一個增進SIP在防火牆環境中應用的協同模組

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：50

、訪客IP：18.220.154.41

姓名

張永佳(Yung-Chia Chang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

一個增進SIP在防火牆環境中應用的協同模組
(A Coordinate Module to Enhance SIP Using in Firewall Environment)

相關論文

★ 整合多樣配置組態下的藍芽射頻驗證系統	★ 具檔案敘述相關語查詢之智慧型檔案搜尋系統
★ 具遲到者支援功能之網際網路簡報系統	★ 以快速廣播法建構熱門視訊隨選服務伺服器
★ 具事件同步再現特性之遠程電傳展示伺服器	★ 無線網路環境下之廣播資訊快速下載
★ 中文網站繁簡互訪協助系統	★ 支援時光平移播放之調適性現場直播演算法
★ 用於互動式廣播之段落對齊法	★ 熱門影片廣播法之影片區段復原機制
★ 配合熱門影片廣播的本地伺服器高效快取法	★ 考量網頁熱門度之一致性雜湊法解決網頁代理伺服器之負載平衡
★ 以網域名稱伺服器為基礎之色情網站過濾系統	★ 使用熱門廣播法及支援點對點傳輸之影音內容傳遞網路
★ 變動頻寬平滑化之熱門廣播演算法	★ 支援變動播放速率及低暫存空間需求之熱門廣播法研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

應用層的訊號通訊協定，例如 SIP (Session Initiation Protocol)，常常遭到防火牆及轉址器的阻擋。想辦法讓SIP封包穿透防火牆已經變為一個很熱門的話題，而且有許多解決方法被發展出來。應用層閘道(ALG)、中繼盒的通訊(MIDCOM)及背端對背端之媒體代理人(B2BUAWM)是幾個最可行的方法之一，然而，這些方法也導致了另外一些問題，像是使得防火牆不能獨立運作,效能下降，或是安全機制不完善。為了解決這些問題並且增進SIP在防火牆環境的應用，我們嘗試去設計一套協同模組。在這套協同模組中，我們讓一台傳統式的防火牆與一台能處理SIP的防火牆互相合作，經由設定傳統式防火牆的轉送規則，我們能把通訊量分散到兩台防火牆並使它們獨立運作，能處理SIP封包的防火牆可用於紀錄與標記封包供記帳與專用路徑的選擇。此外，配合像是登入這種身分認證機制可使防火牆與通道的安全性更加完備。最後，我們實做出我們的基本協同模組並且展示它是如何運作的。

摘要(英)

Application layer signaling protocols such as SIP (Session Initiation Protocol) are usually broken, en-route by firewalls and NATs. Getting SIP packets through firewalls is a popular topic and there are a large amount of solutions developed to solve it. The ALG (Application Layer Gateway), MIDCOM (Middlebox Communication) and B2BUAWM (Back to Back User Agent with Media) are the most workable solutions for it, however, those solutions results some more problems that make the firewall be not independent, performance decrease or the security mechanism not complete. To solve those problems and to enhance the SIP to be used in the firewall environment, we try to design a coordinate module. In our coordinate module approach, a traditional firewall is cooperated with a SIP aware firewall. By setup the forwarding rules of traditional firewall, we can separate the traffic into two firewalls that makes both firewall work independently. In addition, we perform an authentication mechanism such as a login scheme to complete the security. Finally, we implement our coordinate module and show how it works.

關鍵字(中)

★ 傳統式的防火牆
★ 協同模組
★ 背端對背端之媒體代理人
★ 中繼盒的通訊
★ 應用層閘道
★ 轉址器
★ 防火牆
★ SIP
★ 處理SIP的防火牆

關鍵字(英)

★ B2BUAWM
★ MIDCOM
★ ALG
★ NAT
★ firewall
★ SIP

論文目次

Table of Contents
論文提要……………………………………………………………………………….i
Abstract………………………………………………………………………………..ii
Table of Contents……………………………………………………………………..iii
List of Figures……………………………………………………………………… v
List of Table…………………………………………………………………………vi
Chapter 1 Introduction………………………………………………………………...1 1.1 Research Motivation…………………………………………………………2
1.2 Research Background………………………………………………………...3
1.3 Organization of Thesis……………………………………………………….4
Chapter 2 Related Works………………………………………………………………5
2.1 Overview of SIP……………………………………………………………...5
2.2 Firewall and NAT…………………………………………………………….6
2.3 The Problem of Firewall/NAT Traversal for SIP…………………………….8
2.4 ALG (Application Layer Gate)……………………………………………….9
2.5 MIDCOM (MiddleBox Communication)…………………………………..11
2.6 B2BUAWM (Back to Back User Agent with Media)………………………12
2.7 The New Problem…………………………………………………………...13
Chapter 3 Module Architecture and Analysis………………………………………...15
3.1 The Coordinate Module……………………………………………………..15
3.2 Authentication Mechanism………………………………………………….19
3.3 Incoming Call……………………………………………………………….20
3.4 Analysis……………………………………………………………………..21
Chapter 4 Implementation……………………………………………………………23
4.1 System Implementation……………………………………………………..23
4.2 Example--Make the Call Successfully……………………………………...23
4.3 Example — Call Denied……………………………………………………32
Chapter 5 Conclusion………………………………………………………………...37
5.1 Conclusion…………………………………………………………………..37
5.2 Future Works………………………………………………………………..39
Reference……………………………………………………………………………..40

參考文獻

Reference
[1] M. Handley, et al. “SIP: Session Initiation Protocol,” IETF RFC 2543, 1999.
[2] H. Sinnreich, A. Johnston. Internet Communications Using SIP, P.109-P.123, WILEY, 2001.
[3] Tsang, S., Marples, D., Moyer, S. “Accessing networked appliances using the session initiation protocol,” IEEE International Conference on, Volume: 4, 2001.
[4] Tat Chan; Senthil Sengodan “On applying SIP security to networked appliances,”
Networked Appliances, 2002. Proceedings. 2002 IEEE 4th International Workshop on , 2002.
[5] J. Rosenberg, Mahy, Sen. “NAT and Firewall Scenarios and Solutions for SIP,” IETF Internet draft, November 2001.
[6] J.Rosenberg,D.Drew,H.Schulzrinne. “Getting SIP through Firewalls and NATs,” IETF Internet draft, February 2000.
[7] J. Roseberg, H. Schulzrinne. “SIP Traversal through Residential and Enterprise NATs and Firewalls,” IETF Internet draft, March 2001.
[8] J. Peterson. “Application-Layer Policy Enforcement at SIP Firewalls,” IETF Internet draft, July 2000.
[9] D. Yon. “Connection-Oriented Media Transport in SDP,” IETF Internet draft, February 2001.
[10] B. Biggs. “A SIP Application Level Gateway for Network Address Translation,” Internet draft, August.
[11] F. Thernelius, B. Engelholm. “SIP Firewall Solution,” IETF Internet draft, July 2000
[12] C. Martin, A. Johnston. “SIP Through NAT Enabled Firewall Call Flows,” IETF Internet draft, 2001.
[13] P. Srisuresh, J. Kuthan, J. Roseberg. “Middlebox Communication Architecture and Framework,” IETF Internet draft, 2001.
[14] M. Barnes. “Middlebox Communications (MIDCOM) Protocol Evaluation,” IETF Internet draft, Sept. 2002.
[15] J. Roseberg, P. Mataga, and H. Schulzrinne. “An Application Server Component Architecture for SIP,” IETF Internet draft, November 2000.
[16] J. Rosenberg, H. Schulzrinne, C. Huitema, D. Gurle. “Session Initiation Protocol Extension for Instant Messaging,” IETF Internet draft, September 2002.
[17] R. Atkinson. “Security Architecture for the Internet Protocol,” IETF RFC 1825, 1995.
[18] D.Senie. “ NAT Friendly Application Design Guidelines,” IETF Internet draft, March 2001.
[19] A. Johnston, et al. “SIP Call Flow Examples,” IETF Internet draft, 2001.
[20] B. Campbell. “Framework for SIP Call Control Extensions,” IETF Internet draft, March 2001.
[21] J. Rosenberg, H. Schulzrinne. “Session Initiation Protocol (SIP) Caller Preferences and Callee Capabilities," IETF Internet draft, July 2002.
[22] Latvakoski, J, Paakkonen, P, Pakkala, D, Tikkala, A, Remes, J, Valitalo, P. “Interaction of all IP mobile Internet devices with networked appliances in a residential home,” Distributed Computing Systems Workshops, 2002. Proceedings. 22nd International Conference on , 2002
[23] K. Egevang, P. Francis. “The IP Network Address Translateor,” IETF RFC 1631, May 1994.
[24] T. Hain. “Architectural Implications of NAT,” IETF RFC 2993, 2000.

指導教授

曾黎明(Li-Ming Tseng)

審核日期

2002-10-9

推文