Skip to main content
SpringerLink
Log in

At Your Service 24/7 or Not? Denial of Service on ESInet Systems

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12927))

Included in the following conference series:

Abstract

Emergency calling services are a cornerstone of public safety. During the last few years such systems are transitioning to VoIP and unified communications, and are continuously evolving under the umbrella of organizations, including NENA and EENA. The outcome of this effort is NG911 or NG112 services operating over the so-called Emergency Services IP network (ESInet). This work introduces and meticulously assesses the impact of an insidious and high-yield denial-of-service (DoS) attack against ESInet. Contrariwise to legacy SIP-based DoS, the introduced assault capitalizes on the SDP body of the SIP message with the sole purpose of instigating CPU-intensive transcoding operations at the ESInet side. We detail on the way such an attack can be carried out, and scrutinize on its severe, if not catastrophic, impact through different realistic scenarios involving a sufficient set of codecs. Finally, highlighting on the fact that 911 or 112 calls cannot be dropped, but need to be answered as fast as possible, we offer suggestions on how this kind of assault can be detected and mitigated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In rare cases, say, due to the use of a “recvonly”, or “sendonly” call flow attribute in the SDP body [13], the communication will be unidirectional, thus, if transcoding is required, its cost will be associated with the translation of one stream.

  2. 2.

    Narrowband codecs offer a simple voice quality of 8 kHz, which most of the times is enough for a typical PSTN voice communication. Wideband, super-wideband, or fullband codecs offer an increased sound quality and improved compression technology, thus reducing the required bandwidth and preserving sound fidelity. Their main drawback is related to the DSP cycles which are consumed in the compression process.

References

  1. NENA: NENA detailed functional and interface standards for the NENA i3 solution (2016). https://cdn.ymaws.com/www.nena.org/resource/resmgr/standards/NENA-STA-010.2_i3_Architectu.pdf. Accessed 21 Nov 2020

  2. EENA: EENA operations document, 112 PSAPs technology (2014). https://eena.org/document/112-psaps-technology/. Accessed 21 Nov 2020

  3. Kumar Subudhi, B.S., et al.: Performance testing for VoIP emergency services: a case study of the EMYNOS platform. Procedia Comp. Sci. 151, 287–294 (2019)

    Article  Google Scholar 

  4. Geneiatakis, D., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Comm. Surv. Tutorials 8(3), 68–81 (2006)

    Article  Google Scholar 

  5. Keromytis, A.D.: A survey of voice over IP security research. In: Information Systems Security, pp. 1–17 (2009)

    Google Scholar 

  6. Tsiatsikas, Z.: Detection and prevention of denial of service attacks in SIP and SDP. Ph.D. dissertation, University of the Aegean (2019)

    Google Scholar 

  7. Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. J. Net. Comp. Appl. 33(1), 16–28 (2010)

    Article  Google Scholar 

  8. Karopoulos, G., Kambourakis, G., Gritzalis, S.: PrivaSIP: ad-hoc identity privacy in SIP. Comp. Stand. Int. 33(3), 301–314 (2011)

    Article  Google Scholar 

  9. Karopoulos, G., Fakis, A., Kambourakis, G.: Complete SIP message obfuscation: PrivaSIP over Tor, pp. 217–226 (2014)

    Google Scholar 

  10. Fakis, A., Karopoulos, G., Kambourakis, G.: OnionSIP: preserving privacy in SIP with onion routing. J. Univ. Comp. Sci. 23(10), 969–991 (2017)

    Google Scholar 

  11. FCC wireless 911 requirements. https://transition.fcc.gov/. Accessed 21 Nov 2020

  12. T432 massif\(^{\rm TM}\) ultra-dense video transcoder. https://netint.ca/product/t432_transcoder/. Accessed 21 Nov 2020

  13. Handley, M., et al.: SDP: “Session Description Protocol,” RFC 4566 (Proposed Standard), Internet Engineering Task Force, July 2006

    Google Scholar 

  14. Okumura, S., et al.: “Session Initiation Protocol (SIP) Usage of the Offer/Answer Model,” RFC 6337, August 2011

    Google Scholar 

  15. Reaves, B., et al.: AuthentiCall: efficient identity and content authentication for phone calls. In: USENIX Security 2017, 16–18 August 2017, pp. 575–592 (2017)

    Google Scholar 

  16. MicroSIP - Open source portable SIP softphone for Windows based on PJSIP stack. https://www.microsip.org/. Accessed 21 Nov 2020

  17. Bandwidth calculator. https://www.asteriskguru.com/tools/bandwidth_calculator.php. Accessed 21 Nov 2020

  18. Tsiatsikas, Z., et al.: The devil is in the detail: SDP-driven malformed message attacks and mitigation in SIP ecosystems. IEEE Access 7, 2401–2417 (2019)

    Article  Google Scholar 

  19. NENA: Understanding NENA’s i3 architectural standard for ng9-1-1 (2011). https://cdn.ymaws.com/www.nena.org/resource/collection/2851C951-69FF-40F0-A6B8-36A714CB085D/08-003_Detailed_Functional_and_Interface_Specification_for_the_NENA_i3_Solution.pdf. Accessed 21 Nov 2020

  20. Liberal, F., et al.: European NG112 crossroads: toward a new emergency communications framework. IEEE Commun. Mag. 55(1), 132–138 (2017)

    Article  Google Scholar 

  21. Athanasopoulos, E., et al.: Antisocial networks: turning a social network into a Botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146–160. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_10

    Chapter  Google Scholar 

  22. Avaya. Avaya j100 series IP phone overview and specifications. https://downloads.avaya.com/css/P8/documents/101054321. Accessed 21 Nov 2020

  23. Gxv3275 IP multimedia phone for android, user guide. http://www.grandstream.com/sites/default/files/Resources/gxv3275_user_guide.pdf. Accessed 21 Nov 2020

  24. Cisco 8800 series. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/MPP/8800/english/AG/p881_b_8800-mpp-ag_new.pdf. Accessed 21 Nov 2020

  25. Yealink SIP-T58V. https://www.yealink.com/upfiles/products/201707/1500365354909.pdf. Accessed 21 Nov 2020

  26. Tu, H., Doupé, A., Zhao, Z., Ahn, G.: SOK: everyone hates robocalls: a survey of techniques against telephone spam. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016. IEEE Computer Society, pp. 320–338 (2016). https://doi.org/10.1109/SP.2016.27

  27. Kamailio SIP Server. http://www.kamailio.org/w/. Accessed 21 Nov 2020

  28. What is RTPengine? https://github.com/sipwise/rtpengine. Accessed 21 Nov 2020

  29. Gibson, J.D.: Challenges in Speech Coding Research, pp. 19–39. Springer, New York (2015)

    Google Scholar 

  30. Guri, M., Mirsky, Y., Elovici, Y.: 9-1-1 DDoS: attacks, analysis and mitigation. In: EuroS&P. IEEE 2017, pp. 218–232 (2017)

    Google Scholar 

  31. Audiocodes session border controllers. https://www.audiocodes.com/. Accessed 21 Nov 2020

  32. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  33. Robertson, J., et al.: DarkWeb cyber threat intelligence mining. In: CUP, USA (2017)

    Google Scholar 

  34. Stanek, J., et al.: SIPp-DD: SIP DDoS flood-attack simulation tool. ICCCN 2011, 1–7 (2011)

    Google Scholar 

  35. DDoS attack tools: seven common DDoS attack tools used by hackers. https://security.radware.com/ddos-knowledge-center/ddos-attack-types/common-ddos-attack-tools/. Accessed 21 Nov 2020

  36. Hong, K., et al.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2018)

    Article  Google Scholar 

  37. Shtern, M., et al.: Towards mitigation of low and slow application DDoS attacks. In: IEEE International Conference on Cloud Engineering 2014, pp. 604–609 (2014)

    Google Scholar 

  38. Tripathi, N., Hubballi, N.: Slow rate denial of service attacks against HTTP/2 and detection. Comput. Secur. 72, 255–272 (2018)

    Article  Google Scholar 

  39. Combating Spoofed Robocalls with Caller ID Authentication. https://www.fcc.gov/call-authentication. Accessed 21 Nov 2020

  40. EENA Technical Committee: Security and Privacy Issues in NG112 (2017). https://eena.org/document/ng112-security-privacy-issues. Accessed 21 Nov 2020

  41. Cybersecurity and I.S. Agency: Cyber risks to ng9-1-1 (2019). https://www.cisa.gov/sites/default/files/publications/NG911CybersecurityPrimer.pdf. Accessed 21 Nov 2020

  42. Quaddi, C., et al.: Hacking 911: Adventures in Disruption, Destruction, and Death. https://www.defcon.org/images/defcon-22/dc-22-presentations/Quaddi-R3plicant-Hefley/DEFCON-22-Quaddi-R3plicant-Hefley-Hacking-911-UPDATED.pdf. Accessed 21 Nov 2020

Download references

Author information

Authors and Affiliations

  1. Atos, 14122, Athens, Greece

    Zisis Tsiatsikas

  2. University of the Aegean, 83200, Karlovasi, Greece

    Zisis Tsiatsikas

  3. European Commission, Joint Research Centre (JRC), 21027, Ispra, Italy

    Georgios Kambourakis

  4. European Commission, Directorate-General for Informatics, 1000, Bruxelles/Brussel, Belgium

    Dimitrios Geneiatakis

Authors
  1. Zisis Tsiatsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georgios Kambourakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dimitrios Geneiatakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zisis Tsiatsikas .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Kotsis

  4. Vienna University of Technology, Vienna, Austria

    A Min Tjoa

  5. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tsiatsikas, Z., Kambourakis, G., Geneiatakis, D. (2021). At Your Service 24/7 or Not? Denial of Service on ESInet Systems. In: Fischer-Hübner, S., Lambrinoudakis, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2021. Lecture Notes in Computer Science(), vol 12927. Springer, Cham. https://doi.org/10.1007/978-3-030-86586-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86586-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86585-6

  • Online ISBN: 978-3-030-86586-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation