A Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol

Intesab Hussain, Soufiene Djahel, Dimitris Geneiatakis, Farid Nait-Abdesselam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

Session Initiation Protocol (SIP) is a widely used protocol for voice and video communication in Internet architecture. Due to its open nature and the lack of robust security mechanisms, SIP is vulnerable to several attacks similar to those existing in Internet infrastructure, such as the flooding attack. An attacker can use any SIP request to launch a flooding attack, leading to severe consequences at either client or server side SIP elements or both of them. In this context, end user's devices are considered more vulnerable to flooding attacks due to their limited capabilities. In this paper, we focus on INVITE flooding attack for which we propose a simple and robust detection scheme. This scheme prevents an attacker from launching an INVITE flood through a transition state table used by the proxy to analyse the incoming INVITE requests and exclude the suspicious ones. Our scheme requires also that the end-user keeps track of the time and IP addresses of each incoming request. Furthermore, we modify the header of the REGISTER request by adding a new field named Critical number which holds the value of maximum number of users or callers that could easily be handled by the end user. Unlike the existing solutions, our scheme does not require any special detection device or firewall at the SIP server. The proposed mechanism has been implemented in SIP Express Router (SER) and the obtained results have confirmed its effectiveness.

Original languageEnglish
Title of host publicationProceedings of 2013 6th Joint IFIP Wireless and Mobile Networking Conference, WMNC 2013
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages5
ISBN (Electronic)9781467356169, 9781467356145
ISBN (Print)9781467356152
DOIs
Publication statusPublished - 27 Jun 2013
Externally publishedYes
Event6th Joint IFIP Wireless and Mobile Networking Conference - Dubai, United Arab Emirates
Duration: 23 Apr 201325 Apr 2013
Conference number: 6

Conference

Conference6th Joint IFIP Wireless and Mobile Networking Conference
Abbreviated titleWMNC 2013
Country/TerritoryUnited Arab Emirates
CityDubai
Period23/04/1325/04/13

Cite this