On the billing vulnerabilities of SIP-based VoIP systems

For commercial VoIP services, billing is crucial to both service providers and their subscribers. One of the most basic requirements of any billing function is that it must be accurate and trustworthy. A reliable VoIP billing mechanism should only charge VoIP subscribers for the calls they have really made and for the durations they have called. Existing VoIP billing is based on the underlying VoIP signaling and media transport protocols. Hence, vulnerabilities in VoIP signaling and media transports can be exploited to compromise the trustworthiness of the billing of VoIP systems. In this paper, we analyze several deployed SIP-based VoIP systems, and present three types of billing attacks: call establishment hijacking, call termination hijacking and call forward hijacking. These billing attacks can result in charges on the calls the subscribers have not made or overcharges on the VoIP calls the subscribers have made. Such billing attacks essentially cause inconsistencies between what the VoIP subscribers have received and what the VoIP service provider has provided, which would create hard to resolve disputes between the VoIP subscribers and service providers. Our empirical results show that VoIP subscribers of Vonage, AT&T and Gizmo are vulnerable to these billing attacks.

[1]  Jari Arkko,et al.  Security Mechanism Agreement for the Session Initiation Protocol (SIP) , 2003, RFC.

[2]  Xuxian Jiang,et al.  Voice pharming attack and the trust of VoIP , 2008, SecureComm.

[3]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[4]  Saurabh Bagchi,et al.  SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[5]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[6]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[7]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[8]  Xuxian Jiang,et al.  An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems , 2009, ISPEC.

[9]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[10]  Dipak Ghosal,et al.  Secure IP Telephony using Multi-layered Protection , 2003, NDSS.

[11]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[12]  Xuxian Jiang,et al.  Billing Attacks on SIP-Based VoIP Systems , 2007, WOOT.

[13]  Jonathan Rosenberg The Real Time Transport Protocol (RTP) Denial of Service (Dos) Attack and its Prevention( , 2003 .

[14]  Xuxian Jiang,et al.  On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers , 2009, ASIACCS '09.

[15]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.