DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
A Mechanism for Ensuring the Validity and Accuracy of the Billing Services in IP Telephony
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
SIP intrusion detection and response architecture for protecting SIP-based services
ACS'08 Proceedings of the 8th conference on Applied computer scince
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Analysing Protocol Implementations
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
SecSip: a stateful firewall for SIP-based networks
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Designing attacks on SIP call set-up
International Journal of Applied Cryptography
On the billing vulnerabilities of SIP-based VoIP systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Speaker recognition in encrypted voice streams
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
D(e|i)aling with VoIP: robust prevention of DIAL attacks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
SIPA: generic and secure accounting for SIP
Security and Communication Networks
| Hi-index | 0.00 |
Billing is fundamental to any commercial VoIP services and it has direct impact on each individual VoIP subscriber. One of the most basic requirements of any VoIP billing function is that it must be reliable and trustworthy. From the VoIP subscriber's perspective, VoIP billing should only charge them for the calls they have really made and for the duration they have called. Existing VoIP billing is based on VoIP signaling. Therefore, any vulnerability in VoIP signaling is a potential vulnerability of VoIP billing. In this paper, we examine how the vulnerabilities of SIP can be exploited to compromise the reliability and trustworthiness of the billing of SIP-based VoIP systems. Specifically, we focus on the billing attacks that will create inconsistencies between what the VoIP subscribers received and what the VoIP service providers have provided. We present four billing attacks on VoIP subscribers that could result in charges on the calls the subscribers have not made or overcharges on the VoIP calls the subscribers have made. Our experiments show that Vonage and AT&T VoIP subscribers are vulnerable to these billing attacks.