Protecting SIP proxy servers from ringing-based denial-of-service attacks

William Conner; Klara Nahrstedt

doi:10.1109/ISM.2008.65

Protecting SIP proxy servers from ringing-based denial-of-service attacks

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.

Original language	English (US)
Title of host publication	Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008
Pages	340-347
Number of pages	8
DOIs	https://doi.org/10.1109/ISM.2008.65
State	Published - 2008
Event	10th IEEE International Symposium on Multimedia, ISM 2008 - Berkeley, CA, United States Duration: Dec 15 2008 → Dec 17 2008

Publication series

Name	Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008

Other

Other	10th IEEE International Symposium on Multimedia, ISM 2008
Country/Territory	United States
City	Berkeley, CA
Period	12/15/08 → 12/17/08

ASJC Scopus subject areas

Computer Graphics and Computer-Aided Design
Computer Science Applications
Electrical and Electronic Engineering

Online availability

10.1109/ISM.2008.65

Library availability

Discover UIUC Full Text

Cite this

Protecting SIP proxy servers from ringing-based denial-of-service attacks. / Conner, William; Nahrstedt, Klara.
Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008. 2008. p. 340-347 4741190 (Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Conner, W & Nahrstedt, K 2008, Protecting SIP proxy servers from ringing-based denial-of-service attacks. in Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008., 4741190, Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008, pp. 340-347, 10th IEEE International Symposium on Multimedia, ISM 2008, Berkeley, CA, United States, 12/15/08. https://doi.org/10.1109/ISM.2008.65

@inproceedings{dc12526854194601946e880bed64a782,

title = "Protecting SIP proxy servers from ringing-based denial-of-service attacks",

abstract = "As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.",

author = "William Conner and Klara Nahrstedt",

year = "2008",

doi = "10.1109/ISM.2008.65",

language = "English (US)",

isbn = "9780769534541",

series = "Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008",

pages = "340--347",

booktitle = "Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008",

note = "10th IEEE International Symposium on Multimedia, ISM 2008 ; Conference date: 15-12-2008 Through 17-12-2008",

}

TY - GEN

T1 - Protecting SIP proxy servers from ringing-based denial-of-service attacks

AU - Conner, William

AU - Nahrstedt, Klara

PY - 2008

Y1 - 2008

N2 - As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.

AB - As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.

UR - http://www.scopus.com/inward/record.url?scp=62949104348&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=62949104348&partnerID=8YFLogxK

U2 - 10.1109/ISM.2008.65

DO - 10.1109/ISM.2008.65

M3 - Conference contribution

AN - SCOPUS:62949104348

SN - 9780769534541

T3 - Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008

SP - 340

EP - 347

BT - Proceedings - 10th IEEE International Symposium on Multimedia, ISM 2008

T2 - 10th IEEE International Symposium on Multimedia, ISM 2008

Y2 - 15 December 2008 through 17 December 2008

ER -

Protecting SIP proxy servers from ringing-based denial-of-service attacks

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this