KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Stateful Virtual Proxy for SIP Message Flooding Attack Detection

  • Yun, Ha-Na (School of Computer Engineering, Hanshin University) ;
  • Hong, Sung-Chan (Div. of Information & Telecommunication, Hanshin University) ;
  • Lee, Hyung-Woo (School of Computer Engineering, Hanshin University)
  • Published : 2009.06.25
Download PDF
⟨ Previous Next ⟩

Abstract

VoIP service is the transmission of voice data using SIP protocol on an IP-based network. The SIP protocol has many advantages, such as providing IP-based voice communication and multimedia service with low communication cost. Therefore, the SIP protocol disseminated quickly. However, SIP protocol exposes new forms of vulnerabilities to malicious attacks, such as message flooding attack. It also incurs threats from many existing vulnerabilities as occurs for IP-based protocol. In this paper, we propose a new virtual proxy to cooperate with the existing Proxy Server to provide state monitoring and detect SIP message flooding attack with IP/MAC authentication. Based on a proposed virtual proxy, the proposed system enhances SIP attack detection performance with minimal latency of SIP packet transmission.

Keywords

References

  1. P. C. Mehta, S. Udani, “Overview of Voice over IP,” Technical report MS-CIS-01-31, University of Pennsylvania, Feb. 2001.
  2. ITU-T, Recommendation H.323, “Packet based Multimedia Communication Systems,” version 4, June 2006.
  3. J. Rosenberg, et al., “SIP: Session Initiation Protocol,” IETF RFC 3261, June 2002.
  4. J. Franks. et al., “HTTP Authentication: Basic and Digest Access Authentication,” IETF RFC 2617, June 1999.
  5. T. Dierks, et al., “The Transport Layer Security (TLS) Protocol Version 1.2,” IETF RFC 5246, August 2008.
  6. S. Dusse, et al., “S/MIME Version 3 Message Specification,” IETF RFC 2633, June 1999.
  7. H. Schulzrinne, et al., “RTP: A Transport Protocol for Real-Time Applications,” IETF RFC 3550, July 2003,
  8. S. Niccolini, “VoIP Security Threats,” Internet-Draft, NEC SPEERMINT Working Group, 2007.
  9. S. Salsano, et al., “SIP Security Issues: The SIP authentication procedure and its processing load,” IEEE Network, November/December, 2002.
  10. D. Sisalem, J. Kuthan, S. Ehlert, “Denial of service attacks targeting a SIP VoIP infrastructure: Attack scenarios and prevention mechanisms,” IEEE Networks Magazine, Vol 20, No. 5, 2006.
  11. C. Chang. et al., “Design and Implementation of SIP Security,” in Proc. Of ICOIN 2005, LNCS 3391, pp.669-678, 2005.
  12. D. Endler, M. Collier, “Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions,” McGraw-Hill, Osborne, 2007.
  13. S. Vuong, Y. Bai, “A survey of VoIP intrusions and intrusion detection systems,” in Proc. of 6th International Conference on Advanced Communication Technology, 2004.
  14. D. Seo, H. Lee, E. Nuwere, “Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models,” in Prof. of the IFIP TC 11 23rd Int. Information Security Conference, pp.397-411. 2008.
  15. H. Sengar, et. al., “VoIP Intrusion Detection Through Interacting Protocol State Machines,” in Proc. of 2006 International Conference on Dependable Systems and Networks, pp.393-402, 2006.
  16. E. Fernandez, A. Kumar, “A Security Pattern for Rule-based Intrusion Detection,” in Proc. of the Nordic Pattern Languages of Programs Conference, 2005.
  17. G. Ormazabal, et. al., “Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems,” In Proc. of International Conference on Principles, Systems and Applications of IP Telecommunications 2008, LNCS 5310, pp.107-132, 2008.

Cited by

  1. A secure and efficient SIP authentication scheme for converged VoIP networks vol.33, pp.14, 2009, https://doi.org/10.1016/j.comcom.2010.03.026