The Devil is in the Detail: SDP-Driven Malformed Message Attacks and Mitigation in SIP Ecosystems

Published on Jan 1, 2019in IEEE Access4.098
· DOI :10.1109/ACCESS.2018.2886356
Zisis Tsiatsikas3
Estimated H-index: 3
(University of the Aegean),
Georgios Kambourakis24
Estimated H-index: 24
(University of the Aegean)
+ 1 AuthorsHuaWang35
Estimated H-index: 35
(VU: Victoria University, Australia)
VoIP services, in general, and session initiation protocol (SIP) ones, in particular, continue to grow at a fast pace and have already become a key component of next-generation networks. Despite this proliferation, SIP-based services expose a large attack surface for perpetrators, especially those who seek to cause denial of service (DoS). While so far, a plethora of works in the literature have been devoted to the detection of DoS attacks in SIP ecosystems, the focus is on those which exploit SIP headers neglecting the message body. In an effort to fill this gap, this paper concentrates on the detection of DoS attacks, which, instead, capitalize on the session description protocol (SDP) part of SIP requests. To this end, we not only scrutinize this ilk of attacks and demonstrate their effect against the end-user but also develop an open-source extensible SDP parser module capable of detecting intentionally or unintentionally crafted SDP segments parasitizing in SIP requests. Following a firewall-based logic, currently, the parser incorporates 100 different rules organized in four categories (policies) based on the corresponding RFC 4566. Through extensive experimentation, we show that our scheme induces negligible overhead in terms of processing time when working as a software module in either the SIP proxy or a separate machine in front of the latter.
  • References (0)
  • Citations (2)
📖 Papers frequently viewed together
10 Citations
4 Authors (Ali Fessi, ..., Georg Carle)
17 Citations
78% of Scinapse members use related papers. After signing in, all features are FREE.
Cited By2
False data injection (FDI) attack is a hot topic in cyber-physical systems (CPSs). Attackers inject bad data into sensors or return false data to the controller to cause the inaccurate state estimation. Although there exists many detection approaches, such as bad data detector (BDD), sequence pattern mining, and machine learning methods, a smart attacker still can inject perfectly false data to go undetected. In this paper, we focus on the advanced false data injection (AFDI) attack and its dete...
#1Mourade AzrourH-Index: 3
#2Yousef FarhaouiH-Index: 3
Last. Azidine Guezzaz (Cadi Ayyad University)H-Index: 2
view all 3 authors...
In the last decade, Session Initiation Protocol (SIP) is the most popular application layer protocol created in order to manage multimedia sessions over IP protocol. SIP is not used only by telephony over IP (ToIP), but it can be used also by other in line application such as instant message, video conferences, and others. Since SIP inherits the security threats of IP which are added to SIP owner problems, the security of SIP services must be enhanced. Recently, we have designed a new SIP authen...