This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Columbia - Verizon Research CollaborationColumbia - Verizon Research CollaborationSecure SIP: Scalable DoS and ToS Prevention Mechanisms for Secure SIP: Scalable DoS and ToS Prevention Mechanisms for SIP-based VoIP Systems, and Validation Test ToolsSIP-based VoIP Systems, and Validation Test Tools
• Intellectual Property with SIX Patent Applications• Licensing Agreement
– Taken research quickly into marketplace – Five vendors interested
• Enhanced VoIP security through standards and vendor involvement– Worked with Verizon vendors to mitigate exposures
• Rolled the requirements and lessons learned into the Verizon security architecture and new element requirements database for procurement – Columbia requirements valid for VoIP, Presence and Multimedia
architectures• Setup laboratory facilities for VoIP security evaluations and product
development– In Columbia, prototype rapid development incubator– In Verizon, incorporated Columbia/Verizon collaborative test tools for a
more realistic complex IP-routed laboratory environment
Background & Research FocusBackground & Research Focus
• SIP is the VoIP protocol of choice for both wireline and wireless telephony
– Control protocol for the Internet Multimedia Systems (IMS) architecture
• VoIP services migrating to IP fast becoming attractive DoS and ToS targets
– DoS attack traffic traversing network perimeter reduces availability of signaling and media for VoIP– Theft of Service must be prevented to maintain service integrity
– Reduces ability to collect revenue and provider’s reputation both are at stake
• Verizon needs to solve security problem for VoIP services– Protocol-aware application layer gateway for RTP– SIP DoS/DDoS detection and prevention for SIP channel– Theft of Service Architectural Integrity Verification Tool
• Need to verify performance & scalability at carrier class rates – Security and Performance are a zero sum game
• Columbia likes to work in real life problems & analyze large data sets – Goal of improving generic architectures and testing methodologies– Columbia has world-renowned expertise in SIP
• Study VoIP DoS and ToS for SIP– Definition – define SIP specific threats– Detection – how do we detect an attack?– Mitigation – defense strategy and implementation– Validation – validate our defense strategy
• Generate requirements for future security network elements and prototypes
– Share these requirements with vendors
• Generate the test tools and strategies for their validation
• Implementation flaws are easier to deal with– Systems can be tested before used in production– Systems can be patched when a new flaw is discovered– Attack signatures can be integrated with a firewall
• Application level and flooding attacks are harder to defend against
– SIP infrastructure element defense
• Commercially available solutions for general UDP/SYN flooding but none for SIP
Address application level and flooding attacks specifically for SIP
Identify and address architectural weaknesses before they are exploited to commit ToS
Theft of Service OverviewTheft of Service Overview
• VoIP is different– Not a static but a real-time application– Direct comparisons with PSTN
• According to Subex Azure 3% of total revenue is subject to “fraud”*• VoIP can be expected to be at least twice as large a proportion of
revenue
– Theft of Service is more daunting problem in VoIP
• Implications of ToS– Lost revenue and bad reputation– Abused resources cause monetary losses to network providers– Unauthorized usage degrades whole system’s performance
• Scenarios– Using services without paying– Illegal Resource Sharing (unlimited-plans)– Compromised Systems– Call Spoofing and Vishing
*Billing World and OSS Magazine: “Top Telco Frauds and How to Stop Them”, January 2007, by Geoff Ibett
• Conversion of research into a product that Verizon can use– Verizon needs to determine optimal architectural placement of DoS
prevention functionality for VoIP and Presence Security • Security vs. Performance• Hardware vs. Software Implementation
– Proxy/Softswitch (SW)– SBC or New network element (HW/SW)
• Use internally (protect VZ Network)• Use externally (sell new security services to large customers)
• Need rapid commercialization– Licensing Agreement with equipment manufacturers– Exclusive vs. Non-exclusive
• Continue relationship with Columbia– Research in related areas
• Proposal to study SRTP– Maintain the testbeds for further research and to assist in product
development during product testing cycle– Feedback loop of research and product cycle– Get other companies interested to synergize resources and share results
• What can we see doing to make the working relationship even more productive?
• Research Results– Demonstrated SIP vulnerabilities for VoIP resulting in new DoS and ToS
susceptibility• Work is fully reusable to secure a “Presence” infrastructure
– Implemented some “carrier-class” mitigation strategies• Developed generic requirements• Remove SIP DoS traffic at carrier class rates• Prototype is first of its kind in the world
– Built a validation testbed to measure performance• Developed customized test tools• Built a high powered SIP-specific Dos Attack tool in a parallel computing distributed
testbed– Crashed a SIP Proxy in seconds
• Built a Theft of Service Architectural Integrity Validation Tool using parallel computing
• Intellectual Property– Worked resulted in six patent applications
• Commercialization– Licensing agreements currently under negotiation– Revenue both to Columba and Verizon– Need to socialize new requirements and test tools with vendor community to
address rapid field deployment• Vendors generally very interested in new requirements• Rapid implementation is now expected
• STRATEGY: Two DoS detection and mitigation filters and ToS tools
– SIP: Two types of rule-based detection and mitigation filters– Media: SIP-aware dynamic pinhole filtering– ToS Architectural Integrity Verification Tool
• SIPp, SIPStone, and SIPUA are benchmarking tools for SIP proxy and redirect servers– Establish calls using SIP in Loader/Handler mode– A controller software module (secureSIP) wrapped over SIPp/SIPUA/SIPStone
launches legitimate and illegitimate calls at a pre-configured workload
• SIPp – Robust open-source test tool / traffic generator for SIP– Customizable XML scenarios for traffic generation– 5 inbuilt timers to provide accurate statistics– Customized to launch attack (SIP DoS) traffic designed to cause proxy to fail
• SIPStone continuously launches spoofed calls which the proxy is expected to filter– For this project enhanced with:
• SIPUA Test Suite – Has built-in Digest Authentication functionality– Sends 160 byte RTP packets every 20ms
• Settable to shorter interval (10ms) if needed for granularity– Starts RTP sequence numbers from zero– Dumps call number, sequence number, current timestamp and port numbers to a file