Security Aspects of Sip Based Voip Networks: A Survey: V.Srihari P.Kalpana

2nd International Conference on Current Trends in Engineering and Technology, ICCTET14
143
Security Aspects of SIP based VoIP Networks: A

Survey
V.Srihari
P.Kalpana
Department of Electronics and Communication Engineering

PSG College of Technology
Coimbatore, India
srihari.sse@gmail.com
Department of Electronics and Communication Engineering

PSG College of Technology
Coimbatore, India
kalpana@ece.psgtech.ac.in
R.Anitha
Department of Applied Mathematics & Computational Sciences
PSG College of Technology, Coimbatore, India
3
anitha_nadarajan@mail.psgtech.ac.in
Abstract Voice over Internet Protocol (VoIP) has become a
very popular technology as it allows the users to make phone
calls over the public internet. Some of its predominant features
such as efficiency, cost-effectiveness and long distance
communication made VoIP to stand apart from the traditional
Public Switched Telephone Networks (PSTN). Session Initiation
Protocol (SIP) is the contemporary signaling protocol used in
VoIP Networks. The protocol itself is vulnerable to most of the
threats that happen in VoIP Networks. Regardless to register
highly scalable incidents, it is widely considered by experts as the
futuristic target for attackers. This survey provides extensive and
comprehensive analysis of various security threats faced by VoIP
Networks. Also this paper exemplifies major defense mechanisms
and their proposed techniques to combat the threats. Apart from
that, this paper discusses open-source tools that can be simulated
to conduct experiments. The main objective of this work is to
motivate the researchers of VoIP domain to commence with
novel defense techniques to overcome the threats.
Keywords Voice over Internet Protocol, Session Imitation
Protocol, Denial of Service attacks, Spam over Internet Telephony,
Defense Mechanism, VoIP Tools
I. INTRODUCTION
Voice over Internet Protocol (VoIP) is a promising
technology that allows users to make telephone calls using
internet connection instead of analog telephone. The
accomplishment of VoIP technology is obtained by changing
the paradigm from Public Switched Telephone Networks
(PSTN) to IP Networks. The impelling logic behind this
phenomenon is the higher bandwidth, cheaper call rates,
integration among various services, better scalability and
disaster recovery offered by the latter compared to the
previous. To be precise, telecommunication markets started
accepting this migration from circuit switched to packet
switched telephone networks [1]. Due to these reasons, VoIP
find itself applicable both in commercial and consumer
markets. The main advantage for end user and business
IEEE 2014
IEEE Conference Number - 33344
July 8, 2014, Coimbatore, India.
community is monetary economy: users can save their penny

by using IP phone than the traditional phone service. Secondly,
users can enjoy variety of features like voicemail, caller ID,
call conferencing, call waiting and call forwarding [2]. Apart
from that, business vendors are introducing new features in
their products to compete themselves in the market. Also, one
more noteworthy point is that VoIP is not an isolated world but
it is a wrapper on the IP Networks and it can even converge
with Cellular Communication Networks. The integration of IP
Networks with PSTN Network is endeavored with the help of
Network Gateways.
Though VoIP collaborates with lots of protocol,
protocols related to signaling part is more vital for
telecommunication to happen. Session Initiation Protocol (SIP)
has been adapted as the signaling protocol to handle
multimedia sessions (voice and video) and hence given
importance in this paper. RFC 3261 is an IETF standard
defined for SIP protocol. The protocol design itself is
vulnerable enough for security threats to happen [3]. In
general, surveyed vulnerabilities can be spaced into traditional
threat space of Confidentiality, Integrity and Availability
(CIA). An in-depth analysis is made on the major security
threats that compromise CIA on VoIP Networks [4]. Among
them, major threats that are considered to be highly hazardous
are acquainted in the latter part of this work.
Some of the attack incidents that happened based on
the above mentioned threats are listed below. The first incident
that came into the limelight is the VoIP trojan called
Trojan.Peskyspy [5]. This trojan records VoIP Communication
specifically targeting skype. To be precise, this threat actually
grabs all the sound from audio devices that are plugged into the
computer. It does so by hooking various Windows API calls
that are used in audio input and output. This trojan has a
backdoor that will communicates the stolen audio
conversations to the predefined location. In May 2010, FBI
recorded the traces of Telephone Denial of Service attacks [6].

The perpetrators are suspected of using automated dialing
programs and multiple accounts to overwhelm the land and cell
phone lines of their victims with thousands of calls. When the
calls are answered, the victim may hear anything from dead air,
an innocuous recorded message or an advertisement. Till date
the massive DDoS attacks on Internet Telephony is witnessed
by Telepacific Communications during March 2011 [7]. These
attacks happened with a flood of invalid VoIP registration
requests from the internet.
Survey on Security approach on VoIP is not
entirely new. There are certain appreciated works and are listed
below. P. Rowe [8] provides agenda of security threats and
justifies that the occurrence of them is due to converged
network and multimedia communications. S. McGann and D.
C. Sicker [9] explores the VoIP security tools that are
quintessential for Security professional and bridges the gap that
exists between these tool and vulnerabilities in VoIP. D.
Geneiatakis et al. [3] conceives that most of the attacks and
threats that happen in VoIP Networks are due to vulnerabilities
in SIP protocol. Also, author stresses more on negative
influence of SIP attacks and demands the need for efficient
protection mechanisms. D. Butcher et al. [10] provides the
overview of VoIP technology, security issues faced by VoIP
infrastructure and solutions that guide the future research. E. B.
Fernandez et al. [11] glimpses that several issues will occur
with the convergence of multimedia (voice and video) over the
packet based data communication. Apart from that, author
offers several security design patterns that can block many of
the possible attacks. A. D. Keromytis [12] provides the
roadmap for the researchers to understand existing capabilities
and to identify the gaps in addressing the numerous threats and
vulnerabilities present in the VoIP systems. R. Dantu et al. [13]
justifies that security problems arise due to the widespread
deployment of VoIP. Also the author proposes the high level
security architecture that captures each feature at each
boundary-network-element in the VoIP infrastructure. In this
paper, we additionally provide state-of-the-art defense
mechanisms in SIP based VoIP networks and certain glimpse
on open source tools to pursue experiments.
The main objective of this survey paper is twofold and
summarized as below:
a) To facilitate the researcher to acquire the overview of
VoIP Networks and to get deep insight into various
security threats that hamper them.
b) To serve VoIP Research community by bringing out
novel and robust defense mechanisms to thwart
security threats and the existing challenges in them.
The rest of the paper is organized as follows: Section 2
depicts the protocols that are associated with VoIP Networks.
Section 3 briefly explains the SIP Background with Network
Components, Communication flow and vulnerabilities
associated with them. Security threats that are associated with
SIP protocol in Section 4 and defense mechanisms to thwart
IEEE 2014
144
SIP based attacks in Section 5. Section 6 describes the open

source tools to simulate and analyze VoIP Networks. Section 7
projects the overall outline of the review work and section 8
concludes the paper.
II. VOIP PROTOCOLS
VoIP is not a single technology but rather the
platform created over the already existing protocols and
techniques. Hence the study on the protocols S. Karapantazis
and F. Pavlidou [14] that are associated with VoIP is
quintessential. Major functioning of VoIP Networks is
classified into 3 headers and the protocols associated with them
(table 1) are investigated.
Signaling Protocols: These protocols deal with the call
establishment, maintenance and termination between the users.
Other tasks performed by Signaling protocol are Call control,
Detection and notification of caller hangup, Provision of call
information, call transfer and message waiting information.
Media and Transport Protocols: Here, the protocols deal with
the actual transmission of data, voice and video. In terms of
technical aspect, voice is digitized, converted to stream of
packets and then transferred to the Internet medium.
Gateway Protocols: These protocols assist to converge IP
Network with the PSTN. Some of the tasks performed by
Gateway protocol are address translation, access control and
bandwidth management.
III. SIP OVERVIEW
Session Initiation Protocol (SIP) is a signaling
protocol used to create, establish and terminate multimedia
sessions between the participants [15]. SIP is an application
layer protocol and is text-based similar to that of HTTP
protocol. SIP is designed by Internet Engineering Task Force
(IETF) and the permanent element of IP Multimedia
Subsystem (IMS). Since majority of the security threats are
associated with the SIP protocol, we have provided painstaking
analysis of the SIP protocol.
A. SIP Network Components
The major components of SIP Network and its architecture
are given below:
User Agents: User agents are generally caller and callee
who are making communication with each other. In case of
multicast network, there may be n number of callers and callee.
Registration Server: User agents should be registered with
Registration Server to participate in the network. It is basically
a database consisting of locations and user preferences.
Proxy Server: Receives the requests, process the message
and forwards it towards the current location of the callee.
Redirect Server: A redirect Server receives the request and
informs callers UA about the next hop server. The callers UA
then contacts the next hop server directly.SIP Communication
flow
Figure.1. SIP Communication flow

TABLE 1. VOIP PROTOCOLS, PURPOSE AND ITS DESCRIPTION
Protocol/Purpose
Description
H.323/Signaling
H.323 is a Signaling protocol developed by ITU-T to support call setup, breakdown and forward. The main
components of H.323 are Terminals, Multipoint Control Units (MTU), Gateways and Border elements. It
uses binary representation for messages and it is not scalable for wide networks.
SIP/Signaling
Session Initiation Protocol (SIP) [16] is a signaling protocol developed by IETF to create, modify and
terminate sessions with one or more participants. It is a text-based similar to that of HTTP protocol and its
major components are User agents, Proxy Server and Registration server.
IAX/Signaling & Media
Inter-Asterisk eXchange protocol (IAX) [17] is a combination of both signaling and media protocol running
on the same port. The commands and parameters are sent in binary format and supports trunking and
multiplexing over a single channel.
RTP/RTCP /Media
Real-time Transport Protocol (RTP) [18] supports the real-time transfer of media (voice and video) over IP
networks developed by IETF. RTPs main goal is to deliver the contents on time and can tolerate some
packet loss to achieve its goal.
MGCP/Gateway
Media Gateway Control Protocol (MGCP) [19] defines communication between user agents and telephony
gateways. It offers centralized gateway administration and provides large scale IP telephony solutions.
RTSP/Media
Real-time Streaming Protocol (RTSP) [20] is a network control protocol designed for use in entertainment
and communications to control streaming media transfer.
SDP/Media
Session Description Protocol (SDP) [21] is designed for the purpose of session announcement, session
invitation etc. Some of the information conveyed by Session Description protocol are Session name and
purpose, Address and port number, Start and stop time and contact number
RSVP/QoS
Resource Reservation Protocol (RSVP) [22] can prioritize and guarantee latency to specific IP streams. It is
also designed to operate with current and future unicast and multicast routing protocols.
SAP/Advertisement
Session Announcement Protocol (SAP) is designed [23] to advertise multicast conferences and other
multicast sessions. Using SAP, senders periodically broadcast SDP descriptions to a well-known multicast
address and port.
IEEE 2014
145
Figure.1 shows the typical example of basic

communication flow (Open Source VoIP Software) between
two user agents in VoIP Networks. Alice calls Bob using
Uniform Resource Identifier (URI) and hence sends INVITE
request addressed to Bobs URI. The INVITE request contains
number of header fields that provides additional information
about the message. In technical aspect, invite message is
accessed by proxy server, which checks the callers registration
database, location of callee and forward the invitation to the
callee. During this process, Proxy will intimate Alice by
sending the Trying message. Once it reaches Bob, it will
intimate Alice by sending the Ringing message. If the callee
accepts the call, then the Ok message is intimated to Alice. Bob
can also reject the call and conclude the session. Now Alice
acknowledges the Bob by sending the ACK message to the
Alice. Currently, session is established between them and both
the users can directly communicate without the interaction of
Proxy Server. Once the communication is over, both the parties
can conclude the session by sending BYE and OK message
respectively. The major message headers that are present in
each and every message are described in table 2.
C. Vulnerability in SIP protocol
Before the actual transfer of media contents, there are
three messages (INVITE, OK, ACK) to establish the 3-way
handshake between the participants [24]. Attacker will create
spoofed IP address and request a connection to the SIP server.
Since it is an invalid request, Server will be searching for the
caller to send OK message. At this instant, attacker will send
the innumerable call requests with invalid message headers.
SIP Server will be drained up and hence flooding occurs in
VoIP Networks.
IV. SECURITY THREATS IN SIP
The
features,
functions
and
sophisticated
infrastructure discussed in the previous sections dont imply
that VoIP are completely flawless. Because of its primitive
advantage of economical and functional nature, VoIP
Networks are widely applied both for commercial and personal
purposes [25]. VoIP Networks are subjected to security threats
[26] as they utilize public internet as the medium of
communication. Since, SIP follows 3-way handshake similar to
that of TCP protocol, it is prone to flooding attacks. Apart from
that, there are certain other high impact threats [27], [28]
occurring due to breaches in the protocol.
A. Flooding/DoS attack
The goal of any flooding attack is the consumption of system
resources like bandwidth, memory and CPU [29] in order to
TABLE 2. DESCRIPTION OF MESSAGE HEADERS
MESSAGE
DESCRIPTION
HEADER
Via
Contains the address at which Alice is expecting to receive

responses to that request. It also contains branch parameter
that identifies the transaction.
IEEE 2014
Max-Forwards
To
From
Call-ID
Cseq
Contact
Content-Type
ContentLength
146
Limits the number of hops a request can make on the way

to the destination
Contains the display name and SIP URI towards which the
request has to be forwarded
Display name that indicate the originator of the request
Unique identifier generated by the combination of a random
string and the host name or IP address.
Command Sequence contains an integer and method name.
Cseq is incremented for each new request.
Represents the direct route to contact Alice. Also tells other
elements to send future requests.
Contains the description of the message body
Contains the octet count of the message body
make service unavailable. From VoIP point of view, DoS

attack will drastically affect the business offered by telephone
service provider either by flooding end user, proxy server or
registration server [30]. Hence flooding attack compromises
the availability provided by VoIP though the service
availability offered by PSTN is 99.999%. The flooding attack
can be generated from a single or multiple sources. The later
utilizes large number of innocent host as reflectors and hence
flood the target machine by sending innumerable requests
[31].
B. SPam over IP Telephony (SPIT)
SPIT refers to the undesired, automated, pre-recorded, bulk
telephone calls made using Voice over IP (VoIP). SPIT works
on the same principle as email spam. To illustrate the working
of SIP, a 30 second voice-recorded call will be sent to
thousands of voice over IP addresses within seconds. SPIT will
undoubtedly become the next pervasive medium for spammers
due to its low associated costs. Once a persons IP telephony
number is published or harvested it could become a serious
threat to security and users privacy.
Based on the mode of function, SPIT is classified into two
groups:
The SPIT sent on-path is associated with SIP signaling. The
SPIT is sent through a normal signaling route by a spammer
who has registered to the VoIP service. In this scenario,
telemarketers registered to the VoIP service and create the
SPIT calls or message to the users.
The SPIT sent off-path is associated with SIP signaling.
The SPIT is sent through an abnormal signaling route by a
spammer who did not register to the VoIP service. In this case,
the spammer has not register to the VoIP service and creates
SPIT message or call by using dictionary attack or sniffing.
C. Billing/Toll Fraud
Billing is one of the primitive aspects of any
commercial appliances and it signifies the relationship
between subscriber and service provider. In VoIP, billing
should exactly match the tariff selected by the subscriber.
Hence for the service provider to be in market, billing function

should be reliable and accurate to the subscriber [32], [33].
The existing service providers face threat from attackers on
the billing function. The inherent nature of these attacks is due
to the vulnerabilities in the SIP protocol. Most of these attacks
will happen by means of Man-in-the-middle (MITM) between
SIP user and SIP service provider.
Four billing attacks [33] are proposed and are described
below:
InviteReplay attack makes unauthorized calls by
replaying the intercepted messages. FakeBusy attack hijack
VoIP calls of targeted VoIP subscriber and controls VoIP call
duration. ByeDelay attack transparently prolong the duration of
established calls between the targeted VoIP subscribers by
delaying the BYE messages. Byedrop prolongs the duration of
established calls between targeted VoIP subscribers by simply
dropping the BYE messages.
D. Interception/Eavesdropping
Eavesdropping in VoIP is the act of sniffing and
manipulating the voice and data packets between the
participants. It possesses similar threat as of Man-in-themiddle attack. The main reason for Eavesdropping is due to
open standards of the VoIP protocols and the simultaneous
transmission of data and voice packets in the network [40].
Also there are wide varieties of tools that are available to
perform such fraudulent operation. In order to get ride of this
attack completely, strong encryption is pre-requisite between
the participants. One more approach is to regularly scan the
components of network especially devices running in a
promiscuous node. Some of the specifications [34]
recommended by NIST are TLS or IPSec for encryption and
S/MIME for data integrity and confidentiality.
E. Registration Hijacking
An attacker hijacks the valid registration made by
User Agent to a Registration Server with rogue IP address.
Hence, this may result in the interception of incoming calls,
reroute, reply or terminate the calls. The main steps followed
by attacker to perform Registration hijacking are traffic
sniffing, extracting the REGISTER message and sending the
forged one to the registration server. It may results in the loss
of important calls and hence provides great damage to the
users and the company.
F. Voice Phishing/Vishing
Vishing is the practice of leveraging IP based voice
messaging technologies to social engineer the intended victim
to provide personal, financial or confidential information.
Vishing is derived by the combination of voice and phishing.
There are two ways to perform Vishing: a) impostor
impersonating as legitimate user call us directly to get the
personal information. b) Impostor send the mail requesting to
call and attain our basic information. The most valuable
information that are taken by visher are Credit Card details,
IEEE 2014
147
Personal Identification Number, Social Security Numbers and

Passport numbers.
V. DEFENSE MECHANISMS
To overcome the flooding (Denial of service)
attacks, lots of detection and defense mechanisms have been
proposed. An online statistical anomaly detection framework
[35] is proposed that generates alarms based on the abnormal
variations in a selected hybrid collection of traffic flows. To
be precise, the system computes probability distribution of
relative packet streams and anomaly packets are determined
based on Hellinger distance between their probability
distributions. The system instigates the detection system for
multiprotocol based VoIP service in a fast manner by
correlating among different protocol attributes. The main
limitation of this method is that, accuracy of the system is very
less to detect low rate attack. Also, the author addresses the
future work to conduct exhaustive experiments with different
VoIP traffic traces. [36] applies adaptive sequential changepoint method between SIP protocol attributes- INVITE/BYE
and 200 OK/ACK from the collected network traffic. This
method can detect very subtle attack traffic from the normal
SIP protocol traffic. The main features of this method are it
achieves very small delay, high rate and low false alarm rate
of VoIP specific DoS detection. One of the drawbacks of this
method is that it is hazy in detecting low-rate flooding attacks.
Bloom filter based monitor is designed [37] and a new metric
called session distance is introduced to provide effective
detection scheme against flooding attacks. Bloom filter
basically provides space efficient data structure to store a
specific set of elements and tests the existence of particular
member in a data structure. A new metric named Session
distance is introduced to measure the one-one mapping
between the INVITE and ACK fields. The main advantage of
this method is that, the system is intended to offer abundant
resistance to highly hazardous flooding attacks in the future.
An online intrusion detection framework [38] is illustrated to
detect flooding attacks. The framework includes evolutionary
and non-evolutionary classifiers that can detect low intensity
SIP floods in real time. One more noteworthy aspect of this
paper is that certain guidelines are provided to customize the
Intrusion Detection framework by selecting appropriate
classifiers based on the requirements. Also, the proposed idea
is suitable to investigate threats related to flooding attacks and
the author plans to extend this work to address the other
threats in IMS. Double-layered Security architecture [39] is
proposed to combat DoS attacks. First layer provides essential
security checks against TCP/IP related attacks and the second
layer provides core security against SIP related attacks. The
proposed mechanism is very robust and effective but
constrained to detect only SIP related DoS attacks.
Some of the mechanisms in the literature to
combat SPIT are listed below. E. M. Nahum et al. [40]
proposed the two hidden Turing Tests: silence checking and
answer length checking to differentiate human callers from

SPIT generators without the knowledge of the caller.
Experimental works affirm the feasibility and scalability of the
proposed methods. Paper also state the constraints to check the
failure rate as only limited SPIT call records are available for
testing. A brief review on threats, attacks and SPIT
management techniques, frameworks and mechanisms are
provided in [41]. The proposed framework combines the
strength of existing systems and additional components to
thwart the insufficiencies in the proposed system. Further,
evaluation scheme provides insight to select the combinational
mechanisms to mitigate the SPIT attacks in a given context.
An online monitoring approach [42] is proposed to distinguish
between normal and attack in SIP based VoIP environments.
The system uses 38 features in VoIP and classifies the features
using SVM. Proposed mechanism can effectively detect the
flooding and SPIT attacks and the author plans to detect other
VoIP attacks as future work. An innovative and effective
method [43] that can distinguish SPIT calls by introducing the
trust and reputation among the participants is proposed. The
algorithm dynamically integrates the trust with the reputation
and makes comprehensive evaluation of SPIT calls. Multi stage
adaptive spam filter [44] based on location, mode, time, trust
and reputation is suggested to detect spam in voice calls. This
model is also based on the human intuitive behavior to detect
spam based on called partys direct and indirect relationship
with the calling party. A Semi-supervised clustering [45]
approach with legitimate calls and SPIT calls is applied to the
call features. System is designed in such away that it is
adaptable to new environment without the need to manually
configure the system parameters. The main limitations of this
Category
148
work are scalability issue and it often requires feedback to

achieve high detection rates.
An Intrusion Detection system gathers and analyzes
information within a computer or network to identify possible
security breaches. The major operations of Intrusion Detection
are monitoring both user and system activities, analyzing
system configurations and vulnerabilities, assessing system and
file integrity, ability to recognize patterns of attacks and
tracking user policy violations. This section covers the research
papers governing the Intrusion Detection Systems in VoIP
Networks to thwart the vulnerabilities from different protocol
layers. H. Sengar et al. [46] introduced the protocol state
machine to identify protocol states and state transitions. To be
precise, the formal model of finite state machine is extended
and applied for Intrusion Detection in VoIP Networks. The
proposed IDS is designed to work and interact with crossprotocols to defend the intrusions. Some other noteworthy
aspects are it can monitor thousands of call at the unit time
with negligible impact on voice quality and high detection
accuracy. A Multilayered Intrusion Detection and Prevention
system [47] is proposed with VoIP honeypot and an application
layer event correlation engine. System can effectively combat
major attacks in VoIP such as SPIT, VoIP Phishing, DoS
attacks and other related attacks. Author aspires to extend this
work by performing more real-time test and performance
evaluation in future. Two tasks are designed in [48] stateful
and cross-protocol IDS for single component IDS while task is
extended to form distributed and correlation based IDS. The
author concludes to detect spams in Peer-to-peer VoIP systems
as a prospective task.
TABLE 3. VOIP TOOLS

List of Tools and its Purpose
User Agent Tools
Ekiga [68] - free VoIP client software developed for GNOME and Windows user
Linphone [57] - open source phone licensed by GNU General Public License (GPL) and can run in
platform like Windows, Linux, Mac OS, Android and Blackberry
Proxy Server Tools
SIP Express Router (SER) [58] - one of the initiators for SIP proxy server and it can be configured to
act as SIP registrar, proxy or redirect server.
OpenSER/OpenSIPS [59] - widely applied as VoIP Service provider, SIP trunking, SIP load balancing
and SIP router.
Sniffing Tools
AuthTool - Tool that attempts to determine the password of the user by analyzing the SIP traffic.
Etherpeek - general purpose VoIP and Ethernet sniffer.
VoIPong - Detects all VoIP calls on a pipeline and dumps conversation to separate wav files
VOMIT - converts CISCO IP phone conversation to wave file and can be played with any sound
players
Wireshark - widely used multi-platform network traffic analyzer
Scanning and Enumeration Tools
nmap - open source network port scanner

SiVuS - SIPVicious Tool Suite: svmap performs sip scanning; svwar scans the list of IP address for a
given range and svcrack acts as password cracker
SIPScan - SIP user name enumerator using INVITE, REGISTER and OPTION methods
SCTPScan - enumerates open SCTP ports from the remote host
Packet Creation and Flooding Tools
IAXFlooder - A packet flooder that creates IAX packets

INVITE Flooder - Send a flurry of SIP INVITE messages to a phone or proxy
RTP Flooder - Creates well formed RTP Packets that can flood a phone or proxy
IEEE 2014
149
SIPp - Open Source test tool / traffic generator for the SIP protocol
SIPBomber - SIP protocol testing tool for Linux
Signal Manipulation Tools
VI.
BYE Teardown - attempts to disconnect an active VoIP conversation by spoofing the SIP BYE
message from the receiving party
SIP-kill - Sniff for SIP-INVITEs and tear down the call
SIPRougue - multifunctional SIP proxy that can be inserted between two talking parties
OPEN SOURCE TOOLS
In order to comprehend the working mechanism of

VoIP Network, appropriate tools are selected. There are lot of
open source tools [49-51] that are available and are accessible
to researchers and telecommunication engineers. VoIP Testbed
is formed with the proper blend of tools to conduct experiments
and to visualize them in a real time. Table 3 highlights the
plethora of tools and their purpose for experiments.
VII. OVERALL SUMMARY
This paper summarizes the research work undergone
on the security threats and its defense mechanisms concerned
with VoIP Networks. There are 8 attack vectors {Flooding/DoS
attack, SPam over IP Telephony, Billing/Toll Fraud,
Registration Hijacking, Voice Phishing/Vishing, SIP Redirect,
SIP bye attack, SQL Injection Attack} that are briefly discussed
in this work. Though there are many protocols associated with
VoIP Networks, SIP is predominant because it initiates the call
between the parties. About 6 of the attacks will happen due to
vulnerabilities in the SIP protocol. Hence most of the detection
approaches proposed will defend around the SIP layer to
prevent the threats assaulting the network. There are about 51
references that are cataloged and conferred in this work. Most
of the reference works are dealt with the prevention scheme
against flooding and SPIT attacks and hence highlights the
importance of active research in these sub-domains.
Eventhough there are already available survey works
emphasizing the security threats governed with VoIP Networks,
this paper is of more recent cadre and hence provides
contemporary advances in this domain. This work will acquaint
the researchers who are willing to explore the security concerns
of VoIP Networks.
VII. CONCLUSION
In this paper, a brief survey on the protocols widely
used, architecture, prototype model and open source tools in
VoIP Networks is addressed. An in-depth analysis of security
issues and the available detection mechanisms are presented.
Most of the threats in VoIP Networks are due to vulnerable
nature in the design of SIP protocol. This survey work stands as
a gateway to address the resolvable issues that may hamper the
growth of this sophisticated technology. There is a massive
requirement from the society to solve these security issues and
the researchers who are willing to pursue in area of VoIP
Networks will appreciate this work.
REFERENCES
IEEE 2014
[1] G. Scheets, M. Parperis, and R. Singh, Voice over the internet: a

tutorial discussing problems and solutions associated with
alternative transport, IEEE Communications Surveys &
Tutorials, Vol. 6, No. 2, pp. 1-10, 2004.
[2] S. Karapantazis and F. N. Pavlidou , VoIP: A comprehensive
survey on a promising technology, Computer Networks, Vol. 53,
No. 12, pp. 2050-2090, 2009.
[3] D. Geneiatakis, T. Dagiuklas, G. Kambourakis, C.
Lambrinoudakis, S. Gritzalis, S. Ehlert and D. Sisalem, Survey
of security vulnerabilities in session initiation protocol, IEEE
Communications Surveys and Tutorials, Vol. 8, No. 1-4, pp. 6881, 2006.
[4] A. D. Keromytis, Voice over IP: Risks, threats and
vulnerabilities, Cyber Infrastructure Protection, 2009.
[5] Trojan.Peskyspy.[online]http://www.symantec.com/connect/blog
s/trojanpeskyspy-listening-your-conversations
[6] Phone
Calls
Distract
Consumers
from
Genuine
theft.[online]http://www.fbi.gov/newark/pressreleases/2010/nk051110.htm
[7] Telepacific
Communications
tell
VoIP
floods.[online]http://www.networkworld.com/news/2011/100411
-ddos-voip-251553.html
[8] P. Rowe, VoIP - Extra threats in the Converged Environment,
Network Security, Vol. 7, pp. 12-16, 2005.
[9] S. McGann and D. C. Sicker, An analysis of security threats and
tools in SIP-Based VoIP Systems, 2nd Workshop on Securing
Voice over IP, 2005.
[10] D. Butcher, X. Li and J. Guo, Security Challenge and Defense in
VoIP Infrastructures, IEEE Transactions on systems, man and
cybernetics, Vol. 37, No. 6, pp. 1152-1162, 2007.
[11] E. B. Fernandez, J. C. Pelaez and M. M. Larrondo-Petrie,
Security Patterns for VoIP Networks, International MultiConference on Computing in the Global Information
Technology (Page: 33 Year of Publication: 2007 ISBN: 0-76952798-1).
[12] A. D. Keromytis, A Comprehensive Survey of VoIP Security
Research, IEEE Communication Surveys & Tutorials, Vol. 14,
No. 2, pp. 514-537, 2012
[13] R. Dantu, S. Fahmy, H. Schulzrinne, and J. Cangussu, Issues and
Challenges in Securing VoIP, Computers & Security, Vol. 28,
No. 8, pp. 743-753, 2009.
[14] S. Karapantazis, F. Pavlidou, VoIP: A comprehensive survey on
a promising technology, Journal on Computer Networks, Vol.
53, No. 12, pp. 2050 2090, 2009.
[15] T. J. Walsh and D. R. Kuhn, Challenges in Securing Voice over
IP, IEEE Security & Privacy, Vol. 3, 2005.
[16] J Rosenberg. Session Initiation Protocol (SIP), Internet
Engineering Task Force, RFC 3261, 2002.
[17] M. Spencer, B. Capouch, E. Guy, F. Miller and k Shumard, IAX:
Inter-Asterisk eXchange Version 2, RFC 5456, 2010.
[18] H. Schulzrinne, S. Casner, R. Frederick and V. Jacobson, RTP:
A Transport for Real-Time Applications, RFC 3550, 2003.

[19] F. Andreasen and B. Foster , Media Gateway Control Protocol
(MGCP) Version 1.0, RFC 3435, 2003.
[20] H. Schulzrinne, A. Rao and R. Lanphier, Real Time Streaming
Protocol (RTSP), RFC 2326, 1998.
[21] M. Handley and V. Jacobson, SDP: Session Description
Protocol, RFC 2327, 1998.
[22] A. Mankin, F. Baker, B. Braden, ODell, M. Romanow, A.
Weinrib and L. Zhang, Resource ReSerVation Protocol (RSVP),
RFC 2208, 1997.
[23] M. Handley, C. Perkins and E. Whelan, Session Announcement
Protocol, RFC 2974, 2000.
[24] W. Conner and K. Nahrstedt, Protecting SIP proxy servers from
Ringing based Denial of Service attacks, 10th International
Symposium on multimedia (Page: 340-347, Year of Publication:
2008 ISBN: 978-0-7695-3454-1).
[25] S. Chiappetta, C. Mazzariello, R. Presta and S. P. Romano, An
anomaly-based approach to the analysis of the social behavior of
VoIP users, Computer Networks, Vol. 57, No. 6, pp. 1545-1559,
2013.
[26] R. Arora and R. Jain, Voice over IP: Protocols and Standards,
Student Reports, 1999.
[27] A. D. Keromytis , Voice-over-IP Security: Research and
Practice, IEEE Security & Privacy Magazine, Vol. 8, No. 2, pp.
76-78, 2010.
[28] J. C. Pelaez, E. B. Fernandez and M. M. Larrondo-Petrie, Misuse
Patterns in VoIP, Security and Communication Networks, Vol. 2,
No. 6, pp. 635-653, 2009.
[29] D. Sisalem, J. Kuthan, S. Ehlert, Denial of Service Attacks
Targeting a SIP VoIP Infrastructure - Attack Scenarios and
Prevention Mechanisms, IEEE Networks Magazine, Vol. 20, No.
5, pp. 26-31, 2006.
[30] G. Macia-Fernandez, R. A. Rodriguez-Gomez and J. E. DiazVerdejo, Defense techniques for low-rate DoS attacks against
application servers, Journal of Computer Networks, Vol. 54, No.
15, pp. 2711-2727, 2010.
[31] J.Stanek and L. Kencl, SIPp-DD: SIP Flood-Attack Simulation
Tool,
20th
International
Conference
on Computer
Communications and Networks (Page: 1-7 Year of Publication:
2011 ISBN: 978-1-4577-0637-0).
[32] R. Zhang, X. Wang, X. Yang and X. Jiang, Billing Attacks on
SIP-based VoIP Systems, first USENIX workshop on offensive
technology (Page: 1-7 Year of Publication: 2007).
[33] R. Zhang, X. Wang, X. Yang and X. Jiang, On the billing
vulnerabilities of SIP-based VoIP Systems, Computer Networks,
Vol. 54, No. 11, pp. 1837-1847, 2010.
[34] Y. B. Lin, M. H. Tasi, Eavesdropping through mobile phone,
IEEE Transactions on Vehicular Technology, Vol. 56, No.6, pp.
3596-3600, 2007.
[35] H. Sengar, H. Wang, D. Wijesekara and S. Jajodia, Detecting
VoIP floods using Hellinger Distance, IEEE Transactions on
Parallel and Distributed Systems, Vol. 19, No. 6, pp. 794-805,
2008.
[36] H. Zhang, Z. Gu, C. Liu and T. Jie, Detecting VoIP specific
Denial of service using change-point method, Advanced
Communication Technology (Page: 1059-1064 Year of
Publication: 2009 ISBN: 978-89-5519-138-7).
[37] D. Geneiatakis, N. Vrakas and C. Lambrinoudakis, Utilizing
Bloom filters for detecting flooding attacks against SIP based
services, Computers and Security, Vol. 28, No. 7, pp. 578-591,
2009.
IEEE 2014
150
[38] Communication Technology (Page: 1059-1064 Year of

2009.
[40] services, Computers and Security, Vol. 28, No. 7, pp. 578-591,
2009.
[41] Communication Technology (Page: 1059-1064 Year of
2009.
[43] M. A. Akbar and M. Farooq, Application of Evolutionary
Algorithms in detection of SIP based flooding attacks,
proceedings of the Genetic and Evolutionary Computation
Conference (Page: 1419-1426 Year of Publication: 2009).
[44] S. Ehlert, G. Zhang, D. Geniatakis and G. Kambourakis, Two
layer Denial of service prevention on SIP VoIP Infrastructures,
Journal of Computer Communications, Vol. 31, No. 10, pp.
2443-2456, 2008.
[45] E. M. Nahum, J. Tracey and C.P. Wright, Evaluating SIP Proxy
Server Performance, ACM SIGMETRICS Performance
Evaluation Review, Vol. 35, No. 1, pp. 349-350, 2007.
[46] J. Quittek, Detecting SPIT calls by checking human
communication patterns, IEEE International Conference on
Communications (Page: 1979-1984 Year of Publication: 2007).
[47] D. Gritzalis and Y. Mallios, A SIP-oriented SPIT Management
framework, Computers & Security, Vol. 27, No. 5, pp. 136-153,
2008.
[48] M. Nassar, R. State and O. Festor, Monitoring SIP traffic using
Support Vector Machines, Proceedings of the Symposium on
Recent advances in Intrusion Detection (Page:. 311-330, Year of
Publication: 2008).
[49] H. G. Yu, W. Ying-You and Z. Hong, SPIT detection and
prevention method in VoIP environment, 3rd International
Conference on Availability, Reliability and Security (Page: 473478 Year of Publication: 2008 ISBN: 978-0-7695-3102-1).
[50] P. Kolan and R. Dantu, Socio-Technical Defense against Voice
spamming, ACM Transactions on Autonomous and Adaptive
Systems, Vol. 2, No. 1, 2007.
[51] H. Sengar, D. Wijesekera, H. Wang and S.Jajodia, VoIP
Intrusion Detection through Interacting Protocol State
Machines, International Conference on Dependable Systems and
Networks (Page: 393-402 Year of Publication: 2006).
[52] M. Nassar, S. Niccolini, R. State and T. Ewald, Holistic VoIP
intrusion detection and prevention system, International
Conference on Principles, Systems and Applicatons of IP
Telecommunications (Page: 1-9 Year of Publication: 2007).
[53] Y. S. Wu, V. Apte, S. Bagchi, S.Garg and N.Singh, Intrusion
Detection in Voice over IP Environments, International Journal
of Information Security, Vol. 8, No. 3, pp. 153-17, 2009.
[54] S. McGann and D.C. Sicker, An analysis of security threats and
tools in SIP-based VoIP systems, Second VoIP security
workshop, 2005.
[55] VoIP
Security
Tool
List.
[online]
http://www.voipsa.org/Resources/tools.php
[56] VoIP-Info.org. [online] www.voip-info.org

Security Aspects of Sip Based Voip Networks: A Survey: V.Srihari P.Kalpana

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security Aspects of Sip Based Voip Networks: A Survey: V.Srihari P.Kalpana

Uploaded by

Copyright:

Available Formats

2nd International Conference on Current Trends in Engineering and Technology, ICCTET14