Change search
ReferencesLink to record
Permanent link

Direct link
Implementation of Security for a Video-conferencing System Management Module
KTH, School of Electrical Engineering (EES), Communication Networks.
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Video conferencing services are dependent on many other underlying devices, network servicesand infrastructure and TCP/IP services before they can provide seamless, reliable and good qualityvideo meeting services to end users. Providing fully automated video conferencing services atSkiptrip AB requires engagement of even more variant and complex set of TCP/IP services anddevices that has made its network a heterogeneous one consisting of hundreds of modern andlegacy systems along with the high definition and bandwidth sensitive video conferencingsystems. In this thesis the process of designing and implementing a secure network module forseparating and transferring non-production (management) network traffic flow of all networkequipment via establishing and fine-tuning virtual IP-sec tunnels among edge routers or firewallsof each video station in this enterprise-scale network has been conducted in order to make surethat the network traffic flow belonging to the management module is treated separately andsecurely thanks to the encryption mechanisms of IPsec protocol on the header and payload of IPpackets.After getting inspired by studying some well-known network design and architecturemethodologies and industry best practices like Cisco SAFE, characterizing the existing network isdone in the early stages of this thesis with a focus on security measures such as the utilization ofAccess Control Lists on different router interfaces which were utilized to provide perimeternetwork security to some extent. Afterwards, a new network design is proposed where themanagement flow is separated from the production traffic flow and is transferred through thesecure IPsec tunnels in a semi-mesh topology which form a virtual network module for themanagement traffic of the whole internetwork. The new network module is then given a new IPaddressing scheme based on the private range of IPv4 addresses and, after relevant discussions, acertain way of implementation of static routing in combination with classless interdomain routingand variable length subnetmasking is introduced to provide, implemented and tested in order toprovide route-redundancy in IP connectivity level of management network module in a similar-todynamicrouting protocol manner.Innate sensitivity of high definition video conferencing protocols like H.323 and SIP to quality ofthe underlying network infrastructure which is usually defined in terms of packet loss and jitter aswell as the bandwidth limitation of costly Internet links in each video station and theheterogeneity of the internetwork were amongst the main technical challenges of this thesis andshaped the outcome of proposed design and also the evaluation mechanisms which are done atthe end of this project.

Place, publisher, year, edition, pages
2015. , 95 p.
EES Examensarbete / Master Thesis, XR-EE-LCN 2014:011
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-160270OAI: diva2:789372
Educational program
Master of Science - Information and Communication Systems Security
Available from: 2015-03-03 Created: 2015-02-18 Last updated: 2015-03-03Bibliographically approved

Open Access in DiVA

fulltext(2577 kB)118 downloads
File information
File name FULLTEXT01.pdfFile size 2577 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Communication Networks
Other Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 118 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 228 hits
ReferencesLink to record
Permanent link

Direct link