Ralf Ackermann

Bio: Ralf Ackermann is an academic researcher from Technische Universität Darmstadt. The author has contributed to research in topics: Voice over IP & Telephony. The author has an hindex of 8, co-authored 38 publications receiving 207 citations.

Evaluating and improving firewalls for IP-telephony environments

Abstract: Firewalls are a well established security mechanism for providing access control and auditing at the borders between different administrative network domains. Their basic architecture, techniques and operation modes did not change fundamentally during the last years. On the other side new challenges emerge rapidly when new innovative application domains have to be supported. IP-Telephony applications are considered to have a huge economic potential in the near future. For their widespread acceptance and thereby their economic success they must cope with established security policies. Existing firewalls face immense problems here, if they - as it still happens quite often - try to handle the new challenges in a way they did with "traditional applications". As we will show in this paper, IP-Telephony applications differ from those in many aspects, which makes such an approach quite inadequate. After identifying and characterizing the problems we therefore describe and evaluate a more appropriate approach. The feasibility of our architecture will be shown. It forms the basis of a prototype implementation, that we are currently working on.

Context-aware communication services a framework for building enhanced IP telephony services

Abstract: Communication is an essential part of our daily life. A multitude of devices enable users to communicate everywhere and anytime. One drawback resulting from this ability is the expectation of a caller to always reach the callee. As a consequence the possibility to restrict "availability for communication" becomes a necessary feature too. Users demand efficient filtering mechanisms to control incoming calls according to their current context. Communication services should become more user centric and consider context information to adapt to the most suitable behavior. This paper investigates the use of context information to enhance existing SIP call control services and services created with the call processing language (CPL). These context-aware communication services are the proposed approach to cope with the demand for a user centric control of incoming calls. The proposed solutions have been implemented as an extended SIP call control service and an extension to the existing CPL syntax. Currently, location information forms the primary source of context information. Different indoor location sensing systems have been evaluated. Finally, two different kinds of service types have been chosen for evaluation as representatives for the variety of service creation approaches especially in a SIP environment

An open source H.323-SIP gateway as basis for supplementary service interworking

Abstract: IP telephony is currently evolving from a more or less still experimental towards a carrier grade service which has thepotential of extensive use both within the Internet as well as in Intranet s. Currently we see the two signaling protocol families H.323 and SIP existi ng and further evolving simultaneously. For both, efforts are done to not o nly establish basic calls but to enable so called Supplementary Services. Th is is generally considered one precondition for replacing the functionali ty of existing conventional PBXs on top of a standard protocol. Nevertheless s olutions that support more then just basic call scenarios are at the moment still often based on proprietary protocols or protocol extensions. Since we assume that both H.323 and SIP are going to coexist fo r a longer future period, gateways between both protocol families areof large interest and research, standardization and development activitieshave been spent on those. As part of an industry research cooperation we have (indepen dently from other efforts) developed and deployed a fully Open Sour ce H.323/SIP gateway. The paper shows its concepts and describes its use a s a powerful reference implementation basis for further development targeting at the mapping and gatewaying of Supplementary Services. Our gate way’s modular, flexible and extensible architecture as well as the usa ge of scripting functionality both for configuration as well as internal protocol processing enables the usage of different basic software component s (e.g. protocol stacks) in a fast prototyping way. We consider this especial ly important, since the existing freely available stacks (such as OpenH323 ) do not support H.450 or SIP Supplementary Services at the moment. Keywords—IP Telephony, SIP, H.323, Gateway, Supplementary Service s, Rapid Prototyping and Testing of Services

Vulnerabilities and Security Limitations of current IP Telephony Systems

Abstract: Within the traditional telephone system a certain level of quality and security has been established over the years. If we try to use IP Telephony systems as a core part of our future communication infrastructure (e.g. as classical PBX enhancement or replacement) continuous high availability, stable and error-free operation and the protection of the privacy of the spoken word are challenges, that definitely have to be met.

31. Security-Related Issues in Peer-to-Peer Networks

Abstract: The main characteristic of great autonomy of peers in Peer-to-Peer networks and the resulting “openness” of such networks makes them vulnerable to diverse attacks on their integrity and security. The possibility and the feasibility of obstruction of a Peer-to-Peer network as a whole, or forthright attacks on a single peer depend largely on a usage scenario of a Peer-to-Peer network. This aspect conditions the possibilities of attacks one has to either take care of or ignore.

[서평]「Applied Cryptography」

Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

Method and apparatus for browsing using multiple coordinated device sets

Abstract: Systems and methods for navigating hypermedia using multiple coordinated input/output device sets. Disclosed systems and methods allow a user and/or an author to control what resources are presented on which device sets (whether they are integrated or not), and provide for coordinating browsing activities to enable such a user interface to be employed across multiple independent systems. Disclosed systems and methods also support new and enriched aspects and applications of hypermedia browsing and related business activities.

Method and Apparatus for Browsing Using Alternative Linkbases

Abstract: Systems and methods for navigating hypermedia using multiple coordinated input/output device sets. Disclosed systems and methods allow a user and/or an author to control what resources are presented on which device sets (whether they are integrated or not), and provide for coordinating browsing activities to enable such a user interface to be employed across multiple independent systems. Disclosed systems and methods also support new and enriched aspects and applications of hypermedia browsing and related business activities.

Digital rights management for content distribution

Abstract: Transferring the traditional business model for selling digital goods linked to physical media to the online world leads to the need for a system to protect digital intellectual property. Digital Rights Management(DRM) is a system to protect high-value digital assets and control the distribution and usage of those digital assets. This paper presents a review of the current state of DRM, focusing on security technologies, underlying legal implications and main obstacles to DRM deployment with the aim of providing a better understanding of what is currently happening to content management on a legal and technological basis and well prepared for grasping future prospects.

Practical Data Hiding in TCP/IP

Abstract: This work relates the areas of steganography, network protocols and security for practical data hiding in communication networks employing TCP/IP. Two approaches are proposed based on packet header manipulation and packet ordering within the IPSec framework. For the former the Internet protocol IPv4 header is analyzed to identify covert channels by exploiting redundancy and multiple interpretations of protocol strategies; by passing supplementary information through IPv4 headers we demonstrate how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware. For the latter approach, we show the use of packet sorting for steganographic embedding with IPSec can allow for enhanced network security.