An intrusion detection and prevention system for IMS and VoIP services

International Journal of Information Security

Volumn 12, Issue 3, 2013, Pages 201-217

  Vrakas, Nikos ^a   Lambrinoudakis, Costas ^a  

^a UNIVERSITY OF PIRAEUS   (Greece)

Author keywords

Attacks; Flooding; IDS; IMS; Intrusion; Security; SIP; Spoofing

Indexed keywords

ATTACKS; IDS; IMS; INTRUSION; SECURITY; SIP; SPOOFING;

FLOODS; INTERNET PROTOCOLS; INTRUSION DETECTION; MOBILE DEVICES; NETWORK SECURITY; OIL WELL FLOODING; QUALITY OF SERVICE; VOICE/DATA COMMUNICATION SYSTEMS;

INTERNET TELEPHONY;

EID: 84877626643     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-012-0187-0     Document Type: Article

References (42)

1. 3GPP: TS 23. 228: IP Multimedia Subsystems (IMS). Third Generation Partnership Project, Technical Specification Group Services and System Aspects (2011).
2. Rosenberg, J., et al.: RFC 3261: SIP: Session Initiation Protocol (2002).
3. Tanase, M.: IP spoofing: an introduction. Secur. Focus 11 (2003). Available at: http://www. securityfocus. com/infocus/1674.
4. Wagner, R.: Address resolution protocol spoofing and man-in-the-middle attacks. The SANS Institute (2001). Available at: http://rr. sans. org/threats/address. php.
5. Geneiatakis, D., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Commun. Surv. Tutor. 8, 68-81 (2006).
6. Park, Y., Park, T.: A survey of security threats on 4G networks. In: IEEE Globecom Workshops, Washington, DC, pp. 1-6 (2007).
7. Keromytis, A.: A survey of voice over IP security research. In: Prakash, A., Sen Gupta, I. (eds.) Information Systems Security, vol. 5905, pp. 1-17. Springer, Berlin (2009).
8. 3GPP: TS 33. 203: 3G security; Access security for IP-based services (Release 10). Third Generation Partnership Project, Technical Specification Group Services and System Aspects (2010).
9. Franks, J., et al.: RFC 2617: HTTP authentication: basic and digest access authentication. Internet Eng. Task Force (1999). Available at: http://www. ietf. org/rfc/rfc2617. txt.
10. Wu, Y., et al.: Intrusion detection in voice over IP environments. Int. J. Inf. Secur. 8, 153-172 (2009).
11. Wu, Y., et al.: Scidive: A stateful and cross protocol intrusion detection architecture for voice-over-ip environments. In: Proceedgins of the 2004 International Conference on Dependable Systems and Networks (DSN 2004), Firenze, Italy, pp. 433-442 (2004).
12. Sengar, H., et al.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 794-805 (2008).
13. Geneiatakis, D., et al.: Utilizing bloom filters for detecting flooding attacks against SIP based services. Compu. Secur. 28, 578-591 (2009).
14. Wan, X. Y., et al.: A SIP DoS flooding attack defense mechanism based on priority class queue. In: IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS), Beijing, China, 25-27 June, pp. 428-431 (2010).
15. Srinivasan, R., et al.: Authentication of Signaling in VoIP Applications. In: Asia-Pacific Conference on, Communications. pp. 530-533 (2005).
16. Argyroudis, P. G., et al.: Performance analysis of cryptographic protocols on handheld devices. In: Third IEEE International Symposium on Network Computing and Applications (NCA 2004), pp. 169-174 (2004).
17. Shen, C., et al.: The impact of TLS on SIP server performance. In: IPTComm 2010: 4th Conference on Principles, Systems and Applications of IP Telecommunications Principles, Systems and Applications of IP Telecommunications, Munich, pp. 59-70 (2010).
18. Geneiatakis, D., et al.: SIP Security Mechanisms: A state-of-the-art review. In: Proceedings of Fifth International Network Conference, Samos, Greece, pp. 147-155 (2005).
19. Geneiatakis, D., et al.: SIP message tampering: the SQL code injection attack. In: Proceedings of 13th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2005), Split, Croatia (2005).
20. Bremler-Barr, A., et al.: Unregister attacks in SIP. In: 2nd Workshop on Secure Network Protocols, NPSec, pp. 32-37 (2006).
21. Abdelnur, H., et al.: Abusing SIP authentication. In: ISIAS' 08: Fourth International Conference on Information Assurance and Security, pp. 237-242 (2008).
22. Klein, A.: BIND 9 DNS cache poisoning. Available: http://www. trusteer. com/docs/bind9dns. html (2007).
23. Vrakas, N., et al.: A call conference room interception attack and its detection. In: Presented at the 7th International Conference on Trust, Privacy and Security in Digital Business, Bilbao, Spain, (2010).
24. Asokan, N., et al.: Man-in-the-middle in tunnelled authentication protocols. Lecture Notes in Computer Science, vol. 3364, p. 28 (2005).
25. Xia, H., Brustoloni, J.: Hardening web browsers against man -in-the-middle and eavesdropping attacks. In: Proceedings of the 14th International Conference on World Wide Web, Chiba, Japan, pp. 498-498 (2005).
26. Zhang, R., et al.: On the feasibility of launching the man -in-the-middle attacks on VoIP from remote attackers. In: Presented at the 4th ACM Symposium on Information, Computer and Communications Security, Sydney, Australia, March (2009).
27. Callegari, C., et al.: A novel method for detecting attacks towards the SIP protocol. In: International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), pp. 268-273 (2009).
28. Sisalem, D., et al.: SIP Security: Wiley (2009).
29. Vrakas, N., Lambrinoudakis, C.: A cross layer spoofing detection mechanism for multimedia communication services. Int. J. Inf. Technol. Syst. Approach (IJITSA) 4, 32-47 (2011).
30. Postel, J.: RFC 793: TCP: transmission Control Protocol. (1980).
31. Bellovin, S.: Security problems in the TCP/IP protocol suite. ACM SIGCOMM Comput. Commun. Rev. 19, 48 (1989).
32. 3GPP: TR 33. 978 Security aspects of early IP Multimedia Subsystem (IMS). Third Generation Partnership Project, Technical Specification Group Services and System Aspects (2008).
33. ETSI: TS 187.003: Telecommunications and internet converged services and protocols for advanced networking (TISPAN): Security Architecture. (2008).
34. Bloom, B. H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13, 422-426 (1970).
35. Udhayan, J., Hamsapriya, T.: Statistical segregation method to minimize the false detections during DDoS attacks. Int. J. Netw. Secur. 13, 152-160 (2011).
36. OpenIMS: Fraunhofer Fokus. Available: http://www. openimscore. org.
37. Fawcett, T.: An introduction to ROC analysis. Pattern Recognit. Lett. 27, 861-874 (2006).
38. Chen, E. Y., Itoh, M.: A whitelist approach to protect SIP servers from flooding attacks. In: IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), Vancouver, BC, 8-10 June, pp. 1-6 (2010).
39. Nassar, M., Niccolini, S.: Holistic VoIP intrusion detection and prevention system. In: Bond, G. W., Schulzrinne, H., Sisalem, D. (eds.) Principles, Systems andApplications of IP Telecommunications (IPTComm 2007). New York, USA, pp. 1-9 (2007).
40. Takahara, H., Nakamura, M.: Enhancement of SIP Ssgnaling for integrity verification. In: 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), pp. 289-292 (2010).
41. Balasubramaniyan, V. A., et al.: PinDr0p: using single-ended audio features to determine call provenance. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 109-120 (2010).
42. Vrakas, N., et al.: IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY 'MALFORMED MESSAGE' ATTACKS? An Evaluation of OpenIMS. In: SECRYPT 2011, the International Joint Conference on e-Business and Telecommunications, Seville, Spain, 18-21 July (2011).