Design and Implementation of Multimedia Streaming Forensics System in a Gigabit Passive Optical Network--The Case Study of SIP Phone Applications

• Main Authors: Cheng-wei Hung, 洪丞緯
• Other Authors: Guang-ming Wu
• Format: Others
• Language: zh-TW
• Published: 2013
• Online Access: http://ndltd.ncl.edu.tw/handle/m3wtv2

碩士 === 南華大學 === 資訊管理學系 === 101 === 　　With the mature development of video and audio streaming applications, the multimedia session streaming services have become one of the popular internet services. While using the session service, the session control channel is fixed and using a well-known port, but the data channel is using select a dynamical and unknown port. The data channel would be decided in the control messages. For SIP (Session Initiation Protocol) applications, the voice data channel would be aware from the SDP (Session Description Protocol) information of SIP messages. Therefore, it’s difficult to implement a digital forensics system for multimedia session streaming services. Because of the rapid development of network architecture, the speed and quality of networks is increasing continually, such as from traditional dial-up access networks to fiber optic networks. The malicious attack from internet becomes difficult to tracking and record the illegal network behavior. Many network security problems are spread. Thus, it has to be redrawn by using digital forensics system to diagnose and recover the security events. Digital forensics is also called computer forensics. The network situation and behavior of the security events would be replayed by using computer forensics technology. The network packets are captured in OLT (Optical Line Termination) by using a traditional network forensics for GPON (Gigabit-capable Passive Optical Networks). Due to the symmetrical network speed with 2.5Gbps, the forensics task could not be handled in the high-speed situation. Some packets could be lost and the forensics is incomplete. This thesis proposed a two-tier architecture of forensics system with distributed loading. The system components were developed: Snooping Agent, Analyzing Server, and Media Processing Server. The System is design for GPON environment. Snooping Agent on the ONU (Optical Network Unit) deals with the packet capturing of SIP control channel, and the captured SIP packets are sent to the back-end component (Analyzing Server). The port numbers of the data channels will be figured out by Analyzing Server. According the port numbers, the audio and video packets will be captured and delivered to Media Processing Server. All of the session information and users data is stored in database and presented with web interface for event search. This thesis presented the two-tier structure of forensics system with distributed loading can reduce the loading of the centralized analyzer and data storage. The most packets are filtered in each ONU, and only the captured packets would be analyzed or stored.