A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks

被引:0
作者
Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand [1 ]
机构
[1] Department of Computer Science and Software Engineering, University of Canterbury, Christchurch
来源
Int. J. Internet Protoc. Technol. | 2008年 / 2卷 / 128-135期
关键词
Digest authentication; Iptables; SIP; Stateful and stateless connection; VoIP flooding attack;
D O I
10.1504/IJIPT.2008.020470
中图分类号
学科分类号
摘要
This paper proposes a novel method to address the protection necessary to mitigate flooding attacks in VoIP networks which can produce rapid saturation of a firewall and crippling of a VoIP switch. The paper proposes a stateless firewall nonce checking mechanism as an extension to the existing (stateful) SIP digest authentication. This combination aims to form a more secure and flood-resistant authentication scheme for SIP-based VoIP systems. The proposed mechanism has been implemented on a Linux iptables firewall and the experimental results demonstrate proof-of-concept showing that by incorporating this mechanism it is possible to provide substantially improved SIP-based flooding mitigation. Copyright © 2008, Inderscience Publishers.
引用
收藏
页码:128 / 135
页数:7
相关论文
共 44 条
  • [21] Design and implementation of SIP-based AOCE
    Deng Zhenrong
    Huang Wenming
    Tang Zhenbo
    2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 5, 2009, : 81 - +
  • [22] Design of SIP-based IMPP client
    Park, SO
    Hyun, W
    Huh, MY
    Han, JC
    Kang, SG
    6TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS 1 AND 2, PROCEEDINGS: BROADBAND CONVERGENCE NETWORK INFRASTRUCTURE, 2004, : 741 - 744
  • [23] An efficient scheme for supporting personal mobility in SIP-based VoIP services
    Wang, Tsan-Pin
    Chiu, KauLin
    IEICE TRANSACTIONS ON COMMUNICATIONS, 2006, E89B (10) : 2706 - 2714
  • [24] An ontology-based policy for deploying secure SIP-based VoIP services
    Geneiatakis, Dimitris
    Lambrinoudakis, Costas
    Kaymbourakis, Georgios
    COMPUTERS & SECURITY, 2008, 27 (7-8) : 285 - 297
  • [25] An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
    Zhang, Ruishan
    Wang, Xinyuan
    Yang, Xiaohui
    Farley, Ryan
    Jiang, Xuxian
    INFORMATION SECURITY PRACTICE AND EXPERIENCE, PROCEEDINGS: 5TH INTERNATIONAL CONFERENCE, ISPEC 2009, 2009, 5451 : 59 - +
  • [26] Security of SIP-Based Infrastructure against Malicious Message Attacks
    Shrestha, Ajay Kumar
    8TH INTERNATIONAL CONFERENCE ON SOFTWARE, KNOWLEDGE, INFORMATION MANAGEMENT AND APPLICATIONS (SKIMA 2014), 2014,
  • [27] Design of an Enhanced Redundant SIP Model for Securing SIP-Based Networks
    Rasol, Mohammad
    Al Saidat, Saleem
    2019 IEEE/ACS 16TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA 2019), 2019,
  • [28] Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems
    Ormazabal, Gaston
    Nagpal, Sarvesh
    Yardeni, Eilon
    Schulzrinne, Henning
    PRINCIPLES, SYSTEMS AND APPLICATIONS OF IP TELECOMMUNICATIONS: SERVICES AND SECURITY FOR NEXT GENERATION NETWORKS, 2008, 5310 : 107 - +
  • [29] A Bayesian change point model for detecting SIP-based DDoS attacks
    Kurt, Baris
    Yildiz, Cagatay
    Ceritli, Taha Yusuf
    Sankur, Bulent
    Cemgil, Ali Taylan
    DIGITAL SIGNAL PROCESSING, 2018, 77 : 48 - 62
  • [30] A Design and Implementation of SIP-Based Distance Education System
    Wang, Yujiao
    Lin, Haiyun
    CEIS 2011, 2011, 15
12345