A survey on registration hijacking attack consequences and protection for session initiation protocol (SIP)

Abstract Today, many organizations are transforming their traditional telephone services into Voice over Internet Protocol (VoIP) systems. These services are simple to implement, but they are often vulnerable to attacks because they are packet-switched IP networks to support the circuit-switched used for voice communication. SIP is widely used as a signaling protocol to facilitate video and voice communication, as well as for more multimedia applications. However, it is not protected against various types of attacks because of its open nature and lack of a clear line of defense against the growing number of security threats. Among these risks, registration hijacking assaults, known by its harmful effect, attack both the User Agent Server (UAS) and the User Agent Client (UAC). In particular, the REGISTER message is evaluated as one of the main reasons of registration hijacking assaults in SIP. An attacker who deactivates the SIP registration of a valid user and replaces it with the logical address of the hacker. This allows the hacker to block incoming calls as well as redirect, replay or end calls at will. In this survey, we present a complete study of the registration attack against SIP, communicating its different alternatives and analyzing its consequences. We have also categorized current solutions based on the different registration hijacking attack approaches they face, their types, and their targets. In addition, We conduct an in-depth review of the robustness and inefficiency of these solutions, as well as an in-depth analysis of each one’s basic assumptions to better understand their limitations. Finally, we recommend protecting the UAC registration method against registration-hijacking by using the Media Access Control (MAC) address to improve the efficiency of the studied solutions.

[1]  Jenq-Shiou Leu,et al.  Implementing a secure VoIP communication over SIP-based networks , 2018, Wirel. Networks.

[2]  Zubair A. Baig,et al.  Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services , 2017, J. Netw. Comput. Appl..

[3]  Sheetal Kalra,et al.  Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things , 2019, Multimedia Tools and Applications.

[4]  Kingsley Udenze,et al.  Human-in-the-Middle: Increasing Security of Two-Factor Authentication , 2019 .

[5]  Abdul Ghafoor Abbasi,et al.  Security analysis of VoIP architecture for identifying SIP vulnerabilities , 2014, 2014 International Conference on Emerging Technologies (ICET).

[6]  Ayei E. Ibor,et al.  A survey of Attacks on VoIP networks and Countermeasures , 2015 .

[7]  Georgios Kambourakis,et al.  A framework for identity privacy in SIP , 2010, J. Netw. Comput. Appl..

[8]  Fei Kang,et al.  Practical authentication scheme for SIP , 2013, Peer Peer Netw. Appl..

[9]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[10]  Georgios Velianitis,et al.  Comparison of VoIP and TETRA Regarding Security in a Safety Critical Environment , 2018, J. Comput..

[11]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[12]  Christoforos Ntantogian,et al.  A survey of voice and communication protection solutions against wiretapping , 2019, Comput. Electr. Eng..

[13]  Miroslav Voznák,et al.  Approach to stress tests in SIP environment based on marginal analysis , 2013, Telecommun. Syst..

[14]  Michael Kimwele,et al.  Securing the IP Multimedia Subsystem with IPsec and HTTP Digest , 2017 .

[15]  Sarabjeet Singh,et al.  VoIP: State of art for global connectivity - A critical review , 2014, J. Netw. Comput. Appl..

[16]  Bassam Al Kasasbeh,et al.  Develop a secure SIP registration mechanism to avoid VoIP threats , 2015 .

[17]  Soufiene Djahel,et al.  A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP) , 2015, Secur. Commun. Networks.

[18]  Zhou Gongjian The study and implementation of VoIP intelligent voice communication system based on SIP protocol , 2016, ICIIP '16.

[19]  Tobias Hoßfeld,et al.  Application of Visual Analysis to Detect and Analyze Patterns in VoIP Attack Traffic , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[20]  Shehzad Ashraf Chaudhry,et al.  An Improved SIP Authenticated Key Agreement Based on Dongqing et al. , 2020, Wirel. Pers. Commun..

[21]  Sunghyuck Hong,et al.  P2P networking based internet of things (IoT) sensor node authentication by Blockchain , 2019, Peer-to-Peer Networking and Applications.

[22]  Abdul Ghafoor Abbasi,et al.  Secure Layered Architecture for Session Initiation Protocol Based on SIPSSO: Formally Proved by Scyther , 2015, 2015 12th International Conference on Information Technology - New Generations.

[23]  Adnan Aziz,et al.  A distributed infrastructure to analyse SIP attacks in the Internet , 2014, 2014 IFIP Networking Conference.

[24]  Rowayda A. Sadek,et al.  Multilayer Secured SIP Based VoIP Architecture , 2015 .

[25]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[26]  Santosh Kumar Sharma,et al.  Service Layer Security Architecture for IOT Using Biometric Authentication and Cryptography Technique , 2020 .

[27]  V. Srihari,et al.  Security aspects of SIP based VoIP networks: A survey , 2014, Second International Conference on Current Trends In Engineering and Technology - ICCTET 2014.

[28]  Ramjee Prasad,et al.  VoIP Protocol Fundamentals , 2018, Springer Series in Wireless Technology.

[29]  Andy Jones,et al.  Overview of SIP Attacks and Countermeasures , 2009, ISDF.

[30]  M. S. K. Manikandan,et al.  Performance analysis of VoIP spoofing attacks using classification algorithms , 2014, 2014 Applications and Innovations in Mobile Computing (AIMoC).

[31]  Eunsoo Kim,et al.  A Framework for Detecting MAC and IP Spoofing Attacks with Network Characteristics , 2016, 2016 International Conference on Software Security and Assurance (ICSSA).

[32]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[33]  Patrick Battistello,et al.  Transaction-based authentication and key agreement protocol for inter-domain VoIP , 2012, J. Netw. Comput. Appl..

[34]  Bela Shah,et al.  SIP Based Intrusion Detection System for VoIP based Applications , 2016, ICTCS '16.

[35]  Md. Rafiqul Islam,et al.  A secure and resilient cross‐domain SIP solution for MANETs using dynamic clustering and joint spatial and temporal redundancy , 2017, Concurr. Comput. Pract. Exp..

[36]  Cihan Varol,et al.  Detecting unprotected SIP-based voice over IP traffic , 2016, 2016 4th International Symposium on Digital Forensic and Security (ISDFS).

[37]  Varun Shukla,et al.  A Secure Stop and Wait Communication Protocol for Disturbed Networks , 2020, Wirel. Pers. Commun..

[38]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[39]  Taruna Jain,et al.  Systematic integration of Security Policies for a Secured SIP Architecture , 2018, 2018 IEEE International Students' Conference on Electrical, Electronics and Computer Science (SCEECS).

[40]  Belaid Moa,et al.  Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking , 2020, Comput. Secur..

[41]  Dong Hyeon Lee,et al.  The Fast SIP Registration method Using MAC Address in VoIP system , 2008, 2008 10th International Conference on Advanced Communication Technology.

[42]  Haleh Amintoosi,et al.  A secure and robust elliptic curve cryptography‐based mutual authentication scheme for session initiation protocol , 2019, Secur. Priv..

[43]  Thomas Grechenig,et al.  Global VoIP security threats - large scale validation based on independent honeynets , 2015, 2015 IFIP Networking Conference (IFIP Networking).

[44]  K. Selvakumar,et al.  Prevention of multiple spoofing attacks with dynamic MAC address allocation for wireless networks , 2014, 2014 International Conference on Communication and Signal Processing.

[45]  T. Rama Rao,et al.  Security and privacy attacks during data communication in Software Defined Mobile Clouds , 2020, Comput. Commun..

[46]  Abdelmajid Farchi,et al.  Comparative study on DOS attacks Detection Techniques in SIP-based VOIP networks , 2018, 2018 6th International Conference on Multimedia Computing and Systems (ICMCS).

[47]  Simon Pietro Romano,et al.  Kerberos: A real-time fraud detection system for IMS-enabled VoIP networks , 2017, J. Netw. Comput. Appl..

[48]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[49]  L. M. Jenila Livingston,et al.  A Comprehensive Survey of Security Issues and Defense Framework for VoIP Cloud , 2016 .

[50]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[51]  David Watson Honeynets: Honeynets: a tool for counterintelligence in online security , 2007 .

[52]  Costas Lambrinoudakis,et al.  A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment , 2007, Telecommun. Syst..

[53]  Seungmin Rho,et al.  An improved anonymous authentication scheme for distributed mobile cloud computing services , 2017, Cluster Computing.

[54]  Bobby L. Tait,et al.  Aspects of Voice Communications Fraud , 2017 .