DUNDi
!"# $. %
.
, : 10/06/2008 ! "# $ "# " " "# %&' (' ! "# $ "# " " "# %&' (' ! "# $ "# " " "# %&' (')
2008
' *& '%! " + & , %& (, ' - .+ & ' ' &$( / " 0 ' ".' ' ' % ' ". % Distributed Universal Number Discovery (DUNDi). #' .' ' ' & + + &' ' ! + Voice over Internet Protocol (VoIP) " 1#/ " &' & "( '." % ! & * ' & + ' " ' -* ' ! &'# ' % VoIP.
' .' ' % " %1 , %& (, ' ' & "( ! "' &' "( ' / '$. / Asterisk, . / & " / ' / 0 .' ' / " ' . / ' + ' +" '(&' & " ' & ' /. & /, &' 0 .' ' + ($ '
& " " '( + % ! & '$. Asterisk " ' . / '
+ ' .
' &% ! , %& (, ' & "./ ' . / ' % + / ' % ' ". % DUNDi. %' ".' , + ($ ' + " ' + ' , ' & / &! 0 " & / " & " / &% + / % "' * ' &' '." . ' &% ! ,
'*&& ' 1 0 ' / / ' ' ' '." '& #&' ! % '%! " ' -* 0* ". % ' ' , % .
' . .' ' , + ($ ' ! ' "' " ' % 0 "'* % '
! & 1 " + ' "' & ' ' "# ' & . .+ ' & /, " " / " " /, ! % & ' " / $ / + ' .0 & ' % ' ". % DUNDi. 2'& , %& (, ' ' ' "( 0 0 ' " ' + (3 " 1 0 + ( %& / ' %/. & /, ! ' & ' " "
' " ( %& ' &' ' &' "# ' & (' " 1#/ " ' & "( &% (& ' ' ' %' .' ' '*&& % , ' ' &$( / " - &' / & &! & ' .+ '." . - '(, ' 0 0 , ' ' &' %' ".' ' /, " .' ' / " &' & / ' %'.' ' / &' '." DUNDi. / &%, ' * ' 0* . '
& "( ' - &' / % ! % " ' + $ ! & &' '." DUNDi.
.
! "# $ "# " " "# %&' (' - 2008
ABSTRACT
In this dissertation is presented the evaluation of security parameters and the efficiency of the protocol Distributed Universal Number Discovery (DUNDi). The first section is an introduction in the Voice over Internet Protocol (VoIP) technology and to the basic VoIP protocols that are being used for the communication of VoIP entities.
In the following section, are presented the main attributes of the Asterisk PBX and the way that it is installed and configured. Furthermore, we outline the basic directories that are being used after the Asterisk activation.
In the next section, we focus on the protocol DUNDi. There is an analytical examination on the way that the DUNDi protocol, dynamically discover how to reach users throughout the VoIP network Moreover, there is an extended description on the configuration of DUNDi files and the process that is used for the communication of two DUNDi `s entities. In the following section, we set out the architecture of the network that was used for the research. The network was relatively small but we got very important results for the efficiency of the DUNDi protocol. In this section are presented the results of the research and the methodology that was used for analyzing them. Furthermore, is given a quantitative and a qualitative analysis of the statistical results and finally the main conclusions.
The final section is focused on security and reliability issues of the DUNDi protocol. There is an examination about the issues deal with the confidentiality, the integrity and the authentication services of the DUNDi protocol. Finally are presented some reliability problems that are committed to date, about the DUNDi protocol.
PETROS G. PISSAS
Information and Communication Systems Engineering UNIVERSITY OF THE AEGEAN - 2008
-
" & ' / 0 ' " / % + & / & ' 0 ' " ' ' / ' '%! "# % & %0# . %' &' + , ' ( " '( + %! &' & ( . . %/ ' %/ + / %, " # + , + ' &' - & . %/ ' %/ ' / % % ! . %'( ' ! . . 4 & / %! &' & ' 0 $. % ' , % " 1 0 + & &' / 0*&" / &' + / '
'%! "# % & %0# " 1 & %& &' "( &' " #& %'. ' &'.! . # $ & - . %' ' & 0 . %/ ' %/ $ %/ % " &' ( " 1 & + ' "( &' #& %'( ' ! . % , & &'
&. 5 / ' %/ $ 1 / 0 1 ! $'(& ! 0#.
6'( ' / . / &' " *$ & ' '%! "# % & %0# , #1 ' (+" %! &' & ' ". % (" + ' " 1 0 + & % % ! &' 0*&" + ' / 0 ' " /. + + ./ .' . ' " ' ! (&' " ' & / " ,
' & & ' ". " ' + ' " & %' / ' / + & /. 1 " * &!. & ' %, & & ' "( ' 0 ' / 0 ' " / " ' %! &'# 1 ( + ’ %'..
# ' /, %' ' 0*&" 0 % ' (, + ' . &'(0 ' & %0# %, 1 1 %! &' & . ' 0 0 "' ". & ". ' % ' ' / ' ! "# $ "# " " "# %&' (' + ' + #& % % ' 0 & . (& / % ! ( "( % #1 &!% . &' ' + &' ". ( % , * . %' 0* +(, . %'( ' 0*&"
( " 0 ' "( ! . % , & , & /.
0 ' " + & $ # ' &' 0 $. % ' , + ' & ' "( & ' ' 0 ' % ' & " 0 1 & 0 % &' / . $ / ( " &' / 0*&" / / % 1 " %1 & % .
1.VoIP... 1
1.1 & + + &' VoIP... 1
1.2 '." VoIP... 3 1.2.1 .323... 3 1.2.2 SIP... 5 1.2.3 IAX2... 8 2. Asterisk... 10 2.1 Asterisk Installation... 11 2.1.1 ' & / %&' ' /... 11 2.1.2 +" '(&' & ' ' ' " ' ... 12
2.2 +" '(&' & Asterisk... 12
2.2.1 +" '(&' & & Ubuntu 6.x... 12
2.2.2 +" '(&' & & Fedora Core... 15
2.3 '( + % ! & * ' . ' Asterisk... 19 2.4 "" & ' % Asterisk... 23 3. DUNDi ... 26 3.1 & + + ' DUNDi ... 26 3.2 ' % + % ' ". %... 28 3.3 % + / % ' ". % DUNDi... 29 3.3.1 " /... 30 3.3.2 ++ $ – ! " & ... 30 3.3.3 "( %3 ! 0 & /... 30
3.3.4 ' ' EID (Entity IDentifier)... 32
3.3.5 0 + ' # % +# ... 32 3.4 " ' ... 34 3.5 . $ & % ' ". % DUNDi... 35 3.5.1 ! dundi.conf ... 35 3.5.2 ! iax.conf ... 41 3.5.3 . $ & ' % ! % extensions.conf... 41 3.6 " .' . ... 44 4. !" # $"... 56 4.1 . $ & "'* %... 56 4.2 "' & ' & ... 61 4.3 * / ' & ... 62
4.4 ' & / – ( %& ' & (' ... 66
4.4.1 * % ' ... 67
5. %$ & ! " ! '! ! ( "... 75
5.1 7 ' ' &$( /... 75
5.1.1 General Peer Agreement (GPA)... 76
5.1.2 %1 ' " & " " .' ' ... 79
5.1.2.1 RSA... 79
5.1.2.2 Advanced Encryption Standard (AES)... 81
5.1.2.3 DUNDi, AES " RSA... 84
5.1.3 Peer-to-Peer vs. Clients Server (DNS)... 86
5.2 7 ' ' - &' /... 88
5.2.1 ("' & " & /... 88
5.2.2 '( %& ". ... 89
1
1. VoIP (Voice over Internet Protocol)
VoIP
.
1.1
VoIP
VoIP [REF.1]
( ) Internet Protocol (IP). !
" # , IP. ! # . $ " , , VoIP " . % VoIP . 1 VoIP VoIP.
2 1. VoIP VoIP : & ' . . % , ' . VoIP : " IP , VoIP. % VoIP .
3 ( # " . ( . VoIP " ( . . 100, 166 .). ) VoIP spamming .
1.2
VoIP
1.2.1 .323 H.323 [REF.2] . ITU " IP. % H.323real-time audio, video, . !
, video
.
H.323 4 H.323
, " H.323 .
, gateways, gatekeepers multipoint control units (MCUs). 2
4
2. H.323
%
( . . , voice mail, video cameras ). MS
Netmeeting !.323 . % / video . .. gateways " , . ISDN, PSTN H.323 . * gateways . ) gateway SIP H.323. % gatekeepers " !.323 . gatekeepers
5 +,. ) " gatekeeper ‘Petros’ 192.168.1.2. % gatekeepers , . gatekeeper !.323. , . MCUs " # . H.323 " , ad-hoc.
% back-end server (BES)
" !.323. * BES , , , . gatekeepers gateways. 1.2.2 SIP % SIP [REF.3] IP UDP ( 5060) SIP SIP . SIP video . & " . SIP . video , " . SIP , IP "
6 PSTN. SIP
. -
,
Proxy Servers User Agents. $ " . - VoIP " , SIP " IP (' ) . SIP " IETF, !.323 " ITU. . " . ! SIP RFC 2543. RFC 3261 . SIP HTTP " . . human readable " – . / , -. % SIP , , !.323. -SIP !.323. 3 " SIP:
7 3. SIP * SIP , SIP . $ . % DUNDi ENUM SIP . & SIP . & SIP . SIP SIP " Peer-to-Peer (P2P) . SIP.
8 1.2.3 IAX2
IAX2 [REF.4], Inter Asterisk eXchange,
+$( . - Asterisk, +$( , " +$(, Asterisk. (interfaces) IAX Asterisk. IAX2 , . - UDP ( 4569) . ! in-band ( ‘’ ’’, ), (firewall) .
9 3. IAX % IAX2 " . * (firewalls). ! # IAX2 UDP . & , .
10
2.
Asterisk
Asterisk [REF.5] , (hardware), (middleware) (software) . -Asterisk , , , . Asterisk “*”, Unix/Linux DOS , , . / , Asterisk , . - , 0 " . / , . Asterisk PBX. - PBX . 1 VoIP . $ Linux. $OpenBSD, FreeBSD, MacOSX, Sun Solaris
MS-Windows. - , Linux "
.
Asterisk VoIP. $ SIP
!.323 ,
Inter-Asterisk Exchange (IAX) Asterisk,
11
2.1 Asterisk Installation
" Asterisk . Asterisk Linux.Asterisk , Ubuntu 6.10 Fedora FC6.
$ Linux, Asterisk. $ Asterisk . & " Asterisk : ‘’- Asterisk; ‘’ : ‘’$ ’’. 2.1.1 ! Asterisk 1.2.13 . " . Asterisk, Zaptel
PRI (libpri). " VoIP
" Asterisk. % Zaptel " # VoIP. ! libpri . .
12 * asterisk-sounds. - ` Asterisk , . " " , . 2.1.2 - Asterisk gcc ( 3.x ). /
bison ncurses CLI.
! Asterisk OpenSSL " . Zaptel " . / " libpri Asterisk. Zaptel linnewt zttool
usb-uhci ztdummy. / PRI
Zaptel " libpri
.
2.2
Asterisk
,
Asterisk
Ubuntu 6.x Fedora Core.
2.2.1 Ubuntu 6.x
Asterisk
13 : asterisk-1.2.13.tar.gz , asterisk-addons-1.2.5.tar.gz asterisk-sounds-1.2.1.tar.gz. /usr/src/ . 2 root . # : # cd /usr/src/ # tar zxvf asterisk-1.2.13.tar.gz # tar zxvf asterisk-sounds-1.2.1.tar.gz # tar zxvf asterisk-addons-1.2.5.tar.gz & : /usr/src/asterisk-1.2.13/ /usr/src/asterisk-sounds-1.2.1/ /usr/src/asterisk-addons-1.2.5/ Asterisk . 2 :
# sudo apt-get install gcc build-essential # sudo apt-get install libncurses-dev # sudo apt-get install openssl linssl-dev # sudo apt-get install zlib1g-dev
14 $ , Asterisk. % : # cd /usr/src/asterisk-1.2.13/ # make clean # make # make install # make samples # make progdocs ! make clean « " » (binaries) . $ . / make samples . ! « » Asterisk . Asterisk. $
/etc/asterisk/, make samples
.old . ) extensions.conf extensions.conf.old. - , , make samples # . samples configs/ Asterisk . ! make progdocs doxygen . / doxygen
15 . $ 3 , . asterisk-sounds-1.2.1. . - , . / : #cd /usr/asterisk-sounds-1.2.1 #make install asterisk-addons-1.2.1 ,
CDRs (Call Detail Records) MySQL
MP3 . /
Perl " Asterisk .
2.2.2 Fedora Core
) Asterisk Linux fedora core
Ubuntu .
4 libpri Zaptel
.
Asterisk
Meetme mp3 music hold on.
$ (kernel)
. ! :
# uname –a
:
Linux luser 2.6.17-1.2142_EL #1 Wen Aug 15 11:32:12 ED 2007 i686 i686 i368 GNU/Linux.
16 $ kernel 2.6 2.4. 2.6. . (kernel sources) . ) # rpm -q kernel-devel / kernel sources yum. ) :
# yum install kernel-devel
/ yum install kernel sources . " . $ : # rpm -q bison # rpm -q bison-devel # rpm -q ncurses # rpm -q ncurses-devel # rpm -q zlib # rpm -q zlib-devel # rpm -q openssl # rpm -q openssl-devel # rpm -q gnutls-devel # rpm -q gcc # rpm -q gcc-c++
17 $
yum :
# yum install bison # yum install bison-devel # yum install ncurses # yum install ncurses-devel # yum install zlib
# yum install zlib-devel # yum install openssl # yum install openssl-devel # yum install gnutls-devel # yum install gcc # yum install gcc-c++ yum " PBone (http://rpm.pbone.net/). $ , : # rpm -i PACKAGE.rpm # rpm -Uvh PACKAGE.rpm
Fedora kernel sources /usr/src/linuc
Makefile Zaptel Asterisk. ) `
/usr/src link " 'linux'
kernel sources (% default /usr/src/kernels).
" "
" :
18 $ , : Libpri: # cd /path/to/source/libpri # make # make install Zaptel: # cd /usr/src/asterisk/zaptel # make ( 2.4 ) # make linux26 ( 2.6 ) # make install Asterisk: # cd /usr/src/asterisk/asterisk # make mpg123 ! mp3 music on hold. ) Asterisk : # make # make install # make samples ! 1.2.13 Asterisk " Fedora " chan_phone. ) Makefile /asterisk/channels/ chan_phone. chan_phone.c #include compiler.h.
19
2.3
Asterisk
Asterisk [REF.7]. % asterisk.conf.
. !
" voice mail recordings, (voice promts)
. /etc/asterisk/ Asterisk. /usr/lib/asterisk/modules/ % (modules) Asterisk. / , , Asterisk. / Asterisk . / modules.conf, " Asterisk . Asterisk . /var/lib/asterisk/ $ astdb . astdb Asterisk,
Microsoft Windows. ! Asterisk
v1 Berkeley . %
20 agi-bin/
$ ,
Asterisk Asterisk
Getway Interface (AGI) .
firmware/ $ - (firmware) Asterisk. / iax/. images/ / " , ’ . " , . 5 , " . keys/ Asterisk / RSA # . $ keys/, " ( IAX2 ). . $ , . .pub .key keys/.
21 sounds/ 4 Asterisk ’ . , Asterisk, sounds.txt . sounds-extra.txt, ( asterisk-sounds-1.2.1). var/spool/asterisk/ % ,
outgoing/, qcall/, tmp/ voicemail/. Asterisk outgoing qcall . % tmp/ . . " # # . $ " # . 4 (voicemail) voicemail/. var/run/ % process id (pid) , Asterisk ( " asterisk.conf). $ var/run/ ` .
22 var/log/asterisk/ % Asterisk . & " logger.conf /etc/asterisk " . $ logger.conf: ; Logging Configuration ; ’ . [general] ; ' ; ! ISO 8601 yyyy-mm-dd HH:MM:SS ;dateformat=%F %T ; host . ;appendhostname = yes ; " . ;(! yes). ;queue_log = no ; " ;(! yes). ;event_log = no ;) " . ;) ; Asterisk –v ( ) ; -d ( ). [logfiles] ; ! « »
23 ;« » : ; debug ; notice ; warning ; error ; verbose ; dtmf ; "console" ;debug => debug console => notice,warning,error messages => notice,warning,error ;full => notice,warning,error,debug,verbose
2.4
Asterisk
! Asterisk /usr/sbin/. &
asterisk (daemon) . ) asterisk –h : #cd /usr/sbin/ #asterisk –h :
-c : (console) / Asterisk CLI.
-v: (verbosity) $
CLI .
-g: (core dump) $ asterisk (crash) ,
core gdb.
24 -r: (remote) $ Asterisk . -x : (execute) ( –r CLI , CLI . $ . ) Asterisk CLI (verbosity) 3, : #asterisk –cvvv $ Asterisk , : #asterisk –vvvr petros-deskop:~ # asterisk -cvvv
Asterisk already running on /var/run/asterisk.ctl. Use 'asterisk -r' to connect. petros-desktop:~ # asterisk -vvvr
Asterisk 1.2.13, Copyright (C) 1999 - 2005 Digium. Written by Mark Spencer <markster@digium.com>
======================================================== Connected to Asterisk 1.2.13 currently running on Petros-desktop (pid = 7450) -- Remote UNIX connection
Verbosity is at least 3 Petros-desktop*CLI>
) CLI
( . . script),
–x –r :
25
, :
26
3. !
DUNDi
DUNDi [REF.8] . DUNDi . .3.1
DUNDi
& DUNDi VoIPPublic Switched Network (PSTN). %
DUNDi (www.dundi.com) : ‘’ DUNDi Peer-to-Peer (P2P) . $ ( ENUM), DUNDi ’’. DUNDi " " . DUNDi . " (SIP, IAX, H.323). . DUNDi "
6 bytes. $ Ethernet MAC
Address.
DUNDi " (dialplans)
-. )
27
" (context) ‘’private’’.
. %
/.164[REF.9]. ) DUNDi
E.164 General Peering Agreement (GPA) [REF.10]
. ) DUNDi " " . $ . -, . 4 DUNDi , . )
Advanced Encryption Standard (AES) [REF.11] RSA[REF.12]
,
" . /
General Peering Agreement (GPA) [REF.10]
28
3.2 "
!
$ DUNDi , , [REF.8]. , ( " ) . - DUNDi : 4. # 4 $ B ' 6 $ ). $, 6, ) ' " . $ $ 1234. $ " . " 6 ' "
29 . $ 6 ' " ( ) $ " . 6 1234 ) . ) $ 1234 . $ " $ ( ) . $ ' ) .
3.3
!
DUNDi
& [REF.8] DUNDi
. & " 16 bit, 1 65535. % . . " . ! ‘’0’’ . . . 1 bit ‘’F’’ (Final) 1 . .
(incoming sequence number) (outgoing sequence number)
8 bit . 0
1 (ACK)
30 3.3.1 DUNDi 10 . . $ 10 10 . 3.3.2 - DUNDi REGREQ REGRESPONSE. % REGREQ ( ) REGRESPONSE . / EXPIRATION REGRESPONSE. & . 3.3.3 $ % % DPDISCOVER DPRESPONSE # . ! DPDISCOVER . $ ( ) (ACK) DPRESPONSE " . . 4 DPDISCOVER DPRESPONSE milliseconds TTL 200
31 2000. & DPDISCOVER CANCEL + 200 milliseconds . DPDISCOVER DPRESPONSE DPDISCOVER . / DPDISCOVER DPDISCOVER : 1. 2 TTL 1 DPDISCOVER. TTL 0 . 2. . 3. " DPREQUEST . / DPDISCOVER DPRESPONSE: 1. DPRESPONSE . / .
32 2. / TTL 1 flag TTLEXPIRED . 3. ! UNAFFECTED 1 DPDISCOVER ( EID_DIRECT). 4. ! DONTASK 1 " " .
3.3.4 EID (Entity IDentifier)
% EIDQUERY EIDRESPONSE . * EIDQUERY . / EIDRESPONSE " bit F 1 . % EID DPDISCOVER DPRESPONSE. 3.3.5 % & ' ' DUNDi. 1 Si , So , Ts , Td F bit. .
33
% 1: request/response
#
#
---REGREQ (So=0, Si=0, Ts=1234, Td=0, F=0) ---> <--- REGRESPONSE (So=0, Si=1, Ts=5678, Td=1234, F=1) ---
--- ACK (So=1, Si=1, Ts=1234, Td=5678, F=1) --->
% 2: $ %
#
#
---DPDISCOVER (So=0, Si=0, Ts=2345, Td=0, F=0) ---> <--- ACK (So=0, Si=1, Ts=6789, Td=2345, F=0) ---
<--- DPRESPONSE (So=0, Si=1, Ts=6789, Td=2345, F=1) --- --- ACK (So=1, Si=1, Ts=2345, Td=6789, F=1) --->
% 3: EID
#
#
---EIDQUERY (So=0, Si=0, Ts=3456, Td=0, F=0) ---> <--- ACK (So=0, Si=1, Ts=6789, Td=3456, F=0) ---
<--- EIDRESPONSE (So=0, Si=1, Ts=6789, Td=2346, F=1) --- --- ACK (So=1, Si=1, Ts=3456, Td=6789, F=1) --->
34
3.4 (
!
[REF.8] DUNDi UDP 4520. % 6 bytes . . . & MAC address . ! DUNDi : 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1Source Transaction Destination Transaction
ISeqno OSeqno F R CmdResp CmdFlags
Information Elements Source Transaction: % . Destination Transaction: % . ISeqno: % .
35 OSeqno: % . F: bit. / 1 . R: bit . / 0 1 . CmdResp: ! . CmdFlags: / – . Information Elements: . .
3.5 (
!
DUNDi
)DUNDi. $ dundi.conf, extensions.conf iax.conf.
* iax.conf , DUNDi . * sip.conf, h323.conf mgcp.conf. 3.5.1 dundi.conf dundi.conf " . $ " " .
36
/ ,
" .
- dundi.conf
Asterisk:
; DUNDi configuration file ; ; [general] ; ; "general" ; client server. ; ; ; , ; . ; ;department=Your Department ;organization=Your Company, Inc. ;locality=Your City ;stateprov=ST ;country=US ;email=your@email.com ;phone=+12565551212 ; ; ; IP , ; 4520 ; ;bindaddr=0.0.0.0 ;port=4520 ;
37 ; ! ( MAC ; . " eth, ; MAC ; !). ; ;entityid=00:07:E9:3B:76:60 ; ; # DUNDi ( ; ). ; ttl=32 ; ; $ ACK DPREQUEST 2000ms, autokill ; yes, ( ; ). ;% & ; ; host . $ «yes» ;«no» ; . autokill=yes ; ;' pbx_dundi «secret», ; ; «secretpath». " ;dundi ( ; dundi/secret); ;secretpath=dundi [mappings] ; ;' «mappings» DUNDi
38
; ;Asterisk. ;
DUNDi ; DUNDi General Peering Agreement
(GPA). ; ; dundi_context => local_context,weight,tech,dest[,options]] ; ;' dundi_context . ;' local_context ; .
;' tech (IAX, SIP, H323)
;' dest ( ; . ${NUMBER} ; . ;! (options) : ;nounsolicited: # ; . ;nocomunsolicit: # . ;residential: % . ;commercial: % . ;mobile: % . ;nopartial: ) (partial) . ; DUNDi ; , . ; ;e164 =>
dundi-e164-39 canonical,0,IAX2,dundi:${SECRET}@${IPADDR}/${NUMBER},nounsolicited,no comunsolicit,nopartial ;e164 => dundi-e164-customers,100,IAX2,dundi:${SECRET}@${IPADDR}/${NUMBER},nounsolicited ,nocomunsolicit,nopartial ;e164 => dundi-e164-via-pstn,400,IAX2,dundi:${SECRET}@${IPADDR}/${NUMBER},nounsolicited,noco munsolicit,nopartial ;digexten => default,0,IAX2,guest@lappy/${NUMBER} ;asdf => ; ; ; ' ; . ' name ; ; ; . ;inkey: * . ;outkey: . ;host: host. ;order: (order) . *
;(primary), (secondary), (tertiary)
(quartiary).
;include:
; ( «all»
40 ;noinclude: )
; ( «all»
host).
;permit: $ & (
DUNDi ; ( «all» host
).
;deny: % & (
DUNDi ; ( «all» host
).
;model: $ (inbound), ( (outbound),
(symmetric) ; ,
.
;! ‘*’
. ;
; Sample Primary e164 DUNDi peer ; [00:50:8B:F3:75:BB] model = symmetric host = 64.215.96.114 inkey = digium outkey = misery include = e164 permit = e164 qualify = yes ;
; Sample Secondary e164 DUNDi peer ;
;[00:A0:C9:96:92:84] ;model = symmetric
41 ;host = misery.digium.com ;inkey = misery ;outkey = ourkey ;include = e164 ;permit = e164 ;qualify = yes ;order = secondary ;[*] ; 5.2 iax.conf " Asterisk " . [priv] type=user dbsecret=dundi/secret context=dundi-priv-incoming disallow=all allow=ulaw allow=g726 3.5.3 ( extensions.conf extensions.conf " . ; Macro Block [macro-stdexten]
; standard extension macro exten => s,1,Answer
42 exten => s,2,Dial(SIP/${ARG1},25,t) exten => s,3,Goto(s-${DIALSTATUS},1) exten => s-NOANSWER,1,Voicemail(u${ARG1}) exten => s-NOANSWER,2,Hangup exten => s-BUSY,1,Voicemail(b${ARG1}) exten => s-BUSY,2,Hangup exten => _s.,1,Goto(s-NOANSWER,1) exten => a,1,VoicemailMain(${ARG1}) [macro-dundi-lookup] exten => s,1,Goto(${ARG1},1) include => dundi-priv-lookup
;Directory Service Contexts
[dundi-test-canonical] exten => 19050000000,1,Goto(pstn-in,s,1) exten => 19050000001,1,Goto(pstn2-in,s,1) exten => 14160000000,1,Goto(pstn2-in,s,1) ;$ DUNDi 0. ;% . [dundi-test-local] include => dundi-test-canonical include => dundi-pstn-local ;E ;dundi-test, ( . [dundi-test-lookup] switch => DUNDi/dundi-test ;$ ( , ; . " switch & (
43
; .
[dundi-pstn-local]
exten => _1416NXXXXXX,1,SetGroup(OUTBOUND) ; increase PSTN-OUTBOUND +1
exten => _1416NXXXXXX,2,CheckGroup(2) ; check if <=1, else n+101 exten => _1416NXXXXXX,3,Dial(${LOCALTRUNK}/${EXTEN:1}) exten => _1416NXXXXXX,103,Wait(1) ; too many callers, drop exten => _1416NXXXXXX,104,Playback(goodbye) exten => _1905NXXXXXX,1,SetGroup(PSTN-OUTBOUND) exten => _1905NXXXXXX,2,CheckGroup(2) exten => _1905NXXXXXX,3,Dial(${LOCALTRUNK}/${EXTEN:1}) exten => _1905NXXXXXX,103,Wait(1) exten => _1905NXXXXXX,104,Playback(goodbye) ;$ 416 905, ; 2. [dundi-priv-local] exten => _1XXX,1,Macro(stdexten,${EXTEN}) ;+ 1000 -> 1999 . [dundi-priv-lookup] switch => DUNDi/priv ;+ ( . , ( ;'priv' dundi. [dundi-priv-incoming] include => dundi-priv-local
44
;- ,
; .
;Outgoing Calls Contexts
[local] exten => _[1-2]XXX,1,Macro(dundi-lookup,${EXTEN}) ; . 1000 -> 2999 ; dundi-lookup.
3.6
)
#
DUNDi . ! Asterisk DUNDi ` . 2 " 227-303-(((( . . * 7 , DUNDi. [REF.12] +$( ( " DUNDi VoIP). 2 iax.conf DUNDi " .45 iax.conf : [priv] type=user dbsecret=dundi/secret context=dundi-priv-local & " priv Asterisk. % priv dundi-priv-local. / " . dbsecret . dundi.conf dundi-priv-local. $ " [mappings] . -. priv=>dundi-priv-canonical,0,IAX2,priv:${SECRET}@{IPADDR} /${NUMBER},nopartial priv => dundi-priv-via-pstn,100,IAX2,priv:${SECRET}@{IPADDR} /${NUMBER},nopartial
priv => dundi-priv- customers,400,IAX2,priv:${SECRET}@{IPADDR} /${NUMBER},nopartial
6 0 , 100 400 . &
" ,
46 . 0 " . & {IPADDR} 127.0.0.1 . ) ` . extensions.conf " Asterisk. / , " . - extensions.conf DUNDi. $ " . ) " .
;private DUNDi network [dundi-priv-canonical] ;Direct numbers [dundi-priv-customers] ; ; ITSP [dundi-priv-via-pstn] ; ;
47 [dundi-priv-local] include => dundi-priv-canonical include => dundi-priv-customers include => dundi-priv-via-pstn [dundi-priv-switch] ; # switch => DUNDi/priv [dundi-priv-lookup] include => dundi-priv-local include => dundi-priv-switch [macro-dundi-priv] exten => s,1,Goto(${ARG1},1) include => dundi-priv-lookup [trydundi] exten => _.,1,Macro(dundi-priv,${EXTEN}) exten => _.,2,Congestion " . script
./asterisk-1.2.13/var/lib/asterisk/keys. & astgenkey " hostname
Asterisk . )
hostname . )
, server " box1 domain
domain.com hostname box1.domain.com,
48 " Asterisk. - " hostname petros1. # cd /var/lib/asterisk/keys # astgenkey –n petros1
This script generates an RSA private and public key pair in PEM format for use by Asterisk. You will be asked to enter a passcode for your key multiple times. Please enter the same code each time. The resulting files will need to be moved to /var/lib/asterisk/keys if you want to use them, and any private keys (.key files) will need to be initialized at runtime either by running Asterisk with the '-i' option, or with the 'init keys' command once Asterisk is running.
Press ENTER to continue or ^C to cancel. Generating SSL key 'petros1':
Generating RSA private key, 1024 bit long modulus
...++++++
...++++++
e is 65537 (0x10001) writing RSA key
Key creation successful. Public key: petros1.pub Private key: petros1.key petros1:/var/lib/asterisk/keys #
4 script "
49 petro1.key. $ /var/lib/asterisk/keys. web server " . & text. ! . - " : petros1.pub:
---BEGIN PUBLIC KEY---
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADiQKBgQC45BoYojLegRQOLOunRlX WOiGu O5iMbVhyuDipF/fY+qY9vQDacAT6xBTuIJteJewQ8BclLiRtmJLx+2/ZAXv37pW8 mtqPHO2l69PpRUCkEI52dvylZ11HfsyQl3fPpAhXGUG//oe59RUbCCqI3+NuaCb F qIdzPQ3E1BO7q6YXlQIDAQAB ---END PUBLIC KEY---
petros1.key:
---BEGIN RSA PRIVATE KEY---
MIICXwIBAAKBgQC45BoYojLegRQOLOunRlXWOiGuO5iMbVhyuDipF/fY+qY9vQDa cAT6xBTuIJteJewQ8BclLiRtmJLx+2/ZAXv37pW8mtqPHO2l69PpRUCkEI52dvyl Z11HfsyQl3fPpAhXGUG//oe59RUbCCqI3+NuaCbFqIdzPQ3E1BO7q6YXlQIDAQAB AoGBAJcJd6wB7G5JobmGxqcqVPqhGFx9wLuOo79rcJXpx4VQFLfAi07mTZsQzUxO BL3fWr3nc/Dihc2l4vycex0aEkruR9McTAu2yXjuqTFcEC1MpnDPMhDh6xvrUkEM btDUpL/GfQ8yd+9CL9WC+cNEuZKwfJsTv8dMX1pzhDqy9YehAkEA59B6WulCt4J+ FA/dnFVsB3UVryJ7qr1aAgPvAwiSpVjnZZGL1FQvm6108cLArY6wywrrnSzILC/V pCPrLZWl2QJBAMwuWZkyoZuJlBJ0zqc2xf8lETRnL4v0yj06kZYeS+byKxUyxUr7
50 +5IYxA90yr4xYLMOOdImohNTj6m+WeAt/h0CQQCSzzx+ENY45AK27+lYldzJyEQI W11Yn3y+ZAFduXMuFmTNtWSJ/xr7i9nRNpbSE9kxbeQT8YWAPncd8cWCZBDZAkEA syqo7MmFDhr3mApvnENwEqfQJQ+2pTU0ke3m+rezGwC91Wgrv9TFuDmLMZTmo2Zo 2DZPfpzv882LbwPdkd5J8QJBAMSQeBIh3IlxoAURsLmISBxC1R9cjCxdcMWpN46l ctE3/+Fv6P6Kr3sTWik3Z6whNCD879FVJSayrMZSn7ymRJE=
---END RSA PRIVATE KEY---
$ CLI Asterisk
show keys :
*CLI> show keys
Key Name Type Status Sum
switch-1.n2net.net PUBLIC [Loaded] 58197ca5bae150876332eef373685197 petros1 PUBLIC [Loaded] 34bae63322c802fcd90fae81218332d9
petros1 PRIVATE [Loaded] 4cc788941a9292468ebeb7213031b17d freeworlddialup PUBLIC [Loaded] 5efd552d73309f29212331a75f3c701e samos PUBLIC [Loaded] f9c6003c32d8969a80a2e234b6374b3c
iaxtel PUBLIC [Loaded] d919b3ef03eb4dc54c8fee86bfeeada1 6 known RSA keys.
/
res_crypto.so pbx_dundi.so Asterisk
dundi.conf
.
*CLI> reload res_crypto.so
-- Reloading module 'res_crypto.so' (Cryptographic Digital Signatures) -- Loaded PRIVATE key 'petros1'
51 *CLI> reload pbx_dundi.so
-- Reloading module 'pbx_dundi.so' (Distributed Universal Number Discovery (DUNDi))
== Parsing '/etc/asterisk/dundi.conf': Found
$ "
,
. 4
DUNDi MAC
(Media Access Control) "
.
) MAC
Linux:
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:02:AA:12:A2:32
inet addr: 64.215.96.114 Bcast:192.168.98.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:9 Base address:0x5000
! MAC . )
CLI
Asterisk :
pbx*CLI> dundi show entityid
52 & MAC , dundi.conf. # . ) hostname petros1.domain.com petros-desktop.domain.com. " , # : petros1.domain.com.key / petros1.domain.com.pub petros-desktop.domain.com.pub / petros-desktop.domain.com.key MAC : petros1.domain.com 00:02:AA:12:A2:32 petros-desktop.domain.com 00:01:A2:6/:92:$6 $ dundi.conf : . petros1.domain.com
; Primary e164 DUNDi peer ; [00:02:AA:12:A2:32] model = symmetric host = 64.215.96.114 inkey = petros-desktop.domain.com.pub outkey = petros1.domain.com.pub include = e164
53 permit = e164
qualify = yes
. petros-desktop.domain.com
; Primary e164 DUNDi peer ; [00:01:A2:6/:92:$6] model = symmetric host = 64.215.96.115 inkey = petros1.domain.com.pub outkey = petros-desktop.domain.com.pub include = e164 permit = e164 qualify = yes $ dundi.conf Asterisk ‘’ ’’ # . $ CLI Asterisk
dundi show peers :
*CLI> dundi show peers
EID Host Model AvgTime Status
00:01:A2:6/:92:$6 64.215.96.115 (S) Symmetric Unavail OK (273 ms) 1 dundi peers [1 online, 0 offline, 0 unmonitored]
. $
. &
dundi show peer CLI Asterisk
54 *CLI> dundi show peer 00:01:A2:6/:92:$6
Peer: 00:01:A2:6/:92:$6 Model: Symmetric Host: 64.215.96.115 Dynamic: no KeyPend: no Reg: No In Key: petros1.domain.com.pub
Out Key: petros-desktop.domain.com.pub Include logic: -- include dundi-priv Query logic: -- permit dundi-priv $ extension.conf " . * DUNDi " . , DUNDi. ) " . . ! extensions.conf . ) " # [dundi-priv-customers] . $ " # 2 : exten => _2XXX,1,Goto(ext-local,${EXTEN},1)
55
&
DUNDi
2100 .
$ dundi lookup CL+ Asterisk.
*CLI> dundi lookup 2100
1. 0 IAX2/dundi: 34bae63322c802fcd90fae81218332d9@ petros1.domain.com /2100
(EXISTS|NOUNSLCTD|NOCOMUNSLTS) from 00:01:A2:6/:92:$6 , expires in 787 s DUNDi lookup completed in 331 ms
"
:
*CLI> dundi lookup 7100
DUNDi lookup returned no results. DUNDi lookup completed in 1006 ms
56
4. *
%
DUNDi. $ DUNDi. . .4.1 (
(
) . %RAM 512 &6, Intel Pentium 2,8 MHz 80 GB.
Linux Ubuntu 6.10 Fedora FC6. % 512 &6 RAM, 1,6 &!z Intel Celeron
60 GB. % RAM 1GB,
Intel Pentium 2,4 &!z 200 GB.
Linux Ubuntu 6.10. Asterisk 1.2.13 ( ./ .3). $ Asterisk. - " . hostname MAC, +, ( ) " .
57 PC1 hostname: petros-desktop MAC: 00:01:02:DE:27:2E IP: 195.251.166.32 NUMBER: 1000-1999 PC2 hostname: petros1 MAC: 00:0D:9D:D1:5E:92 IP: 195.251.166.81 NUMBER: 2000-2999 PC3 hostname: gkamb1 MAC: 00:16:17:C4:62:44 IP: 195.251.166.165 NUMBER: 9000-9999 PC4 hostname: petros2 MAC: 00:50:04:44:53:96 IP: 195.251.166.23 NUMBER: 3000-3999 PC5 hostname: petros23 MAC: 00:01:02:DE:27:A3 IP : 195.251.166.36 NUMBER: 4000-4999 ) . $
58
, NFS SMB.
shared-keys :
# sudo mkdir /home/petros/Desktop/shared-keys
$ . $ shared . $ IP . , mount . $ :
# sudo mount 195.251.166.81:/home/petros/Desktop/shared-keys /home/gkamb1/Desktop/shared-keys
$
.
DUNDi
59
5 DUNDi:
60 5 " . (PC1, PC2, PC3, PC4, PC5) . & " DUNDi. % . 4 DUNDi . $ . , " . . ( 1000) . ' " VoIP. $ ’ DUNDi . ) 1000:
*CLI> dundi lookup 1000
1. 0 IAX2/dundi: 34bae63322c802fcd90fae81218332d9@karlovasi.gr/1000 (EXISTS|NOUNSLCTD|NOCOMUNSLTS)
from 00:0F:FE:0A:7E:97, expires in 787 s DUNDi lookup completed in 731 ms
61
4.2
*
[REF.13]. ) ` script, . script ( . . 1 – : result1.txt), . test. $ Linux : $ ./test % script : clearfor ( ( i=100; i<=599 ; i++ ) ) do
asterisk –rx “dundi lookup 1$i@priv” >> resultX done script « " » . for. " $i " # 500. script asterisk –rx CLI asterisk . ! " 1XXX DUNDi priv. % 1((( " . ' " 1100, "
62 1101 1599. " resultX ( # . & 500 " . % . $
4.3 !
*
# . hops " . % " " . hop. 6 hop . 6. « 1»63 hop. 7 hop . 7. « 2» hop. 8 hop . 8. « 3»
64 hop. 9 hop . 9. « 4» hops. , " . ! " 10. * & & . ' & .
65
10. « 5»
hop result1. $
. ' , result2, result3, result4 result5
"
DUNDi. !
66
4.4 *
–
& : / script , . " . ' : script " . ' # : % . $ . . . , ( # ). / , cache . ! / & : % 11 % 2007 ! ( ) . $ : (txt) Excel .67 4.4.1 Excel . , , [REF.13]. $ " ) min( ), max(x x * hop . & . $ , Excel, AVERAGE . 1 2 1 ... 1 i i x x x x
x
4 , # . ) . - . & /(() ( . ) VAR Excel68 1 1 2 2 2 ) ( 1 1 i i i i x x s . %
STDEV (standard deviation) Excel. 2 s s - . 11-15 . " . 11: ( ' #1
69
12: ( ' #2
70
14: ( ' #4
71 1 . -#1 -#2 -#3 -#4 -#5 / (ms) 32 32 38 34 32 & (ms) 46 56 57 60 62 & 41,1506 43,22807 45,26316 47,15894 46,16291 ' 6,94082 5,754261 4,213565 5,859116 6,371842 $ 2,63454 2,398041 2,052697 2,420561 2,524250 * #1: 1 HOP #2: 2 HOPs #3: 3 HOPs #4: 4 HOPs #5: 4 HOPs . 1:
72 $ 2 2,6 milliseconds. $ 2 2,6 (milliseconds). . 41,1506 43,22807. * 2,07747 ms. & " 5,17%. 43,22807 45,26316. * 2,03509 ms. $ 4,7%. ) 45,26316 47,15894. * 1,9 ms. & " 4,2%. $ - #1 #2 $ - #2 #3 $ - #3 #4 -& & 5,17% 4,7% 4,7% 2: # . ) #5 " DUNDi
73 #4. $ DUNDi . * #4 , #5 . & " . : 16: * # . * #5 . & [REF.14] " y(x) = 1.707x + 39.68 y " x hops DUNDi .
74 ! DUNDi hop . DUNDi 2 millisecond . % . , .
75
5. +
,
" DUNDi. - " " . , " . * VoIP , ,2, [REF.12] DNS server [REF.13]. DUNDi.5.1 +
4 , DUNDi " VoIP , ,2,. & , " DNS . DUNDi " , . ' ( . . # , # .). & , . & DUNDi.76
! , "
DUNDi, " E.164 [REF.9]
" “e.164”. )
" “e.164”
# General Peer Agreement (GPA) [REF.10], .
GPA. 2 , "
,
GPA, "
,.
5.1.1 General Peer Agreement (GPA)
GPA , " E.164 “e.164”. & " . % . , " . GPA " . . $ " DUNDi , GPA . , " E.164, # . , E.164.
77 GPA DUNDi VoIP . ) “e.164”, . " “e.164”, , " . * , " " P2P. “e.164”. 26 . -" . ( . .DUNDi, E.164, Peering System, Propagate, Participant, Weight . .). " ,
, " , " . / . & , . # . & . ! GPA. forum ,
78 , . " . 2 « » , . % . / ,2, , . % , . % GPA . . . % " . . ) DUNDi. 1 , . ! , . % . % . " #
79 , " " . / " . . & GPA " . # . % .
site DUNDi (http://www.dundi.com). $
# . 5.1.2 - DUNDi , AES RES RSA . 5.1.2.1 RSA % RSA [REF.17] 1978
(Rivest, Shamir, Adleman). $
RSA . RSA " ( - ) . " . %
80 . . . ) " RSA . " . * f(n)=(p-1)(q-1), p q n . $ Euler n . e, f(n), e f(n) 1. , " d, e modulo f(n), d=e-1 mod f(n). O e d " . 1 $ 6. $ $ 6. $ C=Me mod n C. $ B , &=Cd mod n, . % RSA . ! " , . " , . # .
81 % " n. ! " . , , " " . - , 2048 bit .
5.1.2.2 Advanced Encryption Standard (AES)
% AES [REF.18]
. &
, 2002 AES
. AES
128 bit, 192 bit
256 bit 128 bit, 192 bit 256 bit.
" , ,
#
. $
«Rijndael key schedule»
-.
. %
: ByteSub, ShiftRow, MixColumn, AddRoundKey.
AES .
82 % ByteSub bytes [ . 17]. 17: ByteSub ShiftRow byte , [ . 18]. 18: ShiftRow
83 MixColumn " c(x) [ . 19]. 19: MixColumn AddRoundKey byte " byte XOR ( ) [ . 20]. 20: AddRoundKey
84
%
(side channel attacks)
AES. 128 bit ,
"
AES .
.
5.1.2.3 DUNDi, AES RSA
4 DUNDi
RSA AES
.
RSA 1024 bit AES 128 bit.
RSA . 6 . AES . $ # DUNDi. , " ( . 3.6). " RSA. ! " RSA # . . DUNDi PKI . ! , web site . DUNDi "
85 RSA " . $ . DUNDi . DUNDi :
Information Element Notes
EID . KEYCRC32 CRC AES, RSA . SHAREDKEY AES , . ENCDATA AES . 6 , . $ . CRC-32 [REF.19] AES . & " . % SHAREDKEY KEYCRC32. $ " ,
86 . SHAREDKEY AES . REGREQ " . $ ENCDATA. % REGRESPONSE . # , AES . ! DUNDi , , " .
5.1.3 Peer-to-Peer vs. Client Server (DNS)
VoIP ENUM [REF.23] DUNDi [REF.8],
"
.
ENUM, DUNDi, –
(client - server) [REF.20], Domain Name System (DNS)
[REF.16], "
E.164. ENUM DNS #
E.164 DNS . )
, Nameserver (NS) Naming
Authority Pointer (NAPTR), DNS
. & ENUM
87 DNS . 4 DNS . & , , . $ , DNS
.. % Denial of Service (DoS) [REF.22]
Pharming [REF.21].
% DoS DNS
. .
, (Distributed DoS [REF.22]),
DNS , , . DNS , . % Pharming . % DNS . , . & # . % Pharming . 4 , DUNDi ENUM " P2P . DUNDi " . ! , GPA DUNDi. * , "
88 DNS . , DUNDi . $ " DUNDi.
5.2 +
,
DUNDi [REF.25]. 5.2.1 , . DUNDi , . ) " . - , DUNDi " « » ( ) . DUNDi « » , « » . , " " . $ « » DUNDi, . % « » DUNDi " , . ! " 21.89 21: ( DUNDi # 5.2.1 $ $ D. ! , 17 13 ( ). , lookup. " . ( ) " . . . 5.2.2 # " . ! " , DUNDi, . / ,
90 , . $ . ) 16. 1 7 16. 4 . $ 4 – 5, 7 – 8, 2 – 3 5 – 6. 7, 4, 1, 2, 5, 8, 9, 17, 13, 16. . $ , 7 4 1. 5. " 1 2 . ' , 2 3 5 . 5 ( 4). * 7 16 " .
91 22: % # 5.2.2 4 5 . . # DUNDi. / .
92
6.
, DUNDi. $ , Asterisk, DUNDi . ! Asterisk , VoIP . DUNDi Asterisk. DUNDi, . ! , DUNDi Asterisk, , . / DUNDi # . $ " " DUNDi " . . $ , , . % DUNDi , . ' , , . / , . $ ( . . . 4), hop 2 ms. - DUNDi ( ) ’ " .93 / , " " DUNDi. * , ENUM. . % DNS , P2P DUNDi . & AES RSA , DUNDi . DUNDi , . DUNDi GPA, " . & DUNDi , GPA " . , DUNDi " , " " " . ENUM . $ # . DUNDi , " .
94
$
[REF.]
1. http://www.voip-info.org/
2. H.323 Protocol Overview: Paul E. Jones (October 2007) 3. SIP Protocol Overview: RADVISION Team
4. IAX: Inter-Asterisk eXchange Version 2: M. Spencer 5. Asterisk: A Non-Technical Overview: Nasser K. Manesh 6. http://www.asterisk.org/
7. Asterisk: The Future of Telephony: Leif Madsen, Jared Smith
8. Distributed Universal Number Discovery (DUNDi)draft-mspencer-dundi-01: M. Spencer Internet-Draft Digium, Inc. October 13, 2004
9. RFC 2916 E.164 number and DNS September 2000
10. DIGIUM GENERAL PEERING AGREEMENT (TM)Version 1.0.0: Sept. 2004
11. $ ' 1 : ) " , .. . ,
' ) "
12. Practical VoIP Security: Thomas Porter, Jan Kanclirz, Andy Zmolek, Antonio Rosela, Michael Cross, Larry Chaffin, Brian Baskin, Choon Shim.
13. & : ) . ' , 6 (. (
14. : . ). '
15. An Overview of Peer-to-Peer: Sami Rollins
16. RFC 883 DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION 17. http://www.rsa.com/
18. ADVANCED ENCRYPTION STANDARD (AES) Federal Information Processing Standards Publication 197
19. http://citeseer.ist.psu.edu
20. The Future of Asterisk: Kevin P. Fleming 21. Routing Security: Steven M. Bellovin
95 22. Spoof Detection for Preventing DoS Attacks against DNS Servers: Fanglu Guo
Jiawu Chen Tzi-cker Chiueh
23. "Security and Privacy issues towards ENUM", Proceedings of the ISSPIT ‘05 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 478-483, December 2005, Athens, Greece, IEEE Press 24. G. Kambourakis, D. Geneiatakis, S. Gritzalis, T. Dagiuklas, C. Lambrinoudakis. 25. http://www.enum.org/