支持QoS的SIP代理服务器方案的设计与实现

从如何提高基于SIP协议的VoIP系统的语音质量出发,分析了该系统与MPLS技术结合处的难点,并提出了一种支持QoS的SIP代理服务器模型的解决方案。该方案的设计结构清晰、可扩展性强,解决了SIP代理服务器在IP网络中没有会话服务质量控制能力的问题,是一种好的融合VoIP及MPLS两大技术的应用模型。该方案目前已运用于基于嵌入式Linux平台的VoIP系统中,完全能够满足高质量语音的需求。     

基于Kademlia算法的P2PSIP系统的研究与设计

本文首先概述了基于C/S模式的传统SIP系统的缺陷、P2PSIP系统的由来及发展现状,然后提出了一种构建于P2P层之上的SIP网络电话(P2PSIP)系统的设计方案,其中P2P层采用全分布式哈希表算法Kademlia算法实现;接着重点分析了该方案中DHT(Kad)模块的工作机制以及SIP over P2P中的交互消息;最后给出基于该方案的原型系统的测试结果。     

An efficient relay node selection scheme to improve the performance of P2P-based VoIP applications in Chinese internet

Peer-to-peer (P2P) systems have been widely deployed and used to provide voice-over-IP (VoIP) service in the Internet. However, the current best-effort Internet cannot readily provide the service guarantees that meet the quality standards achieved in the public switched telephone network (PSTN). To address this problem, many studies have demonstrated that exploiting path diversity is a promising approach, such as multi-homing and overlay routing. In this paper, we focus on the overlay scenario and bring forward a previously unexplored approach that exploits the properties of delay space of Internet to select relay node to enhance the performance of P2P-based VoIP applications in Chinese Internet. By conducting intensive Internet measurements, we analyze the properties of delay space of Chinese Internet and show these properties can be readily exploited to select relay node with as small a cost as possible. Exploiting these properties we bring forward an efficient relay node selection scheme to improve the performance of P2P-based VoIP applications in Chinese Internet. Our intensive evaluation by trace-driven simulation shows our scheme is highly efficient and easy to be implemented.     

支持VoIP电话紧急呼叫的QoS保障方案及其仿真

紧急呼叫在Internet上是一个非常重要的任务,在有限带宽情况下尽可能多地接受VoIP呼叫是必要的;但同时为紧急呼叫提供高质量的服务也是必须的。本文基于一种保证端到端的VoIPQoS服务模型,提出了新的方案。该方案基于DiffservAF服务模型、SIP信息段和一种通过观察VoIP数据流信息而设计的呼叫接纳信令,来为紧急VoIP提供高质量服务。最后,根据网络仿真结果性能指标,验证提出方案的合理性、可靠性。     

抵御SIP分布式洪泛攻击的入侵防御系统

针对SIP分布式洪泛攻击检测与防御的研究现状,结合基于IP的分布式洪泛攻击和SIP消息的特点,提出了一种面向SIP分布式洪泛攻击的两级防御分布式拒绝服务(DDoS)攻击体系结构(TDASDFA):一级防御子系统(FDS)和二级防御子系统(SDS)。FDS对SIP的信令流进行粗粒度检测与防御,旨在过滤非VoIP消息和丢弃超出指定速率的IP地址的SIP信令,保证服务的可用性;SDS利用一种基于安全级别设定的攻击减弱方法对SIP信令流进行细粒度检测,并过滤具有明显DoS攻击特征的恶意攻击和低流量攻击。FDS和SDS协同工作来实时检测网络状况,减弱SIP分布式洪泛攻击。实验结果表明,TDASDFA能实时地识别和防御SIP分布式洪泛攻击,并且在异常发生时有效地减弱SIP代理服务器/IMS服务器被攻击的可能性。     

综合UDP打洞与Http代理的SIP穿越NAT方案

软交换是下一代网络中的核心技术,SIP协议作为下一代网络最重要的协议之一,已经被广泛应用于VoIP系统中。 SIP协议无法支持SIP信令和媒体流的NAT穿越,从而限制了其在广域网上的应用和发展。虽然目前解决NAT穿越的方案已经很多,但都存在着一定的局限性。文中详细解释了NAT对SIP通信的影响,介绍了UDP打洞技术的基本原理,介绍了UDP打洞技术穿越锥形NAT的流程,以及Http代理网关方式穿越各种NAT的流程。文中通过比较各种NAT穿越方案的优缺点,提出一种综合UDP打洞与Http代理网关的NAT穿越方案。经过论证与实验,证明了该方案的可行性。     

基于P2P的文件共享系统信任机制研究

近几年基于P2P的文件共享系统得到了广泛的应用.与此同时,大量的虚假文件、病毒也得以在P2P网络中散布,而某些用户在使用这类系统时也存在一系列不负责任的行为,这也就导致了系统的安全受到威胁,系统的服务质量不高.针对上述问题,基于查询请求以及目标节点的选择建立了一种信任机制.该机制一方面能够减少查询消息数,避免网络拥塞,另一方面能够有效防止选中提供虚假文件、病毒的节点以及不负责任的节点,进而提高文件共享系统的安全性与服务质量.     

Traffic Prediction for Reliable and Resilient Video Communications Over Multi-Location WMNs

This paper studies reliable and resilient deployment of video over IP across a multi-location organization, where a number of wireless mesh network (WMN) clouds are connected by a virtual private network (VPN). Particularly, we propose a scheme of enhanced SIP proxy server which can support an accountable network. In our proposed solution, the enhanced SIP proxy server consists of three modules, namely traffic load prediction, VPN bandwidth negotiation, and call admission control (CAC) in order to provide trustable service. We identify traffic load prediction as the key component among the three modules, and we further develop a linear predictor of variable sampling rate-normalized least mean square (VSR-NLMS) to estimate the traffic patterns. VSR-NLMS predictor employs adjustable sampling rate to achieve improved efficiency and performance. Numerical results show that our proposed scheme can automatically choose suitable sampling rate to track and predict the traffic load curve with acceptable accuracy and reasonable computational complexity.     

一种SIP NAT应用网关的设计与实现

使用私有地址的SIP软交换系统用户如何与公网用户进行会话，即如何SIP消息进行NAT操作，目前还没有应用标准，现有草案中提出的方法无论是否实现于应用层，都对SIP协议本身进行了扩展，这无疑给具体实现增加了很大的难度，同时也带来了兼容性问题，本文从SIP消息体的特点出发，提出了一种无需扩展SIP协议的易于实现的应用层解决方案，并结合呼叫流程详细叙述了具体实现过程。     

基于WLAN的VoIP嵌入式终端的设计

VOIP是一种新型的语音通信技术,由于其以Internet作为载体受到了广泛的关注.利用已有的WLAN网络实现无线的VoIP通话,可以提高网络资源的利用率并降低了通话成本.提出了一种基于SIP协议把VoIP和WLAN技术相融合的嵌入式无线终端方案,进行了硬件和软件设计,为系统开发提供了可行的实现途径.     

Formal analysis for robust anti-SPIT protection using model checking

Anti-SPIT policies counter the SPam over Internet Telephony (SPIT) by distinguishing bots launching unsolicited bulks of VoIP calls from human beings. We propose an Anti-SPIT Policy Management mechanism (aSPM) that detects spam calls and prevents VoIP session establishment by the Session Initiation Protocol (SIP). The SPIN model checker is used to formally model and analyze the robustness of the aSPM mechanism in execution scenarios with parallel SIP sessions. In case of a possible design flaw, the model checker provides a trace of the caught unexpected behavior (counterexample), that can be used for the revision of the mechanism’s design. Our SPIN model is parameterized, based on measurements from experiments with VoIP users. Non-determinism plays a key role in representing all possible anti-SPIT policy decisions, in terms of the SIP messages that may be exchanged. The model checking results provide evidence for the timeliness of the parallel SIP sessions, the absence of deadlocks or livelocks, and the fairness for the VoIP service users. These findings ensure robust anti-SPIT protection, meaning that the aSPM mechanism operates as expected, despite the occurrence of random SPIT calls and communication error messages. To the best of our knowledge, this is the first analysis for exhaustively searching security policy flaws, due to complex interactions between anti-SPIT measures and the SIP protocol services.     

多进程VoIP网关中SIP穿越NAT的实现

在多进程的VoIP网关中,需要识别不同的SIP包,判断是否需要穿越NAT,该文参考SIP的ALG草案,将下层的SIP消息发送到应用层来进行识别区分,将需要穿越NAT的SIP消息修改后转发出去,而不需要穿越NAT的SIP消息就不作处理,直接转发。该方案无须扩展SIP协议,就实现了在多进程的VoIP网关这样的应用场景下的多路SIP会话。     

VoIP网关中多链路SIP信令模块的设计与实现

文中在基于Linux操作系统的VoIP网关中，以单链路SIP信令实现为基础，提出了采用多进程架构的多链路SIP信令模块的设计实现方案。该设计继承了SIP协议固有的简单，可扩展性强等优点，而且多进程架构的设计结构清晰，能同时支持多路VoIP会话的建立与维护，解决了多用户的VoIP服务接入问题。该方案目前已用于基于Linux平台的VoIP网关的信令实现，完全满足VoIP网关的多链路处理与维护的需求。     

ADVS: a reputation-based model on filtering SPIT over P2P-VoIP networks

Interconnection among VoIP networks over the Internet is being an important trend. Therefore, distributed and self-organized VoIP networks are emerging as the times require. Because of VoIP’s cheapness and simplicity, many institutes forecast that it emerges as next spam entryway, like e-mail service. Especially, interconnected VoIP networks are self-organized and lack centralized authority. In this paper, we propose a novel scheme, called ADVS (Anti-Distributed Voice Spam), against SPIT (SPam over Internet Telephony) on the distributed and self-organized VoIP networks. ADVS presents a proper reputation model to evaluate end-user’s past behavior and accumulate other users’ referrals for detecting and filtering spam calls. In the VoIP network, ADVS acts as a middleware of VoIP proxy and constructs a DHT-based P2P network over call proxies and part of P2P-VoIP client to interlink each other and share end-user’s reputation. At the end of the paper, we verify AVDS through building simulation test bed. The results of experiment show that ADVS could detect spam calls accurately and stably.     

SIP协议的消息过程

本文在介绍SIP协议的基础上，分析了SIP协议消息及几个典型过程，并阐述了协议的架构特点及对VoIP发展的影响。     

VoIP系统SIP—QoS代理服务器设计方案

文中以解决VoIP系统的语音质量问题为目标,深入研究了基于SIP的VoIP系统QoS控制技术。参照IMS网络结构,考虑通信业务的QoS要求,研究以SIP为信令协议的VoIP系统如何进行呼叫控制、资源预留和策略决策,融人到SIP用户代理、SIP代理服务器,提出了一个具有QoS能力的SIP代理服务器的设计方案,增加了策略决策功能（PDF）等网络实体,支持QoS的能力得到增强。文中详细讨论了支持QoS的siP网络的增强能力,具有QoS能力的SIP代理服务器的功能结构,QoS功能模块,以及QoS资源授权和预留决策过程。     

异构网络中信令压缩的应用*

作为标准的信令协议,会话发起协议(session initiation protocol,SIP)可以很好地支持异构网络中的移动性。但是,SIP消息传输过程中带来的高时延会影响VoIP等实时性应用的服务质量。针对这种情况,提出了一个基于信令压缩的异构网络框架,用户在使用SIP消息注册、鉴权时产生的信令消息均被压缩后再进行传输。仿真结果显示,在该框架下信令压缩可以缩短20%的传输时延和节省30%的网络开销。     

基于RADIUS与SIP的VoIP认证计费系统的研究

为了解决VoIP认证计费问题,介绍了RADIUS协议及SIP认证方式,提出了扩展RADIUS协议以支持SIP认证的方法,并详细说明了经由认证处理的呼叫建立过程,给出了基于RADIUS和SIP协议的VoIP认证的具体实现方式,最后通过在SIP代理服务器上部署相应的计费策略,并结合RADIUS服务器的计费功能,给出了VoIP计费的实现方法.     

SMOCK: A Scalable Method of Cryptographic Key Management for Mission-Critical Wireless Ad-Hoc Networks

Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infrastructure monitoring, etc. Such mission-critical applications demand that security service be “anywhere,” “anytime,” and “anyhow.” However, it is challenging to design a key management scheme in current mission-critical networks to fulfill the required attributes of secure communications, such as data integrity, authentication, confidentiality, nonrepudiation, and service availability. In this paper, we present a self-contained public key-management scheme, a scalable method of cryptographic key management (SMOCK), which achieves almost zero communication overhead for authentication, and offers high service availability. In our scheme, a small number of cryptographic keys are stored offline at individual nodes before they are deployed in the network. To provide good scalability in terms of the number of nodes and storage space, we utilize a combinatorial design of public-private key pairs, which means nodes combine more than one key pair to encrypt and decrypt messages. We also show that SMOCK provides controllable resilience when malicious nodes compromise a limited number of nodes before key revocation and renewal.      

SIP Proxy系统中穿透NAT的实现

SIP协议以其在开放性、扩展性以及与Internet结合紧密的优势在VoIP应用中广泛采用,而NAT是主要用来通过防火墙或者路由器使多个局域网的私有IP共享一个共有的IP的技术。介绍了NAT的穿透原理,然后介绍了在SIP Proxy系统中穿透NAT的方法,并且分析了这种方法如何和SIP的信令结合在一起。该方法可以大大地拓宽VoIP系统的应用范围,使得在目前IP地址资源非常紧缺的情况下有更多的用户可以享受到VoIP的服务,并已经在开发的VoIP系统得到了运用,系统稳定且有效。