Coping with denial-of-service attacks on the IP telephony system

IP Telephony or simply Voice over IP (VoIP) is technology that enables real time voice communications over packet switched networks using TCP/IP. This technology is booming and its deployment is very complex. VoIP is often deployed in an open environment; therefore, it is subject to the same threats, e.g., denial-of-service attacks (DoS), frequently seen on the Internet. Given this, our first objective is to analyze and evaluate the countermeasures used to cope with DoS attacks against VoIP. We assess DoS detection and prevention schemes and simulate a SIP-based flooding attack against a widely used SIP server. An emulated test-bed environment was set up and the results of our experiment provided motivation for proposing a new mitigation scheme. This scheme consists of implementing Snort in inline mode as an Intrusion Protection System (IPS). Snort is used in conjunction with Iptables to provide security protection to the SIP server. Experimental evaluations of this scheme were conducted. The results then assisted us in assessing the proposed defense scheme, which is simple, lightweight, and can be easily deployed.

[1]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[2]  Eric Y. Chen,et al.  A whitelist approach to protect SIP servers from flooding attacks , 2010, 2010 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR 2010).

[3]  D Keromytis Angelos,et al.  VOICE OVER IP: RISKS, THREATS AND VULNERABILITIES , 2009 .

[4]  William Yurcik,et al.  Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks , 2008 .

[5]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[6]  Amor Lazzez VoIP Technology: Security Issues Analysis , 2013, ArXiv.

[7]  Georgios Kambourakis,et al.  Two layer Denial of Service prevention on SIP VoIP infrastructures , 2008, Comput. Commun..

[8]  Petros Mouchtaris,et al.  Voice over IP signaling: H.323 and beyond , 2000 .

[9]  Jonguk Kim,et al.  Autonomous defense against Flooding-based Denial of Service of a SIP system , 2010, 2010 IEEE Long Island Systems, Applications and Technology Conference.

[10]  Chi Zhou,et al.  Sketch-Based SIP Flooding Detection Using Hellinger Distance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[11]  Thomas Magedanz,et al.  Survey of network security systems to counter SIP-based denial-of-service attacks , 2010, Comput. Secur..

[12]  Miroslav Voznak,et al.  Security solution against denial of service attacks in BESIP system , 2013, Defense, Security, and Sensing.

[13]  Sayed El-Rabaie,et al.  Security in VoIP , 2014 .

[14]  Georgios Kambourakis,et al.  An efficient and easily deployable method for dealing with DoS in SIP services , 2015, Comput. Commun..

[15]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[16]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[17]  Abdul Ghafoor Abbasi,et al.  Security analysis of VoIP architecture for identifying SIP vulnerabilities , 2014, 2014 International Conference on Emerging Technologies (ICET).

[18]  Miroslav Voznak,et al.  SIP proxy robustness against DoS attacks , 2011 .

[19]  Byeong-hee Roh,et al.  Whitelist-based SIP Flooding Attack Detection Using a Bloom Filter , 2011 .

[20]  Jinhua Guo,et al.  Security Challenge and Defense in VoIP Infrastructures , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[21]  Jim Kurose,et al.  Computer Networking: A Top-Down Approach (6th Edition) , 2007 .

[22]  Mohammad Hossein Yaghmaee Moghaddam,et al.  An entropy-based VoIP flooding attacks detection and prevention system , 2014, 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE).

[23]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[24]  Henning Schulzrinne,et al.  Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems , 2008, IPTComm.

[25]  Muhammad Ali Akbar,et al.  Evaluating DoS Attacks against Sip-Based VoIP Systems , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[26]  Dan Wing,et al.  Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[27]  Saverio Niccolini,et al.  Protecting SIP against Very Large Flooding DoS Attacks , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[28]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[29]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[30]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[31]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[32]  Feng Cao,et al.  Security analysis and solutions for deploying IP telephony in the critical infrastructure , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[33]  Alwyn R. Pais,et al.  Mitigation of Flooding Based Denial of Service Attack against Session Initiation Protocol Based VoIP System , 2015, 2015 IEEE International Conference on Computational Intelligence & Communication Technology.