Breakthrough Research Speeds and Secures Internet Voice Traffic

Cisco is joining with the Center for Advanced Technology in Telecommunications and Distributed Information Systems (CATT) at Polytechnic Institute of New York University to commercialize breakthrough security technology developed by scientists at Columbia University and Verizon Laboratories.

The project will speed processing and secure voice traffic on the Internet. It will be a first step toward protecting the next generation of routers used by telecom service providers and large enterprises.

The security platform developed by Verizon and Columbia University is the fastest of its kind in the world. Called a SIP-Aware Application Layer Gateway because it uses the Session Initiation Protocol (SIP), this security filter allows or disallows Voice over Internet Protocol (VoIP) traffic as it enters Verizon's network. Encapsulating information and services into packets is expected to enable more voice, data and video traffic to speed across wired and wireless networks in the near future.

Prototype Conquers Difficult Challenges

The SIP Gateway device dynamically opens and closes "pinholes" that allow legitimate VoIP traffic to enter the network while filtering out unauthorized messages. The SIP signaling channel itself also has new filters that prevent SIP-specific denial of service attacks. These new filters use a technique known as deep packet inspection to try to determine when unauthorized users are trying to harm or disable service.

"This groundbreaking technology was scaled to work in a large, carrier-class network such as those offered by Verizon -- a significant accomplishment all by itself," said Shivendra Panwar, CATT director. "There were intrinsic difficulties because it required intensive use of high-speed parallel computing."

For its laboratory prototype development, Verizon scientist Gaston Ormazabal chose a highly distributed hardware platform based on a specialized network processor from Intel and collaborated with Henning Schulzrinne, Julian Clarence Levi Professor of Computer Science at Columbia's Fu Foundation School of Engineering and Applied Science. They developed algorithms that would power the SIP Gateway device. SIP -- a signaling protocol that controls VoIP similar to the way that land lines are switched -- was co-developed by Schulzrinne, who is also one of the principal investigators of this CATT project.

Using the Verizon-funded distributed computing VoIP test bed at Columbia and the SIP Gateway device, Schulzrinne was able to filter SIP traffic at speeds never before seen. The resulting SIP-Aware Application Layer Gateway was unique: It prevented SIP-based denial-of-service attacks at carrier-class data rates while fully conforming to the SIP protocol.

From Prototype to Production

The CATT project will attempt to bring the technology from prototype into a stage at which it is ready to perform in the routers of telecom providers and other large enterprises.

The CATT is principally based at NYU-Poly but also has significant Columbia University participation.

"Cisco is counting on the world-renowned expertise in hardware development of NYU-Poly's faculty," said Flavio Bonomi, head of Advanced Architecture and Research at Cisco. He will guide the project, which will be led by Cisco's Sateesh Addepalli in conjunction with Verizon's Ormazabal and NYU-Poly scientists.

The principal investigator at NYU-Poly will be Ramesh Karri, associate professor of electrical and computer engineering. Karri's research at NYU-Poly, focusing on all aspects of hardware security including hardware accelerators and computer aided design of secure hardware architectures, is ideally matched for this phase of development.

The Silicon Valley Community Foundation and Cisco Foundation gave the research grant.

"The Cisco grant and the previous Verizon support for this research are votes of confidence in the CATT's ability to deliver technological solutions of immediate impact to industry and society at large," said CATT's Panwar.

NYU-Poly's Karri said: "We look forward to this collaboration with world renowned experts from Cisco, Verizon and Columbia. Our students will benefit from working on problems with immediate impact in securing VoIP technologies and on cutting-edge, multi-core based network processing platforms from Cisco."

"I look forward to having our algorithms, measurements and testbeds contribute to more secure VoIP services in commercial products and services," said Columbia's Schulzrinne. "Our algorithms make it much more difficult for attackers to interfere with telephone service or to disrupt future networks."

Stuart Elby, chairman of the CATT Advisory Board and vice president of network architecture at Verizon, said: "A more secure and robust network will open doors throughout the world, allowing people to communicate and share potentially life-changing information with an ease never experienced. We are excited to be part of this project."

Edward Reinfurt, executive director of the New York State Foundation for Science, Technology and Innovation (NYSTAR), which supports the foundation, said: "This is a prime example of the kind of collaboration that NYSTAR foresaw when it began its long-term support of the CATT. This project will help commercialize research for the benefit of New York State's economy, and it could help create a more secure global communications network."

Posted to the site on 8th October 2009

Page Tools

Email this article to a collegue

Printer Friendly Version

Tags: verizon cisco columbia university silicon valley security

Daily News Headlines

Get a free email of the news articles

Click for sample copy - Our privacy policy

14:00	Swedish Export Agency Backs $1 Billion of Ericsson Sales to Russia
13:46	Belgacom contracts with Huawei for its Proximus Radio Access Network
13:06	Vodafone Pushing for More Dividends from Verizon Wireless
12:42	Paltel and Zain Call Off Merger Plans
12:10	Moody's downgrades Sprint Nextel's ratings; outlook negative