Abstract
Emergency calling services are a cornerstone of public safety. During the last few years such systems are transitioning to VoIP and unified communications, and are continuously evolving under the umbrella of organizations, including NENA and EENA. The outcome of this effort is NG911 or NG112 services operating over the so-called Emergency Services IP network (ESInet). This work introduces and meticulously assesses the impact of an insidious and high-yield denial-of-service (DoS) attack against ESInet. Contrariwise to legacy SIP-based DoS, the introduced assault capitalizes on the SDP body of the SIP message with the sole purpose of instigating CPU-intensive transcoding operations at the ESInet side. We detail on the way such an attack can be carried out, and scrutinize on its severe, if not catastrophic, impact through different realistic scenarios involving a sufficient set of codecs. Finally, highlighting on the fact that 911 or 112 calls cannot be dropped, but need to be answered as fast as possible, we offer suggestions on how this kind of assault can be detected and mitigated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In rare cases, say, due to the use of a “recvonly”, or “sendonly” call flow attribute in the SDP body [13], the communication will be unidirectional, thus, if transcoding is required, its cost will be associated with the translation of one stream.
- 2.
Narrowband codecs offer a simple voice quality of 8 kHz, which most of the times is enough for a typical PSTN voice communication. Wideband, super-wideband, or fullband codecs offer an increased sound quality and improved compression technology, thus reducing the required bandwidth and preserving sound fidelity. Their main drawback is related to the DSP cycles which are consumed in the compression process.
References
NENA: NENA detailed functional and interface standards for the NENA i3 solution (2016). https://cdn.ymaws.com/www.nena.org/resource/resmgr/standards/NENA-STA-010.2_i3_Architectu.pdf. Accessed 21 Nov 2020
EENA: EENA operations document, 112 PSAPs technology (2014). https://eena.org/document/112-psaps-technology/. Accessed 21 Nov 2020
Kumar Subudhi, B.S., et al.: Performance testing for VoIP emergency services: a case study of the EMYNOS platform. Procedia Comp. Sci. 151, 287–294 (2019)
Geneiatakis, D., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Comm. Surv. Tutorials 8(3), 68–81 (2006)
Keromytis, A.D.: A survey of voice over IP security research. In: Information Systems Security, pp. 1–17 (2009)
Tsiatsikas, Z.: Detection and prevention of denial of service attacks in SIP and SDP. Ph.D. dissertation, University of the Aegean (2019)
Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. J. Net. Comp. Appl. 33(1), 16–28 (2010)
Karopoulos, G., Kambourakis, G., Gritzalis, S.: PrivaSIP: ad-hoc identity privacy in SIP. Comp. Stand. Int. 33(3), 301–314 (2011)
Karopoulos, G., Fakis, A., Kambourakis, G.: Complete SIP message obfuscation: PrivaSIP over Tor, pp. 217–226 (2014)
Fakis, A., Karopoulos, G., Kambourakis, G.: OnionSIP: preserving privacy in SIP with onion routing. J. Univ. Comp. Sci. 23(10), 969–991 (2017)
FCC wireless 911 requirements. https://transition.fcc.gov/. Accessed 21 Nov 2020
T432 massif\(^{\rm TM}\) ultra-dense video transcoder. https://netint.ca/product/t432_transcoder/. Accessed 21 Nov 2020
Handley, M., et al.: SDP: “Session Description Protocol,” RFC 4566 (Proposed Standard), Internet Engineering Task Force, July 2006
Okumura, S., et al.: “Session Initiation Protocol (SIP) Usage of the Offer/Answer Model,” RFC 6337, August 2011
Reaves, B., et al.: AuthentiCall: efficient identity and content authentication for phone calls. In: USENIX Security 2017, 16–18 August 2017, pp. 575–592 (2017)
MicroSIP - Open source portable SIP softphone for Windows based on PJSIP stack. https://www.microsip.org/. Accessed 21 Nov 2020
Bandwidth calculator. https://www.asteriskguru.com/tools/bandwidth_calculator.php. Accessed 21 Nov 2020
Tsiatsikas, Z., et al.: The devil is in the detail: SDP-driven malformed message attacks and mitigation in SIP ecosystems. IEEE Access 7, 2401–2417 (2019)
NENA: Understanding NENA’s i3 architectural standard for ng9-1-1 (2011). https://cdn.ymaws.com/www.nena.org/resource/collection/2851C951-69FF-40F0-A6B8-36A714CB085D/08-003_Detailed_Functional_and_Interface_Specification_for_the_NENA_i3_Solution.pdf. Accessed 21 Nov 2020
Liberal, F., et al.: European NG112 crossroads: toward a new emergency communications framework. IEEE Commun. Mag. 55(1), 132–138 (2017)
Athanasopoulos, E., et al.: Antisocial networks: turning a social network into a Botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146–160. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_10
Avaya. Avaya j100 series IP phone overview and specifications. https://downloads.avaya.com/css/P8/documents/101054321. Accessed 21 Nov 2020
Gxv3275 IP multimedia phone for android, user guide. http://www.grandstream.com/sites/default/files/Resources/gxv3275_user_guide.pdf. Accessed 21 Nov 2020
Cisco 8800 series. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/MPP/8800/english/AG/p881_b_8800-mpp-ag_new.pdf. Accessed 21 Nov 2020
Yealink SIP-T58V. https://www.yealink.com/upfiles/products/201707/1500365354909.pdf. Accessed 21 Nov 2020
Tu, H., Doupé, A., Zhao, Z., Ahn, G.: SOK: everyone hates robocalls: a survey of techniques against telephone spam. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016. IEEE Computer Society, pp. 320–338 (2016). https://doi.org/10.1109/SP.2016.27
Kamailio SIP Server. http://www.kamailio.org/w/. Accessed 21 Nov 2020
What is RTPengine? https://github.com/sipwise/rtpengine. Accessed 21 Nov 2020
Gibson, J.D.: Challenges in Speech Coding Research, pp. 19–39. Springer, New York (2015)
Guri, M., Mirsky, Y., Elovici, Y.: 9-1-1 DDoS: attacks, analysis and mitigation. In: EuroS&P. IEEE 2017, pp. 218–232 (2017)
Audiocodes session border controllers. https://www.audiocodes.com/. Accessed 21 Nov 2020
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Robertson, J., et al.: DarkWeb cyber threat intelligence mining. In: CUP, USA (2017)
Stanek, J., et al.: SIPp-DD: SIP DDoS flood-attack simulation tool. ICCCN 2011, 1–7 (2011)
DDoS attack tools: seven common DDoS attack tools used by hackers. https://security.radware.com/ddos-knowledge-center/ddos-attack-types/common-ddos-attack-tools/. Accessed 21 Nov 2020
Hong, K., et al.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2018)
Shtern, M., et al.: Towards mitigation of low and slow application DDoS attacks. In: IEEE International Conference on Cloud Engineering 2014, pp. 604–609 (2014)
Tripathi, N., Hubballi, N.: Slow rate denial of service attacks against HTTP/2 and detection. Comput. Secur. 72, 255–272 (2018)
Combating Spoofed Robocalls with Caller ID Authentication. https://www.fcc.gov/call-authentication. Accessed 21 Nov 2020
EENA Technical Committee: Security and Privacy Issues in NG112 (2017). https://eena.org/document/ng112-security-privacy-issues. Accessed 21 Nov 2020
Cybersecurity and I.S. Agency: Cyber risks to ng9-1-1 (2019). https://www.cisa.gov/sites/default/files/publications/NG911CybersecurityPrimer.pdf. Accessed 21 Nov 2020
Quaddi, C., et al.: Hacking 911: Adventures in Disruption, Destruction, and Death. https://www.defcon.org/images/defcon-22/dc-22-presentations/Quaddi-R3plicant-Hefley/DEFCON-22-Quaddi-R3plicant-Hefley-Hacking-911-UPDATED.pdf. Accessed 21 Nov 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tsiatsikas, Z., Kambourakis, G., Geneiatakis, D. (2021). At Your Service 24/7 or Not? Denial of Service on ESInet Systems. In: Fischer-Hübner, S., Lambrinoudakis, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2021. Lecture Notes in Computer Science(), vol 12927. Springer, Cham. https://doi.org/10.1007/978-3-030-86586-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-86586-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86585-6
Online ISBN: 978-3-030-86586-3
eBook Packages: Computer ScienceComputer Science (R0)