Abstract
Voice over IP (VoIP) service is expected to play a key role to new ways of communication. It takes advantage of Internet Protocols by using packet networks to transmit voice and multimedia data, thus providing extreme cost savings. On the other hand, this technology has inherited drawbacks, like SPAM over Internet Telephony (SPIT). A well-established method to tackle SPIT is the use of CAPTCHAs. CAPTCHAs are vulnerable to Denial of Service (DoS) attacks, due to their excessive demands for bandwidth. We suggest that anti-SPIT protection should be combined with appropriate admission control policies, for mitigating the effects of DoS attacks. In order to identify how effective is this technique, we quantify the costs and the benefits in bandwidth usage through probabilistic model checking four different admission control policies. We conclude with comments on how appropriate is each policy in tackling DoS attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cisco: Voice over ip per call bandwidth consumption. Document id 7934, Cisco Communication (February 2006)
Deshpande, T., Katsaros, P., Basagiannis, S., Smolka, S.A.: Formal analysis of the DNS bandwidth amplification attack and its countermeasures using probabilistic model checking. In: HASE, pp. 360–367. IEEE Computer Society (2011)
Fang, Y., Zhang, Y.: Call admission control schemes and performance analysis in wireless mobile networks. IEEE Transactions on Vehicular Technology 51(2), 371–382 (2002)
Fred, S.B., Bonald, T., Proutiére, A., Régnié, G., Roberts, J.W.: Statistical bandwidth sharing: a study of congestion at flow level. In: SIGCOMM, pp. 111–122 (2001)
Gritzalis, D., Marias, G.F., Rebahi, Y., Soupionis, Y., Ehlert, S.: Spider: A platform for managing sip-based spam over internet telephony (spit). Journal of Computer Security 19(5), 835–867 (2011)
Gritzalis, S., Gritzalis, D.: A digital seal solution for deploying trust on commercial transactions. Inf. Manag. Comput. Security 9(2), 71–79 (2001)
Hinton, A., Kwiatkowska, M., Norman, G., Parker, D.: PRISM: A tool for automatic verification of probabilistic systems. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 441–444. Springer, Heidelberg (2006)
Jamin, S., Shenker, S., Danzig, P.B.: Comparison of measurement-based call admission control algorithms for controlled-load service. In: INFOCOM, pp. 973–980 (1997)
Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In: NSDI. USENIX (2005)
Lin, Y.B., Mohan, S., Noerpel, A.: Queueing priority channel assignment strategies for PCS hand-off and initial access. IEEE Transactions on Vehicular Technology 43(3), 704–712 (1994)
Marias, G., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: Sip vulnerabilities and anti-spit mechanisms assessment. In: ICCCN, pp. 597–604 (2007)
Mitrou, L., Gritzalis, D., Katsikas, S.K., Quirchmayr, G.: Electronic voting: Constitutional and legal requirements, and their technical implications. In: Secure Electronic Voting. Advances in Information Security, vol. 7, pp. 43–60. Springer (2003)
Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting spit calls by checking human communication patterns. In: ICC, pp. 1979–1984. IEEE (2007)
Ramjee, R., Towsley, D., Nagarajan, R.: On optimal call admission control in cellular networks. Wireless Networks 3, 29–41 (1997)
Rosenberg, J., Jennings, C.: The session initiation protocol (sip) and spam. Rfc 5039, Network Working Group (January 2008)
Sisalem, D., Kuthan, J., Ehlert, S.: Denial of service attacks targeting a sip voip infrastructure: attack scenarios and prevention mechanisms. IEEE Network 20(5), 26–31 (2006)
Snyder, M.E., Sundaram, R., Thakur, M.: A game-theoretic framework for bandwidth attacks and statistical defenses. In: LCN, pp. 556–566. IEEE Computer Society (2007)
Soupionis, Y., Gritzalis, D.: Audio captcha: Existing solutions assessment and a new implementation for voip telephony. Computers & Security 29(5), 603–618 (2010)
Soupionis, Y., Gritzalis, D.: Aspf: Adaptive anti-spit policy-based framework. In: ARES, pp. 153–160 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stachtiari, E., Soupionis, Y., Katsaros, P., Mentis, A., Gritzalis, D. (2013). Probabilistic Model Checking of CAPTCHA Admission Control for DoS Resistant Anti-SPIT Protection. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-41485-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41484-8
Online ISBN: 978-3-642-41485-5
eBook Packages: Computer ScienceComputer Science (R0)