Оценка влияния межсетевого экрана на инициирование сеанса по мультимедийному протоколу SIP

Обложка

Цитировать

Полный текст

Аннотация

Межсетевые экраны - один из основных компонентов обеспечения сетевой безопасности. Используя межсетевые экраны, можно решить такие проблемы, как предотвращение несанкционированного доступа, а также удаление, изменение и/или распространение информации, находящейся под защитой. Процесс фильтрации информационных потоков межсетевым экраном вносит дополнительные задержки по времени, что может привести к нарушению стабильной работы защищаемой автоматизированной системы или недоступности сервисов, предоставляемых системой. Мультимедийные услуги особенно чувствительны к задержкам обслуживания. Основная цель исследования, представленного в статье, - оценить влияние межсетевого экрана на временные задержки в процессе передачи данных в автоматизированной системе с протоколами передачи мультимедийных данных. Оценка обеспечивается методами теории очередей, в то время как сеанс между двумя пользователями инициируется протоколом инициации сеанса (SIP) с фильтрацией сообщений межсетевого экрана. Межсетевой экран - это локальный или функциональный инструмент распределения, который обеспечивает контроль над входящей и/или исходящей информацией в автоматизированной системе (AS) и защиту системы путем фильтрации информации, т.e. гарантирует возможность анализа информации по заданным критериям и принятие решения о её распространении.

Полный текст

1. Introduction Currently, one of the necessary conditions to provide information security of automated systems is to use software and hardware systems that filter incoming and outgoing traffic. Firewalls increase the time delays for information flows while they are checked in the AS. For multimedia protocols, significant time delays can adversely affect QoE and QoS quality indicators [1] and lead to inability of using the multimedia services provided. Therefore, the evaluation of the firewall influence on the time delays in the data transmission process in the AS with multimedia data transmission protocols is an urgent and demanded task. © Botvinko A.Y., Samouylov K.E., 2021 This work is licensed under a Creative Commons Attribution 4.0 International License http://creativecommons.org/licenses/by/4.0/ To evaluate the firewall influence on the data transmission delay in the AS, the most delay-sensitive service has been selected, i.e., the session initiation by the Session Initiation Protocol (SIP). The script is the initiation of a session between two users with proxy servers and firewall packet filtration. This paper has the following structure. The process of the session initiation by the SIP protocol is described in Section 2. A method for evaluation of temporal characteristics of the session initiation by the SIP protocol is given in Section 3. The results of the evaluation of the firewall influence on the session initiation time and the session request delay are presented in Section 4. The Conclusion contains the main aspects of the study. 2. Session initiation by the SIP protocol in the presence of firewall The SIP protocol, developed by the MMUSIC group of the IETF committee, provides for three main types of scripts for initiating a connection: by proxy servers, by a redirecting server, and directly between user [2]-[4]. The main difference in these scenarios is the way of searching and inviting the user. These operations are assigned either to the proxy server, or to the redirecting server, or directly to the user if he knows the address of the called subscriber. To evaluate the firewall influence on the connection initiation by the SIP protocol, without limiting the generality of the approach, the script for initiating a connection between two users with two proxy servers and one firewall located in the middle of the chain has been considered. The network segment with the client’s equipment of the 1st user (User 1) is considered to be the AS under protection - this segment is protected by the firewall. The firewall introduces an additional time delay while checking the compliance of the network packet parameters with the filtration rules specified in the AS under protection. Figure 1. Arrangement of the elements when the SIP session is initiated The figure 1 shows the elements participating in the connection establishment: user’s equipment - User 1, User 2; proxy servers - Proxy-1, Proxy-2; firewall and IP/MPLS main transmission network. Let’s describe the session initiation algorithm, i.e., the sequence of requests and responses of the session initiation process for the script under consideration in accordance with the figure 1. Session initiation on the equipment of User 1 is Invite message containing the information about the address of the called user - User 2. The message passes through the elements of the firewall and the proxy server, and the element simulating the IP/MPLS network, and the User 2 element. After successful message processing (message retransmission isn’t considered), the equipment of User 2 responds with the message 100 Trying. This means that the request is being processed. Then, the equipment of User 2 sends a 180 Ringing message to the User 1. That means that the incoming call signal has been received and the location of the called user has been detected. After processing the Invite request, User 2 generates a 200 Ok response. This response to the Invite request contains the information indicating that the user has agreed to participate in the communication session. The session initiation algorithm is completed by sending the Ack message indicating that the response to the Invite request has been accepted. Consideration of this session initiation algorithm allows to evaluate the following temporal characteristics of the SIP session initiation service: average session initiation time

×

Об авторах

А. Ю. Ботвинко

Российский университет дружбы народов

Автор, ответственный за переписку.
Email: botviay@sci.pfu.edu.ru
ORCID iD: 0000-0003-1412-981X

postgraduate of Department of Applied Probability and Informatics

ул. Миклухо-Маклая, д. 6, Москва, 117198, Россия

К. Е. Самуйлов

Российский университет дружбы народов; Федеральный исследовательский центр «Информатика и управление» РАН

Email: samuylov-ke@rudn.ru
ORCID iD: 0000-0002-6368-9680

Doctor of Technical Sciences, Professor, Head of Department of Applied Probability and Informatics

ул. Миклухо-Маклая, д. 6, Москва, 117198, Россия; ул. Вавилова, д. 44, корп. 2, Москва, 119333, Россия

Список литературы

  1. “Recommendation ITU T G.107. The E model: a computational model for use in transmission planning. Series G: Transmission Systems And Media, Digital Systems And Networks International Telephone Connections And Circuits - Transmission Planning And the E-model,” approved in 2015-06-29.
  2. J. Rosenberg, H. Schulzrinne, G. Camarillo, et al., “RFC 3261 SIP: Session Initiation Protocol,” 2002.
  3. A. Johnston, S. Donovan, R. Sparks, et al., “RFC 3665 SIP. Session Initiation Protocol (SIP) Basic Call Flow Examples,” 2003.
  4. A. B. Goldstein and B. S. Goldstein, Softswitch. Saint Petersburg: BHV Publishing House Petersburg, 2006, p. 368.
  5. D. Malas and A. Morton, “RFC 6076. Basic Telephony SIP End to End Performance Metrics,” 2011.
  6. K. V. Ivanov and P. I. Tutubalin, Markov models of protection of automated control systems for special purposes [Markovskie modeli zashhity’ avtomatizirovanny’x sistem upravleniya special’nogo naznacheniya]. Kazan: Publishing house of GBU Republican center for monitoring the quality of education Publ., 2012, p. 216, in Russian.
  7. F. Baskett, K. M. Chandy, R. R. Muntz, and F. G. Palacios, “Open, closed and mixed networks of queues with different classes of customers,” Journal of the ACM, pp. 248-260, 1975. doi: 10.1145/321879.321887.
  8. K. E. Samouylov, M. V. Luzgachev, and O. N. Plaksina, “Modelling SIP Connections with Open Multiclass Queueing Networks [Razrabotka veroyatnostnoj modeli dlya analiza pokazatelej kachestva protokola iniciirovaniya seansov svyazi],” Bulletin of Peoples’ Friendship University of Russia. Series Mathematics. Information Sciences. Physics, no. 3, pp. 53-63, 2007, in Russian.
  9. Y. V. Gaidamaka and E. R. Zaripova, “Session Setup Delay Estimation Methods for IMS Based IPTV Services,” Lecture Notes in Computer Science, vol. 8638, pp. 408-418, 2014. doi: 10.1007/978-3-319-103532_36.
  10. V. M. Vishnevsky, Polling systems: theory and application in broadband wireless networks [Sistemy pollinga: teoriya i primenenie v shirokopolosnyh besprovodnyh setyah]. Moscow: Technosphere Publishing House, 2007, p. 312, in Russian.
  11. Ali Raad Abdo Mohammed, “Development of a method for evaluating the probabilistic and temporal characteristics of IPTV services when they are controlled by the IMS multimedia subsystem [Razrabotka metoda otsenki veroyatnostno-vremennykh kharakteristik uslug IPTV pri ikh upravlenii mul’timediynoy podsistemoy IMS],” in Russian, Ph.D. dissertation, Moscow technical university of communications and informatics, 2013.
  12. K. E. Samouylov, Methods of analysis and calculation of ACS networks [Metody analiza i rascheta setey OKS]. Moscow: Publishing RUDN, 2002, p. 292, in Russian.
  13. I. Buzyukova, Y. Gaidamaka, and G. Yanovsky, “Estimation of QoS parameters in intelligent network,” Lecture Notes in Computer Science, vol. 5764, pp. 143-153, 2009. doi: 10.1007/978-3-642-04190-7_14.
  14. K. E. Samouylov, E. S. Sopin, A. V. Chukarin, and A. Y. Botvinko, “Evaluation of the characteristics of signal traffic in the communication network based on the subsystem [Ocenka harakteristik signal’nogo trafika v seti svyazi na baze podsistemy],” T-Comm - Telecommunications and Transport, no. 7, pp. 8-13, 2010, in Russian.
  15. “Recommendation ITU T Y.1530. Call processing performance for voice service in hybrid IP networks. Series y: global information infrastructure, internet protocol aspects and next generation networks internet protocol aspects and next-generation networks,” approved in 2007-11-13.
  16. “Recommendation ITU T Y.1531. SIP based call processing performance. Series Y: Global Information Infrastructure, Internet Protocol Aspects And Next Generation Networks Internet Protocol Aspects - Quality Of Service And Network Performance,” approved in 2007-11-13.
  17. “Recommendation ITU T Y.1541. Network performance objectives for IP based services. Series y: global information infrastructure, internet protocol aspects and next generation networks internet protocol aspects - quality of service and network performance,” approved in 2011-12-14.
  18. “DSL Forum, Technical Report-126, Triple-play Services Quality of Experience (QoE) Requirements,” 2006.

Дополнительные файлы

Доп. файлы
Действие
1. JATS XML
Скачать

© Ботвинко А.Ю., Самуйлов К.Е., 2021

Creative Commons License
Эта статья доступна по лицензии Creative Commons Attribution 4.0 International License.