KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Detection And Countermeasure Scheme For Call-Disruption Attacks On SIP-Based Voip Services

  • Ryu, Jea-Tek (IP Service Team, Korea Institute of Patent Information) ;
  • Roh, Byeong-Hee (Dept. of Information and Computer Eng., Ajou University) ;
  • Ryu, Ki-Yeol (Dept. of Information and Computer Eng., Ajou University) ;
  • Yoon, Myung-Chul (Dept. of Electronics Engineering, Dankook University)
  • Received : 2011.08.17
  • Accepted : 2012.06.19
  • Published : 2012.07.31
Download PDF
⟨ Previous Next ⟩

Abstract

Owing to its simplicity and flexibility, the session initiation protocol (SIP) has been widely adopted as a major session-management protocol for Internet telephony or Voice-over IP (VoIP) services. However, SIP has faced various types of security threats. Call-disruption attacks are some of the most severe threats they face, and can greatly inconvenience consumers. In this paper, we analyze such SIP call-disruption attacks, and propose a method for detecting and counteracting them by extending the SIP INFO method with authentication. Using the proposed method, both the target user and the SIP server can detect the existence of a call-disruption attack on a user and counteract the attack. We demonstrate the effectiveness of the proposed method from the viewpoint of computational complexity by configuring a test-bed with an Asterisk SIP proxy server and an SIP performance (SIPp) emulator.

Keywords

References

  1. J.Rosenberg, H. Schulzrinne, G. Cvamarillo, A. Johnston, J. Peterson, R. Spark, M. Handley, and E. Schooler, "SIP : Session Initiation Protocol," IETF RFC 3261, June 2002.
  2. D. Sisalem, J. Floroiu, J. Kuthan, U. Abend, and H. Schulzrinne, SIP Security, John Wiley & Sons Ltd., 2009.
  3. D. Geneiatakis, and C. Lambrinoudakis, "A Lightweight Protection Mechanism against Signaling Attacks in a SIP-Based VoIP Environment," Telecommunication Systems, Vol.36, No.4, pp.153-159, Dec. 2007. https://doi.org/10.1007/s11235-008-9065-5
  4. A. Bremler-Barr, R. Halachmi-Bekel, and J. Kangasharju, "Unregister attacks in SIP," IEEE 2nd Workshop on Secure Network Protocols'2006, Nov. 2006.
  5. F. Wang, and Y. Zhang, "A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography," Computer Communications, Vol.31, No.10, pp.2142-2149, June 2008. https://doi.org/10.1016/j.comcom.2008.01.054
  6. H. Takahara, and M. Nakamura, "Enhancement of SIP Signaling for Integrity Verification," IEEE/IPSJ SAINT'2010, Jul. 2010.
  7. S. Salsano, L. Veltri, D. Papalilo, "SIP Security Issues: The SIP Authentication Procedure and Its Processing Load," IEEE Network Magazine, Vol.16, No.6, pp.38-44, Nov/Dec 2002. https://doi.org/10.1109/MNET.2002.1081764
  8. E. Cha, H. Choi, and S. Cho, "Evaluation of Security Protocols for the Session Initiation Protocol," IEEE ICCCN'2007, Aug. 2007.
  9. S. V. Subramanian, and R. Dutta, "Comparative Study of Secure vs. Non-secure Transport Protocols on the SIP Proxy Server Performance: An Experimental Approach," IEEE ARTCom'2010, Oct. 2010.
  10. Y. Wu, V. Apte, S. Bagchi, S. Garg, and N. Singh, "Intrusion Detection in Voice over IP Environments," International Journal of Information Security, Vol. 8, pp. 153-172, June 2009. https://doi.org/10.1007/s10207-008-0071-0
  11. T. Dagiuklas, D. Geneiatakis, G. Kambourakis, D. Sisalem, S. Ehlert, J. Fiedler, J. Markl, M. Rokis, O. Botron, J. Rodriguez, and J. Liu, "General Reliability and Security Framework for VoIP Infrastructures," Tech. Rep. Deliverable D2.2, SNOCER COOP-005892, September 2005.
  12. H. Cha, J. Ryu, B. Roh, J. Kim, H. Jeong, "Detection of SIP De-Registration and Call-Disruption Attacks using a Retransmission Mechanism and a Countermeasure Scheme," IEEE SITIS'2008, Nov. 2008.
  13. J. Ryu, B. Roh, M. Hong, H. Kim, J. Kim, "Analysis and Its Solution on Security Threats in SIP-based Mobility Support Environments," IEEE INOVATION'2008, Dec. 2008.
  14. SIPp : SIP performance. http://sipp.sourceforge.net/.
  15. Asterisk : The open source telephony project. http://www.asterisk.org/.
  16. A. D. Keromytis, "A Comprehensive Survey of Voice over IP Security Research," IEEE Comm. Surveys & Tutorials, accepted for publication.
  17. C. Holmberg, E. Burger, H. Kaplan, "Session Initiation Protocol (SIP) INFO and Package Framework," IETF RFC 6086, Jan. 2011.
  18. S. Donovan, "The SIP INFO Method," IETF RFC 2976, Oct. 2000.
  19. H. Schulzrinne, and E. Wedlund, "Application-layer mobility using SIP," ACM SIGMOBILE Mobile Computing and Communications Review, Vol.4, No. 3, pp.47-57, Jul. 2000. https://doi.org/10.1145/372346.372369
  20. C. Shen, and H. G. Schulzrinne, "On TCP-based SIP Server Overload," ACM IPTComm'2010, Aug. 2010.
  21. J. Ryu, B. Roh B, and K. Ryu, "Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages," KSII Tr. Internet and Information Systems, Vol.3, No.5, pp.423-574, Oct. 2009. https://doi.org/10.3837/tiis.2009.05.001