Skip to main content
SpringerLink
Log in

Formal analysis for robust anti-SPIT protection using model checking

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Anti-SPIT policies counter the SPam over Internet Telephony (SPIT) by distinguishing bots launching unsolicited bulks of VoIP calls from human beings. We propose an Anti-SPIT Policy Management mechanism (aSPM) that detects spam calls and prevents VoIP session establishment by the Session Initiation Protocol (SIP). The SPIN model checker is used to formally model and analyze the robustness of the aSPM mechanism in execution scenarios with parallel SIP sessions. In case of a possible design flaw, the model checker provides a trace of the caught unexpected behavior (counterexample), that can be used for the revision of the mechanism’s design. Our SPIN model is parameterized, based on measurements from experiments with VoIP users. Non-determinism plays a key role in representing all possible anti-SPIT policy decisions, in terms of the SIP messages that may be exchanged. The model checking results provide evidence for the timeliness of the parallel SIP sessions, the absence of deadlocks or livelocks, and the fairness for the VoIP service users. These findings ensure robust anti-SPIT protection, meaning that the aSPM mechanism operates as expected, despite the occurrence of random SPIT calls and communication error messages. To the best of our knowledge, this is the first analysis for exhaustively searching security policy flaws, due to complex interactions between anti-SPIT measures and the SIP protocol services.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Walsh T., Kuhn D.: Challenges in securing voice over IP. IEEE Secur. Priv. 3(3), 44–49 (2005)

    Article  Google Scholar 

  2. Sawda, S., Urien, O.: SIP security attacks and solutions: a state-of-the-art review. In: Proceedings of the IEEE International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA ’06), vol. 2, pp. 3187–3191 (2006)

  3. Rosenberg, J., Jennings, C.: The session initiation protocol and spam. Network Working Group, RFC 5039 (2008)

  4. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: Session Initiation Protocol (SIP), RFC 3261 (2002)

  5. Marias, G., Dritsas, S., Theoharidou, M., Mallios, Y., Gritzalis, D.: SIP vulnerabilities and antiSPIT mechanisms assessment. In: Proceedings of the 16th IEEE International Conference on Computer Communications and Networks (ICCCN 2007), USA, pp. 597–604 (2007)

  6. Gritzalis D., Mallios Y.: A SIP-based SPIT management framework. Comput. Secur. 27(5–6), 136–153 (2008)

    Article  Google Scholar 

  7. Dritsas S., Soupionis Y., Theoharidou M., Mallios J., Gritzalis D. et al.: SPIT identification criteria implementations: effectiveness and lessons learned. In: Samarati, P. (eds) Proceedings of the 23rd International Information Security Conference (SEC-2008), pp. 381–395. Springer, Berlin (2008)

    Google Scholar 

  8. Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT calls by checking human communication patterns. In: Proceedings of IEEE International Conference on Communications (ICC’07), pp. 1979–1984 (2007)

  9. Graham-Rowe, D.: A Sentinel to screen phone calls technology, Technology review (http://www.technologyreview.com/read_article.aspx?id=17300&ch=infotech) (2006). Accessed 8 Nov 2010)

  10. Winslett, M.: Policy-driven distributed authorization: status and prospects. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 12–18 (2007)

  11. Soupionis Y., Dritsas S., Gritzalis D.: An adaptive policy-based approach to SPIT management. In: Lopez, J., Jajodia, S. (eds) Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS 2008), pp. 446–460. Springer, Berlin (2008)

    Google Scholar 

  12. Soupionis, Y., Basagiannis, S., Katsaros, P., Gritzalis, D.: A formally verified mechanism for countering SPIT. In: Xenakis C., Wolthusen S. (eds.) Proceedings of the 5th International Conference on Critical Information Infrastructure Security (CRITIS-2010), pp. 128–139, Springer (2010)

  13. Antispit Policy Schema (http://users.auth.gr/~basags/sip/AntiSpit_Policy_Schema_1.xsd)

  14. Quittek J., Niccolini S., Tarterelli S., Schlegel R.: Prevention of Spam over IP Telephony (SPIT). NEC Tech. J. 1(2), 114–119 (2006)

    Google Scholar 

  15. Agrawal, D., Giles, J., Lee, K.-W., Voruganti, K., Filali-Adib, K.: Policy-based validation of san configuration. In: Proceedings of International Workshop on Policies for Distributed Systems and Networks (2004)

  16. Agrawal, D., Calo, S., Giles, J., Lee, K.-W. Verma, D.: Policy management for networked systems and applications. In: Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (2005)

  17. Baralis E., Widom J.: An algebraic approach to static analysis of active database rules. ACM Trans. Database Syst. 25(3), 269–332 (2000)

    Article  Google Scholar 

  18. Sloman M., Lupu E.: Security and management policy specification. IEEE Network Special Issue on Policy-Based Networking 16(2), 10–19 (2002)

    Google Scholar 

  19. Gama, P., Ferreira P.: Obligation policies: an enforcement platform. In: Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY ’05) (2005)

  20. Basagiannis, S., Katsaros, P., Pombortsis, A.: Intrusion attack tactics for the model checking of e-Commerce security guarantees. In: Proceedings of the 26th International Conference on Computer Safety, Reliability and Security (SAFECOMP ’07), pp. 238–252, Springer, Berlin (2007)

  21. BasagiannisS. Katsaros S., Katsaros P., Pombortsis A.: Synthesis of attack actions using model checking for the verification of security protocols. Secur. Commun. J. 4(2), 147–161 (2011)

    Google Scholar 

  22. Lowe G., Roscoe A.: Using CSP to detect errors in the TMN protocol. IEEE Trans. Softw. Eng. 23(10), 659–669 (1997)

    Article  Google Scholar 

  23. Holzmann G.: The model-checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)

    Article  MathSciNet  Google Scholar 

  24. The SPIN model checker website (http://spinroot.com/) (2011). Accessed 23 May 2011

  25. Holzmann G.: The SPIN Model Checker—Primer and Reference Manual. Addison-Wesley, Reading, MA (2003)

    Google Scholar 

  26. ITU-T Recommendation H.323, Packet-based multimedia communications systems (2009)

  27. Zave, P.: Understanding SIP through model-checking. In: Proceedings of the 2nd International Conference on Principles, Systems and Applications of IP Telecommunications, pp. 256–279, Springer, Berlin (2008)

  28. Liu, L.: Verification of the SIP transaction using colored petri nets. In: Proceedings of the 32nd Australasian Computer Science Conference, pp. 63–72 (2009)

  29. Schaeffer-Filho, A., Lupu, E., Sloman, M., Eisenbach, S.: Verification of policy-based self-managed cell interactions using alloy. In: Proceedings of the 10th IEEE International Symposium on Policies for Distributed Systems and Networks (Policy-2009), pp.37–40 (2009)

  30. IEEE, IEEE Standard Glossary of Software Engineering Terminology, IEEE Standard 610.12-1990 (1990)

  31. Saad-Khorchef, F., Rollet, A., Castanet, R.: A framework and a tool for robustness testing of communicating software. In: Proceedings of the ACM Symposium on Applied Computing (SAC), pp. 1461–1466 (2007)

  32. Yin X., Wang Z., Jing C., Wu J.: A formal approach to robustness testing of network protocol with time constraints. Secur. Commun. Netw. 4(6), 622–632 (2011)

    Article  Google Scholar 

  33. Belli, F., Hollmann, A., Eric Wong, W.: Towards scalable robustness testing. In: Proceedings of the 4th International Conference on Secure Software Integration and Reliability Improvement, pp. 208–216 (2010)

  34. Laranjeiro, N., Vieira, M., Madeira, H.: Robustness validation in service-oriented architectures. In: Architecting Dependable Systems VI, pp. 98–123, LNCS 5835, Springer, Berlin (2009)

  35. Cisco Systems, Session Initiation Protocol gateway call flows and compliance information SIP messages and methods over- view (http://www.cisco.com/application/pdf/en/us/guest/products/ps4032/c2001/ccmigration_09186a00800c4bb1.pdf) (2011). Accessed 07 August 2011

  36. Cisco Systems, “SIP Messages and Methods Overview”. (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/rel_docs/sip_flo/preface.pdf) (2011). Accessed 07 August 2011

  37. SER Server, ver. 2.0 (http://www.iptel.org/ser) (2011). Retrieved 22 May 2011

  38. SIPp traffic generator for the SIP protocol (http://sipp.sourceforge.net/) (2010). Accessed 17 August 2010

  39. The SIP-aSPMv2 Model (http://users.auth.gr/~basags/sip/SIP-aSPMv2.prom)

  40. Völzer, H., Varacca, D., Kindler, E.: Defining fairness. In: Proceedings of 15th International Conference on Concurrency Theory (CONCUR), pp. 458–472, Springer, Berlin (2005)

  41. Sistla A.: Safety, liveness, and fairness in temporal logic. Formal Aspects Comput. 6, 495–511 (1994)

    Article  MATH  Google Scholar 

  42. Soupionis, Y., Gritzalis, D.: ASPF: an adaptive anti-SPIT policy-based framework. In: Pernul G., et al. (ed.) Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES-2011), pp. 153–160, Austria (2011)

Download references

Author information

Authors and Affiliations

  1. Information Security and Critical Infrastructure Protection Research Laboratory, Department of Informatics, Athens University of Economics and Business (AUEB), 76 Patission Ave., 10434, Athens, Greece

    Dimitris Gritzalis & Yannis Soupionis

  2. Dependability and Security Group, Department of Informatics, Aristotle University of Thessaloniki (AUTh), 54124, Thessaloniki, Greece

    Panagiotis Katsaros & Stylianos Basagiannis

Authors
  1. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Panagiotis Katsaros
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stylianos Basagiannis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yannis Soupionis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimitris Gritzalis.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gritzalis, D., Katsaros, P., Basagiannis, S. et al. Formal analysis for robust anti-SPIT protection using model checking. Int. J. Inf. Secur. 11, 121–135 (2012). https://doi.org/10.1007/s10207-012-0159-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-012-0159-4

Keywords

Search

Navigation