Czech language  English language

Publikace a výzkumné zprávy - detail dokumentu

Jan Stanek, Luk Kencl, Jir Kuthan
Analyzing Anomalies in Anonymized SIP Traffic
IFIP Networking
June 2-4, 2014 | Trondheim, Norway

The Session Initiation Protocol (SIP) is a signaling protocol widely used nowadays for controlling multimedia communication sessions. Thus, understanding and troubleshooting SIP behavior is of utmost importance to network designers and operators. However, SIP traffic traces are hard to come by due to privacy and confidentiality issues. SIP contains a lot of personal information spread within the various SIP messages -- IP addresses, names, usernames and domains, e-mail addresses etc. The known IP-address anonymization methods are thus insufficient. We present anontool, an extended anonymization technique that substitutes session-participant information with matching, but nondescript, labels. This allows for SIP traces to be publicly shared, while keeping interesting traffic-session properties intact. We further demonstrate its usefulness by studying the problem of SIP NAT traversal as recorded in the anonymized traces. We analyze properties of the so-called "registration storm" incident and measure the influence of the active NAT traversal techniques on SIP traffic pattern, both only possible thanks to the preservation of session relationships inside the anonymized traces. As further benefit to the research community, we set up a public data-store with both the anonymization module and the anonymized traces available and invite other parties to share further SIP data using these open tools.

[ FULL DOCUMENT ]

Kontakt
R&D Centre (RDC) for Mobile Applications
Katedra telekomunikacní techniky
Fakulta elektrotechnická
ČVUT v Praze
Technická 2, 166 27 Praha 6
Česká republika

Tel.: (+420) 224 355 991
Fax.: (+420) 233 335 999
E-mail: info@rdc.cz