Internet security meets the IP multimedia subsystem: an overview

In this paper, we discuss the security threats of next-generation telecommunication core networks induced by the adoption of Internet technology. The 3GPP IP multimedia subsystem (IMS) is based on the Internet protocol (IP) and hence inherits many security problems from the Internet world. We provide a review of the most prominent vulnerabilities, covering both fundamental functions like routing and name resolution as well as message tampering and implementation attacks, and we show their impact on the IMS. Further, we address the topics of denial of service (DoS) attacks and unsolicited communication (UC). Despite the large number of security threats, the IMS standardization foresees no security monitoring and fully relies on standard countermeasures as known from the Internet. This paper provides a survey of these threats and relates them to the available solutions. We motivate the need for a powerful and modular monitoring platform for the IMS and provide an overview of the existing work in this research field. Copyright © 2009 John Wiley & Sons, Ltd.

[1]  David M. Watson,et al.  Protocol scrubbing: network security through transparent flow modification , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  Nick Feamster,et al.  Guidelines for interdomain traffic engineering , 2003, CCRV.

[3]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[4]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[5]  Miguel A. Garcia-Martin,et al.  The 3G IP multimedia subsystem IMS - merging the internet and the cellular worlds (2. ed.) , 2006 .

[6]  Scott O. Bradner,et al.  The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM) , 2011, RFC.

[7]  Dan York SIP Usage Scenarios Similar to SPIT , 2008 .

[8]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[9]  Thomas Magedanz,et al.  VoIP defender: highly scalable SIP-based security architecture , 2007, IPTComm '07.

[10]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[11]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[12]  Richard Bejtlich,et al.  The Tao of Network Security Monitoring: Beyond Intrusion Detection , 2004 .

[13]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[14]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[15]  Gonzalo Camarillo,et al.  The 3G IP Multimedia Subsystem : Merging the Internet and the Cellular Worlds , 2004 .

[16]  Salvatore J. Stolfo,et al.  Casting out Demons: Sanitizing Training Data for Anomaly Sensors , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[17]  M. Whitehead GOCAP — one standardised overload control for next generation networks , 2005 .

[18]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[19]  Andrew B. Whinston,et al.  Defeating DDoS attacks by fixing the incentive chain , 2007, TOIT.

[20]  R. MacIntosh,et al.  Detection and mitigation of spam in IP telephony networks using signaling protocol analysis , 2005, IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication, 2005..

[21]  Costas Lambrinoudakis,et al.  A framework for detecting malformed messages in SIP networks , 2005, 2005 14th IEEE Workshop on Local & Metropolitan Area Networks.

[22]  Radu State,et al.  Holistic VoIP intrusion detection and prevention system , 2007, IPTComm '07.

[23]  David Hylender,et al.  Data Breach Investigations Report , 2011 .

[24]  Neco Ventura,et al.  A Multilayered Architecture for Preventing Automated Spam in the IP Multimedia Subsystem , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[25]  Travis Russell,et al.  The IP Multimedia Subsystem (IMS) : Session Control and Other Network Operations , 2008 .

[26]  Muhammad Sher,et al.  Secure Service Provisioning (SSP) framework for IP Multimedia Subsystem (IMS) , 2008 .

[27]  Sarang Dharmapurikar,et al.  Robust TCP Stream Reassembly in the Presence of Adversaries , 2005, USENIX Security Symposium.

[28]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[29]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[30]  Hajime Inoue,et al.  Comparing Anomaly Detection Techniques for HTTP , 2007, RAID.

[31]  Christoph Ludwig Schuba Addressing Weaknesses in the Domain Name System Protocol , 1993 .

[32]  Tom Cross,et al.  Emerging Cyber Threats Report for 2009 , 2008 .

[33]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[34]  Hong Yan,et al.  Incorporating Active Fingerprinting into SPIT Prevention Systems , 2006 .

[35]  Hari Balakrishnan,et al.  Efficient and Robust TCP Stream Normalization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[36]  송왕철,et al.  IDS(Intrusion Detection System) , 2000 .

[37]  S. Ventura,et al.  SIP intrusion detection and prevention: recommendations and prototype implementation , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[38]  Carrie Gates,et al.  Challenging the anomaly detection paradigm: a provocative discussion , 2006, NSPW '06.

[39]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[40]  Gregory A. Matthews,et al.  The Intrusion Detection Exchange Protocol (IDXP) , 2007, RFC.

[41]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[42]  Vitaly Shmatikov,et al.  Privacy-Preserving Sharing and Correlation of Security Alerts , 2004, USENIX Security Symposium.

[43]  Xuxian Jiang,et al.  Billing Attacks on SIP-Based VoIP Systems , 2007, WOOT.

[44]  Tzi-cker Chiueh,et al.  A Study of the Packer Problem and Its Solutions , 2008, RAID.

[45]  Raphael C.-W. Phan Review of Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition by Ross J. Anderson , 2009, Cryptologia.

[46]  Gonzalo Camarillo Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments , 2006 .

[47]  Mark Collier,et al.  Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions , 2006 .

[48]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[49]  So Young Park,et al.  Labeling System for Countering SIP spam , 2008, 2008 10th International Conference on Advanced Communication Technology.

[50]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[51]  Gonzalo Camarillo,et al.  Internet Engineering Task Force (ietf) Requirements from Session Initiation Protocol (sip) Session Border Control (sbc) Deployments Requirements from Sip Sbc Deployments , 2022 .

[52]  Steven M. Bellovin,et al.  Packets found on an internet , 1993, CCRV.

[53]  J. Pitkin,et al.  Chairman's Report , 2003, The journal of the British Menopause Society.