Livestock Disease And African Food Security Essays - Animal Virology

Domesticated animals Disease And African Food Security Domesticated animals Disease and African Food Security A difficult issue in Africa today is the rise of wild, destructive strains of ailment that are influencing domesticated animals and desolating populaces of pigs and steers in numerous African countries, putting food security in danger in numerous populaces of different countries. With effectively significant food shortage issues among many developing African countries, ailment will just further weight an effectively critical circumstance for food security in Africa. Animals assume significant jobs in cultivating frameworks, which give essentially food and salary, which is vital for food security. Almost 12 percent of the world populaces depend entirely on domesticated animals for its work. (4) The most recent flare-up of African Swine Fever (ASF) in the West African island country of Cape Verde compromises the nation's whole pig populace, as indicated by a 1996 FAO report. The sickness has been endemically present in any event part of Cape Verde archipelago since 1985 - with pinnacles of dismalness/mortality two times per year, in spring and winter. (1) ASF is brought about by an especially safe infection and is a possibly crushing malady. Not many pigs endure contamination and those that do are infectious. ASF is endemically present in wild pigs in southern and eastern Africa in a cycle including contaminated local pigs, delicate ticks and wild pigs. (1) In different biological systems of Central and Western Africa there are enormous flare-ups of this infection among household pigs and the illness happens somewhere else in Africa. In all zones, disease is generally normal because of contact with tainted, recuperated or bearer pigs and ingestion of defiled or contaminated trash, pee and excrement. Different strains have happened in various areas because of the expanding utilization of non-indigenous pigs, which are especially powerless against this. Creatures are being transported by street and air and are not being isolated appropriately if by any stretch of the imagination. This compromises any nation that depends on domesticated animals for food security. ASF is a very safe infection and can spread rapidly among populaces that are kept in poor sterile conditions. Numerous specialists concur that infections, for example, ASF will keep on spreading all through African pig ranches if appropriate sterile conditions are not met and legitimate isolate's aren't managed to attempt to check the spread of this illness. Since there is no antibody accessible, crushing tainted creatures is the essential strategy for taking out the ailment. In an alternate episode in Cote d'Ivore, just about 22,000 pigs were murdered by ASF and another 100,000 were butchered trying to annihilate the infection. (2) Yet another ongoing flare-up of ASF has surfaced in West African nation of Benin on the Nigerian fringe. Specialists detailed very nearly 3000 pigs dead and the FAO has sent a group called EMPRES (Emergency Prevention System for Transboundary Animal and Plant Pests and Diseases) to examine similarly as they did in both Cape Verde and Cote d'Ivore. (2) The group was assembled with an end goal to control plant and creatures infections that can pressure a nations cr ucial food security issues. An alternate infection called Classic Swine fever, which isn't as dangerous a strain is the thing that the Benin authorities state it is, however the EMPRES group fears this could be the fatal ASF rendition. An intense issue that comes all of a sudden, ASF can totally obliterate a nations pork industry in light of the fact that once the news gets out, no nation will exchange or purchase any animals with that nation. This can have genuine ramifications on meat eating societies. In Cote d'Ivore, all pig deals were halted in 1996 and proceeded again in 1997 with an all out misfortune evaluated to associate with US $18million. The FAO report says that around 60 percent of Benin's populaces depends exclusively on farming and loads of 600 000 pigs assume a fundamental job in salary age and national food security. (3) There are different strategies used to cultivate pigs in both Benin and Cote d'Ivore. Business ranches are the most elevated in yield and are freq uently hit hardest by the sickness because of crowdedness and simple transmission starting with one contaminated pig then onto the next. Others raise pigs in patios where the creatures are presented to trash and unfortunate conditions. Both of these strategies for cultivating pigs are at the most elevated hazard for

Chapter 12 Review essays

Section 12 Review expositions Section 1: The Science of Psychology Section one of our content starts by talking about psuedoscience, or as the creators call it psychobabble. Fundamentally they examine how usually individuals are regularly deluded by bogus brain science in our way of life and frequently in the media. The creators look into genuine mental practices with psuedopsychology, which regularly needs obvious proof and appropriate techniques for research and data recovery. I was happy to see that the creators talked about this point and explained the contrast among psuedopsychology and real brain research. It was useful to have explanation of what is real and what isn't inside the field of brain research. The rest of part one talks about two different points, Critical Thinking and the historical backdrop of mental practices. Basic reasoning is a developing procedure, which one uses to arrive at a sensible obvious end result. It is basic that Psychologists utilize Critical Thinking when reaching a resolution with respect to the current issue. This area on Critical Thinking gives the peruser a decent base to start thinking Psychologically and it is useful in permitting one to reach an impartial resolution. This segment was useful in depicting to the peruser how analysts reason and reach obvious end results in their field of work. The historical backdrop of Psychological practices was the area of section one that I least delighted in. This was generally because of the way that I was at that point mindful of the vast majority of the data that was given. Anyway it is significant that individuals acknowledge how the field of Psychology has created and it's various strategies, so this sectio n effectively provided this data. Part 2: How Psychologists do Research The second section of our content covers the subject of how Psychologists approach acquiring results from their examination. This part examines the different strategies and practices that Psy ... <!

The Journey to Turn Your Credit Around

The Journey to Turn Your Credit Around The Journey to Turn Your Credit Around The Journey to Turn Your Credit AroundImproving your credit score is like building Rome. It isn’t going to happen overnight and you probably don’t want to do it alone. That’s why you have to see improving your credit as a journey, and why you should get help from friends, family, and your buddies over here at the OppLoans Financial Sense Blog.In order to give you a sense of the steps you’ll take on your credit score voyage, we spoke to Courtney Sanders, an entrepreneur and speaker who overcame her own bad credit problems, and friend of the blog Jeanne Kelly, one of our favorite nationally recognized credit experts.Lace up your shoes, because your credit journey is about to begin.Start paying off your bills on time.This can be the simplest, and sometimes, the most difficult step. But according to Sanders, it’s an important first step: “Pay your bills on time every month, even if you have to call the credit card company and negotiate a lower minimum payment. The important t hing is that you establish regular, on-time payment history.”Your payment history is 35 percent of your credit report, making it the single largest factor in determining your credit score. That’s why it’s the first place to start fixing things up. It can take real sacrifice and dedication to get your bills in order, especially if you’re far behind. You shouldn’t hesitate to ask friends and family for help if you need it. Having a better credit score might mean you’ll be in a better position to help them out if they ever need it.Look back at old loans.Just because you’ve forgotten about old loans, that doesn’t mean those loans have forgotten about you. Those old loans can impact your credit score now. You should review your entire financial history early on your journey to fix your credit. According to Kelly, one of the big examples of past loans deserving of review are student loans:“Review all your student loans after graduation. You might have old emails or old h ome address, as your parents possibly moved after you graduated high school. If you do not get notices once payments are due, that will drop your credit score if they are not paid on time. It’s very important to check on what loans you have outstanding and when payments are due. Often students do not realize that each semester the loan was taken out is another account on your credit report. So, if you happen to go to college for eight semesters and needed loans for each, that would show up as eight separate loans on your credit report. Miss one payment and that is eight loans in the negative section of your report showing that missed payment. You might want to look into consolidating the student loans into one loan after graduation.”Start managing your credit card properly.It isn’t enough to just pay your bills on time. The next step of your credit score journey is using your credit card in a smarter way. That’s why Sanders recommends you: “Manage your credit card utilizat ion ratio. Dont carry a balance higher than 30 percent of your available credit at any one time.”Your credit mix might only be 10 percent of your credit score, but you want all the help you can get. Even if you’re paying all your bills, having too much racked up on your card doesn’t look good to the credit bureaus who calculate your credit score.Don’t close other cards.Although having too high a balance on your credit card is bad, that doesn’t mean that no balance is better. It might seem counterintuitive, but closing old credit cards can actually make your credit situation worse. Here’s how Sanders explained it:“Keep credit lines open. I know when people are trying to get out of debt they think they should pay everything off, close all of those credit card accounts, and that will improve their credit score. While paying things down is definitely great for that credit card utilization ratio, if you close the account it could actually hurt your credit score because you want to establish credit history. So the longer that you have credit lines open and you can demonstrate that you have a good track record in paying your bills every month, the better it is for your credit score.”The length of your credit history is 15 percent of your credit score, so again, not the biggest part, but not nothing either!The promised land of better loan rates.It won’t be an easy journey, but the destination makes it worth it. You can learn more in our recent blog post How Fixing Your Credit Can Fix Your Future. Whether it’s getting better rates on a loan, a car, or even a job you might get turned away from if your credit was worse, it’ll all pay off in the end.Visit OppLoans on YouTube | Facebook | Twitter | LinkedINContributorsJeanne Kelly (@creditscoop)  After being turned down for a mortgage 15 years ago, Jeanne Kelly realized she needed to get her credit in order. Not only was she able to fix her bad credit, but she took the skills and knowledge she gained and decided to share it with the world. Now she’s a nationally regarded credit coach and expert, with multiple books and television appearances. Follow her on Twitter and check out her site to get the credit help you need!Courtney Sanders  is an entrepreneur, speaker, and rising authority on women’s empowerment. Through her training and development company, Think Grow Chick, LLC, Courtney provides online in-person education, mentorship, and community for millennial women. After educating herself on the “ins and outs” of personal development, money management, and entrepreneurship, Courtney climbed her way out of debt in a few short years and went on to successfully launch Think Grow Chick.In 2015 she authored the book, Get What You Want: The Ultimate Guide to Figuring Out + Getting What You Want in Life which has since served as a catalyst for several related trainings and programs.

Apperences vs. Reality in Twelfth Night Essay - 851 Words

Appearances vs. Reality M.C Escher said, â€Å"Are you really sure that a floor cant also be a ceiling?† This quote is saying that what you see and what is actually there can be two different things. Appearances versus reality is a recurring theme in William Shakespeare’s play, Twelfth Night . Appearances hide an important reality and sometimes can get in the way of a character from developing or attaining his or her goal. The problems that happen involve disguises and deceit of one form or another and create tension amongst the characters. The reason Shakespeare has this recurring theme is because of the comedy that comes with it. It is funny for the reader to see the situational irony that occurs and is what makes the play.†¦show more content†¦Malvolio is mislead at one point of the play by Maria and Sir Toby. They write him a fake letter that is supposedly from Olivia saying how much she loves him. He only believes the letter because he loves her so much and will believe a nd do whatever it takes to be with her. This is his down fall with what appears to be a good situation for him, but is actually people playing tricks on him. He acts how he really feels in front of Olivia to only turn her off, and because of his own pride causes him to act foolish. Love itself is an appearance that beats reality when its taken to lightly and overcomes the reality so all you can see is the appearance of love. Count Orsino believes he is in love with Lady Olivia, however he is in love with the idea of being in love. He claims to love Olivia but really he is growing very fond of Viola/Cesario, this appears to be him loving these two women but is actually like stated previously him being in love with the idea of being in love. With Olivia mourning the death of her brother it is a viable excuse not to see men at the moment. However in

I m Planning On Pursuing A Course - 1405 Words

Summary I’m planning on pursuing a combined MD/Ph.D. program, which combines both medicine and research to train the next generation of physician-scientists. The path to becoming a physician-scientist is daunting and long, which could take up to 15 years. Aside from having both medical and research training, successfully physician-scientist should also be a problem solver, a critical thinker, resilient, a hard worker and good writer. Writing skills are very important in this field because physician-scientists have to write proposals and manuscripts. Upon successful completion of their training, physician-scientists usually work at academic medical centers doing research and applying it to help patients at the bedside. The prime goal of physician-scientists is to use research findings to push the boundaries of medical mysteries. Introduction During my sophomore year, when people asked me what field I’m trying to get into after graduation, I tell them â€Å"I’m not sure, probably medical.† At that time, I was debating on whether to go to medical school or graduate school. It was then, that I learned about an MD/Ph.D. program, also know as a physician-scientist program, which combines MD and Ph.D. degree for people interested in both medicine and research. Since I learned about a combined MD/Ph.D. degree, I’m planning on pursuing it because it integrates both medicine and research to treat patients. At this point, I’m planning on taking a year or two off and apply to jointShow MoreRelatedGraduate Study Challenges and Strategies for Personal Success1589 Words   |  7 Pagesarenas. Pursuing a graduate study and improving communication skills are a few of many ways I chose to guarantee my personal and professional success. It wasn’t easy taking the decision to pursue a graduate stu dy, and like all major decisions in one’s life, it comes with challenges, which were of an emotional, financial, and organizational nature in my case. To facilitate success, setting goals is most commonly seen as the way forward. In addition to discussing setting goals and milestones, I will beRead MoreI Was Born Into The Sciences855 Words   |  4 PagesDrew M. Zimmerman Personal Statement FHSU Biological Sciences Degree Objective: M.S. in Microbiology I was born into the sciences. My entire life I have been exposed to the inter-workings of biology and that has not changed even to this day. When I was younger, I fondly remember being sent out with my friends to help collect various insects with my mother when she was attending Fort Hays for her master’s degree. I have met a lot of really fantastic professors at Fort Hays that make you feel likeRead MoreMy Statement of Purpose: Transitioning from Production Engineering to Industrial Engineering827 Words   |  3 Pagesare all predicated on a fascination with engineering. From a very young age, I have been fascinated with how devices work, and as I learned more about how engineering is a disruptive force in many industries, I knew this had to be my profession. My passionate pursuit of expertise in this field led me to pursue an undergraduate degree in production engineering. Growth in Engineering Years Within the next few months, I will be completing my Bachelors of Engineering in Production Engineering fromRead MoreStatement of Purpose for Mechanical Engineering Essay710 Words   |  3 Pagesenvironments ranging from space travel to automobile manufacture, there is no doubt that Mechanical Engineering is vital in our modern live. I want to attain the highest level of education and transcend new scope for research in Mechanical Engineering. I personally feel that there is substantial cachet to be gained by pursuing the field of Mechanical Engineering. I enjoy the diversity of the subject, projects are wide , varied and always different, all this make it interesting. I’m attracted by its dynamicRead MoreGraduate Studies Challenges and Strategies for Success Essay975 Words   |  4 Pagesdifficult decision. Before making that decision, I had to research the challenges that graduate students face during their studies. In my research, I have found that three of the most challenging obstacles that will affect my studies during my desire to achieve a higher education will be financial, effective time management, and stress. I will describe effective strategies for managing each of these challenges to achieve success, while pursuing my graduate degree in masters of health administrationRead MoreAvon Study Case1603 Words   |  7 PagesAssignment Avon Study Case Student’s name Professor’s name Dr. Course title 532 – Talent Management Date 2013 Provide a brief description of the status of the company that led to its determination that a change was necessary. In 2005, Avon Products success story turned ugly. After six straights years of ten percent plus growth and a tripling of earnings under CEO Andrea Jung, the company suddenly began losing sales across the globe. The company found itself challenged byRead MoreLeadership and Management1397 Words   |  6 PagesLeadership and Management Introduction The evolution of leadership might best be summed up by Mohandas Gandhi (NDI) who said, I suppose leadership at one time meant muscles; but today it means getting along with people. There is an abundance of well-researched literature on the roles and functions of leadership and management, however the simple fact is that leadership and management techniques vary from organization to organization and situation to situation with respect to culture andRead MoreThe Kingdom : An Attack American Accommodation Compound1434 Words   |  6 PagesAs stated in the second paragraph, the group identified with a religion alone with civilian victims who have no ties to the group. Chapter 1 Life Course Theory The connection between radicalization and terrorism is best theorized in terms of the theoretical perspective acclimates mostly to temporal ordering (Richard Rosenfeld, 2011). The life course perspective focuses on an offender’s varying personal choices and life experiences over time, and seek to uncover trajectories or turning points whichRead MorePersonal Statement Of Purpose Of An Organization942 Words   |  4 PagesStatement Of Purpose â€Å"To give real service, you must add something which cannot be bought or measured with money† –  Sir M. Visvesvarayya I am MR.DARSHAN NARAYANA, an undergraduate in Civil Engineering and a graduate in Construction Technology, would like undergo the PhD program in Civil Engineering / Construction Engineering / Construction Management at your esteemed I hail from an upper middle class family that lays very strong emphasis on education. Both my parents, who are AdvocatesRead MoreMy Statement of Purpose: VLSI Design703 Words   |  3 Pagessoftware to make the most use of these innovations. Moores Law, which states that an integrated circuits capacity will double every eighteen months while its size drops by 50% (Freeman, 1987), serves as the basis of many of the product development and planning strategies of VLSI circuit and processor designers today. Andy Grove, one of the founders of Intel Corporation, credits Moores Law with the invention of the microprocessor and the global PC growth occurring for the last four decades (Anagnostopoulos

Odysseus’ Search for Purpose in Homers Odyssey Essay

Odysseus’ Search for Purpose in The Odyssey As a wayfarer in life, The Odyssey focuses on life’s greater purpose through the fulfillment of destiny, perseverance, and loyalty. These three themes recur continuously throughout Odysseus’ journey, molding life’s greater vision. Odysseus comes to understand his purpose in life by remaining true to these major themes as he faces and conquers each obstacle in his journey. The overarching theme of The Odyssey is the belief that man cannot escape the destiny which has been preordained for him by the gods. Destiny plays a vital role in the survival of Odysseus throughout his adventures. As Odysseus languishes on the island of Calypso, Hermes commands her to free Odysseus in order for†¦show more content†¦Odysseus’ freedom to make his own decisions is altered my what the gods have preordained for him. Not only do the gods have control over the day-to-day destiny of mankind, but they also decide the circumstances of each mortal’s life. No matter how a mortal struggles, he will die under the conditions that the gods have set out for him. Eurymachus explains to Penelope, Death from the gods can no man shun(161). Eurymachus seeks to comfort Penelope by pointing out that worrying about the fate of her loved ones is useless, since their fate will be decided by the gods and once it has, there is no escaping it. Throughout Odysseus’ journey he is able to persevere against the overwhelming odds he is faced with. The driving force behind Odysseus’ perseverance is his hunger to get home; his crew however does not share this passion and therefore lacks the strength of character to fight on. Odysseus looks back on his life or death struggle as his ship is lost in Poseidon’s storm, out of the ship my comrades fell and then like sea-fowl were borne by the side of the black ship along the waves; god cut them off from coming home. I myself paced the ship until the surge tore her ribs off the keel, which the waves then carried along dismantled. The mast broke at the keel; but to it clung the backstay, made of oxhide. With this I bound the two together keel and mast and getting a seat on these, I drifted before the deadlyShow MoreRelated Disguises in Homers Odyssey Essay954 Words   |  4 PagesDisguises in Homers Odyssey   Ã‚  Ã‚  Ã‚   In Homers Odyssey, disguises help convey a false identity that assist the characters in accomplishing their plans.   Each disguise has its own purpose, such as Athenes image as Mentor to advise Telemachos.   Her purpose was to assist and encourage Telemachos into searching news of his long lost father without revealing her true identity of divinity.   Being old and wise, and especially male, helps put more power behind the words spoken by Mentor because menRead More Essay on Names in The Odyssey and The Bible1634 Words   |  7 PagesImportance of Names in The Odyssey and The Bible      Ã‚   Two of the most widely studied ancient works are Homer’s Odyssey and the book of Genesis from the Bible.   Each of these texts provides a unique viewpoint of an early civilization.   In both of the texts, one can learn not only stories about great heroes, but also about the way that these peoples lived and what they believed.   Many interesting parallels can be drawn between the two developing societies shown in the Odyssey and the book of GenesisRead More A Comparison of Homeric Formalism in The Iliad and The Odyssey1339 Words   |  6 PagesHomeric Formalism in The Iliad and The Odyssey Much that is terrible takes place in the Homeric poems, but it seldom takes place wordlessly... no speech is so filled with anger or scorn that the particles which express logical and grammatical connections are lacking or out of place. (from Odysseus Scar by Erich Auerbach)    In his immaculately detailed study comparing the narrative styles of Homer to those of the Bible, Erich Auerbach hits upon one of the most notable intriguesRead MoreEssay about Use of Disguise in Homers Odyssey1056 Words   |  5 PagesThe Use of Disguise in Odyssey       In Homers Odyssey, the use of disguise to help convey a false identity assists the characters in accomplishing their plans.   Without the use of disguise it would thwart Odyssey’s attempts at arriving back to his homeland. Each disguise has its own individual purpose, for example Athenes image as Mentor to advise Telemachos.   The main intention being to assist and encourage Telemachos into searching for news of his long lost father without revealingRead More Use of Disguises in Homers Odyssey Essay986 Words   |  4 PagesUse of Disguises in Odyssey      Ã‚  Ã‚  Ã‚   The characters use of disguises in Homers Odyssey is a crucial element that helps to catalyze the victory of good over evil.   Each disguise is unique, created for a specific purpose.   Before she talks to Telemachos, Athena disguises herself as a wise old man in order to ensure that her words carry weight and are taken seriously.   She knows that she must assist and encourage Telemachos into searching for his long lost father without revealing her divineRead More Homers Odyssey and Dr. Seuss’ Youre Only Old Once Essay1512 Words   |  7 PagesHomers Odyssey and Dr. Seuss’ Youre Only Old Once      Ã‚  Ã‚  Ã‚   What animal walks on all fours in the morning, on two legs at noon, and on three legs at night? The famous riddle of the sphinx that has been pondered for many years; it is a universal issue that affects all people of every nationality, ethnicity, religion, or geographic area. We, ourselves, are the answer to this puzzle and yet we fight this explanation with every tool possible. We avoid it, refuse to admit it, read about it, jokeRead MoreAnalysis Of The Epic Heroes 1270 Words   |  6 Pagesdivine intervention was a large theme, and this can serve as the backbone of luck for the epic hero. Odysseus from the Odyssey is a prime example as Athena is a constant aid to him in his long journey home. Odysseus truly thrives from divine luck more than his own personal intelligence or bravery. To begin, Odysseus has extreme wit, but much of it is actually luck influenced by the gods. Odysseus is known for his cunning personality, unlike the harsh personality of Achilles. For this, he is seenRead MoreArchetypes In Homers The Odyssey1383 Words   |  6 Pageswere three main archetypes that were used in Homer’s epic ,The Odyssey, which show different aspects of Ancient Greek culture. Those three archetypes were: the hero/father figure archetype, the monster archetypes, and the search for love. The hero archetype explained the Ancient Greeks’ love for thrill and adventure; Odysseus went on many thrilling adventures while on his journey. The monster archetypes represented the Greeks’ love of horror; Odysseus’ men have died due to the monsters and creaturesRead MoreEssay about David Katan’s Translating Cultures1038 Words   |  5 Pagesmeaning. Interpreting and translating a text is not a simple and easy task; it takes time and is also chall enging, because â€Å"the translator cannot merely search for equivalent words in the target language to render the meaning of the source† (Dingwaney and Maier, 3). Up until today there are many translations of ancient works and books, such as the Odyssey; and so, there is a wide range for people to choose from. This choice must be taken with the most care because some may be exceptionally good at communicatingRead MoreGilgamesh And Odysseus Similarities882 Words   |  4 Pagesglory, immortality, and fame, through heroic actions. Odysseus was a Greek king of Ithaca. He was best known for being the greatest eponymous hero of the Odyssey, which described his hardships as he struggles to return home from the Trojan War. Odysseus was the notable leader in the war. He was also the hero of Homer’s Odyssey. Odysseus was under the protection of the goddess Athena. The Odysseus was formed in early Greek. Gilgamesh and Odysseus were both heroes that arose in different time spans

Crisis and Disaster Management

Question: Discuss about the Crisis and Disaster Management. Answer: Build back better The phrase build back better can be defined as a model reconstruction as well as a plan for recovery which assists in the attainment of better resilience. This has been in use since the tsunami hit in 2004 and became officially recognized after Clinton created the guidelines for BBB in 2006(Moore, 2013). The concept of BBB focuses on a holistic improvement of the environmental, economic, social and physical circumstances of a community along with following the disasters in order to improve the resilience of the whole community. The earliest known document which was formerly authorized on the subject was by Clinton named Key Propositions for BBB, published in 2006(Brent, 2004). The other guidelines which are in support of the concept have been noted down below: Principles for Settlement and Shelter by the United Nations Disaster Relief Organization. Post Tsunami Recovery and Reconstruction Strategy and Build Back Better Guiding Principles by the Government of Sri Lanka. Mondays Holistic Recovery. Recovery and Reconstruction Framework by Victorian Bushfire Reconstruction and Recovery Authority. Christchurch Earthquake Recovery Authoritys Recovery Strategy. The pre-existing notion of BBB has been modified through conducting researches on case studies belonging to multi-nations. The findings, hence, obtained aided in the creation of the BBB Framework which can be well represented and defined by the following diagram: Diagram showing: Build Back Better Framework (source: Christine, H. (2012).) The major concepts which have recognized in the framework for BBB are risk reduction, community recovery and implementation. As evident form the above diagram, community recovery has been subdivided into economic and social recovery. Social recovery focuses on the involvement and support in the community. The major tools which have been proposed to be furnished to the communities in times of trauma due to disasters are engaging, educating and encouraging the community (Hayes Kotwica, 2013). Following activities have been recommended for recovering the communities from psycho-social factors: Arrangement of particularized assistance. Connecting social programs with housing programs. Organization of group activities for the well-being of the community. Evaluation of affected community. Recovery policies on local requirements. Ensuring that the whole community participates in bearing responsibility for the recovery activities. According to the guidelines, measures should be utilized to strengthen as well as rejuvenate the economy of the community that has been affected (Semerciz et.al. 2015). These measures include, providing counseling services, business support along with specific fast tracked allowances in order to reconstruct businesses. Principles of Christchurch earthquake recovery This serves as reference guide for the Canterbury recovery which bloomed with consulting the community and strategic partners. It provides the efforts for recovery with direction, confidence and coordination. The RS is a collective approach for the government as well as the stakeholders so that they can integrate with plans for developing the community. Information regarding cultural, economic and social recovery along with the built as well as natural environment is integrated with perfect leadership. The aim of CERA is to make the church invest, visit and work for the upcoming generations. CERA places the community as the center of focus and addresses issues such regarding housing, planning, land zoning and risks posed by disasters (Steve et.al. 2008). The recovery effort is divided into 3 phases by CERA. They are: Immediate phase an urgent repair is initiated and the action plan is formulated. Short term phase the affected sites are rebuilt, reconstructed or replaced. Medium/long term phases comprises of activities such as improving, constructing and restoration. The aim of RS is to make the built environment cost-effective, resilient, and accessible as well as integrate the housing, buildings, infrastructure and the transportation. The land zoning to make the future resilient is comprised of urban design that is innovative and the investment for infrastructure should be prioritized so that greater Christchurch could be supported. It also considers the risks possessed due to changes in climate and current seismic contractions (Tugba Tugce 2015). Research methodology Greater Christchurch was affected by earthquakes in 2010 and 2011. This paper inspects the case of the same. Since, the process of recovery is in continuation, the role of propositions of land use in BBB can be investigated in accordance to the reduction of risk after a disaster strikes (Jeffery, 2016). The research design used in this case study is a mixed-methods one and has been accomplished by conducting interviews with officials from CERA as well as city councils along with reviewing pertinent literatures. Quantitative and qualitative sources have been used for gathering data. There had been direct participation by the interviewees in the process of recovery which aided the author to have a clear understanding of the process. The timing for every semi-structured interview was 1 hour. Research trip Interviewee Description Research trip 1 April 2014May 2014 P1 Visits and Relations Advisor, CERA P2 Structural Engineer, CERA P3 Manager, Utilities and Roading, Waimakariri District Council P4 Recovery Manager, Waimakariri District Council Research trip August 2015 P5 General Manager, Constructions, CERA P6 Chief Advisor, Insurance, CERA P7 General Manager, Community Resilience, CERA P8 Former Recovery Manager, Waimakariri District Council P9 Manager, Central City Development, CERA P10 Senior Advisor, Communication Central City Rebuild, CERA P11 Service Centre Manger, Waimakariri District Council P12 Earthquake Support Service, Waimakariri District Council P13 Recovery Manager, Waimakariri District Council P14 Utility Manager, Waimakariri District Council P15 Visits and Relations Advisor, CERA P16 Head, Strategy and Planning Group, Christchurch City Council P17 Manager, Residential Red Zone Operations Port Hills (CERA) P18 Former Financial Advisor,, CERA Table showing: Data collection from case study Case study: Greater Christchurch earthquake 2010-2011 Christchurch, New Zealand was hit by two massive earthquakes in the years 2010-2011. The first one (Darfield earthquake) had a magnitude of 7.1 took place on 4th September 2010 and the subsequent aftershock hit on 22nd February 2011 and had a magnitude of 6.3. Several residential regions were hugely devastated and it was difficult to liquefy the eastern regions. The gross economic loss was amounted up to NZ$40 billion which amount up to 19 per cent of the GDP. In the central part of the city, around 627 commercial buildings were to be demolished and another 220 were to be partially demolished along with 47% of the buildings being declared uninhabitable. In order to repair or recover the residential buildings, the amount estimated was NZ$13 billion approximately (Tomer, 2015). The Pyne Gould Corporation and the Canterbury Television collapsed and resulted into the deaths of 18 and 115 people, respectively. The number of deaths in suburban locations and central city were found to be 12 and 28, respectively along with 8 individuals being killed in a city bus. The total number of deaths was accounted up to 185(Joshua, 2016). The Waimakariri district is a part of greater Christchurch along with the eastern suburbs was hugely impacted by the Darfield earthquake and lateral spreading along with liquefaction occurred after the aftershock. Disturbances to daily life, services, activities and basic facilities were caused and businesses were disrupted due to the destruction of buildings, non-availability of products and services(Christine, 2012). Around 1200 buildings in Kairaki and Pines Beach were destroyed and 1048 were classified into the red zone, which prohibited rebuilding. Severe destruction was caused to public infrastructure as well as disruption in potable water. Fifteen sewer pump stations, gravity sewers of around 18 km and 12 kilometers of water mains were damaged. Infrastructure for local transports were impacted which amounted up to 2 foot bridges, 16 approaches to bridges and 16 kilometers of roads were damaged severely (Hayes Kotwica, 2013). Since the disaster had large magnitude, it led to the formation of CERA which aimed to support the government by rebuilding and managing the recovery. Around 67,468 houses were repaired by Earthquake Commission by the end of March in 2016 (Moore, 2013). The land use was severely affected by liquefaction and rock falls along with an increase in floods. Several historical buildings and community facilities were impacted by the aftershocks. While buildings with light timber frames were least affected, old masonry buildings were hugely affected and the chimneys collapsed. References Moore, S. (2013). Disaster's future: the prospects for corporate crisis management and communication, Volume 47, Issue 1, JanuaryFebruary 2004, Pages 29-36 Brent, R. (2004). Chaos, crises and disasters: a strategic approach to crisis management in the tourism industry.Volume 25, Issue 6, December 2004, Pages 669683 Christine, H. (2012). Crisis Information Management. Communication and Technologies, A volume in Chandos Information Professional Series, 2012 Hayes, B. Kotwica, K. (2013). Crisis Management at the Speed of the Internet, Trend Report, 2013 Semerciz, F. et.al (2015). Procedia - Social and Behavioral Sciences, Volume 207, 20 October 2015, Pages 149-156 Steve M, et.al. (2008). Journal of Hazardous Materials, Volume 159, Issue 1, 15 November 2008, Pages 92104 Tugba, F. Tugce, C. (2015). Leadership in Crisis Management: Separation of Leadership and Executive Concepts, Volume 26, 2015, Pages 695-701 Jeffery S. (2016). Business Horizons, Volume 59, Issue 4, Pages 359-450 (JulyAugust 2016) Tomer, S. (2015). Socializing in emergenciesA review of the use of social media in emergency situations, Volume 35, Issue 5, October 2015, Pages 609619 Joshua, A. (2016). Journal of International Money and Finance, Volume 66, Pages 1-170 (September

Changes In Pop Art Essays - Visual Arts, Arts, Culture,

Changes In Pop Art Changes in Pop Art Pop art was a 20th century art movement that utilized consumerism and popular culture. Andy Warhol, for example, changed the imagery of everyday objects, as well as entertainment figures, through distorted shapes, sizes, and bold colors. As the decades passed, the style of pop art slightly changed as well. Later artists, such as Tom Wesselmann and Allen Jones presented their subject matter in a more shocking perspective. Women, and more specifically their bodies, were often the target of graphic manipulation. This sexual presentation was seen as pleasurable entertainment for male viewers, as much past artworks often did. This paper will attempt to explain the changes made during the pop art movement, in addition to the specific roles women played in pop art. First, we must discuss what is pop art? Pop art, as defined by the Concise Columbia Electronic Encyclopedia, is a movement that emerged at the end of the 1950s as a reaction against the seriousness of abstract expressionism. (Encyclopedia.com) The term Pop stands for popular art or even for pop bottle art, depending on the frequency with which such everyday objects appeared. The movement as a whole originated in England in the fifties and then naturally spread to the United States. This movement resulted as images were made popular through mass-media advertising and comic strips, and other everyday objects, such as pop bottles, beer cans, and other supermarket products. The images were then presented in bizarre combinations, distortions, or exaggerations in size. The original human-made object is always kept in its true form in some way. (Art Fundamentals, 305) The introduction of American Pop art resulted in a major reaction against abstract expressionism, which had dominated painting in the United States during the later 1940s and 1950s. During the later 1950s, there were many indications that American painting would return to a new kind of figuration. Pop art brought art back to the material realization of everyday life, to popular culture in which ordinary people derived most of their visual language in what perceived to be the real world of shopping, movie stars, and car advertisements. The term pop art was first used by Lawrence Alloway, a well-known critic of the art period. He used the term to describe those paintings that celebrated post-war consumerism and defied the psychology of Abstract Expressionism. This was thought of as an art that gave off a natural appeal to American artists, living in the midst of an industrial and commercial environment. Thus, the result was a more bold and aggressive display of art and advertising. While many artists duplicated beer bottles, soup cans, and comic strips in their artworks, other artists incorporated these objects in their actual artworks. In both cases of artworks, however, pop artists stressed new and store-bought in a shocking light, symbolizing their interpretations of the changes that took place in America during that time. Their vulger interpretations, which appeared in advertising, supermarkets, and television, explains why the pop art movement had such a large impact on commercial, graphic, and fashion design. (Russell, 54) The myths of everyday life which has surfaced in consumer culture, especially in mass media, express the belief in progress, but also a fear of disaster. During the peak of pop art, there were a series of crucial events that took place. For example, the Vietnam War, the assassination of John F. Kennedy, racial riots breaking out in cities everywhere, and addictions to sex, drugs, and rock n roll, are just a few major events that were occurring during this same time period. (Osterwold, 11) Thus it is not surprising that the world of pop art emerged. Pop art was seen as a way to stand for the dreams, traumas, luxury, and poverty of the times. Pop art was just one way for people to recognize the good of the nation, and the need to support the consumer world. One particular pop artist, Andy Warhol, was often recognized as the father of pop art. Warhol first introduced his own illusionary world of pop art to the public with his interpretation of the Campbells soup can. Never before has such an everyday object like a soup can been viewed as a work of

Jazz in New York and Chicago During the 1920s essays

Jazz in New York and Chicago During the 1920s essays New York and Chicago During the 1920's The 1920's was a huge decade for the phenomena known as "Jazz". Due to the closing of the seaport in New Orleans, musicians were forced to travel up the Mississippi to find work. Two of the cities most affected by this move were Chicago and New York. Chicago was home primarily for New Orleans traditional music during the 1920's. From this New Orleans style came four major types of jazz: Boogie-Woogie, Chicago Jazz, Urban Blues, and Society Dance Bands. Because of the ever-growing popularity of nightclubs during Prohibition, these styles of jazz thrived so musicians were guaranteed jobs. The popularity of the phonograph also provided a huge boost to the music industry during the 1920's. Boogie-Woogie was a style of improvised piano music played during the '20's in Chicago. It got its start in the mining areas of the Midwest. The rolling, repetitious style was the beginning of the Midwestern shuffle style. The second type of jazz popular during this time was Chicago Jazz. It was played mostly by white musicians. Chicago Jazz tended to be very aggressive and usually ended abruptly. Since Chicago had more nightclubs than New York, it held a bigger attraction for musicians. It was only after the stock market crash in 1929 that New York replaced Chicago as a jazz capital. This style of jazz was tighter and more rehearsed than others. The next kind of jazz to emerge during the 1920's was Urban Blues. This was played primarily in an area known as the "bucket of blood." This referred to an area along the South Side of Chicago. The clubs there were known to hire the "who's who" of blues musicians. The last major style of jazz to emerge from Chicago during the '20's was Society Dance Bands. These bands were usually big with plush arrangements. They were located downtown and were slower paced and had no improvisation. They were designed mainly for dancing. They had a more ...

Parent Preparedness When Discussing Child's Sexual Education Essay

Parent Preparedness When Discussing Child's Sexual Education - Essay Example Right when parents begin to assume their responsibility in educating the child, the children seek an escape and thus, generate a communication gap that lead to lack of knowledge transmitted form parent to child. Another argument that sex education supporters raise is that the success rate of abstinence only program are low. One cannot observe any significant difference between individuals who enroll and who do not in this program. In order to frame a sex education program for school counseling, it is a recommendation that one starts with the most basic knowledge and then progresses to higher level of complexities. A very important perspective that needs attention here is the preparedness of parents in terms of educating their children. Experts believe that parents can play a crucial role in teaching children about sex. Introduction The paper aims to address the importance of sex education in adolescence. With the growing number of cases of sexual abuse and rapes, the matter is a pres sing concern for schools and parents all over the world as it is their responsibility to educate the child beforehand. ... Studies by World Health Organization reveal the contribution of healthy sexual development to overall well being of an individual. According to the U.S. Surgeon General, David Satcher, â€Å"sexual health is inextricably bound to both physical and mental health,† (Moore & Rosenthal, 2006). In terms of definition, sexual education refers to "education about human sexual anatomy, sexual reproduction, sexual intercourse, reproductive health, emotional relations, reproductive rights and responsibilities, abstinence, contraception, and other aspects of human sexual behavior" (Klein, pp. 9, 1992). Although people all around the world accept the importance of sexual health, very few actually agree to the idea of education system to promote it. Main arguments regarding sex education programs involve role of government in family life; limitations to parent’s role in defining a sexual pattern for their children, subjectivity of values associated to sex for instance, gender and po wer etc and above all how does one define a mature sexual behavior for adolescent (Bruess & Greenberg, 2008). In addition, there are also questions as to how can one effectively communicate these ideas to adolescents, the content of such courses and mainly who is better suited to provide this guidance. Sex education has never been this critical an issue. Researches (Reintsma, 2007) reveal that there are 850,000 pregnancies and 9.1 million STIs (sexually transmitted infections) (Moore & Rosenthal, 2006). In addition, 70% females and 62% males have already experienced vaginal sex by the age of 18 in US. It has been a grave problem with little attention given. Moreover, as per U.S Department of Justice, every 2 minutes, a woman is raped. Only in the year 1995, 354,670 females encountered rape or

Have you had Your VSauce Today Essay Example | Topics and Well Written Essays - 750 words

Have you had Your VSauce Today - Essay Example The videos are narrated by the creator of Vsauce, Michael Stephens, in his signature style beginning each video with â€Å"Hi Vsauce!† Vsauce provides educational content that is beneficial to students as well as general online users. The content is always interesting and intriguing, and arouses the curiosity of the users. The videos are about topics most people think about but do not try to actively investigate them. Questions about dreams and alien life are used to elaborate scientific research and phenomena because people are naturally curious about these topics. Vsauce videos explain such topics and encourage students to learn about things that puzzle them. Some of the videos that offer such intriguing content are What if You were Born in Space? and Why do We Get Bored?. After watching these videos, viewers are able to enhance their knowledge. In addition, the videos inspire viewers to be more observant of their surroundings. The information in the videos helps students de velop greater interest in science and other subjects. Entertainment is one of the main distinguishing features of Vsauce. Michael Stephens appears as the narrator in all the videos and ensures that the viewer remains engaged from beginning to end. The videos uploaded on the channel are informative and provide scientific explanations to the viewer. However, they are packaged in a very different way from regular informational videos. The captions of the videos, for instance, are worded in the same way as feature stories and articles on mainstream websites. This feature helps to attract readers to the content and view the videos to be entertained. For example, a video titled How Many 5-Year Olds Could You Fight? explains concepts of force and power. Another video titled Guns in Space discusses important concepts of space, gravity, and motion. The video discusses the theories and concepts introduced by scientists such as Newton and Einstein. This strategy of combining information with e ntertainment is the reason why the videos receive a large number of hits. Just two years after its inception in 2010, Vsauce reached a subscription level of 1 million users. The tools used in the videos are effective at explaining the concepts vividly. The videos combine the use of animated diagrams and photographs to illustrate abstract concepts such as gravity and motion. Such use of animated diagrams is effective in explaining temporal features of a concept (Lowe, 168). At times, a comic effect is created to make apparently complex subjects seem interesting. For instance, a video entitled We Can’t Touch Anything uses diagrams and animation effectively to explain atomic structure and contact between two surfaces. Another video titled What Can You do Without a Brain? uses teaching aids as well as animated illustrations to explain brain anatomy and neurological processes. This feature distinguishes Vsauce from other online educational content because it is lively and engaging . It uses techniques other than background narration and text to make concepts more explicit to the viewer. Vsauce makes educational content accessible to the target audience. Accessibility is vital to the success of distance education (Burgstahler, Corrigan, & McCarter, 234). With several alternatives offering similar services in the print and electronic environment, it is important for content providers to reach out to the intended audience instead of expecting

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled