Skip to main content

At Your Service 24/7 or Not? Denial of Service on ESInet Systems

  • 253 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12927)

Abstract

Emergency calling services are a cornerstone of public safety. During the last few years such systems are transitioning to VoIP and unified communications, and are continuously evolving under the umbrella of organizations, including NENA and EENA. The outcome of this effort is NG911 or NG112 services operating over the so-called Emergency Services IP network (ESInet). This work introduces and meticulously assesses the impact of an insidious and high-yield denial-of-service (DoS) attack against ESInet. Contrariwise to legacy SIP-based DoS, the introduced assault capitalizes on the SDP body of the SIP message with the sole purpose of instigating CPU-intensive transcoding operations at the ESInet side. We detail on the way such an attack can be carried out, and scrutinize on its severe, if not catastrophic, impact through different realistic scenarios involving a sufficient set of codecs. Finally, highlighting on the fact that 911 or 112 calls cannot be dropped, but need to be answered as fast as possible, we offer suggestions on how this kind of assault can be detected and mitigated.

Keywords

  • Emergency services
  • ESInet
  • NENA
  • EENA
  • NG9-1-1
  • NG1-1-2
  • DDoS
  • VoIP
  • SIP
  • SDP
  • Transcoding
  • Codec

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-86586-3_3
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   44.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-86586-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   59.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Notes

  1. 1.

    In rare cases, say, due to the use of a “recvonly”, or “sendonly” call flow attribute in the SDP body [13], the communication will be unidirectional, thus, if transcoding is required, its cost will be associated with the translation of one stream.

  2. 2.

    Narrowband codecs offer a simple voice quality of 8 kHz, which most of the times is enough for a typical PSTN voice communication. Wideband, super-wideband, or fullband codecs offer an increased sound quality and improved compression technology, thus reducing the required bandwidth and preserving sound fidelity. Their main drawback is related to the DSP cycles which are consumed in the compression process.

References

  1. NENA: NENA detailed functional and interface standards for the NENA i3 solution (2016). https://cdn.ymaws.com/www.nena.org/resource/resmgr/standards/NENA-STA-010.2_i3_Architectu.pdf. Accessed 21 Nov 2020

  2. EENA: EENA operations document, 112 PSAPs technology (2014). https://eena.org/document/112-psaps-technology/. Accessed 21 Nov 2020

  3. Kumar Subudhi, B.S., et al.: Performance testing for VoIP emergency services: a case study of the EMYNOS platform. Procedia Comp. Sci. 151, 287–294 (2019)

    CrossRef  Google Scholar 

  4. Geneiatakis, D., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Comm. Surv. Tutorials 8(3), 68–81 (2006)

    CrossRef  Google Scholar 

  5. Keromytis, A.D.: A survey of voice over IP security research. In: Information Systems Security, pp. 1–17 (2009)

    Google Scholar 

  6. Tsiatsikas, Z.: Detection and prevention of denial of service attacks in SIP and SDP. Ph.D. dissertation, University of the Aegean (2019)

    Google Scholar 

  7. Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. J. Net. Comp. Appl. 33(1), 16–28 (2010)

    CrossRef  Google Scholar 

  8. Karopoulos, G., Kambourakis, G., Gritzalis, S.: PrivaSIP: ad-hoc identity privacy in SIP. Comp. Stand. Int. 33(3), 301–314 (2011)

    CrossRef  Google Scholar 

  9. Karopoulos, G., Fakis, A., Kambourakis, G.: Complete SIP message obfuscation: PrivaSIP over Tor, pp. 217–226 (2014)

    Google Scholar 

  10. Fakis, A., Karopoulos, G., Kambourakis, G.: OnionSIP: preserving privacy in SIP with onion routing. J. Univ. Comp. Sci. 23(10), 969–991 (2017)

    Google Scholar 

  11. FCC wireless 911 requirements. https://transition.fcc.gov/. Accessed 21 Nov 2020

  12. T432 massif\(^{\rm TM}\) ultra-dense video transcoder. https://netint.ca/product/t432_transcoder/. Accessed 21 Nov 2020

  13. Handley, M., et al.: SDP: “Session Description Protocol,” RFC 4566 (Proposed Standard), Internet Engineering Task Force, July 2006

    Google Scholar 

  14. Okumura, S., et al.: “Session Initiation Protocol (SIP) Usage of the Offer/Answer Model,” RFC 6337, August 2011

    Google Scholar 

  15. Reaves, B., et al.: AuthentiCall: efficient identity and content authentication for phone calls. In: USENIX Security 2017, 16–18 August 2017, pp. 575–592 (2017)

    Google Scholar 

  16. MicroSIP - Open source portable SIP softphone for Windows based on PJSIP stack. https://www.microsip.org/. Accessed 21 Nov 2020

  17. Bandwidth calculator. https://www.asteriskguru.com/tools/bandwidth_calculator.php. Accessed 21 Nov 2020

  18. Tsiatsikas, Z., et al.: The devil is in the detail: SDP-driven malformed message attacks and mitigation in SIP ecosystems. IEEE Access 7, 2401–2417 (2019)

    CrossRef  Google Scholar 

  19. NENA: Understanding NENA’s i3 architectural standard for ng9-1-1 (2011). https://cdn.ymaws.com/www.nena.org/resource/collection/2851C951-69FF-40F0-A6B8-36A714CB085D/08-003_Detailed_Functional_and_Interface_Specification_for_the_NENA_i3_Solution.pdf. Accessed 21 Nov 2020

  20. Liberal, F., et al.: European NG112 crossroads: toward a new emergency communications framework. IEEE Commun. Mag. 55(1), 132–138 (2017)

    CrossRef  Google Scholar 

  21. Athanasopoulos, E., et al.: Antisocial networks: turning a social network into a Botnet. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 146–160. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_10

    CrossRef  Google Scholar 

  22. Avaya. Avaya j100 series IP phone overview and specifications. https://downloads.avaya.com/css/P8/documents/101054321. Accessed 21 Nov 2020

  23. Gxv3275 IP multimedia phone for android, user guide. http://www.grandstream.com/sites/default/files/Resources/gxv3275_user_guide.pdf. Accessed 21 Nov 2020

  24. Cisco 8800 series. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/MPP/8800/english/AG/p881_b_8800-mpp-ag_new.pdf. Accessed 21 Nov 2020

  25. Yealink SIP-T58V. https://www.yealink.com/upfiles/products/201707/1500365354909.pdf. Accessed 21 Nov 2020

  26. Tu, H., Doupé, A., Zhao, Z., Ahn, G.: SOK: everyone hates robocalls: a survey of techniques against telephone spam. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016. IEEE Computer Society, pp. 320–338 (2016). https://doi.org/10.1109/SP.2016.27

  27. Kamailio SIP Server. http://www.kamailio.org/w/. Accessed 21 Nov 2020

  28. What is RTPengine? https://github.com/sipwise/rtpengine. Accessed 21 Nov 2020

  29. Gibson, J.D.: Challenges in Speech Coding Research, pp. 19–39. Springer, New York (2015)

    Google Scholar 

  30. Guri, M., Mirsky, Y., Elovici, Y.: 9-1-1 DDoS: attacks, analysis and mitigation. In: EuroS&P. IEEE 2017, pp. 218–232 (2017)

    Google Scholar 

  31. Audiocodes session border controllers. https://www.audiocodes.com/. Accessed 21 Nov 2020

  32. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    CrossRef  Google Scholar 

  33. Robertson, J., et al.: DarkWeb cyber threat intelligence mining. In: CUP, USA (2017)

    Google Scholar 

  34. Stanek, J., et al.: SIPp-DD: SIP DDoS flood-attack simulation tool. ICCCN 2011, 1–7 (2011)

    Google Scholar 

  35. DDoS attack tools: seven common DDoS attack tools used by hackers. https://security.radware.com/ddos-knowledge-center/ddos-attack-types/common-ddos-attack-tools/. Accessed 21 Nov 2020

  36. Hong, K., et al.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2018)

    CrossRef  Google Scholar 

  37. Shtern, M., et al.: Towards mitigation of low and slow application DDoS attacks. In: IEEE International Conference on Cloud Engineering 2014, pp. 604–609 (2014)

    Google Scholar 

  38. Tripathi, N., Hubballi, N.: Slow rate denial of service attacks against HTTP/2 and detection. Comput. Secur. 72, 255–272 (2018)

    CrossRef  Google Scholar 

  39. Combating Spoofed Robocalls with Caller ID Authentication. https://www.fcc.gov/call-authentication. Accessed 21 Nov 2020

  40. EENA Technical Committee: Security and Privacy Issues in NG112 (2017). https://eena.org/document/ng112-security-privacy-issues. Accessed 21 Nov 2020

  41. Cybersecurity and I.S. Agency: Cyber risks to ng9-1-1 (2019). https://www.cisa.gov/sites/default/files/publications/NG911CybersecurityPrimer.pdf. Accessed 21 Nov 2020

  42. Quaddi, C., et al.: Hacking 911: Adventures in Disruption, Destruction, and Death. https://www.defcon.org/images/defcon-22/dc-22-presentations/Quaddi-R3plicant-Hefley/DEFCON-22-Quaddi-R3plicant-Hefley-Hacking-911-UPDATED.pdf. Accessed 21 Nov 2020

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Zisis Tsiatsikas .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Tsiatsikas, Z., Kambourakis, G., Geneiatakis, D. (2021). At Your Service 24/7 or Not? Denial of Service on ESInet Systems. In: Fischer-Hübner, S., Lambrinoudakis, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2021. Lecture Notes in Computer Science(), vol 12927. Springer, Cham. https://doi.org/10.1007/978-3-030-86586-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86586-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86585-6

  • Online ISBN: 978-3-030-86586-3

  • eBook Packages: Computer ScienceComputer Science (R0)