SlideShare a Scribd company logo

Pro Viva Emmanuel

Download as PPTX, PDF
E
Emmanuel Emegha
1 of 17
A SECURE HIGH AVAILABILITY CONNECTION BETWEEN MULTI-SITES FOR A VOIP COMMUNICATION SYSTEM WITH EAVESDROPPING PREVENTION SECURITY STRATEGIES BY EMMANUEL EMEGHA MSc Telecommunications Engineering Client: Stephen Swales (University of Sunderland) Project Supervisor: Dr Chris Bowerman Second Marker: Dr Leslie Kingham 1
EXECUTIVE SUMMARY In telecommunications engineering, the concept of high availability refers to techniques used to mitigate network downtimes while VPNs (Virtual Private Networks) are WAN connection technologies that provides data security (such as authentication, confidentiality integrity) using encryption services. VoIP systems are implemented as a result of its flexibility, simplicity and low cost over traditional hard-wired telephones communication. However, their security vulnerabilities undermines the confidentiality of voice packets being transmitted. This project implements a highly available WAN network for a VoIP solution that allows active/on-going calls to continue should a link connecting two sites fail, ensuring suitable protocols to restore links. The above highly available network and VoIP solution are equipped with eavesdropping prevention technologies (IPSec VPN and SRTP) to render any tampered data/voice packets unreadable/unlistenable. 2
CLIENT & PROBLEM • Client • Problem: Network downtimes, WAN Security, Voice communication & Security Client Requirements • A highly available WAN network • Site-to-Site Security (Eavesdropping) • VoIP communication and Security (Eavesdropping) • Active call continuity during WAN connection outages 3
PROJECT OBJECTIVES 1. To research and evaluate the concept of high availability in communication networks. 2. To critically evaluate the various protocols used in high availability including those for failover and redundancy. 3. To research and evaluate VPN technologies for the encryption of data packets between sites. 4. To research and evaluate VoIP security protocols used to prevent/mitigate eavesdropping. 5. To implement a fully functional prototype of the VoIP system for internal communication. 6. To evaluate and access the final prototype to see if it fully satisfies the client’s requirements and identify possible areas for future work/research. 4
RESEARCH 1. Research Areas & Relevance to project • High availability (failover, redundancy) and its protocols in communications network (LACP, STP/RSTP, HSRP, VRRP, GLBP, IS-IS, OSPF, EIGRP, RIP and Cisco IP SLA) • WAN Eavesdropping Prevention Technologies (VPN) (SSL, PPTP, IPSec, MPLS) • VoIP security protocols (TLS, SRTP, ZRTP) 5
RESEARCH (CONT’D) 2. Research Findings • High availability concepts: Hardware & Software • OSPF & EIGRP: Similarities & differences Eavesdropping Prevention • Virtual Private Networks (VPNs): SSL, MPLS, PPTP, IPSec VPN • Voice Communication: SRTP vs ZRTP (compatibility) Impacts of Security Mechanism? YES: High computational and communicational overhead (Khodabakhshi et al., 2013) NO: Encryption technologies encrypt traffic at wire-speed without interfering with QoS, call quality and performance (Dakur & Dakur, 2014) Project Author: In support of Khodabakhshi et al. (2013) 6
PROJECT METHODOLOGY • Network Design: Hierarchical Design Model - Core, Distribution & Access layers (Cisco Systems, 2014) Hierarchical Design Model • VoIP Telephony Design: Top-down approach (Cisco Systems, 2012) Aimed at tailoring specific applications to user requirements 7
PROTOTYPE DESIGN • High Availability Design: Redundancies, ISPs, failover protocols • WAN Security Design: IPSec VPN & GRE • VoIP Telephony Design: 3CX PBX server, User Agents (UAs), Security OSI-7 Layer Model Layer Name Protocol/Technology 7 Application 3CX PBX Server, Softphones 6 Presentation Codecs 5 Session SIP 4 Transport UDP, RTP, SRTP 3 Network IP 2 Data Link WAN technology used for connecting hosts in different sites MPLS, leased line (represented using LAN cabling such as Serial and Gigabit Ethernet) 1 Physical Link Top - down Design Approach (Protocols based on OSI-7 Layer) 8
R1_SITE 1 R3_SITE 2 R2_MAIN IPSec VPN 1 and 2 IPSec VPN 1, 2, 3 and 4 IPSec VPN 3 and 4 Encrypted WAN Traffic PROTOTYPE IMPLEMENTATION • Network: Redundancies, EIGRP, Cisco IP SLA • WAN Security: IPSec VPN (4 Tunnels) Authentication – Pre-share 1) crypto isakmp key nandos address 172.16.1.2 2) crypto isakmp key chicken address 172.16.1.6 3) crypto isakmp key spicyribs address 172.16.2.2 4) crypto isakmp key pulledpork address 172.16.2.6 Integrity: Md5 Encryption: 3DES Key Exchange: Diffie-Hellman group 2 • VoIP: SIP, RTP, UDP, Security: SRTP Prototype IPSec VPN Map 9
3CX PBX Server IP Phone IP Phone IP Phone G0/0 G0/1 G0/0 G0/2S0/0 G0/1 G0/1 S0/1S0/1 S0/0 S0/0 Fa0/1 Fa0/1 Fa0/1/1 Fa0/1/0 S0/0 S0/0S0/1 IMPLEMENTED PROTOTYPE SYSTEM 10
RESULTS & PROTOTYPE EVALUATION • Highly available WAN solution: (‘tracert’ command, ISP, fast convergence) • Secured all WAN traffic against (Eavesdropping): Wireshark - Network metric ‘ESP’ protocol. • Secure voice communication: Network metric ‘SRTP’ No VoIP security (listenable) Encrypted (unlistenable) • Active voice call continuity during connection downtime Met all client requirements (Evidence) 11
CLIENT FEEDBACK Client’s Evaluation & Feedback • Critical Evaluation of Client’s Feedback & Solutions 1. GLBP (or HSRP, VRRP which are evaluated in chapter 2) 2. Extra Redundancies (WAN links, ISPs) 12
Unsecured With IPSec VPN RTD(ms) Unsecured and IPSec Secured RTD/RTT Graph EXPERIMENTAL FINDINGS • Impacts of Security Techniques Performance: Graph of RTD/RTT for Unsecured & Secured VPN Supports Khodabakhshi et al. (2013) • Performance Improvement: Protocol Tuning 1. EIGRP 2. Cisco IP SLA 13
EVALUATION AGAINST PROJECT OBJECTIVES 1. To research and evaluate the concept of high availability in communication networks. (Chapter 2) 2. To critically evaluate the various protocols used in high availability including those for failover and redundancy. (Chapter 2) 3. To research and evaluate VPN technologies for the encryption of data packets between sites. (Chapter 3) 4. To research and evaluate VoIP security protocols used to prevent/mitigate eavesdropping. (Chapter 3) 5. To implement a fully functional prototype of the VoIP system for internal communication. (Chapter 5) 6. To evaluate and access the final prototype to see if it fully satisfies the client’s requirements and identify possible areas for future work/research. (Chapter 6, 7 & 8) 7. To produce a dissertation that is a reflection of the entire project. (Submitted - 14
CONCLUSION • A functional highly available site-to-site connection was designed and built based on research findings. • IPSec VPN and SRTP technologies were implemented on the prototype system to secure all WAN traffic and voice packets against eavesdropping attacks respectively. • Prototype supported Active voice continuity during WAN failure. • Protocol tuning aided network performance. • Prototype system met all client requirements • Dissertation presented/met all project objectives • Extra experimentations to verify theoretical findings (security impacts, performance) 15
PROJECT MANAGEMENT • Project Schedule and Gantt Chart • Multitasking 16
THANK YOU Question Time 17

Recommended

SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksAbhijeet Awade
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSreekanth GS
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11bguestd7b627
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
spins
spinsspins
spinsbhumikashah22111990
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksJoon Young Park
 

Recommended

SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksAbhijeet Awade
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSreekanth GS
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11bguestd7b627
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
spins
spinsspins
spinsbhumikashah22111990
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksJoon Young Park
 
015 spins
015 spins015 spins
015 spinsSam Ram
 
Slideshare
SlideshareSlideshare
SlideshareSomesh Ransubhe
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...ijceronline
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudyMohammad Mahmud Kabir
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless networkSyed Ubaid Ali Jafri
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
HP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsHP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsBeMyApp
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network securitynikshaikh786
 
Rushabhraj resume
Rushabhraj resumeRushabhraj resume
Rushabhraj resumeRushabh Singhavi
 
IoT Connectivity
IoT Connectivity IoT Connectivity
IoT Connectivity Hitesh Mohapatra
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-enMomita Chowdhury
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Network Critical
Network CriticalNetwork Critical
Network Criticalgigamon
 
New Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceNew Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceTCC Group
 
Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Adrian Cockcroft
 

More Related Content

What's hot

015 spins
015 spins015 spins
015 spinsSam Ram
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...ijceronline
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudyMohammad Mahmud Kabir
 
HP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsHP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsBeMyApp
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network securitynikshaikh786
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 

What's hot (19)

015 spins
015 spins015 spins
015 spins
 
Slideshare
SlideshareSlideshare
Slideshare
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Ip sec
Ip secIp sec
Ip sec
 
HP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond FirewallsHP Helion Webinar #5 - Security Beyond Firewalls
HP Helion Webinar #5 - Security Beyond Firewalls
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network security
 
Rushabhraj resume
Rushabhraj resumeRushabhraj resume
Rushabhraj resume
 
IoT Connectivity
IoT Connectivity IoT Connectivity
IoT Connectivity
 
Ip security
Ip security Ip security
Ip security
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
Ip sec technote-en
Ip sec technote-enIp sec technote-en
Ip sec technote-en
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 

Viewers also liked

Network Critical
Network CriticalNetwork Critical
Network Criticalgigamon
 
New Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceNew Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceTCC Group
 
Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Adrian Cockcroft
 
SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkDan York
 
Cctv And Ip Surveillance
Cctv And Ip SurveillanceCctv And Ip Surveillance
Cctv And Ip Surveillancefaleepay
 
Secure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPSecure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPArpan Patel
 

Viewers also liked (8)

Network Critical
Network CriticalNetwork Critical
Network Critical
 
New Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceNew Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing Performance
 
Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003
 
SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise Network
 
Cctv And Ip Surveillance
Cctv And Ip SurveillanceCctv And Ip Surveillance
Cctv And Ip Surveillance
 
BBC - What is IPTV?
BBC - What is IPTV?BBC - What is IPTV?
BBC - What is IPTV?
 
Secure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPSecure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIP
 
Cctv presentation
Cctv presentationCctv presentation
Cctv presentation
 

Similar to Pro Viva Emmanuel

Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...IRJET Journal
 
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...3G4G
 
LISP_in_Secure_Networks_WP
LISP_in_Secure_Networks_WPLISP_in_Secure_Networks_WP
LISP_in_Secure_Networks_WPCraig Hill
 
6TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 20146TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 2014Pascal Thubert
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016ICT PRISTINE
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Implementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportImplementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportJatin Singh
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7FRSecure
 
On SDN Research Topics - Christian Esteve Rothenberg
On SDN Research Topics - Christian Esteve RothenbergOn SDN Research Topics - Christian Esteve Rothenberg
On SDN Research Topics - Christian Esteve RothenbergCPqD
 
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...IRJET Journal
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011manav416
 
Mazharul Islam Khan (063457056)
Mazharul Islam Khan (063457056)Mazharul Islam Khan (063457056)
Mazharul Islam Khan (063457056)mashiur
 
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxpppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxzeyadosama505
 
Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Alexander Decker
 

Similar to Pro Viva Emmanuel (20)

Skype
SkypeSkype
Skype
 
main_phase1 _3.pptx
main_phase1 _3.pptxmain_phase1 _3.pptx
main_phase1 _3.pptx
 
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
Analytical Model on Secure Transmission for SIP-Video Call Setup for WiMax He...
 
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communica...
 
LISP_in_Secure_Networks_WP
LISP_in_Secure_Networks_WPLISP_in_Secure_Networks_WP
LISP_in_Secure_Networks_WP
 
6TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 20146TiSCH + RPL @ Telecom Bretagne 2014
6TiSCH + RPL @ Telecom Bretagne 2014
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Implementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportImplementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- report
 
Resume
ResumeResume
Resume
 
my project publication
my project publicationmy project publication
my project publication
 
Orascom-tehnical study final
Orascom-tehnical study finalOrascom-tehnical study final
Orascom-tehnical study final
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
 
On SDN Research Topics - Christian Esteve Rothenberg
On SDN Research Topics - Christian Esteve RothenbergOn SDN Research Topics - Christian Esteve Rothenberg
On SDN Research Topics - Christian Esteve Rothenberg
 
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
 
Saransh_Burman_Resume
Saransh_Burman_ResumeSaransh_Burman_Resume
Saransh_Burman_Resume
 
Mazharul Islam Khan (063457056)
Mazharul Islam Khan (063457056)Mazharul Islam Khan (063457056)
Mazharul Islam Khan (063457056)
 
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxpppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
 
Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4
 

Pro Viva Emmanuel

  • 1. A SECURE HIGH AVAILABILITY CONNECTION BETWEEN MULTI-SITES FOR A VOIP COMMUNICATION SYSTEM WITH EAVESDROPPING PREVENTION SECURITY STRATEGIES BY EMMANUEL EMEGHA MSc Telecommunications Engineering Client: Stephen Swales (University of Sunderland) Project Supervisor: Dr Chris Bowerman Second Marker: Dr Leslie Kingham 1
  • 2. EXECUTIVE SUMMARY In telecommunications engineering, the concept of high availability refers to techniques used to mitigate network downtimes while VPNs (Virtual Private Networks) are WAN connection technologies that provides data security (such as authentication, confidentiality integrity) using encryption services. VoIP systems are implemented as a result of its flexibility, simplicity and low cost over traditional hard-wired telephones communication. However, their security vulnerabilities undermines the confidentiality of voice packets being transmitted. This project implements a highly available WAN network for a VoIP solution that allows active/on-going calls to continue should a link connecting two sites fail, ensuring suitable protocols to restore links. The above highly available network and VoIP solution are equipped with eavesdropping prevention technologies (IPSec VPN and SRTP) to render any tampered data/voice packets unreadable/unlistenable. 2
  • 3. CLIENT & PROBLEM • Client • Problem: Network downtimes, WAN Security, Voice communication & Security Client Requirements • A highly available WAN network • Site-to-Site Security (Eavesdropping) • VoIP communication and Security (Eavesdropping) • Active call continuity during WAN connection outages 3
  • 4. PROJECT OBJECTIVES 1. To research and evaluate the concept of high availability in communication networks. 2. To critically evaluate the various protocols used in high availability including those for failover and redundancy. 3. To research and evaluate VPN technologies for the encryption of data packets between sites. 4. To research and evaluate VoIP security protocols used to prevent/mitigate eavesdropping. 5. To implement a fully functional prototype of the VoIP system for internal communication. 6. To evaluate and access the final prototype to see if it fully satisfies the client’s requirements and identify possible areas for future work/research. 4
  • 5. RESEARCH 1. Research Areas & Relevance to project • High availability (failover, redundancy) and its protocols in communications network (LACP, STP/RSTP, HSRP, VRRP, GLBP, IS-IS, OSPF, EIGRP, RIP and Cisco IP SLA) • WAN Eavesdropping Prevention Technologies (VPN) (SSL, PPTP, IPSec, MPLS) • VoIP security protocols (TLS, SRTP, ZRTP) 5
  • 6. RESEARCH (CONT’D) 2. Research Findings • High availability concepts: Hardware & Software • OSPF & EIGRP: Similarities & differences Eavesdropping Prevention • Virtual Private Networks (VPNs): SSL, MPLS, PPTP, IPSec VPN • Voice Communication: SRTP vs ZRTP (compatibility) Impacts of Security Mechanism? YES: High computational and communicational overhead (Khodabakhshi et al., 2013) NO: Encryption technologies encrypt traffic at wire-speed without interfering with QoS, call quality and performance (Dakur & Dakur, 2014) Project Author: In support of Khodabakhshi et al. (2013) 6
  • 7. PROJECT METHODOLOGY • Network Design: Hierarchical Design Model - Core, Distribution & Access layers (Cisco Systems, 2014) Hierarchical Design Model • VoIP Telephony Design: Top-down approach (Cisco Systems, 2012) Aimed at tailoring specific applications to user requirements 7
  • 8. PROTOTYPE DESIGN • High Availability Design: Redundancies, ISPs, failover protocols • WAN Security Design: IPSec VPN & GRE • VoIP Telephony Design: 3CX PBX server, User Agents (UAs), Security OSI-7 Layer Model Layer Name Protocol/Technology 7 Application 3CX PBX Server, Softphones 6 Presentation Codecs 5 Session SIP 4 Transport UDP, RTP, SRTP 3 Network IP 2 Data Link WAN technology used for connecting hosts in different sites MPLS, leased line (represented using LAN cabling such as Serial and Gigabit Ethernet) 1 Physical Link Top - down Design Approach (Protocols based on OSI-7 Layer) 8
  • 9. R1_SITE 1 R3_SITE 2 R2_MAIN IPSec VPN 1 and 2 IPSec VPN 1, 2, 3 and 4 IPSec VPN 3 and 4 Encrypted WAN Traffic PROTOTYPE IMPLEMENTATION • Network: Redundancies, EIGRP, Cisco IP SLA • WAN Security: IPSec VPN (4 Tunnels) Authentication – Pre-share 1) crypto isakmp key nandos address 172.16.1.2 2) crypto isakmp key chicken address 172.16.1.6 3) crypto isakmp key spicyribs address 172.16.2.2 4) crypto isakmp key pulledpork address 172.16.2.6 Integrity: Md5 Encryption: 3DES Key Exchange: Diffie-Hellman group 2 • VoIP: SIP, RTP, UDP, Security: SRTP Prototype IPSec VPN Map 9
  • 10. 3CX PBX Server IP Phone IP Phone IP Phone G0/0 G0/1 G0/0 G0/2S0/0 G0/1 G0/1 S0/1S0/1 S0/0 S0/0 Fa0/1 Fa0/1 Fa0/1/1 Fa0/1/0 S0/0 S0/0S0/1 IMPLEMENTED PROTOTYPE SYSTEM 10
  • 11. RESULTS & PROTOTYPE EVALUATION • Highly available WAN solution: (‘tracert’ command, ISP, fast convergence) • Secured all WAN traffic against (Eavesdropping): Wireshark - Network metric ‘ESP’ protocol. • Secure voice communication: Network metric ‘SRTP’ No VoIP security (listenable) Encrypted (unlistenable) • Active voice call continuity during connection downtime Met all client requirements (Evidence) 11
  • 12. CLIENT FEEDBACK Client’s Evaluation & Feedback • Critical Evaluation of Client’s Feedback & Solutions 1. GLBP (or HSRP, VRRP which are evaluated in chapter 2) 2. Extra Redundancies (WAN links, ISPs) 12
  • 13. Unsecured With IPSec VPN RTD(ms) Unsecured and IPSec Secured RTD/RTT Graph EXPERIMENTAL FINDINGS • Impacts of Security Techniques Performance: Graph of RTD/RTT for Unsecured & Secured VPN Supports Khodabakhshi et al. (2013) • Performance Improvement: Protocol Tuning 1. EIGRP 2. Cisco IP SLA 13
  • 14. EVALUATION AGAINST PROJECT OBJECTIVES 1. To research and evaluate the concept of high availability in communication networks. (Chapter 2) 2. To critically evaluate the various protocols used in high availability including those for failover and redundancy. (Chapter 2) 3. To research and evaluate VPN technologies for the encryption of data packets between sites. (Chapter 3) 4. To research and evaluate VoIP security protocols used to prevent/mitigate eavesdropping. (Chapter 3) 5. To implement a fully functional prototype of the VoIP system for internal communication. (Chapter 5) 6. To evaluate and access the final prototype to see if it fully satisfies the client’s requirements and identify possible areas for future work/research. (Chapter 6, 7 & 8) 7. To produce a dissertation that is a reflection of the entire project. (Submitted - 14
  • 15. CONCLUSION • A functional highly available site-to-site connection was designed and built based on research findings. • IPSec VPN and SRTP technologies were implemented on the prototype system to secure all WAN traffic and voice packets against eavesdropping attacks respectively. • Prototype supported Active voice continuity during WAN failure. • Protocol tuning aided network performance. • Prototype system met all client requirements • Dissertation presented/met all project objectives • Extra experimentations to verify theoretical findings (security impacts, performance) 15
  • 16. PROJECT MANAGEMENT • Project Schedule and Gantt Chart • Multitasking 16