Skip to main content
SpringerLink
Log in

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2013)

Abstract

As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats.

We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone.

To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., Haukka, T.: Security Mechanism Agreement for the SIP. RFC 3329 (January 2003)

    Google Scholar 

  2. Deng, X., Shore, M.: Advanced Flooding Attack on a SIP Server. In: Proc. of the Intl. Conf. on Availability, Reliability and Security (ARES), pp. 647–651. IEEE Computer Society (March 2009)

    Google Scholar 

  3. Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication. RFC 2617 (June 1999)

    Google Scholar 

  4. Geneiatakis, D., Dagiouklas, A., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., Sisalem, D.: Survey of Security Vulnerabilities in Session Initiation Protocol. IEEE Commun. Surveys and Tutorials 8(3), 68–81 (2006)

    Article  Google Scholar 

  5. Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Lambrinoudakis, C., Gritzalis, S.: SIP Security Mechanisms: A State-of-the-Art Review. In: Proc. of the 5th Intl. Netw. Conf. (INC), pp. 147–155. ACM (2005)

    Google Scholar 

  6. Geneiatakis, D., Vrakas, N., Lambrinoudakis, C.: Utilizing Bloom Filters for Detecting Flooding Attacks against SIP based Services. Computers & Security 28(7), 578–591 (2009)

    Article  Google Scholar 

  7. Herculea, M., Blaga, T., Dobrota, V.: Evaluation of Security and Countermeasures for SIP-Based VoIP Architecture, pp. 30–34 (August 2008)

    Google Scholar 

  8. Jaques, R.: Cyber-Criminals Switch to VoIP ‘Vishing’, http://www.vnunet.com/vnunet/news/2160004/cyber-criminals-talk-voip

  9. Kapravelos, A., Polakis, I., Athanasopoulos, E., Ioannidis, S., Markatos, E.P.: D(e|i)aling with VoIP: Robust Prevention of DIAL Attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 663–678. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Lee, C., Kim, H., Ko, K., Kim, J., Jeong, H.: A VoIP Traffic Monitoring System based on NetFlow v9. Intl. Journal of Advanced Science and Technology 4 (2009)

    Google Scholar 

  11. McGann, S., Sicker, D.C.: An Analysis of Security Threats and Tools in SIP-Based VoIP Systems. In: Proc. of the 2nd Workshop on Securing VoIP (June 2005)

    Google Scholar 

  12. Me, G., Verdone, D.: An Overview of Some Techniques to Exploit VoIP over WLAN. In: Proc. of 2006 Intl. Conf. on Digital Telecommun. (August 2006)

    Google Scholar 

  13. Moskalyuk, A.: US VoIP Market Shares (August 2006), http://blogs.zdnet.com/ITFacts/?p=11425

  14. Now, V.: Vonage Is Still # In VoIP Market Share (July 2006), http://www.voipnow.org/2006/07/vonage_is_still.html

  15. Reynolds, B., Ghosal, D.: Secure IP Telephony using Multi-layered Protection. In: Proc. of the 10th Netw. and Distrib. Syst. Security Symp. (NDSS) (February 2003)

    Google Scholar 

  16. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261

    Google Scholar 

  17. Seedorf, J., Beckers, K., Huici, F.: Single-Message Denial-of-Service Attacks Against Voice-over-Internet Protocol Terminals. Intl. Journal of Electronic Security and Digital Forensics 2, 29–34 (2009)

    Article  Google Scholar 

  18. Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: Denial of Service Attacks on IP Telephony. In: Proc. of the 14th IEEE Intl. Workshop on Quality of Service (IWQoS). IEEE Computer Society (June 2006)

    Google Scholar 

  19. Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP Intrusion Detection Through Interacting Protocol State Machines. In: Proc. of the Intl. Conf. on Dependable Syst. and Netw. (DSN), pp. 393–402. IEEE Computer Society (2006)

    Google Scholar 

  20. Soupionis, Y., Basagiannis, S., Katsaros, P., Gritzalis, D.: A Formally Verified Mechanism for Countering SPIT. In: Xenakis, C., Wolthusen, S. (eds.) CRITIS 2010. LNCS, vol. 6712, pp. 128–139. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Soupionis, Y., Gritzalis, D.: ASPF: Adaptive anti-SPIT Policy-based Framework. In: Proc. of the Intl. Conf. on Availability, Reliability and Security (ARES), pp. 153–160 (2011)

    Google Scholar 

  22. Soupionis, Y., Tountas, G., Gritzalis, D.: Audio CAPTCHA for SIP-based VoIP. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 25–38. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. State, R.: Remote eavesdropping with SIP Phone GXV-3000 (August 2007), http://www.voipsa.org/pipermail/voipsec_voipsa.org/2007-August/002424.html

  24. Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: Proc. of the 4th Intl. Conf. on Security and Privacy in Commun. Netw., pp. 1–11. ACM (2008)

    Google Scholar 

  25. Wu, Y.S., Bagchi, S., Garg, S., Singh, N., Tsai, T.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: Proc. of the Intl. Conf. on Dependable Syst. and Netw. (DSN), pp. 433–442. IEEE Computer Society (July 2004)

    Google Scholar 

  26. Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-in-the-Middle Attacks on VoIP from Remote Attackers. In: Proc. of the 4th Intl. Symp. on Information, Computer, and Commun. Security (ASIACCS), pp. 61–69. ACM (March 2009)

    Google Scholar 

  27. Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-Based VoIP Systems. In: Proc. of the 1st USENIX WOOT (August 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, George Mason University, Fairfax, VA, 22030, USA

    Ryan Farley & Xinyuan Wang

Authors
  1. Ryan Farley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Mathematics, Charles Sturt University, Wagga Wagga, NSW, Australia

    Tanveer Zia

  2. School of Information Technologies, University of Sydney, Darlington, NSW, Australia

    Albert Zomaya

  3. Department of Computing, Macquarie University, Australia, Australia

    Vijay Varadharajan

  4. Department of EECS, University of Michigan, Ann Arbor, MI, USA

    Morley Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Farley, R., Wang, X. (2013). Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04283-1_7

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04282-4

  • Online ISBN: 978-3-319-04283-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation