File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Network forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics

TitleNetwork forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics
Authors
KeywordsBlocking
Enterprise network security
NAT traversal
Network forensics
Reverse engineering
Skype
Traffic analysis
Traffic prioritization
Issue Date2007
PublisherIEEE, Computer Society
Citation
Proceedings Of The Workshop On Enabling Technologies: Infrastructure For Collaborative Enterprises, Wet Ice, 2007, p. 401-406 How to Cite?
AbstractSkype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address translation (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks security and availability. Because Skype uses both encryption and overlays, detection and blocking of Skype is nontrivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and control policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the traditional payload-only approaches. Our solution is practicable both inside and outside the NAT firewalls. This breakthrough makes the detection, blocking, and prioritization of Skype traffics possible in both the enterprise internal networks and the Internet Services Providers carrier networks.
Persistent Identifierhttp://hdl.handle.net/10722/134696
ISSN
References

 

DC FieldValueLanguage
dc.contributor.authorLeung, CMen_HK
dc.contributor.authorChan, YYen_HK
dc.date.accessioned2011-07-05T08:24:36Z-
dc.date.available2011-07-05T08:24:36Z-
dc.date.issued2007en_HK
dc.identifier.citationProceedings Of The Workshop On Enabling Technologies: Infrastructure For Collaborative Enterprises, Wet Ice, 2007, p. 401-406en_HK
dc.identifier.issn1524-4547en_HK
dc.identifier.urihttp://hdl.handle.net/10722/134696-
dc.description.abstractSkype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address translation (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks security and availability. Because Skype uses both encryption and overlays, detection and blocking of Skype is nontrivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and control policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the traditional payload-only approaches. Our solution is practicable both inside and outside the NAT firewalls. This breakthrough makes the detection, blocking, and prioritization of Skype traffics possible in both the enterprise internal networks and the Internet Services Providers carrier networks.en_HK
dc.languageengen_US
dc.publisherIEEE, Computer Societyen_US
dc.relation.ispartofProceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICEen_HK
dc.subjectBlockingen_HK
dc.subjectEnterprise network securityen_HK
dc.subjectNAT traversalen_HK
dc.subjectNetwork forensicsen_HK
dc.subjectReverse engineeringen_HK
dc.subjectSkypeen_HK
dc.subjectTraffic analysisen_HK
dc.subjectTraffic prioritizationen_HK
dc.titleNetwork forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype trafficsen_HK
dc.typeConference_Paperen_HK
dc.identifier.emailChan, YY: yychan8@hkucc.hku.hken_HK
dc.identifier.authorityChan, YY=rp00894en_HK
dc.description.naturelink_to_subscribed_fulltexten_US
dc.identifier.doi10.1109/WETICE.2007.4407198en_HK
dc.identifier.scopuseid_2-s2.0-51149106576en_HK
dc.relation.referenceshttp://www.scopus.com/mlt/select.url?eid=2-s2.0-51149106576&selection=ref&src=s&origin=recordpageen_HK
dc.identifier.spage401en_HK
dc.identifier.epage406en_HK
dc.publisher.placeUnited Statesen_HK
dc.identifier.scopusauthoridLeung, CM=35280335500en_HK
dc.identifier.scopusauthoridChan, YY=7403676264en_HK

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats