Marketing Mix Essay Example for Free

Marketing Mix Essay Coffee is not just selling products, but it is a label. It is a label and a brand that consumers believe in. Starbucks decided to be personal with their customers. Understanding the consumers thoughts became a main goal for the marketing team. The marketing team understands that people want to belong and people want to feel they are being or doing something better than the quote on quote â€Å"others†. To relay these feelings to the customers Starbuck’s Coffee base the appeal on the environment that it provides for the customer. Starbuck’s Coffee expects customers to arrive at a given store, relax at a table, talk, read, listen to music, study and drink coffee. Starbucks also prides it’s self on diversity. Jim Donald, President and CEO of the Starbucks Corporation states, â€Å"When we embrace diversity, we succeed† (www. starbucks. com). Creating The Environment To create this type of environment Starbuck’s Coffee marketing team has placed conversation topics on the sides of each cup to spice up any meeting that one may have. Starbuck’s Coffee also allows all customers to have access to the internet which always can prolong a stay. Starbuck’s Coffee guarantee’s the average customer that is visiting a store; quick service with the surety to leave with the strong smell of a coffee house. They are so committed to having their stores feel and smell like a coffee house that they even prohibit their employees from wearing perfume and cologne because it takes away the aroma of the coffee. In addition, Starbuck’s Coffee makes sure that they are environmentally friendly so that it also adds to their image that they are promoting. Kembell, 2002). PLACE Typically their stores are in high traffic locations where people will just encounter the store without having to search. Starbucks is placed in high-visibility locations. These locations are geared with the average building size of 1,500 square feet. This includes office building, shopping malls, grocery stores, and retail centers. These are the type of area’s people love to be in and Starbucks location is an added topping for both retailers and customer’s alike. Starbucks has built relationships and formed agreements with several companies who they see have additional avenues to meeting customers. These companies include but are not limited to Kraft Foods Inc, PepsiCo Inc, and Dreyers Grand Ice Cream. These agreements were made to reach more Starbuck’s Coffee consumers where ever they are. Distribution Starbucks does not limit the company to a physical location. Starbucks distributes there products via mail orders and online web-sites. Both of these avenues are used for the convenience of its customers. Again independent of the customers, anywhere any place when needed Starbucks is ready and available. Promotion Starbuck uses non-traditional forms of advertising. They use local print ads and imagery in movies to advertise. It is all about the label. It is the women on the cup says more than words. You see the label, and you sense the coffee. Price The products/label of Starbucks Coffee has been marketed so well that price is not a matter. People who come to Starbuck’s Coffee are buying the experience. The experience in many ways is priceless. The effects The marketing strategy for products that the marketing team used was branding the full experience. With the use of custom coffee beans, CD’s, coffee cups, signature chocolate, and an out of this world eco-friendly lay out; Starbucks has maintained a brand consumers believe in. The marketing strategy for place that the marketing team used was connecting with other companies to partner up and build relationships and formed agreements with several companies who they see have additional avenues to meeting customers.

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled

Ultrasound-guided Interscalene Block for Dislocated Shoulder

Ultrasound-guided Interscalene Block for Dislocated Shoulder Preliminary results of ultrasound-guided interscalene block for dislocated shoulder: Abstract Background Traditionally, patients with a dislocated shoulder joint will be subjected to general anesthesia for closed reduction, if this procedure cannot be managed with light intravenous sedation and opioid analgesia. Successful interscalene blockade of the brachial plexus allows painfree reduction of the dislocated shoulder. However, the interscalene blockade for a dislocated shoulder is usually performed in the emergency room and to optimize patient safety it is desirable to minimize the dose of local anesthetic using ultrasound-guidance. The objective of this cohort study was to determine the clinical feasibility of ultrasound-guided interscalene brachial plexus blockade using a safe dose of just 10 mL of lidocaine 1% in producing sufficient and effective muscle relaxation, allowing painfree reduction of a dislocated glenohumeral joint. Methods We performed ultrasound-guided interscalene brachial plexus blockade with 10 mL of lidocaine 1% in a cohort of 10 patients with dislocated glenohumeral joints presenting in the emergency room, where the shoulder could not be reduced following intravenous sedation and analgesia. Results The success rate of closed reduction of the dislocated shoulders was 100% with complete pain control and muscle relaxation during the reducting procedure. Median patient satisfaction (VAS, Visual Analogue Scale 0-10) after completion of the procedure was 10 (range 8-10). Conclusion Ultrasound-guided interscalene brachial plexus blockade using merely 10 mL of lidocaine 1% effectively produces muscle relaxation allowing pain free reduction of the dislocated glenohumeral joint with a success rate of 100% and high patient satisfaction. Keywords dislocation, shoulder, glenohumeral joint, ultrasound Introduction Dislocation of the gleno-humeral joint is associated with severe pain and is frequently presented in the emergency room (ER). Reduction of a shoulderdislocationrequiresalleviation of the pain and musclerelaxation. Traditionally, this is obtained using general anesthesia (GA) with rapid sequence induction, when initial attempts of reduction using light oral and/or intravenous sedation and opioid analgesia are not successful. However, GA is associated with the risk of aspiration and requires an anesthetist, access to the operating theatre and postoperative observation in the Post Anesthesia Care Unit (PACU). Interscalene blockade (ISB) of the brachial plexus (BP) will achieve the desired effect of muscle relaxation and pain alleviation and eliminates the risks of GA cost-effectively. ISB of the BP usingelicitation of paresthesia to locate the target nerves wasemployedalready in 1973 to obtainanalgesia and musclerelaxationallowingreduction of a dislocatedshoulder joint 1. ISB of the BP using electrical nerve stimulation to allow reduction of a dislocated shoulder joint was later reported 2, 3. However, the motor response due to the electrical stimulation can be very painful in patients with dislocated shoulder joints. Some authors have reported location of the BP using ultrasound-guided regional anesthesia instead of electrical nerve stimulation 4, 5. Blaivas and Lyon (2006) used in-plane (IP) approach and 30 mL of either lidocaine 1% or bupivacaine 0.25%. The success rate of pain free joint reduction was 100% in four patients. Bhoi et al. (2010) used out-of-plane approach and 6-15 mLlidocaine 2% and had a success rate of a 100% in three patients. The current report describes an ultrasound-guided approach to ISB of the BP using IP approach and 10 mL of lidocaine 1% for reduction of the gleno-humeral joint in a preliminary cohort of patients with dislocated shoulder where reduction in the ER had been attempted with light sedation and analgesia without success. Methods The requirement for approval of the protocol and for written informed consent, was waived by the Central Denmark Regional Committees on Biomedical Research Ethics,due to the fact that the ultrasound-guided ISB of the BP for reduction of dislocated shoulders is an established method in our departments. Following informed consent 10 consecutive patients scheduled for reduction of dislocated gleno-humeral joint were included in the study (Table 1). We have only included patients with dislocation of the gleno-humeral joint where reduction has been attempted in the ER without success. Following establishment of venous access, the patient was placed in the supine position with the head turned contralateral to the side to be blocked. Vital signs monitoring was opted out during the procedure in the ER provided that all of the following criteria were fulfilled: (1) the block was performed by a consultant anesthetist who performs ultrasound guided peripheral nerve blocks on a daily basis and ( 2) the block was performed with uninterrupted, direct real time visualization of the needle tip during the entire procedure and (3) using parasagittal from-posterior-to-anterior IP approach and (4) with visualization of the spread of a 1 mL test dose of saline alongside the nerve roots of C5-C6 prior to injection of lidocaine and (5) real time visualization of the spread of lidocaine during the entire injection and (6) no supplementary lidocaine in addition to 100 mg was injected (7) in a fully awake and alert patient. If the above criteria 1-7 were not fulfilled, then the procedure was aborted immediately and not resumed until full vital signs monitorering had been applied. . Needle path and injection of local anesthetics Using an aseptic technique the needle was inserted from the posterior end of the ultrasound transducer and thereafter advanced IP in an anterior direction until the needle tip was seen in close proximity to the C5 and C6 nerve roots (Fig. 1). Hydrolocation was per formed with 1 mL of saline confirming the appropriate location of the needle tip and the spread of the injectate prior to injection of local anesthetic (10 mL of lidocaine 1%). The endpoint of the injection manoeuvre was to observe that the local anesthetic spread alongside the C5 and C6 nerve roots as assessed by real-time ultrasound. The dose of lidocaine was injected incrementally with intermittent aspiration. If the spread of local anesthetic was deemed inadequate the needle tip was repositioned as necessary with direct real time visualization using solely ultrasonographic guidance. Equipment The ultrasound scanning was performed with an M-Turbo ultrasound machine (Sonosite, Bothell, WA) using a 6-13 MHz linear transducer (HFL38, Sonosite ®, Bothell, WA, USA) covered by a sterile sleeve. Definition of successful ISB Successful ISB was defined as reduction of the dislocated shoulder joint with no need for conversion to general anesthesia. Study design and data collection The study was planned as a prospective cohort study to determine the clinical feasibility of the low-dose IP ISB to allow reduction of a dislocated shoulder joint . Thus, no formal power analysis or statistical test analysis was performed. Results A total of 10 patients were enrolled. Nine patients had an anterior dislocation of the gleno-humeral joint and one had a posterior dislocation. Demographic data are presented in table 1. The success rate of reduction of the dislocated shoulders was 100% with complete pain control and muscle relaxation during the reducting procedure. Median patient satisfaction (VAS, Visual Analogue Scale 0-10) after completion of the procedure was 10 (range 8-10). Median time from completed block performance to shoulder reduction was five minutes (range 3-10 minutes). The median pain VAS score immediately prior to the performance of the interscalene block was 10 (range 7-10), and all patients were awake and fully alert during the procedure. All procedures were completed in accordance with the criteria 1-7 (see Methods). Outcome data are presented in table 2. Discussion Our preliminary data demonstrate that a dislocated shoulder can be reduced effectively without pain, and with good muscle relaxation using ultrasound-guided interscalene brachial plexus blockade with a small dose of lidocaine. By application of this technique, deep sedation and opioids and/or general anesthesia with fast track induction is avoided in a population of typically non-fasting patients. Ultrasound-guided ISB of the BP is applicable also in patients with severe cardiac co-morbidity, where GA would not be attractive. Ultrasound-guided ISB of the BP is also a simple and low-cost technique compared to general anesthesia and does not occupy the capacity of the surgical ward or the PACU. Application of a safe and innocuous dose of a local anesthetic with a broad therapeutic range is critically important, when peripheral nerve blocks are performed in the ER outside the primary venue of anesthesia. The standard dose of 100 mg lidocaine optimizes patient safety, as accidental intra venous injection of this magnitude of lidocaine would be virtually harmless. However, intravenous injection using ultrasound-guidance is practically impossible when appropriately performed in accordance with the criteria listed in the Methods section. The theoretical risk of an accidental intraarterial or intraspinal injection is considered non-existent obeying the above mentioned criteria 1-7. Resuscitation equipment is readily accessible in the settings of the ER. However, any dose of any local anesthetic employed for peripheral nerve blocks without full vital signs monitoring remains a controversial issue. If the reader cannot honour all the criteria 1-7, the advice of the authors is to apply full vital signs monitoring during and after the performance of the nerve block even when using a small dose of a local anesthetic with a broad therapeutic range. Our preliminary data suggest that the patients experience maximum satisfaction with this technique (median VAS score 10). We hav e no data to compare patient satisfaction to nerve stimulation guidance for interscalene blockade or general anesthesia. There are some important limitations to our study. First, the study is non-randomized, un-blinded and it does not include a control group. Second, the sensory and motor quality of the interscalene blocks was not tested and the effect was just documented by clinical success. Third, lidocaine pharmacokinetics was not calculated and serum-lidocaine was not measured. Fourth, the choice of dose of local anesthetic was arbitrary and not based on titration. Fifth, the study included only a small sample of patients. However, the clinical success rate of reduction was 100% and the patient satisfaction very high despite the fact that our data were sampled in a population of patients where the primary attempt for a closed reduction of the dislocated shoulder supported by sedatives and opioids failed. This strongly indicates the feasibility of the described technique and reduced dosing of local anesthetic. Future randomized controlled trials have to clarify the usefulness of a broader indication for ultrasound guided interscalene nerve blockade for patients with dislocated shoulders. Conclusion This preliminary cohort study demonstrates that ultrasound guided interscalene BP blockade using merely 10 mL of lidocaine 1% effectively produces muscle relaxation allowing pain free reduction of the dislocated glenohumeral joint with a success rate of 100% and maximum patient satisfaction.

Essay --

The effects of observational learning on children Does allowing children to watch violent television and what they see on a daily basis in their lives from peers and adults effect their actions, and thoughts? The answer is simply yes! When it comes down to the facts, children’s behaviors are greatly influenced from what they see going on around them. Children can be taught to be violent or they can be taught to be kind, they can be taught to be confident, or they can be stripped of their self-confidence, they can be taught to be great or they can be taught to fail in life all from observing how adults and peers in their life act. Children start out in life observing everything that everyone and everything around them are doing. They learn to walk, talk, and feed themselves from observing what their parents, siblings, and other people around them do. They learn these things from observing and then imitating them. â€Å"It has been found that infants as early 6 weeks old imitate facial expressions and infants 6 and 9 months of age have shown to exhibit deferred imitation of actions demonstrated with objects† (Jones, Hebert. 197). â€Å"Recently researchers at the University of Washington and Temple University have found the first evidence revealing a key aspect of the brain processing that occurs in babies to allow this learning by observation† (â€Å"Baby Brains Learn Through Imitation†). In their study they found that when a baby observed an adult touch a toy with their hand the same part of the brain that controls the same hand on the child would light up. The same was true if they obs erved an adult touch the toy with their foot, the foot part of the child’s brain would light up. These results showed that when babies observed someone els... ...Jones and Hebert found that infants as early as 6 weeks old imitate facial expressions and infants 6 to 9 months of age have shown to exhibit deferred imitation of actions demonstrated with objects. Greer, Dudek-Singer and Gautreaux found that even weeks after their study was completed that the children’s behavior was still able to be reinforced with the plastic discs that were used in their experiment. The exposure to chronic alcoholism by parents effect children well into adulthood and in almost every area of their lives from health to relationships and Huesmann, L. R., Moise-Titus, J., Podolski, C., & Eron, L. D. found that exposure to early childhood violence on television effects children well into adulthood. These studies are proof that what children observe growing up does effect what they learn and can have horrible effects on who they are when they grow up.

Mark Twain: Tom Sawyer and The Adventures of Huckleberry Finn :: English Literature

Mark Twain: Tom Sawyer and The Adventures of Huckleberry Finn There are many wonderful books written by great authors. However the writer who inspired me the most is the one and only Mark Twain. I was impressed by his books since I was a child. The two novels which I enjoyed were two of his most famous works, Tom Sawyer and The Adventures of Huckleberry Finn. These books are considered to be masterpieces by a lot of people. Samuel Clemens, better known by his pseudonym Mark Twain, was born in Florida, Missouri, in 1835. When Samuel Clemens was twelve years old, his father died. After his father’s death Clemens went to become a printer’s apprentice. His childhood dream was to become a steamboat salesman, and ride along the river down the stream. He had this goal achieved early in life until the Civil War came along putting him out of business. The Civil War forced Clemens out west in search of gold but ended up becoming a reporter for the Virginia City newspaper. While Twain was traveling the nation with his lectures he met his future wife Olivia. While trying to earn Olivia’s love, Twain wrote over two-hundred love letters, trying to earn her fathers respect and have permission to marry her. He then after this wrote his very first best seller which was called â€Å" Innocence Abroad†. Through many writers Twain was slowly becoming the United States first celebrity. He was selling his name, Twain became spokespersons for all different types of products, putting his face on to anything which companies thought would help sell there products. While Twain was away from the public life, he was able to create two very well known classics: Tom Sawyer and The Adventures of Huckleberry Finn. However at one point in time, Twain experience financial problems and had to declare bankruptcy. His next money making idea was to travel the world and make money by giving lectures. He became very famous from this. During this trip however his wife became very sick and died along with one of his daughters. When he returned home he was very lonely, and his life changed a lot. At the time Mark Twain was the most influential person in the country. This man who started out as a printers apprentice and a steamboat salesman was able to become the most well known person. Twain died in 1910 and still until now he is very respected and a well known writer. When I was a little girl I loved to read Tom Sawyer and The Adventures of Huckleberry Finn. I remember reading it at my grandmother’s garden

Alexander Hamilton: Financial Plan Essay

After the Founding Fathers ratified the Constitution, they realized that they had to deal with sixty-three million dollars debt that they owed to those who took part in the American Revolution. In order to pay back this debt Alexander Hamilton created a financial program. However, some Republicans such as Thomas Jefferson and James Madison thought that his plan was unconstitutional because one would need to use the necessary and proper clause which most people feared because it gave the government too much power. This, however, is not so Alexander Hamilton’s financial plan however was mostly constitutional because it allowed it to use the powers as well as responsibilities congress already had such as print its own form of currency, issue taxes, and ultimately pay off debts. Hamilton’s financial plan can be broken down to four parts the taxation, national bank, Hamilton’s reports, and the assumption plan all four were within his rights to do so. One of the four p arts of Hamilton’s economic plan was taxation. He placed a tax on Distilled Spirits, or otherwise known as whiskey, because not many people produced it and sold it. This part of his plan that was completely constitutional. Since it is one of the enumerated powers as seen in the Constitution (I, 8, 1) that Congress is allowed to collect and levy taxes to pay off a debt. Thus Hamilton’s taxation on distilled spirits was constitutional. The second part of the financial plan was the creation of the national bank. Some things the national bank did were that it established a national currency and establish credit in the country and overseas. The national bank was constitutional because it could have been done through the elastic clause, or the necessary and proper clause (I, 8, 18). This clause could have been used because it allowed Congress coin money, pay off debts made in the Revolution, and regulate commerce. Also, all three are enumerated powers. Another part of the economic program was the reports proposed by Alexander Ha milton. Hamilton presented three reports from January 1790 to December 1791. The first was a report on public credit. This proposed to replace old bonds with new ones for those who had them. And the Federal government would also â€Å"assume† the state debts. This could be done through the necessary and proper clause because this would ultimately allow the government pay off some of its debts. The second report was also a report on Public credit in this one however he wanted to place a tax on distilled spirits. This could have been done because of in the Constitution, (I, 8, 1), congress had the power to tax. He also proposed the creation of the national bank. This too could have been done through the necessary and proper clause because the national bank would help Congress to use its other powers like coin money and regulate commerce. The third and final report was the report on manufacture. In this Hamilton proposed a program where the government would aid and encourage the manufacturing enterprise and American industries. In this report Hamilton wanted to put tariffs on imported goods to protect American Industries. This also allowed them to compete with the more inexpensive European imports. This could also have been achieved through the necessary and proper clause because it would help inventors and it would count as a tax which would help with the debt. What Hamilton proposed in the reports was constitutional mainly through the necessary and proper clause. The final part of Hamilton’s financial plan is the assumption plan. The assumption plan is the plan where the government would â€Å"assume† all state debts by paying off all bonds sold at face value. This would ultimately help America gain good credit. This plan was too constitutional for it helped pay off debts which is one of the responsibilities of Congress stated in the Constitution (I, 8, 1). In turn the Elastic clause could be used to say that this plan is constitutional. All in all, all parts of Alexander Hamilton’s economic program were constitutional. The whiskey tax was constitutional through Article I, Section 8, Clause 1 of the constitution. The national bank could have been justified through the elastic clause. The reports were also constitutional through mainly the necessary and proper clause. The assumption plan was also constitutional because it supported Article I, Section 8, Clause 1. This proves the constitutionality of Hamilton’s financial program.

Dramatic devices and events used by Miller Essay

‘You’re the Devil’s man! ‘ When Mary finally buckles under the weight of Abigail’s power over her and her intelligent reaction to the situation- the accusation against Mary of witching her, she blames Proctor of witchcraft, thus condemning the whole of Salem to madness, and taking away the lives of Proctor and many other innocents. This event marks the end of any possibility of sanity in Salem, and is ruinous for the once peaceful town. The other accusation in this act is the blame placed on Abigail by Proctor that Abigail is a whore. Even though it would seem the most far-fetched and outrageous claim made in this act, it is the only truthful one. The court’s ‘justice’ fails to grasp this concept though, so the lies win the struggle once again. Act 3 holds the best chance Salem has had of being released from the hysteria and madness that has accumulated and multiplied, feeding upon the accusations and lies that have been propagated, but this glimmer of hope is extinguished, and the truth is once again suppressed and shunned. The truth of the girls’ fraud is suppressed. From the very beginning, when Proctor first speaks out against the court, Danforth’s questioning techniques attempt to intimidate Proctor, thus trying to suppress the truth, because his dialogue is imposing, inflexible and intimidating, thus preventing the one person who holds the key to the release of Salem, the one person who knows and can tell the truth, from doing so. ‘If I must answer that, I will leave and not come back again. ‘ The other character key to suppressing the truth is Abigail, because she is harnessing the power of the witch trials to eliminate Elizabeth, to clear the path to her lust for Proctor, she also has an intimidating dialogue, because hers is indignant, and at times, even threatening, cleverly making out that she is innocent. She acts the part of a girl who is shocked and indignant at the charge against her, making the charge seem entirely false, when in reality it is completely accurate. She pretends to be indignant at the questions, to avoid answering the questions that Danforth poses to her, and even threatens to leave the court, showing her growing power over the adults in Salem. She also keeps looking at Mary, and uses the apparitions of the yellow bird and the icy wind, to force Mary back to her side, once again suppressing the truth from one character that could be the end of the lies. She chatters her teeth and shakes, to make the apparitions seem even more realistic. There are also events in Act 3 that also show the suppression of the truth, such as Danforth and Hathorne questioning Proctor to try to suppress the truth. In order to try to dispose of the threat that Proctor begins to pose in Act 3, Danforth and Hathorne exercise their power to invade his privacy. Even though Proctor has not yet been formally accused of witchcraft, Danforth and Hathorne, like Hale earlier, question him about his Christian morals as though he were already on trial. They hope to find in his character even the slightest deviation from Christian doctrine because they would then be able to cast him as an enemy of religion. Once thus labelled, Proctor would have virtually no chance of anyone in God-fearing Salem intervening on his behalf, therefore suppressing the truth. The court created for the witch trials was commonly believed by the villagers to be created by God. Therefore the upholding of this court becomes essential to the maintenance of social order in Salem. There is a big decision to be made by the judges in this act- to maintain social order and suppress individuals’ freedom, or to submit to the truth, thus condemning Salem to chaos and their reputation to breakdown. Some dramatic devices in this act are used to emphasise the issue of the decision between maintenance of social order or the truth. When Judge Danforth enters, the rest of the characters including Cheever and Parris trail him. This positioning of characters emphasises the authority that Danforth possesses. On his appearance, silence falls, again showing his power and authority as high judge of the court. He has the power to suppress the truth or to give justice, to take away the lives of innocents, or to heal Salem of the wounds it has suffered. ‘Let you consider it then. ‘ When Hale says this sentence, the room falls silent as Proctor hands Danforth the warrant. This is a dramatic climax, when Danforth is considering Proctor’s evidence. This is a fulcrum, where the verdict could go either way-where social order could be maintained, or Proctor’s individual freedom could be granted. The silence is broken only by Mary’s sob, showing the importance of this moment. ‘I have evidence for the court!†¦ we have proof for your eyes’ The desperate attempt by Giles, Proctor and Francis to save their respective wives exposes the extent to which the trials have become about specific individuals and institutions struggling to maintain power and authority-social order versus individual freedom. Danforth and Hathorne do not want to admit publicly that they were deceived by a group of girls, while Parris does not want the trials to end as a fraud because the scandal of having a lying daughter and niece would end his career in Salem. Because of this, Danforth react to Proctor’s claims by accusing him of trying to undermine the court, which, in theocratic Salem, is tantamount to undermining God himself. The issue that you’re one’s name is important to one, and that some are willing to die for it. There are many contextual links and quotes, from plays, books and even the bible, stating that name is important to a man. ‘Good name in man and women, dear my lord, is the immediate jewel of their souls; who steals my purse steals trash; ’tis his, and has been slave to thousands; but he that filches from me my good name robs me of that which not enriches him, and makes me poor indeed’ This quote form the play ‘Othello’ by Shakespeare shows that a name is important to a man, more important than his money or possessions. ‘I quit this court! ‘ The stage direction of Hale slamming the door after quitting the court from which he was part of, ruins his good name and relinquishes the power he held, because he realises the injustice and lies that are holding the court up. ‘Their bodies are buried in peace, but their name shall liveth for evermore. ‘ This quote from the bible, of St Matthew, Chapter 44, verse 9 says that if someone is dead, but has not left a name behind them, it means that they have not sinned and their name shall live on forever. Giles acted upon the same principle in this act-‘I cannot give you his name. ‘ Giles refuses to name someone else just so he can keep his own life, and dies for the cause. Proctor in this act also does not defile his name, because he does not confess to witchcraft when prompted, so is thrown in jail with a death sentence. He instead speaks the truth-that Salem has ‘pulled down heaven and raised up a whore. ‘ In conclusion, in Act 3 of the crucible, Miller uses dramatic devices and events to highlight the key issues of the play, and, indeed, of the time, highlighting the problems and issues with Puritanism and the way of life in those days, and highlights the paranoia and hysteria that flourished in Salem at the time. He realises the irony of the trials, that they were supposed to be God’s will, but people were in fact using religion to their own ends. By Luke Worley (9T) 2915 words. Show preview only The above preview is unformatted text This student written piece of work is one of many that can be found in our GCSE Arthur Miller section.