The Shield project relied on application protocol analyzers to detect potential exploits of application vulnerabilities. We present the design of a second-generation generic application-level protocol analyzer (GAPA) that encompasses a domain-specific language and the associated run-time. We designed GAPA to satisfy three important goals: safety, real-time analysis and response, and rapid development of analyzers. We have found that these goals are relevant for many network monitors that implement protocol analysis. Therefore, we built GAPA to be readily integrated into tools such as Ethereal as well as Shield. GAPA preserves safety through the use of a memorysafe language for both message parsing and analysis, and through various techniques to reduce the amount of state maintained in order to avoid denial-of-service attacks. To support online analysis, the GAPA runtime uses a streamprocessing model with incremental parsing. In order to speed protocol development, GAPA uses a syntax similar to many protocol RFCs and other specifications, and incorporates many common protocol analysis tasks as built-in abstractions. We have specified 10 commonly used protocols in the GAPA language and found it expressive and easy to use. We measured our GAPA prototype and found that it can handle an enterprise client HTTP workload at up to 60 Mbps, sufficient performance for many end-host firewall/IDS scenarios. At the same time, the trusted code base of GAPA is an order of magnitude smaller than Ethereal. 1

A Network Musical Performance (NMP) occurs when a group

This paper describes the Real-time Transport Protocol (RTP). The emphasis is on the security features like confidentiality, integrity and authentication. RTP security features are critically commented and alternative arrangements with their security implications are presented. RTP security is also discussed on multi protocol context where some of RTP’s security services are provided by IPsec, SIP, SAP and SDP protocols. 1

A Network Musical Performance (NMP) occurs when a group

In classic networking, sessions are ordered communication between two fixed end-points. In this thesis we introduce the concept of session migration where one of the end-points of the session can change without losing the integrity of the session. We examine if session migration can be used to increase the user perceived quality of service in heterogeneous, mobile networks.

my own work has been identified and no material is included for which a degree has previously been conferred.

Abstract—Voice over IP (or VoIP) has been adopted progressively not only by a great number of companies but also by an expressive number of people, in Brazil and in other countries. However, this crescent adoption of VoIP in the world brings some concerns such as security risks and threats, mainly on the privacy and integrity of the communication. The risks and threats already exist in the signaling process to the call establishment. This signaling process is performed by specific types of protocols, like the H.323 and SIP (Session Initiation Protocol). Among those risks and threats, we can emphasize the man-in-the-middle attack because of its high danger degree. After doing a bibliographical revision of the current SIP security mechanisms and analyzing some proposals to improve these mechanisms, we verified that the SIP vulnerability to the man-in-the-middle was not totally solved. Then we propose a new security mechanism for SIP in this paper, aiming both to be an alternative security mechanism and a solution for the vulnerability to the man-in-the-middle attack. In our proposal we use a protocol for secure information exchange – the Massey-Omura protocol – which, when combined with Pairing-based Cryptography (PBC), provides a better security level for SIP in all its aspects. Index Terms—man-in-the-middle, Massey-Omura, pairing, SIP, VoIP