On Securing RTP-Based Streaming Content with Firewalls

Delivery of real-time streaming content is an increasingly important Internet application. Applications involved in processing streaming content may have exploitable vulnerabilities, as many other applications have been discovered to have, and using a firewall to filter out malicious traffic may provide some benefit. However, as these applications largely rely on traffic carried by RTP/UDP, firewalls that are unaware of the behaviour of RTP data streams have difficulties in filtering out malicious traffic injected into a stream by an attacker. In this paper, we observe a vulnerability in the current RTP protocol which allows an attacker to inject malicious traffic into a data stream, and present a scheme that allows a stateful firewall that keeps state from RTP packets to detect such malicious traffic. Our technique uses non-static fields such as RTP sequence numbers to improve the inspection scheme by modelling streaming traffic and detecting malicious streams based on deviation for this model. We show effectiveness of our approach by giving the results of our experiments.

[1]  Henry J. Fowler,et al.  Local Area Network Traffic Characteristics, with Implications for Broadband Network Congestion Management , 1991, IEEE J. Sel. Areas Commun..

[2]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[3]  Cyrus Shahabi,et al.  A multi-threshold online smoothing technique for variable rate multimedia streams , 2006, Multimedia Tools and Applications.

[4]  John G. Apostolopoulos,et al.  secure media streaming & secure adaptation for non-scalable video , 2004, 2004 International Conference on Image Processing, 2004. ICIP '04..

[5]  Riccardo Gusella,et al.  A measurement study of diskless workstation traffic on an Ethernet , 1990, IEEE Trans. Commun..

[6]  B. Melamed,et al.  Traffic modeling for telecommunications networks , 1994, IEEE Communications Magazine.

[7]  Henning Schulzrinne,et al.  Real Time Streaming Protocol (RTSP) , 1998, RFC.

[8]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[9]  John Wack,et al.  Guidelines on Firewalls and Firewall Policy , 2002 .

[10]  Cormac J. Sreenan,et al.  mmdump: a tool for monitoring internet multimedia traffic , 2000, CCRV.

[11]  Raj Jain,et al.  Packet Trains-Measurements and a New Model for Computer Network Traffic , 1986, IEEE J. Sel. Areas Commun..

[12]  Andrew Swan,et al.  rtpmon: a third-party RTCP monitor , 1997, MULTIMEDIA '96.

[13]  Richard A. Johnson,et al.  Applied Multivariate Statistical Analysis , 1983 .

[14]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[15]  Cisco Ios Cisco IOS Firewall , 2005 .

[16]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .