skip to main content
10.1145/1326304.1326307acmconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

VoIP defender: highly scalable SIP-based security architecture

Published: 19 July 2007 Publication History

Abstract

VoIP services are becoming increasingly a big competition to existing telephony services (POTS / ISDN). The increasing number of customers using VoIP makes VoIP services a valuable target for attackers that want to bring down the service, take it over or simply abuse it to distribute their own content, like SPAM. Hence, the need arises to protect VoIP services from all kinds of attacks that target network bandwidth, server capacity or server architectural constrains. In this article we present VoIP Defender, a generic security architecture, called VoIP-Defender, to monitor, detect, analyze and counter attacks relevant for a SIP-based VoIP infrastructure. The VoIP-Defender is highly scalable and can be easily extended with new detection algorithms. Analysis and traffic control can be performed from the SIP layer down to the transport-, network- and MAC layer. VoIP Defender is designed to work fully transparent to clients and SIP servers, and can analyze and filter traffic in real time, which we demonstrate with measurements with our implementation.

References

[1]
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. R. Johnston, J. Peterson, R. Sparks, M. Handley, E. Schooler, "SIP: Session Initiation Protocol," RFC 3261, IETF, June 2002
[2]
3GPP, TS 23.228 "IP Multimedia Subsystem (IMS)," December 2006
[3]
J. Hautakorpi, G. Camarillo, R. Penfield, A. Hawrylyshen, M. Bhatia, "Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments," http://www.ietf.org/internet-drafts/draft-camarillo-sipping-sbc-funcs-05.txt, IETF, October 2006
[4]
H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia, "Fast Detection of Denial of Service Attacks on IP Telephony," Proceedings of IEEE IWQoS'2006, New Haven, CT, June 2006.
[5]
S. Niccolini, R. G. Garroppo, S. Giordano, G. Risi, S. Ventura, "SIP Intrusion Detection and Prevention: Recommendations and Prototype Implementation", 1st IEEE Workshop on VoIP Management and Security, Vancouver, Canada, Apr 2006.
[6]
D. Sisalem, J. Kuthan, S. Ehlert, "Denial of Service Attacks Targeting a SIP VoIP Infrastructure - Attack Scenarios and Prevention Mechanisms", IEEE Networks Magazine, Vol 20, No. 5, 2006
[7]
S. Vuong, Y. Bai, "A survey of VoIP intrusions and intrusion detection systems," 6th International Conference on Advanced Communication Technology, 2004
[8]
D. Geneiatakis; T. Dagiouklas; S. Ehlert; G. Kambourakis; C. Lambrinoudakis; D. Sisalem and S. Gritzalis, "Survey of Security Vulnerrabilities in SIP", IEEE Communications Tutorials and Surveys", Vol. 8, No. 3, October 2006
[9]
G. Kambourakis, D. Geneiatakis, T. Dagiuklas, C. Lambrinoudakis, S. Gritzalis, "Towards Effective SIP load balancing: the SNOCER approach," 3rd Annual VoIP Security Workshop, June 2006, Berlin, Germany, ACM Press
[10]
K. Singh, H. Schulzrinne, "Failover and Load Sharing in SIP Telephony," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Philadelphia, PA, July 2005.
[11]
B. Reynolds, D. Ghosal, "Secure IP Telephony using Multi-layered Protection", 10th Annual Network and Distributed System Security Symposium, San Diego, California, Feb 2003
[12]
R. Schlegel, S. Niccolini, S. Tartarelli, M. Brunner, "SPam over Internet Telephony (SPIT) Prevention Framework," Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE, Vol., Iss., Nov. 2006

Cited By

View all
  • (2021)Sorted Galloping Prevention Mechanisms Against Denial of Service Attacks in SIP-Based SystemsProgress in Advanced Computing and Intelligent Engineering10.1007/978-981-33-4299-6_47(571-583)Online publication date: 16-Apr-2021
  • (2015)Feature engineering for detection of Denial of Service attacks in session initiation protocolSecurity and Communication Networks10.1002/sec.11068:8(1587-1601)Online publication date: 25-May-2015
  • (2014)ReviewJournal of Network and Computer Applications10.1016/j.jnca.2013.02.02637(365-379)Online publication date: 1-Jan-2014
  • Show More Cited By
  1. VoIP defender: highly scalable SIP-based security architecture

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    IPTComm '07: Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
    July 2007
    107 pages
    ISBN:9781605580067
    DOI:10.1145/1326304
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 19 July 2007

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article

    Conference

    IPTComm07
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 18 of 62 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)2
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Sorted Galloping Prevention Mechanisms Against Denial of Service Attacks in SIP-Based SystemsProgress in Advanced Computing and Intelligent Engineering10.1007/978-981-33-4299-6_47(571-583)Online publication date: 16-Apr-2021
    • (2015)Feature engineering for detection of Denial of Service attacks in session initiation protocolSecurity and Communication Networks10.1002/sec.11068:8(1587-1601)Online publication date: 25-May-2015
    • (2014)ReviewJournal of Network and Computer Applications10.1016/j.jnca.2013.02.02637(365-379)Online publication date: 1-Jan-2014
    • (2012)Detecting Denial of Service Attacks on SIP Based Services and Proposing SolutionsPrivacy, Intrusion Detection and Response10.4018/978-1-60960-836-1.ch006(145-167)Online publication date: 2012
    • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013
    • (2012)SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers2012 IEEE International Conference on Communications (ICC)10.1109/ICC.2012.6364674(6733-6738)Online publication date: Jun-2012
    • (2011)SIPp-DD: SIP DDoS Flood-Attack Simulation Tool2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN.2011.6005946(1-7)Online publication date: Jul-2011
    • (2011)Security Issues in a Synchronous e-Training PlatformProceedings of the 2011 Sixth International Conference on Availability, Reliability and Security10.1109/ARES.2011.75(485-492)Online publication date: 22-Aug-2011
    • (2011)Session Initiation Protocol firewall for the IP Multimedia Subsystem coreBell Labs Technical Journal10.1002/bltj.2047915:4(169-187)Online publication date: 1-Mar-2011
    • (2010)Labeled VoIP data-set for intrusion detection evaluationProceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management10.5555/1875907.1875921(97-106)Online publication date: 28-Jun-2010
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media