Probabilistic Model Checking of CAPTCHA Admission Control for DoS Resistant Anti-SPIT Protection

  • Emmanouela Stachtiari
  • Yannis Soupionis
  • Panagiotis Katsaros
  • Anakreontas Mentis
  • Dimitris Gritzalis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7722)


Voice over IP (VoIP) service is expected to play a key role to new ways of communication. It takes advantage of Internet Protocols by using packet networks to transmit voice and multimedia data, thus providing extreme cost savings. On the other hand, this technology has inherited drawbacks, like SPAM over Internet Telephony (SPIT). A well-established method to tackle SPIT is the use of CAPTCHAs. CAPTCHAs are vulnerable to Denial of Service (DoS) attacks, due to their excessive demands for bandwidth. We suggest that anti-SPIT protection should be combined with appropriate admission control policies, for mitigating the effects of DoS attacks. In order to identify how effective is this technique, we quantify the costs and the benefits in bandwidth usage through probabilistic model checking four different admission control policies. We conclude with comments on how appropriate is each policy in tackling DoS attacks.


admission control DoS CAPTCHA probabilistic model checking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cisco: Voice over ip per call bandwidth consumption. Document id 7934, Cisco Communication (February 2006)Google Scholar
  2. 2.
    Deshpande, T., Katsaros, P., Basagiannis, S., Smolka, S.A.: Formal analysis of the DNS bandwidth amplification attack and its countermeasures using probabilistic model checking. In: HASE, pp. 360–367. IEEE Computer Society (2011)Google Scholar
  3. 3.
    Fang, Y., Zhang, Y.: Call admission control schemes and performance analysis in wireless mobile networks. IEEE Transactions on Vehicular Technology 51(2), 371–382 (2002)CrossRefGoogle Scholar
  4. 4.
    Fred, S.B., Bonald, T., Proutiére, A., Régnié, G., Roberts, J.W.: Statistical bandwidth sharing: a study of congestion at flow level. In: SIGCOMM, pp. 111–122 (2001)Google Scholar
  5. 5.
    Gritzalis, D., Marias, G.F., Rebahi, Y., Soupionis, Y., Ehlert, S.: Spider: A platform for managing sip-based spam over internet telephony (spit). Journal of Computer Security 19(5), 835–867 (2011)CrossRefGoogle Scholar
  6. 6.
    Gritzalis, S., Gritzalis, D.: A digital seal solution for deploying trust on commercial transactions. Inf. Manag. Comput. Security 9(2), 71–79 (2001)CrossRefGoogle Scholar
  7. 7.
    Hinton, A., Kwiatkowska, M., Norman, G., Parker, D.: PRISM: A tool for automatic verification of probabilistic systems. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 441–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Jamin, S., Shenker, S., Danzig, P.B.: Comparison of measurement-based call admission control algorithms for controlled-load service. In: INFOCOM, pp. 973–980 (1997)Google Scholar
  9. 9.
    Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In: NSDI. USENIX (2005)Google Scholar
  10. 10.
    Lin, Y.B., Mohan, S., Noerpel, A.: Queueing priority channel assignment strategies for PCS hand-off and initial access. IEEE Transactions on Vehicular Technology 43(3), 704–712 (1994)CrossRefGoogle Scholar
  11. 11.
    Marias, G., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: Sip vulnerabilities and anti-spit mechanisms assessment. In: ICCCN, pp. 597–604 (2007)Google Scholar
  12. 12.
    Mitrou, L., Gritzalis, D., Katsikas, S.K., Quirchmayr, G.: Electronic voting: Constitutional and legal requirements, and their technical implications. In: Secure Electronic Voting. Advances in Information Security, vol. 7, pp. 43–60. Springer (2003)Google Scholar
  13. 13.
    Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting spit calls by checking human communication patterns. In: ICC, pp. 1979–1984. IEEE (2007)Google Scholar
  14. 14.
    Ramjee, R., Towsley, D., Nagarajan, R.: On optimal call admission control in cellular networks. Wireless Networks 3, 29–41 (1997)CrossRefGoogle Scholar
  15. 15.
    Rosenberg, J., Jennings, C.: The session initiation protocol (sip) and spam. Rfc 5039, Network Working Group (January 2008)Google Scholar
  16. 16.
    Sisalem, D., Kuthan, J., Ehlert, S.: Denial of service attacks targeting a sip voip infrastructure: attack scenarios and prevention mechanisms. IEEE Network 20(5), 26–31 (2006)CrossRefGoogle Scholar
  17. 17.
    Snyder, M.E., Sundaram, R., Thakur, M.: A game-theoretic framework for bandwidth attacks and statistical defenses. In: LCN, pp. 556–566. IEEE Computer Society (2007)Google Scholar
  18. 18.
    Soupionis, Y., Gritzalis, D.: Audio captcha: Existing solutions assessment and a new implementation for voip telephony. Computers & Security 29(5), 603–618 (2010)CrossRefGoogle Scholar
  19. 19.
    Soupionis, Y., Gritzalis, D.: Aspf: Adaptive anti-spit policy-based framework. In: ARES, pp. 153–160 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Emmanouela Stachtiari
    • 1
  • Yannis Soupionis
    • 2
  • Panagiotis Katsaros
    • 1
  • Anakreontas Mentis
    • 1
  • Dimitris Gritzalis
    • 2
  1. 1.Dependability & Security Group Dept. of InformaticsAristotle Un. of ThessalonikiGreece
  2. 2.Information Security And Critical Infrastructure Protection Research Group, Dept. of InformaticsAthens Univ. of Economics and BusinessAthensGreece

Personalised recommendations