A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks (original) (raw)
Related papers
Stateful Virtual Proxy for SIP Message Flooding Attack Detection
Itiis, 2009
VoIP service is the transmission of voice data using SIP protocol on an IP-based network. The SIP protocol has many advantages, such as providing IP-based voice communication and multimedia service with low communication cost. Therefore, the SIP protocol disseminated quickly. However, SIP protocol exposes new forms of vulnerabilities to malicious attacks, such as message flooding attack. It also incurs threats from many existing vulnerabilities as occurs for IP-based protocol. In this paper, we propose a new virtual proxy to cooperate with the existing Proxy Server to provide state monitoring and detect SIP message flooding attack with IP/MAC authentication. Based on a proposed virtual proxy, the proposed system enhances SIP attack detection performance with minimal latency of SIP packet transmission.
Network Security Framework To Counter SIP Based Attacks
The Session Initiation Protocol (SIP) is the multimedia communication protocol of the future used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), its concepts are based on mature and open standards and its use is increasing rapidly within recent years. However, with its acceptance as a mainstream communication platform, security concerns become ever more important for users and service providers. The distinct nature of flooding attacks makes task of mitigating the attacks an enormous challenge to the security administrator. In this paper we identify different attacks on SIP-based networks with the focus on Denial-of-Service (DoS) ooding attacks and thus proposing a framework and algorithm which will help in the mitigation of SIP based attacks along with other attacks that prevail on our network / computer resources.
Towards a Security Model against Denial of Service Attacks for SIP Traffic
2018
Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-ofService (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organiz...
Utilizing bloom filters for detecting flooding attacks against SIP based services
Computers & Security, 2009
Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks and, on top of that, they offer a field for new attacks or variations of existing ones. Among the various threats-attacks that a service provider should consider are the flooding attacks, at the signaling level, which are very similar to those against TCP servers but have emerged at the application level of the Internet architecture. This paper examines flooding attacks against VoIP architectures that employ the Session Initiation Protocol (SIP) as their signaling protocol. The focus is on the design and implementation of the appropriate detection method. Specifically, a bloom filter based monitor is presented and a new metric, named session distance, is introduced in order to provide an effective protection scheme against flooding attacks. The proposed scheme is evaluated through experimental test bed architecture under different scenarios. The results of the evaluation demonstrate that the required time to detect such an attack is negligible and also that the number of false alarms is close to zero.
Protecting SIP proxy servers from ringing-based denial-of-service attacks
2008
Abstract As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voice-over-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority.
Secure SIP from DoS based Massage Flooding Attack
caesjournals.org
Over IP network the SIP-based VoIP system build , so it is precious by the IP network security problem. In this paper we concentrate on the issue of denial of service (DoS) attacks which targeting the hardware and software of voice over IP servers .In this situation we mainly identify attacks based on exhaustion the memory of VoIP servers, attacks on the CPU. A major conclusion is that SIP provides a wide range of features that can be used to accumulate DoS attacks. Discovering these attacks is inherently difficult, in the case of DoS attacks on other IP components.
A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment
Telecommunication Systems, 2007
The advent of Voice over IP (VoIP) has offered numerous advantages but, at the same time, it has introduced security threats not previously encountered in networks with a closed architecture like the Public Switch Telephone Networks (PSTN). One of these threats is that of signaling attacks. This paper examines the signaling attacks in VoIP environments based on the Session Initiation Protocol (SIP), focusing on the design of a robust lightweight protection mechanism against them. The proposed scheme introduces a new SIP header, namely the Integrity-Auth header, which is utilized for protecting the SIP-based VoIP services from signaling attacks while ensuring authenticity and integrity.
Highly Effective Filtration and Prevention Framework for Secure Incoming VoIP Calls
In the past 10 years, numerous users have applied Voice over Internet Protocol (VoIP) with the rise of VoIP-oriented businesses. The system filters incoming calls through an intrusion detection system engine. If a call is accepted, the middle box signature inspection initiates a Session Initiation Protocol (SIP) proxy for the incoming call. A bridge is then used to send the call to the SIP server through a double virtual private network. If the call is rejected by the anomaly detection box, however, the box sends a report to the network administration and efficiently audits rejected calls. This paper examines the use of SIP as an integrated protocol for managing a specific multimedia service, including several aspects of configuration, coordination, and adaptation logic, to enable response with a session negotiation control of user sessions. The proposed innovation is a combined filtration and prevention security method, whose significance lies in its ability to execute object intrusion and encryption, as well as in the correspondence between the two methods without losing efficiency. The proposed framework focuses on DoS attacks, spoofing detection, and filtration. A new security model layer for SIP is also developed to supplement entire session initiations.
International Conference on Aerospace Sciences & Aviation Technology, 2013
Session Initiation Protocol (SIP) is application layer signaling text-based protocol used for creating, modifying, and terminating multimedia communications sessions (Internet telephone calls, instant messaging, and multimedia conferences) among Internet endpoints. SIP is defined by the Internet Engineering Task Force (IETF) and documented in RFC 3261. Unfortunately, SIP-based application services using IP network are not only exposed to the security vulnerabilities inherited from IP but also exposed to new security vulnerabilities inherited from SIP. In this paper we present the most important security vulnerabilities, threats, and attacks against SIP-multimedia communications systems. Our goal is to provide roadmap to the interested persons for understanding existing capabilities, and identifying the gaps and vulnerabilities in SIP, We illustrate how these vulnerabilities can be exploited to compromise the security of SIP-based systems. Then we focus on Denial of Service (DoS) attacks that impact service availability along with the main detection techniques for these attacks.