D(e|i)aling with VoIP: robust prevention of DIAL attacks

Authors:
Alexandros Kapravelos;Iasonas Polakis;Elias Athanasopoulos;Sotiris Ioannidis;Evangelos P. Markatos
Affiliations:
Institute of Computer Science, Foundation for Research and Technology Hellas, Greece;Institute of Computer Science, Foundation for Research and Technology Hellas, Greece;Institute of Computer Science, Foundation for Research and Technology Hellas, Greece;Institute of Computer Science, Foundation for Research and Technology Hellas, Greece;Institute of Computer Science, Foundation for Research and Technology Hellas, Greece
Venue:
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Year:
2010

Citing 11
Cited 0

Random early detection gateways for congestion avoidance

IEEE/ACM Transactions on Networking (TON)
The click modular router

ACM Transactions on Computer Systems (TOCS)
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Tracking anonymous peer-to-peer VoIP calls on the internet

Proceedings of the 12th ACM conference on Computer and communications security
Exploiting open functionality in SMS-capable cellular networks

Proceedings of the 12th ACM conference on Computer and communications security
Present and Future Challenges Concerning DoS-attacks against PSAPs in VoIP Networks

IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
Mitigating attacks on open functionality in SMS-capable cellular networks

Proceedings of the 12th annual international conference on Mobile computing and networking
Billing attacks on SIP-based VoIP systems

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On attack causality in internet-connected cellular networks

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Detecting VoIP based DoS attacks at the public safety answering point

Proceedings of the 2008 ACM symposium on Information, computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We carry out attacks using Internet services that aim to keep telephone devices busy, hindering legitimate callers from gaining access. We use the term DIAL (Digitally Initiated Abuse of teLephones), or, in the simple form, Dial attack, to refer to this behavior. We develop a simulation environment for modeling a Dial attack in order to quantify its full potential and measure the effect of attack parameters. Based on the simulation's results we perform the attack in the real-world. By using a Voice over IP (VoIP) provider as the attack medium, we manage to hold an existing landline device busy for 85% of the attack duration by issuing only 3 calls per second and, thus, render the device unusable. The attack has zero financial cost, requires negligible computational resources and cannot be traced back to the attacker. Furthermore, the nature of the attack is such that anyone can launch a Dial attack towards any telephone device. Our investigation of existing countermeasures in VoIP providers shows that they follow an all-or-nothing approach, but most importantly, that their anomaly detection systems react slowly against our attacks, as we managed to issue tens of thousands of calls before getting spotted. To cope with this, we propose a flexible anomaly detection system for VoIP calls, which promotes fairness for callers. With our system in place it is hard for an adversary to keep the device busy for more than 5% of the duration of the attack.