Author Archives: Jonathan Zar

Highlights From IPTCOMM Heidelberg July 2008

IPTCOMM 2008, held in Heidelberg, was a great event and directly relevant to the VOIPA community.  What made it notable was the success of the organizing committee and venue host in showcasing outstanding new research results for security, performance, and new features in IMS/NGN based technologies.

Much of the work was developed by graduate students and postdocs under sponsorship of senior technical members of our community.   In addition to the technical work the spirit, energy, and enthusiasm of the attendees was a notable pleasure.

The conference program will be published by Springer Lecture Notes in Computer Science; other details available directly at the IPTCOMM site.

An industry talk for VOIPSA identified four new projects necessary to advance research in the market.  I’ll mention details by separate post.

A quick summary of what happened at IPTCOMM follows:

Welcome Note
Saverio Niccolini (NEC Laboratories Europe, DE) and Pamela Zave (AT&T Laboratories, US)

Dr. Ralf Steinmetz Professor, Multimedia Communications Lab (TU Darmstadt, DE).
“Real-time Communications and Services in 2018 and Beyond.”

SIP and new service environments
A SIP-based Programming Framework for Advanced Telephony Applications
Wilfried Jouve (INRIA / LaBRI, FR); Nicolas Palix (LaBRI/INRIA, FR); Charles Consel (LaBRI/INRIA, FR); Patrice Kadionik (IMS, University of Bordeaux, FR)

An IMS Based Mobile Podcasting Architecture Supporting Multicast Delivery
Heiko Perkuhn (Ericsson Research, DE)

Generalized Third-Party Call Control in SIP Networks
Eric Cheung (AT&T, US); Pamela Zave (AT&T Laboratories, US)

Attack detection and mitigation in SIP networks
Automatic Adaptation and Analysis of SIP Headers using Decision Trees
Karin Hummel; Michael Nussbaumer; Andrea Hess Helmut Hlavacs (Univ. of Vienna, AT); Karin Hummel (University of Vienna, AT); Michael Nussbaumer (University of Vienna, AT); Andrea Hess (University of Vienna, AT)

A Self-Learning System for Detection of Anomalous SIP Messages
Konrad Rieck (Fraunhofer FIRST, DE); Stefan Wahl (Alcatel-Lucent, DE); Pavel Laskov (Fraunhofer FIRST, DE); Peter Domschitz (Alcatel-Lucent, DE); Klaus-Robert Müller (Technical University of Berlin, DE)

Secure SIP: A scalable prevention mechanism for DoS attacks on SIP based VoIP systems
Gaston Ormazabal (Verizon, US); Henning Schulzrinne (Columbia University, US); Eilon Yardeni (Columbia University, US); Sarvesh Nagpal (Columbia University, US)

Performance management in SIP networks
One Server Per City: Using TCP for Very Large SIP Servers
Kumiko Ono (Columbia University, US); Henning Schulzrinne (Columbia University, US); Erich Nahum (IBM T.J. Watson Research Center)

SIP Server Overload Control: Design and Evaluation
Charles Shen (Columbia University, US); Henning Schulzrinne (Columbia University, US)

Improving the scalability of an IMS-compliant conferencing framework. Part II: involving mixing and floor control Simon Pietro Romano (University of Napoli Federico II, IT); Alessandro Amirante (University of Napoli Federico II, IT); Tobia Castaldi (University of Napoli Federico II, IT); Lorenzo Miniero (University of Napoli Federico II, IT)

On Mechanisms for Deadlock Avoidance in SIP Servlet Containers
Laura Dillon; Kurt Stirewalt; Yi Huang (Michigan State University, US)

Security, legal and modeling issues of SIP based communications
Lawful Interception in P2P-based VoIP Systems
Jan Seedorf (NEC Europe Ltd., DE)

Security Analysis of an IP Phone: Cisco 7960G
Italo Dacosta (Georgia Institute of Technology, US)

Understanding SIP Through Model-Checking
Pamela Zave (AT&T Laboratories, US)

Next generation services for VoIP
Detecting VoIP Traffic Based on Human Conversation Patterns
Chen-Chi Wu (National Taiwan University, TW); Kuan-Ta Chen (Academia Sinica, TW); Yu-Chun Chang (National Taiwan University, TW); Chin-Laung Lei (National Taiwan University, TW)

Template-based Signaling Compression for Push-To-Talk over Cellular (PoC)
Andrea Forte (Columbia University, US); Henning Schulzrinne (Columbia University, US)

Providing Content Aware Enterprise Communication Services
Xiaotao Wu (Avaya Labs Research, US); K. Kishore Dhara (Avaya Labs Research, US); Venkatesh Krishnaswamy (Avaya Labs Research, US)

Industry talk session
An overview of ETSI standardisation activities in the Information Security arena with a focus on NGNs
Carmine Rizzo, Technical Officer, ETSI Standardisation Projects

Simulating Realistic Metro-area Network Behavior
Darius, Product Manager, Empirix

Process-Based Security Testing in a Carrier Environment
Sven Weizenegger, Lead of Security Testing and Senior Consultant, T-Systems; Heikki Kortti, Senior Security Specialist, Codenomicon

VoIP Security: Do Claims of Threats Justify Continued Research Efforts?
Jonathan Zar, Pingalo, Inc; Eric Y. Chen, NTT Information Sharing Platform Laboratories

Advanced Structural Fingerprinting in SIP
Humberto J. Abdelnur Radu State, Olivier Festor (INRIA)

Robustness Testing Of SIP, IMS and Of the Underlying IP Infrastructure
Lauri Piikivi (Codenomicon)

Protocol interactions among User Agents, Application Servers andMedia Servers
A. Amirante, T. Castaldi, L. Miniero and S. P. Romano (University of Napoli Federico II)

SOA-Type Service Composition With Reusable Telecommunications Components
Ioannis Fikouras (Ericsson Research), Gregory W. Bond (AT&T Laboratories)

VoIP SEAL 2.0 Security Suite for SIP enabled networks
Thilo Ewald, Nico d’Heureuse, Saverio Niccolini (NEC Laboratories Europe, DE)

On the deployment of Network Processors in Operational and Testing Network Devices
Fabio Mustacchio, Federico Rossi, Francesco Lamonica (NetResults Srl); Andrea Di Pietro, Fabio Vitucci, Domenico Ficara (University of Pisa – Department of Information Engineering)

Vishing Prevention by Authenticated Display-name
Stanley Chow Christophe Gustave Dmitri Vinokurov (Alcatel-Lucent, Bell Laboratories)

Note: This posting is for informative purposes only.  Conference notes are available from Springer LNCS and copyrighted IPTCOMM 2008.

VOIP Asia/ME 2006 Event – August 28th and 29th

UNI of Singapore has organized an excellent regional event on VoIP for August 28th and 29th. VOIPSA will be joining speakers at this event from:

Asia Media and Information Center, Avaya, BT, Cisco, IDT, Korea Telcom, Lucent, Nextone, Nortel, Malaysian Communications and Multimedia Commission, MERA and other international and regional leaders. Please see the session at 14:20 on Day 1 and join us if you can.


Topics will include Mobile VoIP, Fixed Mobile Convergence, and Quadruple Play

Event: VOIP Asia / Middle East 2006
28th – 29th August 2006
Venue JW Marriott Kuala Lumpur, Malaysia
Phone +65 6825 9579

Email is invited from anyone wishing to contribute issues or content on the topics. VOIPSA endeavors to provide acknowledgment and attribution to contributors.

Serving The Public

What forms of social enterpreneurship would most benefit the art of VoIP and in turn benefit your company and the public ? VOIPSA wants to know. In a recent survey over 25% of the VOIPSA advisory board expressed interest in time contributing to some charitable purpose for VoIP beyond their job, family and professional responsibilities. This is high number for voluntary action and encouraging. What if serving the public helped you, your employer and the community ? What kinds of projects might benefit the public appeal to grant funding and give your company an account you could reference and leverage for selling?

  • Community VM via ip-PBX and hosted VoIP for people displaced in emergencies
  • Mobile VoIP based telephony for rural 3rd world communities
  • When WalMart was established it sold outside of the major cities. Turns out there’s lots of money there. What else would you put on the list above.

Reliable VoIP

Since communities first established storehouses of grain to provision against future famine, people have organized government to prevent shortages of life’s essentials.

Electronic communication, in all its forms, has become essential to our continued prosperity, liberty and social advancement.

Fundamentally this society is in transition from a robust redundant and managed telephone system optimized for universal voice service to a faster and more diversified collection of unmanaged communications designed for any kind of data.

While the benefits of this transition are numerous, the trade-offs have received less attention.  The key issues in reliability flow from two fundamentals:

First, the physical architecture of much of the internet is optimized for cost and not reliability. For technical reasons given the art of the time, the original phone system was deployed in a highly parallel manner with separated wire pairs for each line running back to a local central office. Even in an extreme disaster, such as a tornado, service was often available or quickly restored across a wide area. This is no longer true in all modern deployments of internet and VoIP today.

Second, the software and protocol architecture of the internet favors in-band signaling, i.e. combining data and signal (control) together. So for example if you compare and contrast the history of the H.323 protocol (having its roots in ISDN) with the more recent SIP protocol, there is evident a modern architectural movement toward greater convergence of data and control.

Technical choices are being made in favor of convergence, cost and features.

To a modern designer avoiding convergence violates the ideal view of all bits as equal as converging data is highly attractive if you assume reliable delivery.

The social issue of who is responsible for assuring reliability is not captured in today’s economy. The complexity and costs of high reliability are disfavored for events beyond the ordinary recapture of revenue.

At issue is the social deferral of the costs of emergency. The commercial market with current policy tends to disfavor adding costs which evade recovery.

The issues above are not confined to wired telephony. They extend to wireless as well.

When answering the question─ how are radio towers provisioned? ─consider whether the answer takes the data on a path through a vulnerability. When it does, the tower is no longer an independent reliable backup.

Thus, it may be prudent to ask and consider the following questions:

  • Is there a consensus of knowledge about the physical reliability of the internet in handling emergencies?

  • If not, what projects might be proposed to bring the value chain to a common point of understanding?

  • Is there a consensus of knowledge about the actual redundancy of converged communications?

  • If not, what projects might be proposed to create a common view?

  • Is there an agreed sense among all constituencies on the best practices for overflow and capacity planning of the internet and VOIP?

  • What might be done to encourage industry and the public to prepare for communication in the event people are stranded and unable to get to their customary and approved means of communication?

From A Statement Offered In Support Of Testimony in Washington, D.C.
In The Matter of Planning For Social/Governmental Emergencies

Jonathan Zar is Secretary & Outreach Chair for VOIPSA, the VoIP Security Alliance. VOIPSA represents 100 organizations and over three thousand of the world’s experts in converged media security. Mr. Zar would like to acknowledge the valuable contributions informing his statement from Mr. Robert Simkavitz and Mr. Philip Walenta of VOIPSA. Mr. Zar’s words are his own and he has offered his statement as a private citizen and not in his official capacity as a spokesman for VOIPSA.

Copyright (c) 2006 All Rights Reserved
Permission Granted To Reproduce Intact Citing This Posting

A Family of Curves

What are the essential elements of a human conversation that a VoIP system would capture and convey to be ideal ?

To consider this, let us imagine a conversation between three or more people.

What do each of these people know ?

The list would certainly include the following elements:

– physical presence, including turning away and leaving
– focus, when any person turns to one, a few or all to speak
– visual cueing including pointing, nods of agreement, objections, interest, and lack of interest
– displays of valuable emotion
– content of words spoken

What else might be added ?

Let’s say the converation continues and the subject of authority comes up. The list might then extend to:

– identity beyond physical presence, voice and appearance
– authority as offered by voice or proved by other factors
– policy as for example by custom or rule for the type of meeting

Again let’s ask: what else might be added ?

After considering further, let’s now let’s imagine that the conversation ends and that you have have been invited to diagram it.

Maybe you choose to show it as a storyboard of transaction diagrams. Maybe you see a better way to draw it.

Is there a sensible way of classifying the quality of a conversation as it departs from the ideal ?

Now let’s turn this on its head and ask what happens if we augment human conversation and improve what we have been calling the ideal.

The point is that a VoIP system, or at least a VoIP client, can be classified according to the complexity of the expression that it conveys and this is either equal to, less than or better than face-to-face converation.

So parity with the PSTN is still undershooting what people expect when they meet and certainly less than what is possible if you have faith that computing can improve conversation beyond human vision and speech.

There is no one VoIP performance target. It’s a diagram with curves.

Your Latest Blog Is VOIPSA

VOIPSA includes the world’s experts in security and privacy for converged media. That’s why you’re here!

At any moment on the clock, people somewhere on this planet are awake, alert and wanting to communicate, both for business, family and the general welfare. As VOIPSA has grown we now have members in every time zone, all working to ensure that digital communication is safe, reliable and empowers everyone.

Not surprisingly, many of you have asked for a way to talk to each other about the work you’re doing, the challenges to make security and privacy effective and a way to share related events, news and project proposals. Many of you have also asked for a way to meet-up locally and post invitations to workshops or informal meet-ups.

By virtual simultaneous presence in Mumbai (Bombay), Shanghai, Seoul, Tokyo, Mexico City, New York, Helsinki, and Johannesberg, and frankly everywhere else on the planet, we are today announcing this web log. What you are reading is a medium for collaboration in your field without regard to the size of nation, population or geography.

We are eager to see your ideas in discussion with each other.

Thank you for encouraging us to set-up a blog.

We look forward to your contributions and reading your posts.