solutions for VoIP security available nowadays. • SRTP and ZRTP protocols are both secured type of RTP (Real-time Transport Protocol), which is the 4th layer in VoIP. • Main problems of these protocols: • Clients shall perform initial master key exchange. • Not all SIP clients supports these protocols. • Special hardware for every client required to create strong master key. • There is no well known service for communication control management.
Proposed Solution Telecommunication Provider Server JBOSS Server JSLEE Server Communication Control Application Data Storage SIP Request Event Control Rules Manager SIP Resource Adapter HTTP Host 2 IP Pre-shared Key SIP Request Pre-shared Key IP Host 2 IP Host 1 SIP Client Enabler Enabler SIP Client IPSec Communication Configuration Configuration IPSec Module IPSec Module
Project Requirements [R1] Rule Based Authorization The system shall provide specified authorization of users according to the rules kept in the configuration storage, as were configured by the dynamic configuration. [R2] Dynamic Configuration The system shall provide users with the ability to control the configuration of the system services, more specifically, the rules of the authorization service, and the rules of the security service.
Project Requirements(cont.) [R3] Security The system shall provide users with the ability to establish IPSec secured session, or an unsecured session, according to the rules kept in the configuration storage, as were configured by the dynamic configuration.
Communication Control Application Requirements The Communication Control Applicationshall contain the following components: [R17] Rule Based Policy Manager The Rule based policy manager shall apply the rules that appear in the configuration storage. For a certain communication initiation process from a caller to a callee the policy manager should do the following: [R18] The Rule Based Policy Manager shall apply the authorization rules. [R19] The Rule Based Policy Manager shall apply the security rules for that communication. [R20] Communication Services The Communication Control Application shall provide the caller client module with SIP responses for the initiation of the call to the callee client module.
Control Rules Manager [R21]Control Rules Manager TheControl Rules Managershall provide the user with a graphical user interface that will enable the configuration (addition / modification / deletion) of the rules that were stated above, and saving them into the configuration storage.
Configuration Storage The configuration storage shall store all info needed by the Communication Control Application, while meeting the following requirements: [R22]Storage Type: All of the server side data shall be stored on SQL type storage server. [R23]Data security: All data stored on the server should be password secured. [R24]Connection to Communication Control Application: Data Storage shall be connected to Communication Control Application using ODBC. [R25]Communication Control Application Related Data: Data storage shall store persistence data relevant to the Communication Control Application: For each registered user Data Storage shall store his encryption key. Rule Based Configurations: All of the Rule Based Configurations, as described in, shall be stored in Data Storage.
Enabler Requirements Main responsibilities of the enabler are: [R27] Secrecy All information received by the enabler shall be decrypted using the user encryption key. [R28] IPSec configuration: Enabler shall be able to establish IPSec connection between its own IP host and target of the requested call configuring the IPSec module according to data received from Communication Control Application. [R29] Communication with Communication Control Application: All the communications between the enabler and Communication Control Application shall be according to defined protocol. The information sent by this protocol shall contain the type of the security (secured/ unsecured) and the information necessary to establish a communication with that type of security.
Non Functional Requirements Speed The system shall process each request in under 10 seconds. Throughput According to JSLEE Server specifications the system shall be able to handle 500 transactions per second. Reliability Each communication that was required to be secured shall be secured. Each call that is supposed to be authorized shall take place. Each call that isn’t supposed to be authorized shall not take place. Portability In the scope of our project the system won’t be portable, but in future development the enabler can be adjusted to all available OS, and then the system can run on any device that has JRE.
Main Use Case Primary actors: Caller, Callee Description: Caller initiates a call by sending a request to the server with the callee username. Trigger: The Caller sends a request for a call to the server. Pre-conditions: The Caller and the Callee are registered with the system. The enabler is installed on the Caller’s and the Callee’s IP Hosts, and listening to messages from the Communication Control Application. The Communication Control Application is running. The Communication Control Application is listening to SIP messages through SIP RA. The combination of caller and callee authorization rules allows the establishment of the call. The combination of caller and callee security policy rules requires a secured call. Post-conditions: A secured called is established between the caller and the callee.