DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Billing attacks on SIP-based VoIP systems
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree
Computer Communications
Hi-index | 0.00 |
For commercial VoIP services, billing is crucial to both service providers and their subscribers. One of the most basic requirements of any billing function is that it must be accurate and trustworthy. A reliable VoIP billing mechanism should only charge VoIP subscribers for the calls they have really made and for the durations they have called. Existing VoIP billing is based on the underlying VoIP signaling and media transport protocols. Hence, vulnerabilities in VoIP signaling and media transports can be exploited to compromise the trustworthiness of the billing of VoIP systems. In this paper, we analyze several deployed SIP-based VoIP systems, and present three types of billing attacks: call establishment hijacking, call termination hijacking and call forward hijacking. These billing attacks can result in charges on the calls the subscribers have not made or overcharges on the VoIP calls the subscribers have made. Such billing attacks essentially cause inconsistencies between what the VoIP subscribers have received and what the VoIP service provider has provided, which would create hard to resolve disputes between the VoIP subscribers and service providers. Our empirical results show that VoIP subscribers of Vonage, AT&T and Gizmo are vulnerable to these billing attacks.