Artemisa: An open-source honeypot back-end to support security in VoIP domains

Voice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios.

[1]  Henning Schulzrinne,et al.  SIP Security , 2009 .

[2]  Jinhua Guo,et al.  Security Challenge and Defense in VoIP Infrastructures , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[3]  T. Dagiuklas,et al.  SIP Security Mechanisms : A state-ofthe-art review , 2005 .

[4]  Mark Collier,et al.  Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions , 2006 .

[5]  Iván Arce Voices, I hear voices [VoIP security] , 2006, IEEE Security & Privacy.

[6]  William Packard Voices/I hear/voices , 1972 .

[7]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[8]  D. Richard Kuhn,et al.  Challenges in securing voice over IP , 2005, IEEE Security & Privacy Magazine.

[9]  M. Brunner,et al.  ISE03-2: SPam over Internet Telephony (SPIT) Prevention Framework , 2006, IEEE Globecom 2006.

[10]  Alasdair J. Macdonald,et al.  ‘Voices’ , 2005 .

[11]  Aiko Pras,et al.  Analysis of Techniques for Protection Against Spam over Internet Telephony , 2007, EUNICE.

[12]  R. Dantu,et al.  Securing VoIP and PSTN from integrated signaling network vulnerabilities , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[13]  Saverio Niccolini,et al.  SPam over Internet Telephony (SPIT) Prevention Framework. , 2006 .

[14]  Thomas J. Walsh,et al.  Security Considerations for Voice Over IP Systems , 2005 .

[15]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[16]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.