Dispositional vs. Biological Theory Essay

Dispositional personality theories are quite different from biological personality theories. The two will be compared and dissected in this article. The Big Five Personality Test will also be analyzed and how it is used to study personality will be examined. Dispositional personality theories contend that each person per certain stable, long lasting dispositions. These dispositions make a person display certain emotions, attitudes, and behaviors. These dispositions appear in many different kinds of situations, which lends the belief that people behave in predictable ways even when they are in different situations. The theory also states that each person has a different set of dispositions, or that their sets of dispositions have different strengths which assembles a unique pattern. There are two different types of dispositional theories, type and trait theories. Type theories assign people to different categories. These categories depend on the individual’s temperament. Hippoc rates and Galen suggest temperament is based on body fluids (which sounds a bit outlandish). Blood is said to represent the sanguine temperament. This is a person who is warmhearted, optimistic, and laid back. Phlegm is a phlegmatic person who is lethargic, calm, and slow to action (when one thinks about this in relation to actual phlegm it is quite disgusting). Black bile is a melancholic person, an individual who might be very sad and depressed. Last but not least, is yellow bile, which represents a choleric personality. A choleric personality is someone who is angry, assertive, and quick to action. The theory states that whichever body fluid is highest determines the personality type. As a modern person this theory sounds implausible. If one has a cold, and therefore more phlegm does that change their personality? And for how long does the personality change last? As long as the cold lasts  or longer? The other type of dispositional personality theories is trait theories. Trait theories assume people have many traits that are continuing qualities that individuals have in different amounts. Allport’s theory suggests that there are 3 main traits: central, secondary, and cardinal. A central trait is a characteristic that controls and organizes behavior in various situations. A secondary trait can be described as a preference and is specific to certain situations. A cardinal trait is very general and pervasive. It is so pervasive that an individual is governed by it and it dictates everything a person does. The limitations to dispositional theories are that they describe people more than they strive to understand them. It is also confining to think of a personality being put into a box instead of being given room to grow and change as lives and experiences evolve. As an individual one does not like to think they are always to have the same personality or be the same for their entire lifetimes. One wants to learn, grow and change as they experience life instead of depending on the levels of body fluid they might have on a particular day. The strengths are that they helped develop objective personality tests that have become very common in personality assessment. Biological theories suggest genetics have a big part to play in personality. Some have suggested that people with high cortical arousal are introverts who avoid stimulation. While individuals with low cortical arousal are extroverts who look for stimulating experiences. These may be genetic. One would think that biology does indeed play a part in personality; especially in younger years before life experiences alter one’s personality. This author has seen it in babies. One child leans strongly towards the father’s personality, more serious, organized, bossy, and controlling. The other child, although very close in age and with the same parents leans more towards the mother’s personality, carefree, messy, easily laughs, silly, and fun. They are too young to yet have life that has influenced how they behave, but naturally their personality mimics that of their different parents. This lends the belief that while biology may not dictate one’s personality for one’s entire life, certain traits can indeed be passed down through generations. The strengths of biological theories are that one may observe previous generations and make decisions based on the personalities of those before them, either copying success or avoiding pitfalls. The limita tion is that one is not  confined to be just like parents. One has the freedom of choice in how they conduct themselves and that can change one’s personality over time. The Big Five Personality Test is a test that determines the strongest personality traits an individual possesses. There are 5 broad dimensions of personality used to describe an individual’s personality. The five factors are neuroticism, openness, conscientiousness, extraversion, and agreeableness. The test determines which factor is the highest, lowest, and the ones that fall in between. This author took the test, and in this time of life, found it to be fairly accurate. The highest score was agreeableness and that plays out regularly in everyday life. The Big Five Personality test helps one study personality over time because it gives a way for one to measure personality changes over time. One can also see how traits relate to other variables such as confidence, music preferences, and more. One can also observe how different stages of life change which traits are dominant. Overall, dispositional and biological personality theories give one a lot of insight into personality, whether it is correct or not, it is a way to delve deeper into oneself to learn about motivations and behavior. Some theories seem a little crazy, such as type theories, and others make a little more sense and give insight into the behaviors of others and oneself. The personality test is the most interesting of all, giving yourself a glimpse into your personality and how it changes over time. References Feist, J., Feist, G. J., & Roberts, T. (2013). Theories of personality (8th ed.). New York, NY: McGraw-Hill. Psychology Today. (2011). Big five personality test. Retrieved from http://psychologytoday.tests.psychtests.com/take_test.php?idRegTest=1297

Manifestations of Dementia

Manifestations of Dementia Melinda Godfrey GNUR543 St. John Fisher College Mrs. Yowell is a 90-year-old woman who is a resident of a long-term care facility. She was alert and mentally quite capable until about a year ago when she began to manifest signs and symptoms of dementia. A review of her medical records failed to document a thorough analysis of her dementia, but a diagnosis of â€Å"probable Alzheimer disease† was recorded. What are the common manifestations of dementia? The definition of Dementia is â€Å"a general term for loss of memory and other mental abilities severe enough to interfere with daily life.It is caused by physical changes in the brain. † (Common Types of Dementia, 2012). The first manifestations of Dementia usually are: * Loss of memory – generally the patient doesn’t notice the loss of memory but a loved one will. This is generally the entree into the physician’s office leading to a diagnosis. * Trouble focusing and follo wing conversations – the patient is unable to handle more than one task at a time and will not be able to perform a task and listen to or follow a conversation easily. * Impaired judgment and reasoning – patients become confused and are unable to cope as well when unexpected events come up.Other symptoms could include: mood changes, personality and behavior changes. As noted, dementia is not a disease itself but a cluster of cognitive changes. The onset symptom of dementia can vary depending on the disease or syndrome that is associated (Common Types of Dementia, 2012). The major dementia diseases or syndromes are: 1. Alzheimer Disease (AD) – AD accounts for 60 – 80% of the cases of dementia (Shadlen & Larson, 2012). 2. Dementia with Lewy Bodies (DLB) – DLB starts with progressive cognitive decline and usually the patient also has hallucinations, periods of lucidity and some rigidity.DLB has abnormal accumulations of protein structures in the patie nt’s brain (Dementia With Lewy Bodies Information Page, 2011). 3. Frontotemporal Dementia (FT) – FT is associated with the shrinking of the frontal and temporal anterior lobes of the brain (Frontotemporal Dementia Information Page, 2011). Generally the patient will have trouble with speech and behavior. 4. Vascular Dementia – This form of dementia results from many strokes. When a patient has a stroke, the blood flow is interrupted to the brain and the result is brain tissue damage (Types of Dementia, 2011).These patients normally lose their cognitive ability before their memory. 5. Parkinson Disease with Dementia – Approximately 40% of patients with Parkinson’s disease will have dementia (Parkinson’s disease, 2011). The nerve cells in the brain that make dopamine are slowly destroyed leaving no way for the brain to send messages. What other potentially treatable factors might have led to Mrs. Yowell’s deteriorating mental function? T here are many reasons that Mrs. Yowell may have impaired mental functioning (see Table 1). The first and easiest reason to rule out would be a urinary tract infection (UTI).A urine sample can show if there are white blood cells (indicating infection) present in the urine. The increased levels of bacteria in an elderly person’s body can cause toxicity which leads to the altered mental status (Midthun, 2004). Most noted changes are confusion, agitation and lethargy. Table 1| | (Shadlen & Larson, 2012)| Secondly, Mrs. Yowell could have vitamin deficiencies. For example, if a patient has low levels of thiamine they can develop Wernicke’s encephalopathy. This can cause damage in the brain to the thalamus and the hypothalamus.These patients will exhibit signs of confusion, loss of memory and hallucinations (Dugdale, 2010). If left untreated it can cause permanent damage but, it is usually corrected by injections of thiamine. Another cause of confusion/delirium in elderly pat ients is an adverse drug reaction or interactions with another drug. Mrs. Yowell could have been given a new medication that is directly affecting her mental status. Nearly 70% of residents in long term facilities take nine or more medications (Gillick, 2012). Elderly patients have slower clearance rates of drugs through their liver and kidney thus leading to drug accumulation (Gillick, 2012).There should be a regular review of medications in order to anticipate and keep on top of any potential changes. Discuss in detail the organic brain/neuronal alterations that are typical of Alzheimer disease? The changes that occur in the brain with Alzheimer’s disease (AD) are threefold. The first is amyloid plaque, this is abnormal clumps of protein found outside of the nerve cells. The protein pieces are in the fatty membrane that is around the brains nerve cells. The amyloid is a protein that is snipped from a larger protein (amyloid precursor protein) during metabolism (Copstead, 20 10).These clumps form plaque and can block cell-to-cell signaling (Common Types of Dementia, 2012). In a healthy brain the fragments are broken down and eliminated before they turn into plaque. Without the ability to signal the brain may also activate the inflammatory response. At this point it is still not known whether the plaque causes or is created by AD. Secondly, inside the nerve cells there is a protein called tau. This protein is normally helps maintain the cell structure allowing proper nutrition and signaling. The tau protein in AD is changed into twisted strands, called tangles (Common Types of Dementia, 2012).It is said that the changes are brought on by the phosphorylating enzymes which are activated by inflammatory changes, lipid abnormalities and aging (Copstead, 2010). Thirdly, the brain is losing connectivity between nerve cells and cells are dying which results in permanent brain damage. Other changes in the brain include shrinking of the hippocampus and cortex. AD also shows an increase in ventricles. The progression of the damage in the AD brain is predictable. According to the Alzheimer’s research center, the plaques and tangles spread through the cortex in a predictable fashion (Common Types of Dementia, 2012).Summary Scientists believe that the cause of AD is multi-factorial. IT could be a combination of genetics, lifestyle and environmental factors. Specifically, it is believed that a person with diabetes, depression or heart disease is more likely to develop AD (Copstead, 2010). There is a link to a gene, APOe4 that is thought to be associated with late onset AD. However, studies have shown it is not present in some cases of AD and is present in cases with no AD (Common Types of Dementia, 2012). At this point the definitive diagnosis of AD can only be obtained after death (Common Types of Dementia, 012). This means that clinicians must ask the right questions to diagnose this disease. AD is still quite unknown as to the order of the changes that occur in the brain. As more research is conducted we will be able to identify the manifestations of the disease earlier and slow the progression of AD. References Common Types of Dementia. (2012). Retrieved March 14, 2012, from Alzheimer's Association: http://www. alz. org Copstead, L. -E. C. (2010). Pathophysiology. St. Louis: Saunders. Dementia With Lewy Bodies Information Page. (2011, December 28).Retrieved March 8, 2012, from National Institute of Neurological Disorders and Stroke: http://www. ninds. nih. gov Dugdale, I. M. (2010, February 6). Wernicke-Korsakoff Syndrome. Retrieved March 10, 2012, from Medline Plus: http://www. nlm. nih. gov/medlineplus Frontotemporal Dementia Information Page. (2011, December 28). Retrieved March 8, 2012, from National Institute of Neurological Disorders and Stroke: http://www. ninds. nih. gov Gillick, M. M. (2012, February 22). Medical Care of the Nursing Home Patient in the United States. Retrieved March 10, 2012, from UpToD ate: http://www. uptodate. com Lexicomp. 2012). Retrieved February 5, 2012, from Lexicomp: https://online-lexi. com Midthun, M. R. (2004). Criteria for Urinary Tract Infections. Retrieved March 4, 2012, from Medscape: http://www. medscape. com Parkinson’s disease. (2011, September 26). Retrieved March 5, 2012, from PubMed Health: http://www. ncbi. nlm. nih. gov Shadlen, M. -F. M. , ; Larson, E. B. (2012, February 10). Evaluation of Cognitive Impairment and Dementia. Retrieved March 5, 2012, from UpToDate: http://www. uptodate. com Types of Dementia. (2011, June 23). Retrieved March 14, 2012, from Cleveland Clinic: http://my. clevelandclinic. org

Teaching Students with Diverse Abilities

Teaching students whose first language is not English is often a challenging task. This essay will focus on a few effective teaching and learning strategies for teaching business studies to second-language learners (ESL learners) in the context of the mainstream classroom. Studies reveal that the negative effects of wrong beliefs about learning are significant (Sawir 2005). However, it has also been suggested that it is possible to intervene in relation to beliefs about learning (Sawir 2005). Hence a clear understanding of belief issues is of paramount importance for teachers. Care should be taken to give speaking and listening skills the appropriate status and these should be backed by comprehensive practical programs (Sawir 2005). Having oral presentations and listening tasks as part of the business studies assessment program can help develop these skills. Krashen and Terrel (1983) suggest using language to transmit messages rather than teaching it explicitly for conscious learning. They use the expression the ‘natural approach’ and claim it is based on the theory that language acquisition occurs when students receive clear instructions in acquiring language proficiency (Webster and Hasari 2009). Therefore, the business studies teacher can introduce new words and concepts within the subject content thereby improving student vocabulary. Four key strategies were considered by the majority of teachers in a study by Facella et al. (2005) as being effective in teaching second-language learners. These included gestures and visual cues; repetition and opportunities for practicing skills; use of objects, real props and hands on materials; and multi-sensory approaches. Thus, giving students real life business case studies to discuss and evaluate is an effective strategy. Taking students out to real businesses and letting them see first-hand how a business operates can also be useful. Rice et al. (2004) argue that the use of visuals and demonstrations are often the primary source of information for ESL learners and suggests the use of outcome-based objectives against which students can assess their own progress. They also advocate the modulation of lesson objectives to each student’s level of language acquisition. The belief is that repeating demonstrations and instructions facilitate student learning. Hence, teachers should endeavour to demonstrate procedures, provide illustrations and diagrams before students commence research projects, as opposed to providing students with only written instructions. In addition, when forming groups, members should ideally be bilingual, strong in commerce and business studies and be willing to work with limited-English proficient students (Sutman et al. 1993). Sheltered instruction is another effective strategy for teaching second-language students. It refers to a research-based instructional framework that provides clear and accessible content and academic language to ESL learners (Hansen-Thomas 2008). Features of sheltered instruction include use of cooperative learning activities with appropriately designed heterogeneous grouping of students, a focus on academic language as well as key content vocabulary, careful use of the student's first language as a tool to provide comprehensibility, use of hands-on activities using authentic materials, demonstrations, and modeling and explicit teaching and implementation of learning strategies (Hansen-Thomas 2008). Sheltered classes can be team-taught by an ESL teacher and a content-area teacher or taught by a content-area specialist trained in sheltered instruction. ESL mentoring is another effective strategy to help teachers of second-language students. It is â€Å"a means of fostering stronger connections among the teaching staff, leading to a more positive and cohesive learning environment for students† (Brewster and Railsback 2001). One of the goals of the ESL mentor is to assist the teacher in learning how the school identifies ESL students. Furthermore, a teacher needs to know some basic background information such as where the student is from, how long the student has been in the country and the student's stage of language development. The guidance of an ESL mentor can help a teacher understand his/her ESL students quickly and prevent possible problems later in the year (Mittica 2003). The ESL mentor can also provide training on accommodations and alternate forms of assessment. The ESL mentor can assist the teacher to set achievable goals for ESL students at the beginning of the semester. In teaching ESL students, success is not always measured on a report card. Therefore, teachers have to be guided to observe his/her ESL students closely by focusing on issues such as the progress demonstrated by the student over time and by observing to see if the student is more comfortable participating in class and asking questions (Mittica 2003). Above all, ESL mentors can provide a â€Å"vision of students as capable individuals for whom limited English proficiency does not signify a lack of academic skills and does not represent an incurable situation† (Walqui, 1999 in Mittica, 2003). ESL mentors can guide mainstream teachers in discovering his/her students' strengths and to celebrate multicultural education (Mittica 2003). By fully involving mainstream classroom teachers in the education of ESL students, these students will be more likely to achieve success a nd adjust to their lives in a new country (Mittica 2003). (ii)  Teachers need to work in partnership with parents and the wider community to help educate students from culturally and linguistically diverse backgrounds. This essay will discuss some strategies for developing such partnerships. Several researchers have documented the challenges associated with school, family, and community partnerships. Rubin and Abrego (2004) suggests that parents are not involved with their children's learning because of cultural and communication barriers, confusion with education jargon, feelings of inferiority, inhibition, inadequacy, or failure, lack of understanding of the school system, staff's lack of appreciation of the student's culture or language and parents' previous negative experiences or feelings toward schools. Other researchers who examined the success factors in school-parents-community relationship found an open and trusting communication between teachers and parents as critical (Obeidat and Al-Hassan 2009). Parents and schools should communicate regularly and clearly about information important to student success (NCPIE). This can be accomplished through newsletters, handbooks, parent-teacher conferences, open houses, as well as home visits, and email. Translations should be made available, if needed, to ensure non-English speaking parents are fully informed. Researchers believe that personal contact whether by telephone or in person is usually the best way to promote two-way communication (NCPIE). Schools can also form partnerships with community and faith-based organizations to engage families from diverse cultural backgrounds who often do not feel comfortable in school (NCPIE). Conferences, meetings and informal get-togethers can take place outside the school building, such as at a faith-based or community center. Once again Interpreters should be provided as needed. Attitude is another potential success factor for developing partnerships with parents. A survey of more than 400 parents of high school students in the USA revealed that their attitudes toward their children's schools were positively influenced by the efforts the school made to promote partnerships with them (Obeidat & Al-Hassan 2009). Parents are more likely to come to the school if school personnel encourage them to be volunteers and participate in decision making (Sanders et al. 1999). School factors, specifically those that are relational in nature, have a significant impact on parents' involvement. When school staff engage in a caring and trusting relationship with parents and view parents as partners in the education of their children it enhance parents' desire to be involved and influence how they participate in their children's educational development. Schools should create an environment that welcomes participation (NCPIE). Signs that greet families warmly at the school door, the central office, and the classroom should be in the languages spoken by the community. A school-based family resource center providing information, links to social services, and opportunities for informal meetings with staff and other families also contributes to a family-friendly atmosphere (NCPIE). Schools should also provide professional development opportunities for teachers and other staff in the cultural and community values and practices that are common to their students and their families (NCPIE). Strengthening the school-family partnership with professional development for all school staff as well as parents and other family members is an essential investment that can help foster lasting partnerships with parents and the community at large (NCPIE). In their 1997 study, Hoover-Dempsey and Sandler identified two key factors influencing parental involvement. They were an inviting climate at school, which refers to the frequency that schools actually invite parents to be involved in their children's schools and parents' perceptions of being welcome at school. Epstein (1995) identified six general types of activities that can help parents, schools, and communities come together to support children's education: parenting, communicating, volunteering, learning at home, decision making, and collaborating with the community. Epstein (1995) says that partnership programs should draw on each of these elements and that programs should take into account the unique character of the local community and the needs of its students and families. Martin et al. (1999) in their studies identified key characteristics of effective partnerships between schools, parents and the community these included; inclusiveness, recognizing social as well as academic goals, raising expectations through education achievement, involving local people in decision-making and democratic participation and active citizenship. Hence, schools need to focus on developing these areas to grow positive relationships. The use of service learning can be a useful strategy for this purpose. Serve learning is more than just community service. It involves a blending of service activities with the academic curriculum in order to address real community needs while students learn through active engagement (Lynass 2005). The service needs to be closely linked to the curriculum as possible with an emphasis on students applying the skills they are learning (Lynass 2005). Service learning will benefit students, teachers and the community concurrently. It allows teachers and students to connect with and benefit their surrounding communities while integrating this learning back into their curriculum (Lynass 2005). In conclusion, it is essential for schools to develop strong relationships with parents and the community to successfully educate students from culturally and linguistically diverse backgrounds. This essay has identified a few strategies to develop such partnerships.

The influence of the US foreign policy on the prospective unification Dissertation

The influence of the US foreign policy on the prospective unification of Koreas - Dissertation Example Reports show that during 20th century, there had been various efforts to address the different issues that impeded reunification of North and South Korea. At this time it became quite clear to the stakeholders (Koreans and non-Koreans) and other experts on foreign affairs related to Korea that reunification of the two nations was an internal matter to be decided by only by the Koreans themselves. However, it was equally clear to stakeholders and experts that the US had a crucial role, both in the division and future reunification, and through various foreign policies adopted by it towards the two Koreas, the US also could play a major role in a united Korean future. Right from the start of the 20th century, the Koreans have always looked for ways to give the two countries a unified and independent framework. However, even before WW II, any such hopes of unification received a setback when in 1910 Japan forcibly conquered Korean Peninsula. When Japan was defeated at the end of WWII in 1945, there were some hopes of a Korean unification that were again destroyed by partitioning. At this time, a division was created (of a temporary nature) in order to hasten the capture of the defeated Japanese forces. This activity, which was more of a plan for collaboration during a war between different occupying forces, however, turned into game of rivalry during the post-war times and the Korean division became permanent with hopes of a reunification slowly disappearing. During the various Korean Wars that took place after the WWII there have been attempts from both sides for a forced reunification, which failed to produce any definite results. Despite the reu nification criteria, always remaining on agenda list of the Korean countries from 1953 onward, during the Cold War it was practically shelved after which the issue received very little attention. 3 The will to reunite is a strong emotion prevalent amongst both the Korean nations and is founded on the country’s long history of heritage, cultural ethnicity, and homogeneity that have created a sense of strong national unity.4 Integrated with significant influence from Chinese cultural heritage, Koreans believe in strong family ties and take deep pride in their national history and culture. Owing to this background, the Koreans still hope for a reunification, despite wars and years of tension between the two nations. Majority

Tower of Pisa Essay Example | Topics and Well Written Essays - 1500 words

Tower of Pisa - Essay Example As suggested by Puzrin, Alonso and Pinyol (2010), experts have not been agreeing on the problem leading to the failure of the project. Some argue that it is static while others argue that it was the ground sinking or the effects of the design used by the particular architect. The main cause of the leaning is attributed to the reaction of composite clay, sand, and shells on which the tower is built on. The tower was prone to two major risks one being a failure in the structure of the fragile masonry and toppling as a result of the breaking up the of the foundation’s subsoil. One of the solutions put in place to counter this problem was the installation of a counterweight on the northern side of the base of the tower so as to stop the tilting. This solution did not succeed and therefore another solution was initiated in 1995. This involved inserting compressed steel cables and the same compressing was done to the subsoil. This instead increased the leaning of the tower. After th e period of structural restoration, the tower is now undergoing surface restoration so as to repair visual damage especially corrosion and darkening. In 1964 the Italian government requested for assistance in saving the tower from collapsing, however it was considered to leave the tilt as it was vital for promoting tourism in the city of Pisa, as suggested by D’Alfonso (2005) Owing to the failure of the solutions used for restoring the tilting of the tower, the Italian commission embarked on a subsoil study program in 1965.

Fiscal Policy Assignment Example | Topics and Well Written Essays - 500 words

Fiscal Policy - Assignment Example This system allows for control of discount rates in the various district banks thereby protecting consumers. In addition, the system can be able to control money supply through easing the monetary policy through sale of financial assets to increase money supply. It can also tighten monetary policy through selling financial assets hence reducing money supply. Control via the Federal Reserve System is hence greater in terms of money supply to the economy. The Federal Reserve System monetary policy often influences the levels of spending, prices and employments through a number of means. The Reserve System main goal entails regulating money supply in the economy in order to keep unemployment and inflation low plus to promote steady economic growth. In case of inflation, purchasing power of people reduces and leads to more unemployment in a given economy. The Federal Reserve System in such instances often increases discount rates accorded to banks in an attempt to reduce the money supply in a given economy. It can also reduce money supply through buying of government bonds. In an attempt to increase spending and employment in a given economy, the Federal Reserve System often lowers the interest rates it gives to various banks. This hence results in people remaining with more money hence increasing spending. When more people spend money in buying goods and services, indicates that producers will concentrate in producing goods and services thereby creating more employment

E-Commerce Essay Example | Topics and Well Written Essays - 2750 words

E-Commerce - Essay Example The use of the Internet in this sector has given birth to e-tourism. In this scenario, e-tourism deals with offering tourism and travel related services and products over the internet. Additionally, modern IT based tools and technologies play a significant role in connecting the tourism chain creating a large number of advantages for all stakeholders involved in this business and, eventually, to the end user. In this scenario, the electronic commerce (e-commerce) can catalyze the tasks that are performed in the tourism sector. In addition, the e-tourism sector can modernize a number of ways of creating and maintaining the tourism business (Scavarda et al., 2001; Tremblay, 1998). This paper presents a detailed analysis of this latest emerging trend. The basic purpose of this research is to analyze different aspects of e-tourism. This paper also discusses the latest developments in this area. Literature Review E-tourism industry has developed as a Frontline area of information technolo gy. Many scholars and academics have conducted researches related to e- tourism industry as this industry is growing rapidly and more and more people get interested in studying this sector narrowly. Some of the researchers have highlighted the positive aspects of e-tourism; its success factors and development and some have emphasized on the challenges and weaknesses that are being faced by e-tourism industry. Developments in E-tourism In their research article, (Connell & Reynolds, 1999) discuss that there is a change in the entire system of operations of a tourism company with the emergence and implementation of new technologies. Additionally, due to the lively progress in using the information and communication technology, there is a big change in the arrangement and procedures in the tourism industry. These modifications are clear in a way that now the tourism organizations interconnect and interact with their customers and how they bring about the task of their distribution. The se progresses provide a chance for inventive tourism industry to enhance their comparative position in the global marketplace. In addition, e-commerce and ICTs are playing a major role in exploiting the internal competence and efficiency of tourism organizations. E-tourism has transformed the entire business process, the whole value chain and the relationships of travel and tourism industry with the interested parties (Connell & Reynolds, 1999; Scavarda et al., 2001). In other words, it can be said that e-tourism will progressively govern the effectiveness of the organization (Schoefer, 2003). The research shows the travel and tourism sector is believed to be a significant element of today’s financial system. A survey carried out a well known firm known as World Travel & Tourism Council (www.wttc.travel) revealed that almost 13% of the international GDP is derived from tourism and travel sector. On the other hand, tourism and travel sector has appeared as a major functional a rea in the b2c (business to commerce) e-commerce, for the reason that it corresponds to more than 50%

Explain which inventory systems should be used in each situation Assignment

Explain which inventory systems should be used in each situation - Assignment Example a. For the purposes of supplying my kitchen with fresh food, I would consider the fixed-time period model for my inventory system. This is because fresh food should be of constant supply in my kitchen and ready to use at any given time, hence I would order at certain intervals of time for example every weekend. It is also more convenient due to the different types of fresh food involved. b. Obtaining a daily news paper is definitely more of a one-time purchase, thus i would apply the single-period model for my daily newspaper. This is because I would either receive the evening news paper once in a day or the morning news paper once in a day depending with my preference. c. For the purposes of buying gas for my car i would prefer the fixed-order quantity model since I would like to maintain a given quantity of gas in my car at any given time. This quantity of gas is only eligible for refill when my car almost runs out of the quantity I purchased earlier so as to reduce my level of stocking out. The item in my list with the highest stock out cost is buying gas for my car. This is because I would only want to maintain gas quantity in my car to a certain level with a given quantity so that i would monitor it to a level that the stock out risk is great enough for me to order a

Stakeholder and Governance Analysis Essay Example | Topics and Well Written Essays - 1000 words

Stakeholder and Governance Analysis - Essay Example Its aim is to raise awareness on the dangers of the pandemic especially among the youths who are more vulnerable. The initiative is meant to promote quality health to all through the provision of clean and safe water to drink as well as awareness campaign against the spread of HIV/Aids. The main aim of the initiative is the fight against spread of HIV/Aids pandemic. The roundabout bolted on top of borehole was designed as a play power for the children hence they would be subconsciously consuming the Aids awareness information inscribed on the billboards while at play. They would be pumping clean and safe water for domestic use into the overhead tank which promotes better, quality health through the reduction of waterborne diseases and provision of water for vegetables. Stakeholders are often referred to as people who have interests in a certain project as well as those who are affected by that project. The major stakeholders in this case are the manufacturers of the roundabouts, local government, commercial advertisers, and children in particular as well as other ordinary members of the community who are beneficiaries of the project. Empowerment is mainly in the form of sponsorship from either the government or other charity organisations. The manufactures can be offered financial assistance for this noble cause by donor agencies such as NGOs. This would go a long way in establishing similar projects in many areas across the country. Stakeholders in the category of beneficiaries can be empowered through the provision of financial assistance that can be used to start small scale income generating projects that may improve the quality of their lives. Projects should be run by local community members who are the beneficiaries as a way of creating a sense of belonging such that they would utilise the project to the fullest extent inorder to achieve the desired goals. This initiative is meant to

The Use of Polygraph Tests by Law Enforcement Essay Example for Free

The Use of Polygraph Tests by Law Enforcement Essay Research Question:   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   How Reliable are Lie Detectors? Thesis Statement:   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Lie detectors are not completely reliable. 1st Source: White Jr., R. D. (2001). Ask me no questions, tell me no lies: examining the uses and misuses of the polygraph. Public Personnel Management, 30(4), 483+. This article discusses the different ways by which the polygraph is used and misused, and recommends certain guidelines for the proper use of polygraphs.   It presents both sides of what appears to be a long standing debate on the reliability of lie-detector tests, integrating significant legal developments in the discussion.    This is a good article because it outlines the history of polygraph development and use, and contrasts the pros and the cons of using polygraphs in the public sector and in law enforcement.   The article, however, may be considered a bit flawed in the sense that it seems to imply that there is nothing wrong with using polygraphs.    In this connection, it must be pointed out that the author only prescribes the use of the polygraph in narrowly-tailored, tightly circumscribed instances, which, upon a deeper analysis, means that the author is against the wholesale, indiscriminate use of polygraphs.   In other words, the author seems to imply that as a general proposition, the use of polygraphs or the results taken therefrom are not completely reliable, and may only be considered as such in certain instances.   Another strength of the article is that it discusses not only the technical aspects of polygraph use, i.e., its validity and reliability, but also its legal and ethical or moral implications. The article is relevant to the above topic because it discusses the use of polygraphs not only against criminals, but as against the individuals that compose the public sector.   It lays down the premise that despite the controversy regarding the use of polygraphs in the past, at present, its use has become more widespread and is applied not only to criminals or suspected criminals, but also to government employees and in government agencies, who are on the right side of the law. With respect to the article’s relevance to the question on the reliability of lie detectors and the statement that lie detectors are not completely reliable, as mentioned, the article presents both sides of the argument, and the conclusion implies that, in fact, lie detectors are not completely reliable because if they were, they could be used at any given instance, at any given time, without having to prescribe specific parameters for its use. The main argument for the continued use of polygraphs is that in numerous cases, the physiological responses elicited by questioning indicate the guilt or innocence of a person, because of the way people are supposed to react when they are lying or telling the truth.   The easiest criticism against the reliability of characterizing outcomes such as increase in pulse is that each person reacts differently to a particular situation. Hence, the person may be telling the truth, but he may feel nervous at being questioned and being strapped to a machine, so his pulse may be uneven.   Studies conducted, particularly by the Office of Technology Assessment or OTA, show that there is a large variance in the cases where the individual who was tested via polygraph was held to have been telling the truth when he was actually lying, or when he was found to be lying when he was actually telling the truth. Also assailed is the lack of training of the people who operate polygraphs, and the lack of operational guidelines in the actual use of the machines, as well as the use of what are called countermeasures that enable certain individuals to â€Å"beat† the polygraph.   In conclusion, the author concedes that reliable or not, polygraphs will still be used, and thus proposes several tests or criteria by which to determine whether or not a polygraph should be used, such as the existence of a compelling public interest, the presence of independently corroborating evidence, and the imposition of stricter controls with respect to actual testing.   The use of such criteria could mitigate the inherent unreliability of polygraph testing. 2nd Source:   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Dripps, D. A. (1996). Police, plus perjury, equals polygraphy. Journal of Criminal Law and Criminology, 86(3), 693 to 716.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   The article presents the author’s theory that making polygraph examination results admissible in evidence as a general proposition will ward off the evil of perjury committed by law enforcement agents.   The arguments presented by the proponent are very structured and organized.   The author paints a very convincing picture of the disadvantages and prejudice brought about by the current general rule on the inadmissibility of polygraph test results vis-à  -vis police testimony with respect to suppression hearings. The only weakness of the article is that it concedes, even if merely for the sake of argument, that polygraph testing results are generally unreliable, but they should be used anyway to at least ensure that policemen do not commit perjury on the stand when they testify as to the factual milieu of the case and the seizure of evidence.   It is a good article to contrast with the first because the arguments are similar but the conclusions and implications are different, and the details should be examined more closely to determine why, despite the similarities, there still exists a discrepancy or difference in opinion.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   The article is relevant to the above-mentioned topic, because it relates to the use of polygraph tests by and against law enforcement officers.   Like the first article, it presents the use of polygraphs not only as against suspected criminals, but even against those on the other side of the law.   It is relevant to the question on the reliability of polygraph testing and on the thesis that polygraph tests are not completely reliable because it argues against the thesis by citing the rules on evidence.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   In the case of Daubert v. Merrell Dow Pharmaceuticals, the Supreme Court held that the use of expert testimony based on valid science is admissible in evidence.   Despite the controversy as to its reliability, several scientific agencies have attested to the valuable use of polygraphs and have provided for acceptable margins of error; after all, nothing is perfect, and to expect that polygraph results are a hundred percent reliable would be an exercise in futility.   With the allowable margin of error, polygraph results are made more reliable.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   The article points out the background behind the OTA study; it was undertaken at the behest of the legislature on a move to be more stringent in regulating the use of polygraphs.   Many government institutions and agencies rely on polygraphs to help them ferret out the truth, such as the CIA, the FBI, and the Department of Defense. The article stresses that in general, polygraph test results can be relied upon, because it involves a science that has been empirically and objectively tested, and when the testing is done properly, the margin for error is acceptably low. In the specific context of suppression hearings, the admissibility of polygraph results as explained through expert testimony would better protect the rights of the accused, as many policemen are unfortunately wont to lie even under oath to ensure that crucial evidence does not get thrown out and the case against the accused does not fall apart.   At the very least, the admission of polygraph results would make law enforcement officers, and criminals, think twice about lying on or off the stand, and would contribute in some way to the proper administration of justice.

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled