From the Security Experts

October 12, 2009

Cisco Teams with Universities, Verizon to Commercialize Breakthrough Security Technology

By SIP Trunking Report Contributor

Cisco has reportedly teamed up with the Center for Advanced Technology in Telecommunications and Distributed Information Systems at Polytechnic Institute of New York University, Columbia University and Verizon to commercialize breakthrough security technology. The technology developed by scientists at Columbia University and Verizon Laboratories will speed processing and secure voice traffic on the Internet.

The security platform, developed by Verizon and Columbia University, is called a SIP-Aware Application Layer Gateway since it uses the Session Initiation Protocol. The security filter allows or disallows Voice over Internet Protocol traffic as it enters Verizon's next generation packet-based network.
The SIP Gateway device dynamically opens and closes "pinholes" that allow legitimate VoIP traffic to enter the network. At the same time, unauthorized messages will be filtered out. The SIP signaling channel has new filters that prevent SIP-specific denial of service attacks. These filters use deep packet inspection to determine when unauthorized users are trying to harm or disable service.
According to Shivendra Panwar, CATT director, this technology was scaled to work in a large, carrier-class network like those offered by Verizon. There were intrinsic difficulties because it required intensive use of high-speed parallel computing. CATT is a research and education group that draws on the expertise of key researchers at Columbia University. It aims to foster industry/university partnerships and education to commercialize research on information technology and wireless communication. Even though CATT is principally based at NYU-Poly, there is a significant amount of Columbia University participation.
Verizon scientist Gaston Ormazabal chose a highly distributed hardware platform based on a specialized network processor from Intel for prototype development at the laboratory. He collaborated with Henning Schulzrinne and Julian Clarence Levi professor of computer science at Columbia's Fu Foundation School of Engineering and Applied Science to develop algorithms that would power the SIP Gateway device.
Schulzrinne filtered SIP traffic at high speeds by using the Verizon-funded distributed computing VoIP test bed at Columbia and the SIP Gateway device. The resulting SIP-Aware Application Layer Gateway prevented SIP-based denial-of-service attacks at carrier-class data rates while conforming to the SIP protocol. The CATT project will attempt to bring the technology from prototype into a stage at which it is ready to perform in the routers of telecom providers and other large enterprises.
The Silicon Valley Community Foundation and Cisco Foundation gave the research grant. Flavio Bonomi, head of advanced architecture and research at Cisco, will guide the project. The project will be led by Cisco's Sateesh Addepalli in conjunction with Verizon's Ormazabal and NYU-Poly scientists. The principal investigator at NYU-Poly will be Ramesh Karri, associate professor of electrical and computer engineering.
According to Columbia University’s Henning Schulzrinne, they are looking forward to having their algorithms, measurements and testbeds contribute to more secure VoIP services in commercial products and services. Its algorithms will make it difficult for attackers to interfere with telephone service or to disrupt future networks.

Calvin Azuri is a contributing editor for TMCnet. To read more of Calvin’s articles, please visit his columnist page.

Edited by Amy Tierney