Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2009: Information Security Practice and Experience pp 59–70Cite as

An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5451))

Abstract

Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle or remote attacker could transparently 1) hijack selected E911 calls and impersonate the Public Safety Answering Point (PSAP); and 2) spoof the voicemail servers of both the caller and the callee of selected VoIP calls; and 3) make spam calls to VoIP subscribers even if Do Not Disturb is enabled. These empirical results confirm that leading deployed SIP-based VoIP systems have serious security vulnerabilities.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. First Report and Order and Notice of Proposed RuleMaking, http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-05-116A1.pdf

  2. How To Deal With Voicemail When Prospecting, http://www.content4reprint.com/business/network-marketing/how-to-deal-with-voicemail-when-prospecting.htm

  3. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)

    Google Scholar 

  4. Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications. RFC 1889, IETF (January 1996)

    Google Scholar 

  5. Vonage, http://www.vonage.com/

  6. AT&T’s CallVantage, https://www.callvantage.att.com/

  7. Gizmo, http://www.gizmoproject.com/

  8. Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-Based VoIP Systems. In: lst USENIX Workshop on Offensive Technologies (WOOT 2007) (August 2007)

    Google Scholar 

  9. US VOIP market shares, http://blogs.zdnet.com/ITFacts/?p=11425

  10. Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers. In: 4th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), Sydney, Australia (March 2009)

    Google Scholar 

  11. Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., Haukka, T.: Security Mechanism Agreement for the Session Initiation Protocol (SIP). RFC 3329, IETF (January 2003)

    Google Scholar 

  12. Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, K.: The Secure Real-time Transport Protocol (SRTP). RFC 3711, IETF (March 2004)

    Google Scholar 

  13. Reynolds, B., Ghosal, D.: Secure IP Telephony Using Multi-layered Protection. In: 10th Network and Distributed System Security Symposium (NDSS 2003) (Feburary 2003)

    Google Scholar 

  14. Wu, Y., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: 34th International Conference on Dependable Systems and Networks (DSN 2004), pp. 433–442 (July 2004)

    Google Scholar 

  15. Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP Intrusion Detection Through Interacting Protocol State Machines. In: 36th International Conference on Dependable Systems and Networks (DSN 2006) (June 2006)

    Google Scholar 

  16. Mintz-Habib, M., Rawat, A., Schulzrinne, H., Wu, X.: A VoIP Emergency Services Architecture and Prototype. In: 14th International Conference on Computer Communications and Networks (ICCCN 2005) (October 2005)

    Google Scholar 

  17. Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: 4th International Conference on Security and Privacy in Communication Networks (SecureComm 2008) (September 2008)

    Google Scholar 

  18. McGann, S., Sicker, D.C.: An analysis of Security Threats and Tools in SIP-Based VoIP Systems. In: Second VoIP Security Workshop (2005)

    Google Scholar 

  19. PROTOS SIP Fuzzer, http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/

  20. SIP Forum Test Framework, http://www.sipfoundry.org/sip-forum-test-framework/sip-forum-test-framework-sftf.html

Download references

Author information

Authors and Affiliations

  1. George Mason University, Fairfax, VA 22030, USA

    Ruishan Zhang, Xinyuan Wang, Xiaohui Yang & Ryan Farley

  2. N.C. State University, Raleigh, NC 27606, USA

    Xuxian Jiang

Authors
  1. Ruishan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaohui Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ryan Farley
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xuxian Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research (I<Superscript>2</Superscript>R) 1, Fusionopolis Way #19-01 Connexis, 138632, South Tower, Singapore

    Feng Bao

  2. School of Telecommunications Engineering, Xidian University, No.2 South Taibai Road, 710071, Xi’an, Shaanxi, P. R. China

    Hui Li

  3. School of Computer Science, University of Birmingham Homepage: http://www.cs.bham.ac.uk/~gzw/, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, R., Wang, X., Yang, X., Farley, R., Jiang, X. (2009). An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems. In: Bao, F., Li, H., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2009. Lecture Notes in Computer Science, vol 5451. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00843-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00843-6_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00842-9

  • Online ISBN: 978-3-642-00843-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation