Abstract
As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats.
We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone.
To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., Haukka, T.: Security Mechanism Agreement for the SIP. RFC 3329 (January 2003)
Deng, X., Shore, M.: Advanced Flooding Attack on a SIP Server. In: Proc. of the Intl. Conf. on Availability, Reliability and Security (ARES), pp. 647–651. IEEE Computer Society (March 2009)
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication. RFCÂ 2617 (June 1999)
Geneiatakis, D., Dagiouklas, A., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., Sisalem, D.: Survey of Security Vulnerabilities in Session Initiation Protocol. IEEE Commun. Surveys and Tutorials 8(3), 68–81 (2006)
Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Lambrinoudakis, C., Gritzalis, S.: SIP Security Mechanisms: A State-of-the-Art Review. In: Proc. of the 5th Intl. Netw. Conf. (INC), pp. 147–155. ACM (2005)
Geneiatakis, D., Vrakas, N., Lambrinoudakis, C.: Utilizing Bloom Filters for Detecting Flooding Attacks against SIP based Services. Computers & Security 28(7), 578–591 (2009)
Herculea, M., Blaga, T., Dobrota, V.: Evaluation of Security and Countermeasures for SIP-Based VoIP Architecture, pp. 30–34 (August 2008)
Jaques, R.: Cyber-Criminals Switch to VoIP ‘Vishing’, http://www.vnunet.com/vnunet/news/2160004/cyber-criminals-talk-voip
Kapravelos, A., Polakis, I., Athanasopoulos, E., Ioannidis, S., Markatos, E.P.: D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 663–678. Springer, Heidelberg (2010)
Lee, C., Kim, H., Ko, K., Kim, J., Jeong, H.: A VoIP Traffic Monitoring System based on NetFlow v9. Intl. Journal of Advanced Science and Technology 4 (2009)
McGann, S., Sicker, D.C.: An Analysis of Security Threats and Tools in SIP-Based VoIP Systems. In: Proc. of the 2nd Workshop on Securing VoIP (June 2005)
Me, G., Verdone, D.: An Overview of Some Techniques to Exploit VoIP over WLAN. In: Proc. of 2006 Intl. Conf. on Digital Telecommun. (August 2006)
Moskalyuk, A.: US VoIP Market Shares (August 2006), http://blogs.zdnet.com/ITFacts/?p=11425
Now, V.: Vonage Is Still # In VoIP Market Share (July 2006), http://www.voipnow.org/2006/07/vonage_is_still.html
Reynolds, B., Ghosal, D.: Secure IP Telephony using Multi-layered Protection. In: Proc. of the 10th Netw. and Distrib. Syst. Security Symp. (NDSS) (February 2003)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261
Seedorf, J., Beckers, K., Huici, F.: Single-Message Denial-of-Service Attacks Against Voice-over-Internet Protocol Terminals. Intl. Journal of Electronic Security and Digital Forensics 2, 29–34 (2009)
Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: Denial of Service Attacks on IP Telephony. In: Proc. of the 14th IEEE Intl. Workshop on Quality of Service (IWQoS). IEEE Computer Society (June 2006)
Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP Intrusion Detection Through Interacting Protocol State Machines. In: Proc. of the Intl. Conf. on Dependable Syst. and Netw. (DSN), pp. 393–402. IEEE Computer Society (2006)
Soupionis, Y., Basagiannis, S., Katsaros, P., Gritzalis, D.: A Formally Verified Mechanism for Countering SPIT. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 128–139. Springer, Heidelberg (2011)
Soupionis, Y., Gritzalis, D.: ASPF: Adaptive anti-SPIT Policy-based Framework. In: Proc. of the Intl. Conf. on Availability, Reliability and Security (ARES), pp. 153–160 (2011)
Soupionis, Y., Tountas, G., Gritzalis, D.: Audio CAPTCHA for SIP-based VoIP. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 25–38. Springer, Heidelberg (2009)
State, R.: Remote eavesdropping with SIP Phone GXV-3000 (August 2007), http://www.voipsa.org/pipermail/voipsec_voipsa.org/2007-August/002424.html
Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: Proc. of the 4th Intl. Conf. on Security and Privacy in Commun. Netw., pp. 1–11. ACM (2008)
Wu, Y.S., Bagchi, S., Garg, S., Singh, N., Tsai, T.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: Proc. of the Intl. Conf. on Dependable Syst. and Netw. (DSN), pp. 433–442. IEEE Computer Society (July 2004)
Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-in-the-Middle Attacks on VoIP from Remote Attackers. In: Proc. of the 4th Intl. Symp. on Information, Computer, and Commun. Security (ASIACCS), pp. 61–69. ACM (March 2009)
Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-Based VoIP Systems. In: Proc. of the 1st USENIX WOOT (August 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Farley, R., Wang, X. (2013). Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-04283-1_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04282-4
Online ISBN: 978-3-319-04283-1
eBook Packages: Computer ScienceComputer Science (R0)