Evaluation of the firewall influence on the session initiation by the SIP multimedia protocol

Cover Page

Abstract


Firewalls is one of the major components to provide network security. By using firewalls, you can solve such problems as preventing unauthorized access, and deleting, modifying and/or distributing information under protection. The process of information flows filtration by a firewall introduces additional time delays, thus possibly leading to disruption of stable operation of the protected automated system or to inaccessibility of the services provided by the system. Multimedia services are particularly sensitive to service time delays. The main purpose of the work presented in this paper is to evaluate the influence of the firewall on the time delays in data transmission process in the automated system with multimedia data transmission protocols. The evaluation is provided by the queuing theory methods while a session is initiated between two users by the Session Initiation Protocol (SIP) with firewall message filtration. A firewall is a local or functional distributing tool that provides control over the incoming and/or outgoing information in the automated system (AS), and ensures the protection of the AS by filtering the information, i.e., providing analysis of the information by the criteria set and making a decision on its distribution.


Full Text

1. Introduction Currently, one of the necessary conditions to provide information security of automated systems is to use software and hardware systems that filter incoming and outgoing traffic. Firewalls increase the time delays for information flows while they are checked in the AS. For multimedia protocols, significant time delays can adversely affect QoE and QoS quality indicators [1] and lead to inability of using the multimedia services provided. Therefore, the evaluation of the firewall influence on the time delays in the data transmission process in the AS with multimedia data transmission protocols is an urgent and demanded task. © Botvinko A.Y., Samouylov K.E., 2021 This work is licensed under a Creative Commons Attribution 4.0 International License http://creativecommons.org/licenses/by/4.0/ To evaluate the firewall influence on the data transmission delay in the AS, the most delay-sensitive service has been selected, i.e., the session initiation by the Session Initiation Protocol (SIP). The script is the initiation of a session between two users with proxy servers and firewall packet filtration. This paper has the following structure. The process of the session initiation by the SIP protocol is described in Section 2. A method for evaluation of temporal characteristics of the session initiation by the SIP protocol is given in Section 3. The results of the evaluation of the firewall influence on the session initiation time and the session request delay are presented in Section 4. The Conclusion contains the main aspects of the study. 2. Session initiation by the SIP protocol in the presence of firewall The SIP protocol, developed by the MMUSIC group of the IETF committee, provides for three main types of scripts for initiating a connection: by proxy servers, by a redirecting server, and directly between user [2]-[4]. The main difference in these scenarios is the way of searching and inviting the user. These operations are assigned either to the proxy server, or to the redirecting server, or directly to the user if he knows the address of the called subscriber. To evaluate the firewall influence on the connection initiation by the SIP protocol, without limiting the generality of the approach, the script for initiating a connection between two users with two proxy servers and one firewall located in the middle of the chain has been considered. The network segment with the client’s equipment of the 1st user (User 1) is considered to be the AS under protection - this segment is protected by the firewall. The firewall introduces an additional time delay while checking the compliance of the network packet parameters with the filtration rules specified in the AS under protection. Figure 1. Arrangement of the elements when the SIP session is initiated The figure 1 shows the elements participating in the connection establishment: user’s equipment - User 1, User 2; proxy servers - Proxy-1, Proxy-2; firewall and IP/MPLS main transmission network. Let’s describe the session initiation algorithm, i.e., the sequence of requests and responses of the session initiation process for the script under consideration in accordance with the figure 1. Session initiation on the equipment of User 1 is Invite message containing the information about the address of the called user - User 2. The message passes through the elements of the firewall and the proxy server, and the element simulating the IP/MPLS network, and the User 2 element. After successful message processing (message retransmission isn’t considered), the equipment of User 2 responds with the message 100 Trying. This means that the request is being processed. Then, the equipment of User 2 sends a 180 Ringing message to the User 1. That means that the incoming call signal has been received and the location of the called user has been detected. After processing the Invite request, User 2 generates a 200 Ok response. This response to the Invite request contains the information indicating that the user has agreed to participate in the communication session. The session initiation algorithm is completed by sending the Ack message indicating that the response to the Invite request has been accepted. Consideration of this session initiation algorithm allows to evaluate the following temporal characteristics of the SIP session initiation service: average session initiation time

About the authors

Anatoly Y. Botvinko

Peoples’ Friendship University of Russia (RUDN University)

Author for correspondence.
Email: botviay@sci.pfu.edu.ru
ORCID iD: 0000-0003-1412-981X
6, Miklukho-Maklaya St., Moscow, 117198, Russian Federation

postgraduate of Department of Applied Probability and Informatics

Konstantin E. Samouylov

Peoples’ Friendship University of Russia (RUDN University); Research Center “Computer Science and Control” of the Russian Academy of Sciences

Email: samuylov-ke@rudn.ru
ORCID iD: 0000-0002-6368-9680
6, Miklukho-Maklaya St., Moscow, 117198, Russian Federation; 44-2, Vavilov St., Moscow, 119333, Russian Federation

Doctor of Technical Sciences, Professor, Head of Department of Applied Probability and Informatics

References

  1. “Recommendation ITU T G.107. The E model: a computational model for use in transmission planning. Series G: Transmission Systems And Media, Digital Systems And Networks International Telephone Connections And Circuits - Transmission Planning And the E-model,” approved in 2015-06-29.
  2. J. Rosenberg, H. Schulzrinne, G. Camarillo, et al., “RFC 3261 SIP: Session Initiation Protocol,” 2002.
  3. A. Johnston, S. Donovan, R. Sparks, et al., “RFC 3665 SIP. Session Initiation Protocol (SIP) Basic Call Flow Examples,” 2003.
  4. A. B. Goldstein and B. S. Goldstein, Softswitch. Saint Petersburg: BHV Publishing House Petersburg, 2006, p. 368.
  5. D. Malas and A. Morton, “RFC 6076. Basic Telephony SIP End to End Performance Metrics,” 2011.
  6. K. V. Ivanov and P. I. Tutubalin, Markov models of protection of automated control systems for special purposes [Markovskie modeli zashhity’ avtomatizirovanny’x sistem upravleniya special’nogo naznacheniya]. Kazan: Publishing house of GBU Republican center for monitoring the quality of education Publ., 2012, p. 216, in Russian.
  7. F. Baskett, K. M. Chandy, R. R. Muntz, and F. G. Palacios, “Open, closed and mixed networks of queues with different classes of customers,” Journal of the ACM, pp. 248-260, 1975. doi: 10.1145/321879.321887.
  8. K. E. Samouylov, M. V. Luzgachev, and O. N. Plaksina, “Modelling SIP Connections with Open Multiclass Queueing Networks [Razrabotka veroyatnostnoj modeli dlya analiza pokazatelej kachestva protokola iniciirovaniya seansov svyazi],” Bulletin of Peoples’ Friendship University of Russia. Series Mathematics. Information Sciences. Physics, no. 3, pp. 53-63, 2007, in Russian.
  9. Y. V. Gaidamaka and E. R. Zaripova, “Session Setup Delay Estimation Methods for IMS Based IPTV Services,” Lecture Notes in Computer Science, vol. 8638, pp. 408-418, 2014. doi: 10.1007/978-3-319-103532_36.
  10. V. M. Vishnevsky, Polling systems: theory and application in broadband wireless networks [Sistemy pollinga: teoriya i primenenie v shirokopolosnyh besprovodnyh setyah]. Moscow: Technosphere Publishing House, 2007, p. 312, in Russian.
  11. Ali Raad Abdo Mohammed, “Development of a method for evaluating the probabilistic and temporal characteristics of IPTV services when they are controlled by the IMS multimedia subsystem [Razrabotka metoda otsenki veroyatnostno-vremennykh kharakteristik uslug IPTV pri ikh upravlenii mul’timediynoy podsistemoy IMS],” in Russian, Ph.D. dissertation, Moscow technical university of communications and informatics, 2013.
  12. K. E. Samouylov, Methods of analysis and calculation of ACS networks [Metody analiza i rascheta setey OKS]. Moscow: Publishing RUDN, 2002, p. 292, in Russian.
  13. I. Buzyukova, Y. Gaidamaka, and G. Yanovsky, “Estimation of QoS parameters in intelligent network,” Lecture Notes in Computer Science, vol. 5764, pp. 143-153, 2009. doi: 10.1007/978-3-642-04190-7_14.
  14. K. E. Samouylov, E. S. Sopin, A. V. Chukarin, and A. Y. Botvinko, “Evaluation of the characteristics of signal traffic in the communication network based on the subsystem [Ocenka harakteristik signal’nogo trafika v seti svyazi na baze podsistemy],” T-Comm - Telecommunications and Transport, no. 7, pp. 8-13, 2010, in Russian.
  15. “Recommendation ITU T Y.1530. Call processing performance for voice service in hybrid IP networks. Series y: global information infrastructure, internet protocol aspects and next generation networks internet protocol aspects and next-generation networks,” approved in 2007-11-13.
  16. “Recommendation ITU T Y.1531. SIP based call processing performance. Series Y: Global Information Infrastructure, Internet Protocol Aspects And Next Generation Networks Internet Protocol Aspects - Quality Of Service And Network Performance,” approved in 2007-11-13.
  17. “Recommendation ITU T Y.1541. Network performance objectives for IP based services. Series y: global information infrastructure, internet protocol aspects and next generation networks internet protocol aspects - quality of service and network performance,” approved in 2011-12-14.
  18. “DSL Forum, Technical Report-126, Triple-play Services Quality of Experience (QoE) Requirements,” 2006.

Statistics

Views

Abstract - 69

PDF (English) - 45

Cited-By


PlumX

Dimensions


Copyright (c) 2021 Botvinko A.Y., Samouylov K.E.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies