Implementation of Security for a Video-conferencing System Management Module
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Video conferencing services are dependent on many other underlying devices, network servicesand infrastructure and TCP/IP services before they can provide seamless, reliable and good qualityvideo meeting services to end users. Providing fully automated video conferencing services atSkiptrip AB requires engagement of even more variant and complex set of TCP/IP services anddevices that has made its network a heterogeneous one consisting of hundreds of modern andlegacy systems along with the high definition and bandwidth sensitive video conferencingsystems. In this thesis the process of designing and implementing a secure network module forseparating and transferring non-production (management) network traffic flow of all networkequipment via establishing and fine-tuning virtual IP-sec tunnels among edge routers or firewallsof each video station in this enterprise-scale network has been conducted in order to make surethat the network traffic flow belonging to the management module is treated separately andsecurely thanks to the encryption mechanisms of IPsec protocol on the header and payload of IPpackets.After getting inspired by studying some well-known network design and architecturemethodologies and industry best practices like Cisco SAFE, characterizing the existing network isdone in the early stages of this thesis with a focus on security measures such as the utilization ofAccess Control Lists on different router interfaces which were utilized to provide perimeternetwork security to some extent. Afterwards, a new network design is proposed where themanagement flow is separated from the production traffic flow and is transferred through thesecure IPsec tunnels in a semi-mesh topology which form a virtual network module for themanagement traffic of the whole internetwork. The new network module is then given a new IPaddressing scheme based on the private range of IPv4 addresses and, after relevant discussions, acertain way of implementation of static routing in combination with classless interdomain routingand variable length subnetmasking is introduced to provide, implemented and tested in order toprovide route-redundancy in IP connectivity level of management network module in a similar-todynamicrouting protocol manner.Innate sensitivity of high definition video conferencing protocols like H.323 and SIP to quality ofthe underlying network infrastructure which is usually defined in terms of packet loss and jitter aswell as the bandwidth limitation of costly Internet links in each video station and theheterogeneity of the internetwork were amongst the main technical challenges of this thesis andshaped the outcome of proposed design and also the evaluation mechanisms which are done atthe end of this project.
Place, publisher, year, edition, pages
2015. , 95 p.
EES Examensarbete / Master Thesis, XR-EE-LCN 2014:011
Other Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-160270OAI: oai:DiVA.org:kth-160270DiVA: diva2:789372
Master of Science - Information and Communication Systems Security
Papadimitratos, Panagiotis, Associate Professor