Overview of SIP Attacks and Countermeasures

El-moussa, Fadi; Mudhar, Parmindher; Jones, Andy

doi:10.1007/978-3-642-11530-1_10

Fadi El-moussa¹⁶,
Parmindher Mudhar¹⁷ &
Andy Jones^16,18

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 41))

Included in the following conference series:

International Conference on Information Security and Digital Forensics

772 Accesses
7 Citations

Abstract

The Security threats to current circuit switched networks dedicated to a single voice application such as the Public Switched Telephone Network(PSTN) are considered minimal. However, in open environments such as the Internet, conducting an attack on voice applications such as Voice over IP (VoIP) is much simpler. This is because VoIP services such as Session Initiation Protocol (SIP) are using servers that are reachable through the Internet. The aim of SIP is to provide the same functionality as traditional PSTN over the Internet. SIP service is implemented in either software or hardware and can suffer similar security threats as HTTP or any publicly available service on the Internet such as buffer overflow, injection attack, hijacking, etc. These attacks are simple to mount, with minimal charges or no cost to the attacker. This paper describes various possible security threats that a VoIP provider could encounter and the impact of these threats on the VoIP infrastructure. In addition, this paper investigates current solutions and mitigation techniques for VoIP attacks in order to provide more reliable VoIP services. The SIP taxonomy presented in the paper can be used as a baseline model to evaluate a SIP product against current and future vulnerabilities and gives a number of possible countermeasures that can be used to mitigate the threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Amber Group, VoIP Security Considerations for Service Providers, Centre for the protection of national Infrastructure (2007), http://209.85.229.132/search?q=cache:fDKtkHCdsUoJ:csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf+Amber+Group+%2B+VoIP+Security+Considerations&cd=1&hl=en&ct=clnk&client=firefox-a
Collier, M.: Basic Vulnerability Issues for SIP Security, SecureLogix Corporation (2005)
Google Scholar
Cisco, Cisco Security Advisory: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities (2008), http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Dierks, T., Rescorla, E.: The Transport layer Security (TLS) Protocol, RFC 4346 (2006)
Google Scholar
Endler, D., Collier, M.: Hacking VoIP Exposed: Voice Over IP Security Secrets & Solutions. McGraw-Hill, London (2007)
Google Scholar
Kaplan, H., Packet, A., Wing, D.: The SIP Identity Baiting Attack. Cisco Systems, Internet Draft paper (2008), https://datatracker.ietf.org/drafts/draft-kaplan-sip-baiting-attack
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, RFC 2401 (1998)
Google Scholar
META Group, IP Telephony Security: Deploying Secure IP Telephony in the Enterprise network, META Group White Paper (2005), http://seclab.cs.ucdavis.edu/seminars/ReynoldsSeminar.ppt
Pantridge, M.: VoIP SPAM Counter Measure. MSc Thesis, Informatics and Mathematical Modelling department, Technical University of Denmark (2006)
Google Scholar
Rivest, R.: The MD Message-digest Algorithm, RFC 1321 (1992)
Google Scholar
Rosenberg, J., Schulzrinne, H.: SIP: Session Initiation Protocol, RFC3261 (2002)
Google Scholar
Stefano, S., Luca, V., Donald, P.: SIP security issues: the SIP authentication procedure and its processing load. IEEE Network 16(6), 38–44 (2002)
Article Google Scholar
Thermos, P., Takanen, A.: Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. Addison Wesley, London (2008)
Google Scholar
Wireshark (2008), http://www.wireshark.org/

Download references

Author information

Authors and Affiliations

Centre for Information & Security Research, United Kingdom
Fadi El-moussa & Andy Jones
Security Design and Operate, United Kingdom
Parmindher Mudhar
Edith Cowan University, BT, Adastral Park, Ipswich, IP5 3RE, United Kingdom
Andy Jones

Authors

Fadi El-moussa
View author publications
You can also search for this author in PubMed Google Scholar
Parmindher Mudhar
View author publications
You can also search for this author in PubMed Google Scholar
Andy Jones
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Engineering and Mathematical Sciences Northampton Square, City University, EC1V 0HB, London, United Kingdom
Dasun Weerasinghe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

El-moussa, F., Mudhar, P., Jones, A. (2010). Overview of SIP Attacks and Countermeasures. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_10

Download citation

DOI: https://doi.org/10.1007/978-3-642-11530-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11529-5
Online ISBN: 978-3-642-11530-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics