Towards Secure SIP Signalling Service for VoIP applications Performance-related Attacks and Preventions

Current Voice over IP (VoIP) services are regarded less secure than the traditional public switched telephone network (PSTN). This is due to the fact that VoIP services are frequently deployed in an relatively open environment, so that VoIP infrastructures can be easily accessed by potential attackers. Furthermore, current VoIP services heavily rely on other public Internet infrastructures shared with other applications. Thus, the vulnerabilities of these Internet infrastructures can affect VoIP applications as well. Nevertheless, deployed in a closed environment with independent protocols, PSTN has never faced similar risks. The main goal of this licentiate thesis is the discussion of security issues of the Session Initiation Protocol (SIP), which serves as a signalling protocol for VoIP services. This work especially concentrates on the security risks of SIP related to performance. These risks can be exploited by attackers in two ways: either actively or passively. The throughput of a SIP proxy can be actively manipulated by attackers to reduce the availability of services. These attacks are defined as Denial of Service (DoS) attacks. On the other hand, attackers can also profile confidential information of services (e.g., the calling history) by passively observing the performance of a SIP proxy. This is defined as a timing attack. In this thesis, we carefully studied four concrete vulnerabilities existing in current SIP services, among which, three of them can lead to DoS attacks and one can be exploited by timing attacks. The results of our experiments demonstrate that these attacks can be launched easily in real applications. Moreover, this thesis discusses different countermeasure solutions for the attacks respectively. The defending solutions have all in common that they are influencing the performance, by either enhancing the performance of the victim during a DoS attack, or abating the performance to obscure the time characteristic for a timing attack. Finally, we carefully evaluated these solutions with theoretical analyses and concrete experiments.