skip to main content
10.1145/1941530.1941534acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

Inter-domain and DoS-resistant call establishment protocol (IDDR-CEP): work in progress

Published: 02 August 2010 Publication History

Abstract

VoIP security is a tricky issue in inter-domain open context where interconnection proxies are reachable from anywhere on the public Internet and may be the subject of DoS and SPIT attacks. This paper proposes a secure call establishment protocol designed for this context with a particular focus on DoS protection. The mechanism performs session key agreement in the signalling plane and can be integrated to SIP call establishment. It is based on symmetric cryptography algorithms and implicit transaction identifiers to protect against DoS attacks. We provide heuristic analysis of various security properties among which privacy and resistance to off-line passive attacks. The IDDR-CEP protocol is presented in a three party architecture but can be adapted to a two party architecture; it may also be adapted to non-VoIP applications.

References

[1]
3GPP. IMS Functional Architecture. 3GPP TR33.828, May 2009.
[2]
H. Abdelnur, R. State, I. Chrisment, and C. Popi. Assessing the security of voip services. In IM'07: The 10th IFIP/IEEE Symposium on Integrated Management, 2007.
[3]
W. Aiello, S. Bellovin, M. Blaze, J. Ioannidis, O. Reingold, R. Canetti, and A. Keromytis. Efficient, DoS-resistant, secure key exchange for internet protocols. In Proceedings of the 9th ACM conference on Computer and communications security, pages 48--58. ACM New York, NY, USA, 2002.
[4]
F. Andreasen, M. Baugher, and D. Wing. Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568 (Proposed Standard), July 2006.
[5]
J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman. MIKEY: Multimedia Internet KEYing. RFC 3830 (Proposed Standard), Aug. 2004. Updated by RFC 4738.
[6]
E. A. Blake. Network security: Voip security on data network--a guide. In InfoSecCD '07: Proceedings of the 4th annual conference on Information security curriculum development, pages 1--7, New York, NY, USA, 2007. ACM.
[7]
C. Boyd and A. Mathuria. Protocols for authentication and key establishment. Springer Verlag, 2003.
[8]
J. Elwell. Connected Identity in the Session Initiation Protocol (SIP). RFC 4916 (Proposed Standard), June 2007.
[9]
J. Floroiu and D. Sisalem. A comparative analysis of the security aspects of the multimedia key exchange protocols. In Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications, pages 1--10. ACM, 2009.
[10]
S. E. Griffin and C. C. Rackley. Vishing. In InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development, pages 33--35, New York, NY, USA, 2008. ACM.
[11]
J. Hill. The storm ahead: how calea will turn voip on its head. In InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum development, pages 147--150, New York, NY, USA, 2006. ACM.
[12]
C. Jennings, B. Lowekamp, E. Rescorla, S. Baset, and H. Schulzrinne. REsource LOcation And Discovery (RELOAD) Base Protocol. IETF draft-ietf-p2psip-base-07, February 2010.
[13]
A. D. Keromytis. A survey of voice over ip security research. In ICISS '09: Proceedings of the 5th International Conference on Information Systems Security, pages 1--17, Berlin, Heidelberg, 2009. Springer-Verlag.
[14]
J. Mattsson and T. Tian. MIKEY-TICKET: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY). IETF draft-mattsson-mikey-ticket-00, Oct. 2009.
[15]
D. McGrew and E. Rescorla. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP). IETF draft-ietf-avt-dtls-srtp-07, Feb. 2009.
[16]
C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard), July 2005. Updated by RFCs 4537, 5021.
[17]
S. Niccolini, E. Chen, J. Seedorf, and H. Scholz. SPEERMINT Security Threats and Suggested Countermeasures. IETF draft-ietf-speermint-voipthreats-01, July 2009.
[18]
NIST. Advanced Encryption Standard (AES). FIPS PUB 197, Nov. 2001.
[19]
NIST. The Keyed-Hash Message Authentication Code (HMAC). FIPS PUB 198, Mar. 2002.
[20]
K. Ono and H. Schulzrinne. Have I met you before?: using cross-media relations to reduce SPIT. In Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications, pages 1--7. ACM, 2009.
[21]
S. Peng and Z. Han. Proxy cryptography for secure inter-domain information exchanges. In Dependable Computing, 2005. Proceedings. 11th Pacific Rim International Symposium on, Dec. 2005.
[22]
J. Peterson and C. Jennings. Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP). RFC 4474 (Proposed Standard), Aug. 2006.
[23]
J. Rosenberg and C. Jennings. Verification Involving PSTN Reachability: Requirements and Architecture Overview. IETF draft-rosenberg-dispatch-vipr-overview-01, November 2009.
[24]
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard), June 2002. Updated by RFCs 3265, 3853, 4320, 4916, 5393.
[25]
Z. Wan, B. Zhu, R. Deng, F. Bao, and A. Ananda. DoS-resistant access control protocol with identity confidentiality for wireless networks. In 2005 IEEE Wireless Communications and Networking Conference, volume 3, 2005.
[26]
D. Wing. SIP E.164 Return Routability Check (RRC). IETF draft-wing-sip-e164-rrc-01, Feb. 2008.
[27]
F. Wong and H. Lim. Identity-Based and Inter-Domain Password Authenticated Key Exchange for Lightweight Clients. In Proceedings of 3rd IEEE International Symposium on Security in Networks and Distributed Systems. Citeseer, 2007.
[28]
C. Wu, C. Huang, and J. Irwin. Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to against denial of service attacks and protect user privacy. In Proceedings of the 2007 spring simulation multiconference-Volume 3, pages 362--369. Society for Computer Simulation International, 2007.
[29]
P. Zimmermann, A. Johnston, and J. Callas. ZRTP: Media Path Key Agreement for Secure RTP. IETF draft-zimmermann-avt-zrtp-17, Jan. 2010.

Cited By

View all
  • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013
  • (2012)Transaction-based authentication and key agreement protocol for inter-domain VoIPJournal of Network and Computer Applications10.1016/j.jnca.2012.02.01035:5(1579-1597)Online publication date: 1-Sep-2012

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
IPTComm '10: Principles, Systems and Applications of IP Telecommunications
August 2010
170 pages
ISBN:9781450306317
DOI:10.1145/1941530
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Technische Universitat Munchen: Technische Universitat Munchen
  • IFIP

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 August 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DoS-resistant
  2. Kerberos
  3. SPIT
  4. VoIP
  5. authentication
  6. call establishment
  7. inter-domain
  8. key agreement
  9. privacy
  10. security
  11. ticket
  12. token

Qualifiers

  • Research-article

Conference

IPTComm '10
Sponsor:
  • Technische Universitat Munchen

Acceptance Rates

IPTComm '10 Paper Acceptance Rate 12 of 50 submissions, 24%;
Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 27 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013
  • (2012)Transaction-based authentication and key agreement protocol for inter-domain VoIPJournal of Network and Computer Applications10.1016/j.jnca.2012.02.01035:5(1579-1597)Online publication date: 1-Sep-2012

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media