A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks

被引：0

作者：

Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand ^{[1
]}

机构：

[1] Department of Computer Science and Software Engineering, University of Canterbury, Christchurch

来源：

Int. J. Internet Protoc. Technol. | 2008年 / 2卷 / 128-135期

关键词：

Digest authentication; Iptables; SIP; Stateful and stateless connection; VoIP flooding attack;

D O I：

10.1504/IJIPT.2008.020470

中图分类号：

学科分类号：

摘要：

This paper proposes a novel method to address the protection necessary to mitigate flooding attacks in VoIP networks which can produce rapid saturation of a firewall and crippling of a VoIP switch. The paper proposes a stateless firewall nonce checking mechanism as an extension to the existing (stateful) SIP digest authentication. This combination aims to form a more secure and flood-resistant authentication scheme for SIP-based VoIP systems. The proposed mechanism has been implemented on a Linux iptables firewall and the experimental results demonstrate proof-of-concept showing that by incorporating this mechanism it is possible to provide substantially improved SIP-based flooding mitigation. Copyright © 2008, Inderscience Publishers.

引用

页码：128 / 135

页数：7

共 14 条

[1]

Attila W., Torsten B., Thomas S., Linux implementation and evaluation of a cooperation mechanism for hybrid wireless networks, Local Computer Networks, Proceedings 2006 31st IEEE Conference on, pp. 939-946, (2006)

[2]

Elwell J., Connected Identity in the Session Initiation Protocol (SIP), (2007)

[3]

Franks J., Hallam-Baker P., Hostetler J., Lawrence S., Leach P., Luotonen A., Stewart L., HTTP Authentication: Basic and Digest Access Authentication, (1999)

[4]

Geneiatakis D., Dagiuklas T., Kambourakis G., Lambrinoudakis C., Gritzalis S., Ehlert K.S., Sisalem D., Survey of security vulnerabilities in session initiation protocol, communications surveys and tutorials, IEEE, 8, 3, pp. 68-81, (2006)

[5]

Geneiatakis D., Kambourakis G., Dagiuklas T., Lambrinoudakis C., Gritzalis S., SIP security mechanisms: A state-of-the-art review, Proc. 5th International Network Conference (INC), pp. 147-155, (2005)

[6]

Jackson W., NIST Prepares to Hash out New Standard, (2007)

[7]

Kuhn D.R., Walsh T., Fries S., Security Considerations for Voice Over IP systems, NIST SP, pp. 800-858, (2005)

[8]

McGann S., Sicker D.C., An analysis of security threats and tools in SIP-based VoIP systems, 2nd Workshop on Securing Voice over IP, (2005)

[9]

(2008)

[10]

Rescorla E., SSL and TLS - Designing and Building Secure Systems, pp. 32-36, (2000)

← 1 2 →