Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Increasing SIP firewall performance by ruleset size limitation
Fraunhofer FOKUS, Berlin, Germany.
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
Fraunhofer FOKUS, Berlin, Germany.
2008 (English)In: Proceedings of the IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC 2008), IEEE conference proceedings, 2008, 1-6 p.Conference paper, Published paper (Refereed)
Abstract [en]

To protect SIP communication networks from attacks, especially flooding attacks like denial-of-service or message spam, intrusion detection systems (IDS) are deployed at the ingress point of the network to filter potential malicious traffic. A key issue of IDS performance is the operation of its firewall to block malicious user requests. Depending on the complexity of the firewall ruleset, filtering performance of the IDS can decrease considerably during high-load flooding situations. In this paper we propose a scheme to increase IDS firewall performance by merging several similar rules into more general ones and ignoring lesser relevant rules to limit the number of firewall rules. We formalise a mathematical model to compute new firewall rules and show exemplary with traffic from SIP VoIP communication networks how the calculation can be performed. If applied to a VoIP IDS, the scheme can increase firewall thoughput considerably, while retaining most of its effectiveness.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2008. 1-6 p.
National Category
Information Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-4077DOI: 10.1109/PIMRC.2008.4699868ISBN: 978-1-4244-2643-0 (print)ISBN: 978-1-4244-2644-7 (print)OAI: oai:DiVA.org:kau-4077DiVA: diva2:218642
Conference
the IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC 2008), Cannes
Available from: 2009-05-20 Created: 2009-05-20 Last updated: 2013-11-04Bibliographically approved
In thesis
1. Towards Secure SIP Signalling Service for VoIP applications: Performance-related Attacks and Preventions
Open this publication in new window or tab >>Towards Secure SIP Signalling Service for VoIP applications: Performance-related Attacks and Preventions
2009 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Current Voice over IP (VoIP) services are regarded less secure than the traditional public switched telephone network (PSTN). This is due to the fact that VoIP services are frequently deployed in an relatively open environment so that VoIP infrastructures can be easily accessed by potential attackers. Furthermore, current VoIP services heavily rely on other public Internet infrastructures shared with other applications. Thus, the vulnerabilities of these Internet infrastructures can affect VoIP applications as well. Nevertheless, deployed in a closed environment with independent protocols, PSTN has never faced similar risks.

The main goal of this licentiate thesis is the discussion of security issues of the Session Initiation Protocol (SIP), which serves as a signalling protocol for VoIP services. This work especially concentrates on the security risks of SIP related to performance. These risks can be exploited by attackers in two ways: either actively or passively. The throughput of a SIP proxy can be actively manipulated by attackers to reduce the availability of services. It is defined as Denial of Service (DoS) attacks. On the other hand, attackers can also profile confidential information of services (e.g., calling history) by passively observing the performance of a SIP proxy. It is defined as a timing attack. In this thesis, we carefully studied four concrete vulnerabilities existing in current SIP services, among which, three of them can lead to DoS attacks and one can be exploited for timing attacks. The results of our experiments demonstrate that these attacks can be launched easily in the real applications.

Moreover, this thesis discusses different countermeasure solutions for the attacks respectively. The defending solutions have all in common that they are influencing the performance, by either enhancing the performance of the victim during a DoS attack, or abating the performance to obscure the time characteristic for a timing attack. Finally, we carefully evaluated these solutions with theoretical analyses and concrete experiments.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2009. 118 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2009:27
Keyword
SIP, VoIP, Security
National Category
Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-4023 (URN)978-91-7063-250-1 (ISBN)
Presentation
2009-05-29, Karlstad Univeristy, Karlstad, 00:00 (English)
Opponent
Supervisors
Available from: 2009-05-22 Created: 2009-04-26 Last updated: 2011-11-03Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Zhang, Ge
By organisation
Department of Computer Science
Information Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 57 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf