IP telephony: mobility and security IP telephony: mobility and security

With the introduction of IP based telephony services, the Internet has started to challenge the traditional PSTN networks as an infrastructure for providing real-time interactive services. This upcoming paradigm shift is not only driven by the desire to provide cost efficient solutions, but by basing the communication on IP we expect that the end-users will experience a greater set of attractive services over a single connection compared to what is provided by a PSTN today. Looking a little further ahead, mobile communication systems will also become IP based. Companies, universities and private persons have started to extend their local area networks to provide wireless access by attaching wireless access points (APs) to their LAN. Wireless ISPs (WISPs) are putting up wireless LAN (WLAN) APs at public hot spots, thereby providing a complement or even a competitive alternative to the wireless WANs (WWANs) being developed and deployed today. As more and more people start to communicate using WLAN access, they will naturally wish to use this infrastructure for interactive real-time applications, such as mobile telephony. This thesis concerns mobility and security support for IP telephony in public WLAN environments. The security issues addressed relate both to user requirements such as end-to-end confidentiality, and operator requirements such as network access control. Alternatives for how the voice media stream can be protected and the procedure to establish a secure call using SIP are described. Public WLAN architectures enabling service providers to share access network infrastructure are described and evaluated. To enforce access control the use of either IEEE 802.11i or L2TP/IPSec is suggested, since both meet the proposed security requirements, and both are standardized solutions available on modern systems. The case where mobile users perform handovers between APs on the same LAN (layer-2 handover) and across IP subnets (layer-3) is studied. For layer-2 handovers the properties of IEEE 802.11b handover mechanisms and its impact on voice traffic, and the effect of the network access control mechanism on the handover performance are examined. The mechanisms necessary to perform layer-3 handovers and their impact on handover performance are described. The analysis focus on “SIP mobility” and Mobile IPv6, since these mobility management schemes provide optimal routing, thus are well suited for IP telephony.