A Formally Verified Mechanism for Countering SPIT

  • Yannis Soupionis
  • Stylianos Basagiannis
  • Panagiotis Katsaros
  • Dimitris Gritzalis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6712)


Voice over IP (VoIP) is a key technology, which provides new ways of communication. It enables the transmission of telephone calls over the Internet, which delivers economical telephony that can clearly benefit both consumers and businesses, but it also provides a cheap method of mass advertising. Those bulks unsolicited calls are known as SPam over Internet Telephony (SPIT). In this paper we illustrate an anti-SPIT policy-based management (aSPM) mechanism which can handle the SPIT phenomenon. Moreover, we introduce a formal verification as a mean for validating the effectiveness of the aSPM against its intended goals. We provide model checking results that report upper bounds in the duration of call session establishment for the analyzed anti-SPIT policy over the Session Initiation Protocol (SIP) and prove the absence of deadlocks.


Spam over Internet Telephony (SPIT) Policy management Model checking Formal verification Voice over IP (VoIP) 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sawda, S., Urien, O.: SIP security attacks and solutions: A state-of-the-art review. In: Proc. of the IEEE International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA 2006), vol. 2, pp. 3187–3191 (April 2006)Google Scholar
  2. 2.
    Rosenberg, J., Jennings, C.: The Session Initiation Protocol (SIP) and Spam, Network Working Group, RFC 5039 (January 2008)Google Scholar
  3. 3.
    Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT Calls by Checking Human Communication Patterns. In: Proc. of IEEE International Conference on Communications (ICC 2007), United Kingdom, pp. 1979–1984 (2007)Google Scholar
  4. 4.
    Graham-Rowe, D.: A Sentinel to Screen Phone Calls Technology. MIT Review (2006) (accessed November 8, 2009)Google Scholar
  5. 5.
    Soupionis, Y., Dritsas, S., Gritzalis, D.: An adaptive policy-based approach to SPIT management. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 446–460. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Holzmann, G.: The model checker SPIN. IEEE Transaction on Software Engineering 5/23, 279–295 (1997)CrossRefGoogle Scholar
  7. 7.
    The SPIN model checker website, (last access: May 23, 2010)
  8. 8.
    Basagiannis, S., Katsaros, P., Pombortsis, A.: Intrusion Attack Tactics for the Model Checking of e-Commerce Security Guarantees. In: Saglietti, F., Oster, N. (eds.) SAFECOMP 2007. LNCS, vol. 4680, pp. 238–251. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Holzmann, G.: The SPIN Model Checker - Primer and Reference Manual. Addison Wesley, Reading (2003)Google Scholar
  10. 10.
    Walsh, T., Kuhn, D.: Challenges in securing voice over IP. National Institute of Standard and Technology (NIST), USAGoogle Scholar
  11. 11.
    Sloman, M., Lupu, E.: Security and management policy specification. IEEE Network, Special Issue on Policy-Based Networking 16(2), 10–19 (2002)Google Scholar
  12. 12.
    Strembeck, M.: Embedding policy rules for software-based systems in a requirements context. In: Proc. of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2005 (June 2005)Google Scholar
  13. 13.
    Rosenberg, J., et al.: Session Initiation Protocol (SIP), RFC 3261 (June 2002)Google Scholar
  14. 14.
    Cisco Systems, Session Initiation Protocol gateway call flows and compliance information SIP messages and methods overview,
  15. 15.
  16. 16.
    SER server version 2.0, (retrieved March 20, 2009)
  17. 17.
  18. 18.
    Twinkle softphone, (retrieved August 25)
  19. 19.
    SIPP traffic generator for the SIP protocol, (retrieved September 30, 2009)
  20. 20.
    Zave, P.: Understanding SIP through model-checking. In: Schulzrinne, H., State, R., Niccolini, S. (eds.) IPTComm 2008. LNCS, vol. 5310, pp. 256–279. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Liu, L.: Verification of the SIP Transaction Using Coloured Petri Nets. In: Proc. of the 32nd Australasian Computer Science Conference, New Zealand, January 19-23, pp. 63–72 (2009)Google Scholar
  22. 22.
    Schaeffer-Filho, A., Lupu, E., Sloman, M., Eisenbach, S.: Verification of Policy-based Self-Managed Cell Interactions Using Alloy. In: Proc. of the 10th IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2009), UK (July 2009)Google Scholar
  23. 23.
    Godefroid, P.: Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem, p. 142 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Yannis Soupionis
    • 1
  • Stylianos Basagiannis
    • 2
  • Panagiotis Katsaros
    • 2
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security and Critical Infrastructure Protection Research Group, Dept. of InformaticsAthens University of Economics and Business (AUEB)AthensGreece
  2. 2.Dept. of InformaticsAristotle University of ThessalonikiThessalonikiGreece

Personalised recommendations