Abstract
Anti-SPIT policies counter the SPam over Internet Telephony (SPIT) by distinguishing bots launching unsolicited bulks of VoIP calls from human beings. We propose an Anti-SPIT Policy Management mechanism (aSPM) that detects spam calls and prevents VoIP session establishment by the Session Initiation Protocol (SIP). The SPIN model checker is used to formally model and analyze the robustness of the aSPM mechanism in execution scenarios with parallel SIP sessions. In case of a possible design flaw, the model checker provides a trace of the caught unexpected behavior (counterexample), that can be used for the revision of the mechanism’s design. Our SPIN model is parameterized, based on measurements from experiments with VoIP users. Non-determinism plays a key role in representing all possible anti-SPIT policy decisions, in terms of the SIP messages that may be exchanged. The model checking results provide evidence for the timeliness of the parallel SIP sessions, the absence of deadlocks or livelocks, and the fairness for the VoIP service users. These findings ensure robust anti-SPIT protection, meaning that the aSPM mechanism operates as expected, despite the occurrence of random SPIT calls and communication error messages. To the best of our knowledge, this is the first analysis for exhaustively searching security policy flaws, due to complex interactions between anti-SPIT measures and the SIP protocol services.
Similar content being viewed by others
References
Walsh T., Kuhn D.: Challenges in securing voice over IP. IEEE Secur. Priv. 3(3), 44–49 (2005)
Sawda, S., Urien, O.: SIP security attacks and solutions: a state-of-the-art review. In: Proceedings of the IEEE International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA ’06), vol. 2, pp. 3187–3191 (2006)
Rosenberg, J., Jennings, C.: The session initiation protocol and spam. Network Working Group, RFC 5039 (2008)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: Session Initiation Protocol (SIP), RFC 3261 (2002)
Marias, G., Dritsas, S., Theoharidou, M., Mallios, Y., Gritzalis, D.: SIP vulnerabilities and antiSPIT mechanisms assessment. In: Proceedings of the 16th IEEE International Conference on Computer Communications and Networks (ICCCN 2007), USA, pp. 597–604 (2007)
Gritzalis D., Mallios Y.: A SIP-based SPIT management framework. Comput. Secur. 27(5–6), 136–153 (2008)
Dritsas S., Soupionis Y., Theoharidou M., Mallios J., Gritzalis D. et al.: SPIT identification criteria implementations: effectiveness and lessons learned. In: Samarati, P. (eds) Proceedings of the 23rd International Information Security Conference (SEC-2008), pp. 381–395. Springer, Berlin (2008)
Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT calls by checking human communication patterns. In: Proceedings of IEEE International Conference on Communications (ICC’07), pp. 1979–1984 (2007)
Graham-Rowe, D.: A Sentinel to screen phone calls technology, Technology review (http://www.technologyreview.com/read_article.aspx?id=17300&ch=infotech) (2006). Accessed 8 Nov 2010)
Winslett, M.: Policy-driven distributed authorization: status and prospects. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 12–18 (2007)
Soupionis Y., Dritsas S., Gritzalis D.: An adaptive policy-based approach to SPIT management. In: Lopez, J., Jajodia, S. (eds) Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS 2008), pp. 446–460. Springer, Berlin (2008)
Soupionis, Y., Basagiannis, S., Katsaros, P., Gritzalis, D.: A formally verified mechanism for countering SPIT. In: Xenakis C., Wolthusen S. (eds.) Proceedings of the 5th International Conference on Critical Information Infrastructure Security (CRITIS-2010), pp. 128–139, Springer (2010)
Antispit Policy Schema (http://users.auth.gr/~basags/sip/AntiSpit_Policy_Schema_1.xsd)
Quittek J., Niccolini S., Tarterelli S., Schlegel R.: Prevention of Spam over IP Telephony (SPIT). NEC Tech. J. 1(2), 114–119 (2006)
Agrawal, D., Giles, J., Lee, K.-W., Voruganti, K., Filali-Adib, K.: Policy-based validation of san configuration. In: Proceedings of International Workshop on Policies for Distributed Systems and Networks (2004)
Agrawal, D., Calo, S., Giles, J., Lee, K.-W. Verma, D.: Policy management for networked systems and applications. In: Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (2005)
Baralis E., Widom J.: An algebraic approach to static analysis of active database rules. ACM Trans. Database Syst. 25(3), 269–332 (2000)
Sloman M., Lupu E.: Security and management policy specification. IEEE Network Special Issue on Policy-Based Networking 16(2), 10–19 (2002)
Gama, P., Ferreira P.: Obligation policies: an enforcement platform. In: Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY ’05) (2005)
Basagiannis, S., Katsaros, P., Pombortsis, A.: Intrusion attack tactics for the model checking of e-Commerce security guarantees. In: Proceedings of the 26th International Conference on Computer Safety, Reliability and Security (SAFECOMP ’07), pp. 238–252, Springer, Berlin (2007)
BasagiannisS. Katsaros S., Katsaros P., Pombortsis A.: Synthesis of attack actions using model checking for the verification of security protocols. Secur. Commun. J. 4(2), 147–161 (2011)
Lowe G., Roscoe A.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 23(10), 659–669 (1997)
Holzmann G.: The model-checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)
The SPIN model checker website (http://spinroot.com/) (2011). Accessed 23 May 2011
Holzmann G.: The SPIN Model Checker—Primer and Reference Manual. Addison-Wesley, Reading, MA (2003)
ITU-T Recommendation H.323, Packet-based multimedia communications systems (2009)
Zave, P.: Understanding SIP through model-checking. In: Proceedings of the 2nd International Conference on Principles, Systems and Applications of IP Telecommunications, pp. 256–279, Springer, Berlin (2008)
Liu, L.: Verification of the SIP transaction using colored petri nets. In: Proceedings of the 32nd Australasian Computer Science Conference, pp. 63–72 (2009)
Schaeffer-Filho, A., Lupu, E., Sloman, M., Eisenbach, S.: Verification of policy-based self-managed cell interactions using alloy. In: Proceedings of the 10th IEEE International Symposium on Policies for Distributed Systems and Networks (Policy-2009), pp.37–40 (2009)
IEEE, IEEE Standard Glossary of Software Engineering Terminology, IEEE Standard 610.12-1990 (1990)
Saad-Khorchef, F., Rollet, A., Castanet, R.: A framework and a tool for robustness testing of communicating software. In: Proceedings of the ACM Symposium on Applied Computing (SAC), pp. 1461–1466 (2007)
Yin X., Wang Z., Jing C., Wu J.: A formal approach to robustness testing of network protocol with time constraints. Secur. Commun. Netw. 4(6), 622–632 (2011)
Belli, F., Hollmann, A., Eric Wong, W.: Towards scalable robustness testing. In: Proceedings of the 4th International Conference on Secure Software Integration and Reliability Improvement, pp. 208–216 (2010)
Laranjeiro, N., Vieira, M., Madeira, H.: Robustness validation in service-oriented architectures. In: Architecting Dependable Systems VI, pp. 98–123, LNCS 5835, Springer, Berlin (2009)
Cisco Systems, Session Initiation Protocol gateway call flows and compliance information SIP messages and methods over- view (http://www.cisco.com/application/pdf/en/us/guest/products/ps4032/c2001/ccmigration_09186a00800c4bb1.pdf) (2011). Accessed 07 August 2011
Cisco Systems, “SIP Messages and Methods Overview”. (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/rel_docs/sip_flo/preface.pdf) (2011). Accessed 07 August 2011
SER Server, ver. 2.0 (http://www.iptel.org/ser) (2011). Retrieved 22 May 2011
SIPp traffic generator for the SIP protocol (http://sipp.sourceforge.net/) (2010). Accessed 17 August 2010
The SIP-aSPMv2 Model (http://users.auth.gr/~basags/sip/SIP-aSPMv2.prom)
Völzer, H., Varacca, D., Kindler, E.: Defining fairness. In: Proceedings of 15th International Conference on Concurrency Theory (CONCUR), pp. 458–472, Springer, Berlin (2005)
Sistla A.: Safety, liveness, and fairness in temporal logic. Formal Aspects Comput. 6, 495–511 (1994)
Soupionis, Y., Gritzalis, D.: ASPF: an adaptive anti-SPIT policy-based framework. In: Pernul G., et al. (ed.) Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES-2011), pp. 153–160, Austria (2011)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gritzalis, D., Katsaros, P., Basagiannis, S. et al. Formal analysis for robust anti-SPIT protection using model checking. Int. J. Inf. Secur. 11, 121–135 (2012). https://doi.org/10.1007/s10207-012-0159-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-012-0159-4