Session  Joint Workshop on SIP and Network Security
 Chair(s)  Quincy Wu [solomon@ipv6.club.tw]
 Yoshiaki Kasahara [kasahara@nc.kyushu-u.ac.jp]
 Yasuichi Kitamura [kita@jp.apan.net]
 Objective - Exchange ideas and discuss about VoIP/SIP related security issues such as SPIT, DoS, MitM attacks, etc., and security tools against these attacks

- To raise the security awareness and knowledge within APAN community

- To exchange experience and knowledge in network security technologies and issues, and

- To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
 Target Audience  Researchers, Scientists, Network Engineers
 Agenda 14:00-15:30 Chair: Yoshiaki Kasahara [kasahara@nc.kyushu-u.ac.jp]

1. VoIP Security Threats and Countermeasures
Speaker: Eric Y. Chen (NTT Information Sharing Platform Laboratories)
Abstract & Biography:
The VoIP technology has been increasingly popular and the number of its users has surged in the past years, because of its economical advantage over the traditional PSTN services. As a side effect, various VoIP servers and clients are becoming attractive targets of malicious attacks. This presentation introduces major security threats against VoIP and discusses possible countermeasures using the technology available.
Biography: Eric Chen has been a researcher at NTT Information Sharing Platform Laboratory in Japan since 1997. He received his Ph.D. in computer science from the University of Tokyo and MBA from McGill University in Canada. He has served in the Technical Advisory Board of VoIP Security Alliances (VOIPSA) and the technical program committee in conferences such as IPTCOMM, SIGCOMM LSAD and SAINT. His current research interests include VoIP security, SPIT and DDoS attacks.

2. Advanced Flooding attack on a SIP Server
Speaker: Ms Xianglin Deng, University of Canterbury, Malcolm Shore, Technology Strategist, Telecom NZ Ltd, and Adjunct Senior Fellow, University of Canterbury
Abstract & Biography:
SIP is a lightweight application layer protocol designed to manage and establish multimedia sessions, such as those required in video conferencing, Voice over IP telephony, messaging, and data sharing. SIP servers are vulnerable to denial of service (flooding) attacks, and are typically located inside the corporate LAN behind a firewall with SIP flooding protection. In this paper, we demonstrate how such firewalls can be defeated and a SIP flooding attack achieved, and then describe a firewall mechanism to counter this form of attack. A further improvement involving enhancements to the SIP server is also described and test results detailed. This work has involved use of the innovative JAIN SLEE environment to develop an enhanced SIP Server, and the advantages of this environment are discussed.
Biography: Ms Xianglin Deng. Ms Xianglin Deng came from Chengdu, Peoples Republic of China in 2002 to undertake graduate studies in telecommunications at Otago University. Upon graduating with first class honours, she moved to Canterbury University to do further post graduate studies. Xianglin obtained a scholarship from Telecom NZ and MediaLab Ltd to support her Master's degree, which is in the area of SIP Flooding attacks with a strong focus on VoIP architectures.

Dr Malcolm Shore: Dr Shore emigrated from the UK to New Zealand in 1974 and in 1976 took a commission in the RNZAF. His career involved applications and systems programming followed by a policy/planning position in Defence Headquarters. Malcolm retired from the RNZAF and took a position with the Government Communications Security Bureau as Manager Computer Security followed by appointment to Director Information Systems Security. During this time, Malcolm completed his PhD at Otago University. Subsequent to his government service, Dr Shore has been involved with the design and development of commercial voice, satellite, and radio cryptographic products. He current is a technology strategist for Telecom NZ and holds an adjunct position as Senior Fellow in the Computer Science and Software Engineering department of Canterbury University, where he lectures in Computer Forensics and Information Warfare, and a position as Guest Professor to Wuhan University, China.

3. Current Practices and Outlook for SIP Security
Speaker: Nate Klingenstein, Internet2
Abstract & Biography:
Abstract: SIP is a protocol used primarily for video and audio conferencing. While spam was at one time confined to text-based messaging systems, such as email and instant messages, there has been a growing prevalence of spam sending prerecorded videos to video conferencing systems. With limited authentication and authorization capabilities built into the core protocols, beyond the spam lie potential DoS, impersonation and registration attacks. This session will examine the functionality implemented in products, some deployed environments, and potentials for future research & development to give SIP better ways to fight these problems.

Biography: Nate Klingenstein is a member of the Shibboleth core team. His primary research interests include sharing identifiers and identities across domains, the nature of identity vs. identifier vs. attribute, holder-of-key federated identity, modeling externally facing enterprise middleware interfaces, and reputation-based trust webs. Research hobbies are economics, quantum physics, cosmology, large fish, peak oil, and biochemistry. He is actively involved in OASIS SSTC and other standards efforts.

16:00-17:30 Chair: Yasuichi Kitamura [kita@jp.apan.net]

4. [VTC] Internet Threat Monitoring and 3D Visualization
Masaki Ishiguro (Information Security Research Group, Mitsubishi Research Institute, Inc.)
Abstract & Biography:
Abstract: We developed 3D visualization system for Internet Threats caused by malicious packets from worms. The system evaluates threat levels based on statistical analysis of monitored packets and enables GoogleEarth clients to visualize real-time status of Internet threats.

Biography: Masaki Ishiguro is a senior researcher at Information Security Research Group, Mitsubishi Research Institute, Inc. He received his master's degree at the Graduate school of information science, the University of Tokyo in 1994 and then has been working for Mitsubishi Research Institute. He has been engaged in research and development projects for Internet threat detection system, formal verification of security protocols, medical image recognition system, risk evaluation of information security.

5. Internal Enterprise Security: A holistic Approach
Speaker: Sureswaran Ramadass (Univ Sains Malaysia)
Abstract & Biography:
Abstract: Internal Enterprise Security is an issue that has now become a vital part of security for all small, medium and large scale organizations. ICT security initially covered the following areas:
* Server security
* Virus
* Defenses against attacks from the Internet.
Today, it is a well known fact that over 80% of security breaches happen from inside your network. With such statistics, it is obvious that there has to be a high level of security now in place within the enterprise network. But are there proper tools available to cater for such issues? This presentation talks about the work done by the iNet team to develop an all encompassing enterprise security tool called the J-Enterprise Suite.
It is a partially Open Source Security Development Platform built using Java.
In brief, the jNetmon Suite Covers the following areas:
* Network Monitoring and Protection Tool that can operate in a real time.
* A troubleshooting Tool that can detect Faults and threats causing performance and security issues in the network.
* Can operate and cover an entire enterprise level network.

Biography: Associate Professor Dr. Sureswaran Ramadass is an Associate Professor at the Universiti Sains Malaysia. He is also the Director of the National Advanced IPv6 Centre of Excellence (NAv6) as well as the Chairman of Mlabs Systems Berhad, a MESDAQ listed company.

Dr. Sureswaran obtained his Bachelor in Electrical and Computer Engineering (Magna Cum Laude) and Masters in Electrical and Computer Engineering from the University of Miami in 1987 and 1990 respectively. He obtained his doctorate from Universiti Sains Malaysia (USM) in 2000. Dr Sureswaran started off his career in 1990 as a senior member of the technical staff of the research team of MODCOMP, (Florida) a company focused on the R&D of real-time operating systems. In MODCOMP, Dr. Sureswaran worked with numerous organisations to benchmark their needs, including Jet Propultion Labs (JPL) and National Aeronautics and Space Administration (NASA) for their remote space vehicles. He left in 1991 and joined ICON Business System, Inc (Florida) as Senior Consultant. He was subsequently promoted to Vice President Engineering and was responsible in overseeing the entire engineering and R&D divisions of ICON Business Systems, Inc. (Florida). In 1992, he returned to Malaysia to join USM as a lecturer.

Since he joined USM, Dr. Sureswaran founded s the Network Research Group (NRG), an internationally known research group. This group has since then been upgraded into the National Advanced IPv6 Center of Excellence (Nav6), which concentrates in the following areas
* Multimedia Conferencing Systems
* Distributed Systems and Network Entities
* Real Time Enterprise Network Monitoring
* Real Time Enterprise System Security
* Satellite and Wireless Networks
* IPv6 Research, Development and Consultancy
* Digital Library Systems
Nav6 currently has about 45 researchers working in the above areas. Dr. Sureswaran was a Senior R&D Consultant for Cabletron Systems, GITN, Mlabs Systems, Computer Associates, Inetmon, Usains, MIMOS and CompQuest. The collaboration with these companies includes the joint development of new and innovative ideas and products. Of important note is that Dr. Sureswaran was the founder and headed the management team that took Mlabs Systems Berhad to a successful listing on Bursa Malaysia's MESDAQ. Mlabs is the first, and so far, only university based R&D product to be listed in the MESDAQ.

Dr. Sureswaran is currently one of the steering committee members and the IPv6 Domain Head for MYREN (Malaysian Research and Education Network). MYREN is the dedicated high speed Research and Education network in Malaysia. He is also involved in IGS, MGS and IRPA evaluation committees and has also successfully received numerous IPRA, MGS and IGS grants. He is often called in as an expert for technical and commercial due diligence on networks, security, communications and Internet based projects and companies. He is also frequently invited as a speaker in the above areas.

Dr. Sureswaran's international involvement includes many high profile positions, such as Primary Member of APAN as well as the Head of APAN Malaysia (Asia Pacific Advanced Networks). APAN is a consortium of research networks in the Asia Pacific region. Its main goal is to build high speed interconnection links to connect the Asia Pacific Research and Education Networks. He was the Head of the Multimedia SWG and is now the Technology Area Director for APAN. He had initiated numerous ambitious projects, including the incorporation of a multipoint multimedia conferencing system and other virtual systems to support the APAN network.

Dr. Sureswaran has been appointed as a Director of the AI3 project and is also the Head of the AI3 (Asian Internet Interconnections Initiative) for Malaysia. This project is part of the Japanese WIDE project and involves Thailand, Indonesia, Hong Kong, Singapore, China, Cambodia, Philippines and Laos. Part of this project is supported by MEASAT.

Of particular importance is that Dr. Sureswaran was one of the 18 finalist for the ICANN at large Directorship, year 2000. ICANN is the Internet Corporation for Assigned Names and Numbers, and is the organization in charge of coordinating Internet related matters for the entire world. He is so far the only candidate from this part of the world to be awarded such recognition. Dr. Ramadass was also recently appointed as an advisor to the Japanese government's Ministry of Public Management, Home Affairs, Posts and Telecomm. (MPHPT).

Dr. Ramadass has published over 70 research papers, and written chapters and provided materials for 4 books. He has given numerous keynote addresses and has chaired 4 conferences/workshops. He has been a member of the programme committee for numerous international conferences and has reviewed papers for many international and national level conferences.

Dr. Ramadass has received over RM 15 million (USD 4 million) in research funding and grants from numerous organizations in the 14 years that he has been with the university and is projected to receive another RM 5.8 million within this year.

6.A trail of traceback system in Interop Tokyo 2008
Speaker: Hiroaki Hazeyama (Nara Institute of Science and Technology
Abstract & Biography:
Abstract: We developed a Hash-based IP traceback system and we had a trial of IP traceback operation in Interop Tokyo 2008 from 11th June to 13th June, 2008. The IP traceback system audited all external links of Interop Tokyo 2008. Triggered by alerts from Intrusion Detection Systems settled in customer side, the IP traceback system traced the actual external path of attacks, even when a target packet was source IP spoofed packet.

Biography: Hiroaki Hazeyama received his Ph.D degree in Engineering from Nara Institute of Science and Technology (NAIST), Japan, in 2006. He is currently an asistant professor in Graduate School of Information Scienece, NAIST. His Research interests include network operation, network security, and large-scale network testbed.
 Remark  Room setup: Class Room Shape

© 2008 APAN | Last Updated 6 August 2008