Abstract
We carry out attacks using Internet services that aim to keep telephone devices busy, hindering legitimate callers from gaining access. We use the term DIAL (Digitally Initiated Abuse of teLephones), or, in the simple form, Dial attack, to refer to this behavior. We develop a simulation environment for modeling a Dial attack in order to quantify its full potential and measure the effect of attack parameters. Based on the simulation’s results we perform the attack in the real-world. By using a Voice over IP (VoIP) provider as the attack medium, we manage to hold an existing landline device busy for 85% of the attack duration by issuing only 3 calls per second and, thus, render the device unusable. The attack has zero financial cost, requires negligible computational resources and cannot be traced back to the attacker. Furthermore, the nature of the attack is such that anyone can launch a Dial attack towards any telephone device.
Our investigation of existing countermeasures in VoIP providers shows that they follow an all-or-nothing approach, but most importantly, that their anomaly detection systems react slowly against our attacks, as we managed to issue tens of thousands of calls before getting spotted. To cope with this, we propose a flexible anomaly detection system for VoIP calls, which promotes fairness for callers. With our system in place it is hard for an adversary to keep the device busy for more than 5% of the duration of the attack.
Chapter PDF
References
Ebay Inc. FQ, results (2008), http://investor.ebay.com/results.cfm
IDC Predicts more than 1.8 billion Worldwide Personal IP Communications Subscribers by 2013, http://www.idc.com/getdoc.jsp?containerId=219742
Skype Fast Facts, Q4 2008, http://ebayinkblog.com/wp-content/uploads/2009/01/skype-fast-facts-q4-08.pdf
Snortsam, http://www.snortsam.net
Statistics of Communications Common Carriers 2005/2006 Edition, http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-282813A1.pdf
Thieves Flood Victims Phone With Calls to Loot Bank Accounts, http://www.wired.com/threatlevel/2010/05/telephony-dos/
Voipdiscount, http://www.voipdiscount.com
Voipuser.org, http://www.voipuser.org
Aschenbruck, N., Frank, M., Martini, P., Tolle, J., Legat, R., Richmann, H.: Present and Future Challenges Concerning DoS-attacks against PSAPs in VoIP Networks. In: Proceedings of International Workshop on Information Assurance (2006)
Brown, L., Gans, N., Mandelbaum, A., Sakov, A., Shen, H., Zeltyn, S., Zhao, L.: Statistical analysis of a telephone call center. Journal of the American Statistical Association 100(469), 36–50 (2005)
Dritsas, S., Soupionis, Y., Theoharidou, M., Mallios, Y., Gritzalis, D.: SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned. In: Proceedings of The IFIP International Information Security Conference, Springer, Heidelberg (2008)
Enck, W., Traynor, P., McDaniel, P., Porta, T.L.: Exploiting Open Functionality in SMS Capable Cellular Networks. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, Virginia, USA (2005)
Floyd, S., Jacobson, V.: Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking (1993)
Fuchs, C., Aschenbruck, N., Leder, F., Martini, P.: Detecting VoIP based DoS attacks at the public safety answering point. In: ASIACCS (2008)
Keromytis, A.D.: A Look at VoIP Vulnerabilities. USENIX; login: Magazine 35(1) (February 2010)
Kohler, E., Morris, R., Chen, B., Jannotti, J., Kaashoek, M.F.: The click modular router. ACM Transactions on Computer Systems (2000)
Mathieu, B., Gourhant, Y., Loudier, Q.: SPIT mitigation by a network level Anti-SPIT entity. In: Proc. of the 3rd Annual VoIP Security Workshop (2006)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: LISA 1999: Proceedings of the 13th USENIX Conference on System Administration. USENIX Association (1999)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard), Updated by RFCs 3265, 3853, 4320, 4916 (2002)
Traynor, P., Enck, W., McDaniel, P., Porta, T.L.: Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. In: 12th Annual International Conference on Mobile Computing and Networking (2006)
Traynor, P., Mcdaniel, P., Porta, T.L.: On attack causality in internet-connected cellular networks. In: USENIX Security Symposium (2007)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. LNCS. Springer, Heidelberg (2003)
Wang, X., Chen, S., Jajodia, S.: Tracking anonymous peer-to-peer VoIP calls on the internet. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and Communications Security (2005)
Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In: SS 2007: Proceedings of the 16th USENIX Security Symposium. USENIX Association, Berkeley (2007)
Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing attacks on SIP-based VoIP systems. In: WOOT 2007: Proceedings of the First USENIX Workshop On Offensive Technologies
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kapravelos, A., Polakis, I., Athanasopoulos, E., Ioannidis, S., Markatos, E.P. (2010). D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)