Abstract
Delivery of real-time streaming content is an increasingly important Internet application. Applications involved in processing streaming content may have exploitable vulnerabilities, as many other applications have been discovered to have, and using a firewall to filter out malicious traffic may provide some benefit. However, as these applications largely rely on traffic carried by RTP/UDP, firewalls that are unaware of the behaviour of RTP data streams have difficulties in filtering out malicious traffic injected into a stream by an attacker. In this paper, we observe a vulnerability in the current RTP protocol which allows an attacker to inject malicious traffic into a data stream, and present a scheme that allows a stateful firewall that keeps state from RTP packets to detect such malicious traffic. Our technique uses non-static fields such as RTP sequence numbers to improve the inspection scheme by modelling streaming traffic and detecting malicious streams based on deviation for this model. We show effectiveness of our approach by giving the results of our experiments.
This work is partially supported by Cooperative Research Center – Smart Internet Technology (CRC-SIT), Australia.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Packeteer, http://www.packeteer.com
Recommendation H.323: Visual Telephone Systems and Equipment for Local Area Networks Which Provide a Nonguaranteed Quality of Service. ITU-T (1996)
Connecting the World’s Voice (2003), Available at http://www.packetcomm.org/Documents/Netrake_Comptel0205.ppt
NetScreen Concepts & Examples ScreenOS Reference Guide, Volume II: Fundermentals. Technical report, Juniper Networks (2004)
SnowShore Media Firewall. Technical report, Brooktrout Technology (2004)
Stateful Inspection Technology. Technical report, CheckPoint Software Technologies Ltd. (2004)
Cisco IOS Firewall. Technical report, Cisco Systems (2005), Available at http://www.cisco.com/application/pdf/en/us/guest/products/ps1018/c1244/cdccont_0900aecd8029d0a6.pdf
Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security, Repelling the Wily Hacker. Addison-Wesley, Reading (1994)
Fung, K.P.: SOCKS5-based Firewall Support for UDP-based Applications. Master’s thesis, The Hong Kong Polytechnic Univ., Dept. of Computing, Hong Kong, PRC (1999), http://www2.comp.polyu.edu.hk/~csrchang/MSc/Billy.pdf
Gusella, R.: A Measurement Study of Diskless Workstation Traffic on an Ethernet. IEEE Transactions on Communications 38(9), 1557–1568 (1990)
Johnson, R.A., Wichem, D.W.: Applied Multivariate Statistical Analysis. Prentice-Hall, Upper Saddle river (1998)
Schulzrinne, H.: rtpdump. http://www.cs.columbia.edu/~hgs/rtp/rtpdump.html
Bacher, D., Swan, A., Rowe, L.A.: rtpmon: A Third-Party RTCP Monitor, http://bmrc.berkeley.edu/people/drbacher/projects/mm96-demo/index.html
Fowler, H., Leland, W.: Local Area Network Traffic Characteristics, with Implications for Broadband Network Congestion Management. IEEE JSAC 9(7), 1139–1149 (1991)
Schulzrinne, H., Rao, A., Lanphier, R.: Real Time Streaming Protocol (RTSP). RFC 2336 (April 1998)
Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications. RFC 3550 (July 2003)
Merwe, J., Cceres, R., Chu, Y., Sreenan, C.: mmdump: a tool for monitoring internet multimedia traffic. ACM SIGCOMM Computer Communication Review 30, 48–59 (2000)
Wack, J., Cutler, K., Pole, J.: Guidelines on Firewalls and Firewall Policy. Technical report, National Institute of Standards and Technology (2002)
Fung, K.P., Chang, R.K.C.: Secure media streaming & secure adaptation for non-scalable video. In: ICIP, vol. 3, pp. 1763–1766 (2004)
Handley, M., Schulzrinne, H., Schooler, E., Rosenberg, J.: SIP: Session Initiation Protocol. RFC 2543 (March 1999)
Danzig, P., Jamin, S., Caceres, R., Mitzel, D., Estrin, D.: An Empirical Workload Model for Driving Widearea TCP/IP Network Simulations. Internetworking: Research and Experience 3(1), 1–26 (1992)
Jain, R., Routhier, S.: Packet Trains - Measurements and a New Model for Computer Network Traffic. IEEE JSAC 4(6), 986–995 (1986)
Zimmermann, R., Fu, K., Shahabi, C., Jahangiri, M.: A Multi-Threshold Online Smoothing Technique for Variable Rate Multimedia Streams. Submitted for Journal Publication
Sun Microsystems Inc. Java Media Framework (1994-2005)
Frost, V., Melamed, B.: Traffic Modeling for Telecommunications Networks. IEEE Communications Magazine 32(3), 70–80 (1994)
Paxson, V., Floyd, S.: Wide-Area Traffic: The Failure of Poisson Modeling. IEEE/ACM Transactions on Networking (TON) 3(3), 226–244 (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lu, L., Safavi-Naini, R., Horton, J., Susilo, W. (2005). On Securing RTP-Based Streaming Content with Firewalls. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_25
Download citation
DOI: https://doi.org/10.1007/11599371_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)