During the past few years, Internet telephony has evolved from a toy for the technically savvy to a technology that, in the not too distant future, may replace the existing circuit-switched telephone network. Supporting the widespread use of Internet telephony requires a host of standardized protocols to ensure quality of service (QoS), transport audio and video data, provide directory services, and enable signaling. Signaling protocols are of particular interest because they are the basis for advanced services such as mobility, universal numbers, multiparty conferencing, voice mail, and automatic call distribution. Two signaling protocols have emerged to fill this need: the ITU-T H.323 suite of protocols and session initiation protocol (SIP), developed by the Internet Engineering Task Force (IETF). In this paper we examine how SIP is used in Internet telephony. We present an overview of the protocol and its architecture, and describe how it can be used to provide a number of advanced services. Our discussion of some of SIP’s strengths—its simplicity, scalability, extensibility, and modularity—also analyzes why these are critical components for an IP telephony signaling protocol. SIP will prove to be a valuable tool, not just for end-toend IP services, but also for controlling existing phone services.

We describe the architecture and implementation of our comprehensive multi-platform collaboration framework known as Columbia InterNet Extensible Multimedia Architecture (CINEMA). It provides a distributed architecture for collaboration using synchronous communications like multimedia conferencing, instant messaging, shared web-browsing, and asynchronous communications like discussion forums, shared files, voice and video mails. It allows seamless integration with various communication means like telephones, IP phones, web and electronic mail. In addition, it provides value-added services such as call handling based on location information and presence status. The paper discusses the media services needed for collaborative environment, the components provided by CINEMA and the interaction among those components.

Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.” The list of current Internet-Drafts can be accessed at

Abstract. This paper provides an overview of the topic of network firewalls and the authentication methods that they support. The reasons why a firewall is needed are given, plus the advantages and disadvantages of using a firewall. The components that comprise a firewall are introduced, along with the authentication methods that can be used by firewalls. Finally, typical firewall configurations are described, along with the advantages and disadvantages of each configuration. 1. Security Threats from connecting to the Internet Most organisations today have an internal network that interconnects their computer systems. There is usually a high degree of trust between the computer systems in the network, particularly if the network is private. However, many organizations now see the benefits of connecting to the Internet. But, the Internet is inherently an insecure network. Some of the threats inherent in the Internet include: Weak or No Authentication required. Several services e.g. rlogin, require no password to be given when a user logs in. Other services provide information with no or little authentication e.g. anonymous FTP, and WWW. Other

The EAP-TLS is a de-facto authentication protocol in 802.11i system. This protocol provides digital certificatebased mutual authentication. The protocol performs secure password-based client/supplicant authentication instead of certificate-based authentication. This paper illustrates the modifications on EAP-TLS protocol to achieve secure password-based user/client authentication, achieving the goal of EAP-TTLS without forming a logical tunnel between a supplicant and authentication server. A comparison between the proposed technology and EAP-TTLS brings out the performance enhancements possible with this technology. The proposed system supports an optional mutual password-based authentication during session resumption.

Abstract—PhoneFactor is a two-factor authentication service that combines the knowledge-based authenticator with an objectbased authenticator in which the object-based authenticator has advantages of hardware token-based systems without requiring the administration overhead of distribution of special hardware to every user in advance. For transaction scalability of this service, we propose a Distributed Real-Time Transaction Memory Cache (DReaM-Cache) approach. In this paper, we present the basic architecture and present reliability models for different data centers and node reliability factors, and show how reliability can be accomplished. I.

This thesis addresses the paucity of research on network mobility with a taxonomy and a quantitative comparison on a real test bed of existing and forthcoming network mobility solutions. Broadly, network mobility solutions can be divided into two broad categories, intra--domain and inter--domain solutions. The two are distinct enough to warrant separate solutions. Network mobility solutions can also be divided into four catogories according to their implementation, (i) Mobile IP--based solutions, (ii) Mobile IP Mobile Routing, (iii) intra--domain routing protocols, and (iv) Mobile IP Foreign Agent--based solutions. This latter division by implementation serves as a useful starting point for a discussion and study of these protocols. The qualitative and quantitive comparisons presented here yield two "winning" solutions, Mobile IP with Network Address Translation (NAT) and Mobile IP Mobile Routing, both based on Mobile IP, the draft standard for Internet mobility. The two were chosen because they are the only solutions fit for production networks, not necessarily because they are the best performing solutions. Indeed, nearly all of the other solutions are promising alternatives and some, such as mobile ad hoc network (MANET) routing protocols and the solutions based on the next generation Internet (IPv6) version of Mobile IP, are particularly so. One of the solutions uses a novel extension for Mobile IP, the Multiple Home Address extension, developed and specified in this thesis, that turns a Mobile IP mobile node into a mobile router able to support dynamically sizing mobile networks while using the existing Mobile IP infrastructure.