Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept.

Slides:



Advertisements
Similar presentations
The leader in session border control for trusted, first class interactive communications.
Advertisements

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?
Traffic Analyst Complete Network Visibility. © 2013 Impact Technologies Inc., All Rights ReservedSlide 2 Capacity Calibration Definitive Requirements.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department.
NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
Testing SIP Services Over IP. Agenda  SIP testing – advanced scenarios  SIP testing - Real Life Examples.
© Verizon Copyright June 12, 2015 Columbia - Verizon Research Collaboration Secure SIP: Scalable DoS and ToS Prevention Mechanisms for SIP-based.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
DYSWIS1 Managing (VoIP) Applications – DYSWIS Henning Schulzrinne Dept. of Computer Science Columbia University July 2005.
May 23, 2006 Columbia Verizon Research Security: SIP Application Layer Gateway Eilon Yardeni Columbia University Gaston Ormazabal Verizon Labs.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
IRT Lab IP Telephony Columbia 1 Henning Schulzrinne Wenyu Jiang Sankaran Narayanan Xiaotao Wu Columbia University Department of Computer Science.
Data Security in Local Networks using Distributed Firewalls
(Geneva, Switzerland, September 2014)
ORBIT NSF site visit - July 14, Location-based Services & data propagation in ORBIT Henning Schulzrinne Dept. of Computer Science.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®
Colombo, Sri Lanka, 7-10 April 2009 Security & Regulatory Issues in NGN NK Goyal President, Communications & Manufacturing Association of India (CMAI)
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
IT Expo SECURITY Scott Beer Director, Product Support Ingate
Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.
ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Towards a Scalable and Secure VoIP Infrastructure Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David.
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Hemant Sengar, George Mason University
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks Patrick Traynor, William Enck, Patrick McDaniel, and Thomas La Porta | MobiCom.
Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.
Gaston Ormazabal Verizon Laboratories
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
ﺑﺴﻢﺍﷲﺍﻠﺭﺣﻣﻥﺍﻠﺭﺣﻳﻡ. Group Members Nadia Malik01 Malik Fawad03.
1 Pertemuan 03 Ancaman dan Serangan Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.
Agenda Why Cyber Security? Products, Projects and Services.
1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.
To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong DARPA.
Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.
SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Fortinet VoIP Security June 2007 Carl Windsor.
Network Security Marshall Leitem 11/30/04
Vonage use of Cloud-based Communication
Cisco Dumps PDF Implementing Cisco Network Security RealExamCollection.com.
A Testbed for Research and Development of Secure IP Multimedia Communication Services PI: Ram Dantu, Co-PIs: Elisa Bertino, Sonia Fahmy, Dipak Ghosal,
Henning Schulzrinne Gaston Ormazabal Eilon Yardeni Verizon Labs
Henning Schulzrinne Columbia University
Ingate & Dialogic Technical Presentation
Session 20 INST 346 Technologies, Infrastructure and Architecture
AT&T Dedicated Internet (ADI)
Presentation transcript:

Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept. of Computer Science Columbia University March 30, 2007

VoIP is Different No retransmission for voice data --> no recovery of lost data Real time application --> delay must be below 150 ms Merges traditional PSTN networks with IP --> new avenues for attacks on IP networks and PSTN Optimize security overhead such that it doesn’t impact delays Billing in VoIP services is different from PSTN –flat rate billing –multiple extensions Diagram from

VoIP Threat Taxonomy Scope of our research Refer to for more details on this taxonomyhttp://

Scope of Our Research Scope of current work

Previous Work Successfully implemented a large scale SIP-aware Firewall (using dynamic pinhole filtering) –The filter is used as a first-line of defence against DoS attacks at the network perimeter and it enforces the following: Only signalled media channels can traverse the perimeter End systems are protected against flooding of random RTP or other attacks. The RTP pinhole filtering approach is a good first-line of defense but… –The signalling port (5060) is subject to attack on the signalling infrastructure –This lead us to define the new problem...

VoIP Traffic Attack Traffic Untrusted DPPM sipd Trusted SIP RTP Filter IFilter II VoIP Traffic Attack Traffic Untrusted DPPM sipd Trusted SIP RTP Filter I Filter II Mitigation Solution Overview

Testing Results – With the Return Routability filter Call Rate (calls/sec)No. of Concurrent calls (load) Number of calls setup Number of calls dropped % calls dropped 112, % 5012, % 10012,0001,33110, % 1006,0001,2524, % 1004,0001,3442, % 1002,0001, % 2002,0001, % 3002,0001, %

Theft of Service Theft of service causes lost revenue and bad reputation –resources are abused causing monetary losses –unauthorized usage can degrade whole system’s performance Related theft of services attacks: –distributed denial of service on billing system –spoofing, content alteration, intrusion, platform attacks Checks to perform before establishing session: –enough funds, 800 numbers, emergency number –multimedia services, messages, etc. Possible theft of service scenarios: –using services without paying –illegal resource sharing for unlimited plans –compromised systems -- use third-party services –call spoofing and “vishing” Currently developing a test tool to identify weaknesses in deployed systems and lab prototypes

Benefits to Verizon and Columbia Technology Transfer to Verizon Labs –Set up a replica of Columbia testbed in Silver Spring VoIP lab for rapid SBC evaluation Licensing Agreement with CloudShield –Currently negotiating a Royalty Agreement to take technology to market Intellectual Property –Patents and Publications (NANOG)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.