Jürgen Quittek

Detecting SPIT Calls by Checking Human Communication Patterns

SPam over Internet Telephony (SPIT) is expected to become a very serious issue in the next years. The threat is going to spin out from the well known email spam problem by bot nets being re-programmed to initiate not just spam emails but also Voice over IP (VoIP) calls. Preventing SPIT is a new problem, because many well-established methods for blocking email spam cannot be applied. Currently, several SPIT prevention methods are being proposed but SPIT prevention research is still at a very early stage. In this paper, we propose an innovative way to detect SPIT calls by comparing applying hidden Turing tests that compare them with typical human communication patterns. For passing these tests, significant resource consumptions at the SPIT generating bot nets would be required which contradicts the spammers objective of placing as many SPIT calls as possible, The proposed method has several advantages compared to other methods that also interact with the caller. We validated its feasibility with a prototype implementation that we integrated into our modular VoIP security system called VoIP SEAL.

Building distributed management applications with the IETF Script MIB

Scalable and efficient management of todays fast growing networks requires distributed management systems. This paper introduces a classification of distributed management systems, followed by an overview of technologies for building such systems. One technology, the IETF Script MIB, is discussed in detail, including an implementation architecture and performance studies. Finally, application scenarios are presented, demonstrating how distributed management applications can be built by means of the IETF Script MIB.

Towards autonomous network domains

The Internet is currently evolving beyond what its architecture can support. Often, the mechanisms that allow the Internet to adapt to increasingly conflicting sets of new requirements break some of its basic design principles and can thus severely interfere with end-to-end communication. This paper recognizes that increased autonomy of network regions is a key requirement for future internetworking. It outlines a new internetworking architecture that enables interoperation among a set of autonomous, heterogeneous network domains. The architecture is based on a global identity space and does not require global addressing or a shared internetworking protocol. It integrates the new concept of dynamic network composition with other recent architectural concepts, such as decoupling locators from identifiers.

TurfNet : an architecture for dynamically composable networks

The Internet architecture is based on design principles such as end-to-end addressing and global routeability. It suits relatively static, well-managed and flat network hierarchies. Recent years have shown, however, that the Internet is evolving beyond what the current architecture can support. The Internet architecture struggles to support increasingly conflicting requirements from groups with competing interests, such as network, content and application service providers, or end-users of fixed, mobile and ad hoc access networks. This paper describes a new internetworking architecture, called TurfNet. It provides autonomy for individual network domains, or Turfs, through a novel inter-domain communication mechanism that does not require global network addressing or a common network protocol. By minimizing inter-domain dependencies, TurfNet provides a high degree of independence, which in turn facilitates autonomic communications. Allowing network domains to fully operate in isolation maximizes the scope of autonomic management functions. To accomplish this, TurfNet integrates the emerging concept of dynamic network composition with other recent architectural concepts such as decoupling locators from identifiers and establishing end-to-end communication across heterogeneous domains.

Remote Service Deployment on Programmable Switches with the IETF SNMP Script MIB

Some approaches to network programmability require control processes for network devices. Such control processes are executed at the device or at a control node locally connected to the device. This paper discusses the management of these control processes, which is part of configuration management. Typically, similar or identical control processes have to be installed on several devices of the same network in order to realize a desired service. In such cases an automated remote installation and maintenance of control processes is desirable, especially when devices are located far away from each other. The idea presented and evaluated in this paper is managing the control processes remotely with the IETF SNMP Script MIB. It is shown that the Script MIB provides sufficient means for installing, configuring, starting, updating, replacing, and terminating control processes for programmable network devices. We applied our idea to GSMP control processes realizing an IP switching over ATM service. This case study demonstrates the feasibility, but also discusses practical problems and restrictions.

Secure internet management by delegation

Abstract The IETF Script management information base (MIB) integrates the management by delegation (MbD) model into the Internet management framework. This paper discusses the security aspects of the Script MIB concerning MIB access security and runtime security of delegated management functions. The paper shows how SNMPv3 security mechanisms have been utilized to protect the Script MIB from unauthorized access. A prototype implementation is presented using the Java virtual machine as a runtime system for delegated management functions. The prototype demonstrates how solutions to all security aspects can be integrated.

Efficient Extensible Synchronization in Sather

Sather, a parallel object-oriented programming language developed at ICSI, offers advanced thread synchronization constructs separating locking mechanism and policies. While a lock management system provides a general locking mechanism, synchronization objects define and implement different extensible policies. Commonly used synchronization objects such as mutual exclusion and reader/writer locks are provided by the standard Sather library. Synchronization objects with more complex semantics can be defined by the user. The conjunctive and disjunctive acquisition of collections of locks and the deadlock detection are distinct features of Sather supported by the locking mechanism. This paper introduces the Sather synchronization constructs and presents the design and implementation of a lock management runtime system. We argue that a clean, object-oriented design allows us to support sophisticated synchronization policies while preserving efficiency on distributed computing platforms. The system is fully implemented and runs on several platforms including a network of symmetric multiprocessors connected by a fast, user-level, low latency communications network.

Scalable and efficient QoS support for SIP‐signalled voice calls

This paper proposes an extension of the functionality of a SIP proxy server for providing QoS to SIP-signalled voice over IP calls in a scalable and efficient way. The basic concept lies in aggregating SIP calls into bandwidth-provisioned trunks and on admitting calls on trunks only within the limit of their bandwidth. The SIP proxy server derives bandwidth requirements of SIP calls directly from parsed SIP messages. The bandwidth of the logical trunks can be dynamically changed. With a moderate trunk over-sizing, the trunk resizing rate can be kept much lower than the call arrival process. The approach scales well in a scenario where a centralized entity (bandwidth broker) is in charge of managing all the trunks of a given domain. We present simulation results that confirm this good scalability. The functionality and scalability of the proposed approach is compared with other ones currently discussed in the IETF or in the literature. Copyright