An ontology-based policy for deploying secure SIP-based VoIP services
نویسندگان
چکیده
— Voice services over Internet Protocol (VoIP) are nowadays much promoted by telecommunication and Internet service providers. However, the utilization of open networks, like the Internet, raises several security issues that must be accounted for. On top of that, there are new sophisticated attacks against VoIP infrastructures that capitalize on vulnerabilities of the protocols employed for the establishment of a VoIP session (for example the Session Initiation Protocol-SIP). This paper provides a categorization of potential attacks against VoIP services, followed by specific security recommendations and guidelines for protecting the underlying infrastructure from these attacks and thus ensuring the provision of robust and secure services. In order to utilize (share) the aforementioned security guidelines and recommendations into different domains, it is necessary to have them represented in some formal way. To this end, ontologies have been used for representing the proposed guidelines and recommendations in the form of a unified security policy for VoIP infrastructures. This ontology-based policy has been then transformed to a First Order Logic (FOL) formal representation. The proposed ontology-based security policy can be applied in a real VoIP environment for detecting attacks against a SIP based service, but it can be also utilized for security testing purposes and vulnerabilities identification. The work presented in this paper has been focused to the SIP protocol. However, generalization to other signaling protocols is possible.
منابع مشابه
ملزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملAn ontology description for SIP security flaws
Voice over IP (VoIP) services based on the Session Initiation Protocol (SIP) gain ground as compared to other protocols like MGCP or H.323. However, the open SIP architecture constitutes the provided services vulnerable to various attacks, similar to those currently existing in Internet. The lack of a formal way to describe VoIP vulnerabilities hinders the development of tools that could be uti...
متن کاملBare PC SIP User Agent Implementation and Performance for Secure VoIP
Bare PC systems, which run applications without using any operating system (OS) or kernel, are immune to attacks targeting a specific OS. They also perform better than conventional systems due to their reduced overhead. We describe the design, implementation and performance of a SIP user agent (UA) for secure VoIP on a bare PC system. In particular, we discuss SIP functions and message handling...
متن کاملDetecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models
The Session Initiation Protocol (SIP) has been used widely for Voice over IP (VoIP) service because of its potential advantages, economical efficiency and call setup simplicity. However, SIP-based VoIP service basically has two main security issues, malformed SIP message attack and SIP flooding attack. In this paper, we propose a novel mechanism for SIP-based VoIP system utilizing rule matching...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 27 شماره
صفحات -
تاریخ انتشار 2008