Model-checking DoS amplification for VoIP session initiation

Ravinder Shankesi, Musab Alturki, Ralf Sasse, Carl A. Gunter, José Meseguer

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Current techniques for the formal modeling analysis of DoS attacks do not adequately deal with amplification attacks that may target a complex distributed system as a whole rather than a specific server. Such threats have emerged for important applications such as the VoIP Session Initiation Protocol (SIP). We demonstrate a model-checking technique for finding amplification threats using a strategy we call measure checking that checks for a quantitative assessment of attacker impact using term rewriting. We illustrate the effectiveness of this technique with a study of SIP. In particular, we show how to automatically find known attacks and verify that proposed patches for these attacks achieve their aim. Beyond this, we demonstrate a new amplification attack based on the compromise of one or more SIP proxies. We show how to address this threat with a protocol change and formally analyze the effectiveness of the new protocol against amplification attacks.

Original languageEnglish (US)
Title of host publicationComputer Security - ESORICS 2009 - 14th European Symposium on Research in Computer Security, Proceedings
Number of pages16
StatePublished - 2009
Event14th European Symposium on Research in Computer Security, ESORICS 2009 - Saint-Malo, France
Duration: Sep 21 2009Sep 23 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5789 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other14th European Symposium on Research in Computer Security, ESORICS 2009

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Model-checking DoS amplification for VoIP session initiation'. Together they form a unique fingerprint.

Cite this