Overview of SIP Attacks and Countermeasures

The Security threats to current circuit switched networks dedicated to a single voice application such as the Public Switched Telephone Network (PSTN) are considered minimal. However, in open environments such as the Internet, conducting an attack on voice applications such as Voice over IP (VoIP) is much simpler. This is because VoIP services such as Session Initiation Protocol (SIP) are using servers that are reachable through the Internet. The aim of SIP is to provide the same functionality as traditional PSTN over the Internet. SIP service is implemented in either software or hardware and can suffer similar security threats as HTTP or any publicly available service on the Internet such as buffer overflow, injection attack, hijacking, etc. These attacks are simple to mount, with minimal charges or no cost to the attacker. This paper describes various possible security threats that a VoIP provider could encounter and the impact of these threats on the VoIP infrastructure. In addition, this paper investigates current solutions and mitigation techniques for VoIP attacks in order to provide more reliable VoIP services. The SIP taxonomy presented in the paper can be used as a baseline model to evaluate a SIP product against current and future vulnerabilities and gives a number of possible countermeasures that can be used to mitigate the threats.