User Access Control and Authentication System for VoIP Service in Mobile Communication Environments

VoIP, which is used to transmit voice data on the Internet, is being welcomed as a replacement for the PSTN. In VoIP, voice data are converted to IP data and transmitted in an ordinary IP network. As a result, it is less expensive than the ordinary telephone network and has excellent scalability. With the increasing demand for VoIP services, problems are also occurring, namely, security vulnerabilities and degraded service quality. To address these issues, in this paper an AA (Attribute Authority) server is added to VoIP to design an authentication system with bolstered security and differentiated user access.


Introduction
When it comes to multimedia techniques, as networking techniques advance, the link with the Internet-which connects the entire world-is accelerating.Demands on services such as video conference and VoIP (Voice over Internet Protocol), which use the same IP (Internet Protocol) network to deliver multimedia data, including audio and video data, are quickly increasing.The ubiquitous computing environment has become important, which allows users to connect to the network regardless of their location.Along with this, the sensor network environment is also increasingly becoming important, which is what ubiquitous computing is based on.As there is no need to predetermine the locations of sensor nodes in a wireless sensor network, the nodes can be placed at arbitrary locations, which is especially useful for applications involving difficult-to-reach areas and for disaster rescue.
Although VoIP efficiently provides voice communication between nodes, for it gains greater use, a variety of services are needed.Examples of additional services include various types, including call transfer, call forwarding when busy or when there is no response, call reservation, call waiting, and call filtering.As a signaling protocol of VoIP for users to register services that they want at any time using a simple way, SIP and H.323 in particular are getting the attention [1].
Although increase in the number of users is expected for VoIP, there can be various problems with the packet network from a security standpoint in the fact that anyone can access it as it is an open network.While a PSTN can attacked only by physically accessing it, when it comes to a VoIP even remote attackers can be easily alter signaling messages or wiretap voice packets.Standardization of the SIP began at the IETP by considering expandability, component reuse, and interoperability as key criteria.SIP provides secure messaging services using digest user authentication, TLS, and S/MIME.Media security is implemented by using SRTP (Secure RTP), which is currently being drafted.Although using a stable security model can secure security, there is a disadvantage that the quality is drastically reduced for users, making it inconvenient for use [2].
In this paper a system is designed that addresses security problems caused by the increase in the use of VoIP services and for providing discriminate services according to user 2 International Journal of Distributed Sensor Networks access privileges.This paper is organized as follows.Section 1 gives the introduction; Section 2 is on related research; Section 3 describes the proposed technique and system; Section 4 System configuration; Section 5 Implementation and Performance Analysis; and Section 6 gives the conclusions.

Related Research
2.1.VoIP.VoIP is a service that uses the packet network originally designed for data communications for Internet telephony.It is a communication service that converts voice data to Internet protocol data packets so that calls can be made over the ordinary telephone network.Compared to the traditional telephone network service, it is low cost, supports multiple users simultaneously over the cable, and is highly extensible.Some of the protocols used are SIP and H.323 [2,3].

PKI.
Public Key Infrastructure (PKI) is a composite security system environment that provides encryption and e-signing using a public key algorithm.That is, in PKI, data sent and received are encrypted and decrypted using a public key and a private key.Furthermore, a digital certificate is used to authenticate users.Different types of certificates include X.509, SSL, SET, S/MIME, and IPSec.The most widely used type of certificate is the X.509.X.509 is an ITU-T standard specifying standard formats for certificates.The X.509 v3 certificate standard, which came into being in 1995, is being recognized as the de-facto standard for PKI.The certificate system is a means of obtaining security in e-transactions or distribution of information.Under the system, the user's identity is checked, changes to information have to be confirmed, and user confidentiality is ensured.Data encryption schemes include the public key encryption and the private key encryption [4,5].

Attribute Certificate.
The attribute certificate refers to a type of certificate that plays a special role according to the particular environment rather than the certificate for personal identification as information protection services of various purposes increase in e-commerce.This type of certificate is used only for a specific goal and has a shorter lifespan than certificates used for personal identification.It can be used along with personal identification certificates.It has diverse applications in many fields such as network access control, billing according to access to contents, and web page access control [6][7][8].

APTEEN. APTEEN (Adaptive Periodic Threshold
Energy Efficient sensor Network protocol) provides a hybrid network that, while minimizing limitations of a priori sensor networks and responsive sensor networks, leverages on the advantages of both of them.APTEEN is designed for time-critical situations: it regularly transmits data to the users, informing them of the overall situation of the network, and immediately responds to sudden changes in the network status.The user can also set threshold values for count times and attributes, managing energy use [9].

ECSE. In ECSE (An Efficient Clustering Scheme through
Estimate in Centralized Hierarchical Routing Protocol) [10], locations and energy levels are transmitted in the same way as in LEACH-C [11], and it uses simulated annealing algorithm [12] to select clusters based on energy levels and chooses the CHs.All nodes are requested to transmit energy levels only during settings in the first and second rounds.Starting with the settings in the third round, all sensor nodes are not requested to transmit current energy levels again.This is because, when one round is finished, the amount of energy remaining in each of the nodes can be found out, so it can be calculated how much energy was consumed on average by CHs as well as by ordinary nodes.

Proposed Technique
The following are the prerequisites for the proposed technique.
(i) The AA server and KMS server go through authentication beforehand and know each other's public key values.
(ii) The user generates a public key and a private key based on the PKI authentication technique, registers the public key with the KMS server, and requests for a certificate to be issued.
(iii) The KMS server includes the public key value of the ADD server when issuing the certificate.
(iv) AA server, at the same time a function of the base station.

User Registration
Process.This is the process of registering the user before using the service.The register server issues a user certificate and the location server stores this.The register server and the location server are physically at the same location.The user registration algorithm, in which the user is registered with the register server and the certificate issued, is as follows.
3.2.Service Operation Structure.Communication using SIP involves going through a call connection process, during which various pieces of information may be leaked such as sender/receiver information, encryption technique, and method of communication.Therefore a secure call setup is needed.An authentication server and a KMS server are added based on the SIP call setup in the existing VoIP environment for the authentication process.As shown in Figure 1, the servers authenticate each other beforehand and share their public key values.In the call setup stage, the sender first sends a hello message and its certificate to the proxy server, which checks the certificate, and sends a response message that messages have to be encrypted.message, its public key is generated based on that public key.The proxy server sends to the AA server the INVITE message and a public key certificate that includes a random number R and a hash value (R).The user is identified using that certificate and the AA server sends the attribute certificate and the contents received from the proxy server.The SMS server receives that information, reviews the contents of the user certificate and the attribute certificate and sends the other party's address value and certificate.The proxy server encrypts using the public key obtained from the other party's certificate and sends it.The proxy server on the receive side does authentication of the sender at SMS.Also, the sender's attribute certificate is verified at the AA server.When this process is complete, the proxy server sends a message to PSTN, and the telephone network sends the message using bell sounds.If the process is successfully complete, a response message of "200 OK" is sent to indicate the call has been connected.The sender sends "ACK" to indicate that the message has been received successfully.This completes the call connection.When secure call setup is complete, data transmission begins with the RTP protocol [13][14][15].

System Configuration
4.1.Proxy Server.The proxy server is designed to physically include the register server (location server).
Besides the forwarding feature which simply delivers messages (see Algorithm 1) the proxy server includes a privilege control feature for controlling privileges in relation to issuance of attribute certificates and also a security module for providing security features.

AA Server.
As shown in Algorithm 2, the AA (Attribute Authority) server checks the client's privileges in the process of establishing a session prior to data transfer and issues the attribute certificate according to the privileges.It is a server that creates attribute certificates for managing clients' privileges, and it manages user privileges.AA server, at the same time a function of the base station.

Redirect (SMS)
Server.The redirect server includes the following features: searching information at the other address, verification of attribute certificates, management of different servers, and issuance of certificates for the servers (see Algorithm 3).
For ordinary systems, tapping is possible because encryption is not used.For TLS based systems, however, as the session was not formed to begin with, receiving information itself is not possible.
While ordinary systems can be wiretapped by receiving the subscriber identification of the SIP server, for TLS based systems or for the proposed system, as a public key-based certificate is used, as long as the private key is not known by the attacker, wiretapping is not possible.
(2) Integrity.The forged call in Table 2 is an attack that makes normal service not possible by sending a large number of forged INVITE messages in a short time.
For an ordinary system, attack is possible because a forged message can arrive, but for a TLS based system or the proposed system, since there is a stage where the session is set up or the attribute certificate is verified before a message is received, the attack will not be valid.Also, although RTP packets can be inserted intermittently in order to make call difficult for the target of attack or cut it off altogether for an ordinary system, since the other two systems include encryption, even if RTP packets are received by the servicing port, packets that are not encrypted will not be recognized as normal packets.

Comparison of Advantages and Disadvantages of Each
System.While the ordinary VoIP system has fast response speed and low load on the system, its level of security is poor, and as a result systems with TLS added have become almost a de facto standard.
But while these systems have excellent level of security, as a TLS session has to be set up every time a session is set up for each server, response time is slow and there is a lot of load on the system compared to ordinary systems.For the proposed system, however, an adequate level of security is provided while having less load on the system than TLS based systems (Table 3).

Conclusions
The ubiquitous computing environment has become important, which allows users to connect to the network regardless of their location.Along with this, the sensor network environment is also increasingly becoming important, which is what ubiquitous computing is based on.As there is no need to predetermine the locations of sensor nodes in a wireless sensor network, the nodes can be placed at arbitrary locations, which is especially useful for applications involving difficultto-reach areas and for disaster rescue.For activation, which effectively provides voice calls between terminals, various services are required and VoIP development environment of these.
VoIP, which is used to deliver voice data on the Internet, is being welcomed as a means of replacing the PSTN.In VoIP, voice data are converted to Internet protocol data packets so that they can be delivered in an ordinary IP network.Thus, compared to ordinary telephone networks, it is of low cost and highly extensible.As VoIP services gain more traction, problems started to appear in terms of QoS and security.In this paper an authentication system is designed which is made secure and provides differentiated services according to user access.It does this by adding an AA server to the VoIP sessions setup stage.For future work, ways to increase QoS would need to be studied.

Figure 2 :
Figure 2: The response time with the number of INVITE.

Table 1 :
The comparison of the secret.

Table 2 :
The comparison of the integrity.

Table 3 :
The comparison of each system's merits and faults.