Abstract
The Security threats to current circuit switched networks dedicated to a single voice application such as the Public Switched Telephone Network(PSTN) are considered minimal. However, in open environments such as the Internet, conducting an attack on voice applications such as Voice over IP (VoIP) is much simpler. This is because VoIP services such as Session Initiation Protocol (SIP) are using servers that are reachable through the Internet. The aim of SIP is to provide the same functionality as traditional PSTN over the Internet. SIP service is implemented in either software or hardware and can suffer similar security threats as HTTP or any publicly available service on the Internet such as buffer overflow, injection attack, hijacking, etc. These attacks are simple to mount, with minimal charges or no cost to the attacker. This paper describes various possible security threats that a VoIP provider could encounter and the impact of these threats on the VoIP infrastructure. In addition, this paper investigates current solutions and mitigation techniques for VoIP attacks in order to provide more reliable VoIP services. The SIP taxonomy presented in the paper can be used as a baseline model to evaluate a SIP product against current and future vulnerabilities and gives a number of possible countermeasures that can be used to mitigate the threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amber Group, VoIP Security Considerations for Service Providers, Centre for the protection of national Infrastructure (2007), http://209.85.229.132/search?q=cache:fDKtkHCdsUoJ:csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf+Amber+Group+%2B+VoIP+Security+Considerations&cd=1&hl=en&ct=clnk&client=firefox-a
Collier, M.: Basic Vulnerability Issues for SIP Security, SecureLogix Corporation (2005)
Cisco, Cisco Security Advisory: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities (2008), http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Dierks, T., Rescorla, E.: The Transport layer Security (TLS) Protocol, RFC 4346 (2006)
Endler, D., Collier, M.: Hacking VoIP Exposed: Voice Over IP Security Secrets & Solutions. McGraw-Hill, London (2007)
Kaplan, H., Packet, A., Wing, D.: The SIP Identity Baiting Attack. Cisco Systems, Internet Draft paper (2008), https://datatracker.ietf.org/drafts/draft-kaplan-sip-baiting-attack
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, RFC 2401 (1998)
META Group, IP Telephony Security: Deploying Secure IP Telephony in the Enterprise network, META Group White Paper (2005), http://seclab.cs.ucdavis.edu/seminars/ReynoldsSeminar.ppt
Pantridge, M.: VoIP SPAM Counter Measure. MSc Thesis, Informatics and Mathematical Modelling department, Technical University of Denmark (2006)
Rivest, R.: The MD Message-digest Algorithm, RFC 1321 (1992)
Rosenberg, J., Schulzrinne, H.: SIP: Session Initiation Protocol, RFC3261 (2002)
Stefano, S., Luca, V., Donald, P.: SIP security issues: the SIP authentication procedure and its processing load. IEEE Network 16(6), 38–44 (2002)
Thermos, P., Takanen, A.: Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. Addison Wesley, London (2008)
Wireshark (2008), http://www.wireshark.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
El-moussa, F., Mudhar, P., Jones, A. (2010). Overview of SIP Attacks and Countermeasures. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-11530-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11529-5
Online ISBN: 978-3-642-11530-1
eBook Packages: Computer ScienceComputer Science (R0)