Collaborative scheme for VoIP traceback

Authors:
Hsien-Ming Hsu;Yeali S. Sun;Meng Chang Chen
Affiliations:
Dept. of Information Management, National Taiwan University, Taipei, Taiwan;Dept. of Information Management, National Taiwan University, Taipei, Taiwan;Dept. of Information Management, National Taiwan University, Taipei, Taiwan and Institute of Information Science, Academia Sinica, Taipei, Taiwan
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2011

Citing 10
Cited 0

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback

ACM Transactions on Information and System Security (TISSEC)
Pi: A Path Identification Mechanism to Defend against DDoS Attacks

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
A Simple Framework for Distributed Forensics

ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
VoIP Intrusion Detection Through Interacting Protocol State Machines

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A Collaborative Forensics Framework for VoIP Services in Multi-network Environments

PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

While voice over IP (VoIP) services have brought many desirable communication features to the general public, they have also become a medium through which criminals communicate and conduct illegal activities e.g., fraud and blackmail without being intercepted by law enforcement agencies (LEAs). Previous research on IP traceback focused on tracking IP addresses on the network layer. The mechanisms developed thus far, however, require an inefficient and sometimes infeasibly large amount of router and network support. In this paper, we propose a collaborative forensics mechanism that cooperates with related network operators (NWO) and service providers (SvP) in tracing back VoIP calls without depending on routers throughout the full trace path. We discuss the various kinds of attacks of VoIP services and the characteristics of VoIP service requests as they pertain to those attacks. Additionally, we propose a procedure for identifying forged header field values (HFVs) on SIP requests, and introduce the concept of active forensics. This can lead to a reduction in the probability of important information being deleted by the time collaborative forensics is initiated, and thus assist law enforcement agencies in intercepting criminals. We also describe extended applications for traceback for attacks resulting in Distributed Denial of Service and those involving mobile phones.