IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS

Nikos Vrakas, Dimitris Geneiatakis, Costas Lambrinoudakis

2011

Abstract

In this paper we assess the open IP Multimedia Subsystem (IMS) robustness against malformed message attacks. We employ an IMS test-bed architecture using two different testing suites; the PROTOS which is publicly available, and a proprietary one, that has been develop for the purpose of this specific work. Results have highlighted that although IMS can effectively handle well-known malformed messages, such as those utilized in PROTOS, it cannot manage satisfactorily unknown malformed messages. During the attack scenarios memory consumption increases up to 25%, while the end-to-end delay experienced by the users increases up to 4000%.

References

  1. 3GPP, 2008. TS 23.228: IP Multimedia Subsystems (IMS), Third Generation Partnership Project, Technical Specification Group Services and System Aspects.
  2. 3GPP, 2008. TS 23.228: IP Multimedia Subsystems (IMS), Third Generation Partnership Project, Technical Specification Group Services and System Aspects.
  3. 3GPP, 2010. TS 33.203: 3G security; Access security for IP-based services (Release 10): Third Generation Partnership Project, Technical Specification Group Services and System Aspects.
  4. 3GPP, 2010. TS 33.203: 3G security; Access security for IP-based services (Release 10): Third Generation Partnership Project, Technical Specification Group Services and System Aspects.
  5. Geneiatakis, D. et al., 2006. Survey of security vulnerabilities in session initiation protocol. Communications Surveys & Tutorials, IEEE, 8(3), 68- 81.
  6. Geneiatakis, D. et al., 2006. Survey of security vulnerabilities in session initiation protocol. Communications Surveys & Tutorials, IEEE, 8(3), 68- 81.
  7. Geneiatakis, D. et al., 2007. A framework for protecting a SIP-based infrastructure against malformed message attacks. Computer Networks, 51(10), 2580-2593.
  8. Geneiatakis, D. et al., 2007. A framework for protecting a SIP-based infrastructure against malformed message attacks. Computer Networks, 51(10), 2580-2593.
  9. Keromytis, A. D., 2010. Voice-over-IP Security: Research and Practice. IEEE Security and Privacy, 8(2), 76-78.
  10. Keromytis, A. D., 2010. Voice-over-IP Security: Research and Practice. IEEE Security and Privacy, 8(2), 76-78.
  11. Niccolini, S. et al., 2006. SIP intrusion detection and prevention: recommendations and prototype implementation. In VoIP Management and Security, 2006. 1st IEEE Workshop on. VoIP Management and Security, 2006. 1st IEEE Workshop on. pp. 47-52.
  12. Niccolini, S. et al., 2006. SIP intrusion detection and prevention: recommendations and prototype implementation. In VoIP Management and Security, 2006. 1st IEEE Workshop on. VoIP Management and Security, 2006. 1st IEEE Workshop on. pp. 47-52.
  13. OSVBD, 2007. Asterisk SIP channel driver SIP malformed UDP packet DoS. Available at: http://osv db.org/show/osvdb/34482.
  14. OSVBD, 2007. Asterisk SIP channel driver SIP malformed UDP packet DoS. Available at: http://osv db.org/show/osvdb/34482.
  15. Rosenberg, J. et al., 2002. SIP: Session Initiation Protocol, RFC 3261.
  16. Rosenberg, J. et al., 2002. SIP: Session Initiation Protocol, RFC 3261.
  17. Wieser, C. and Laakso, M., 2003. Security Testing of SIP Implementations, 1--2003
  18. Wieser, C. and Laakso, M., 2003. Security Testing of SIP Implementations, 1--2003
Download


Paper Citation


in Harvard Style

Vrakas N., Geneiatakis D. and Lambrinoudakis C. (2011). IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 275-280. DOI: 10.5220/0003519602750280


in Harvard Style

Vrakas N., Geneiatakis D. and Lambrinoudakis C. (2011). IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 275-280. DOI: 10.5220/0003519602750280


in Bibtex Style

@conference{secrypt11,
author={Nikos Vrakas and Dimitris Geneiatakis and Costas Lambrinoudakis},
title={IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={275-280},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003519602750280},
isbn={978-989-8425-71-3},
}


in Bibtex Style

@conference{secrypt11,
author={Nikos Vrakas and Dimitris Geneiatakis and Costas Lambrinoudakis},
title={IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={275-280},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003519602750280},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS
SN - 978-989-8425-71-3
AU - Vrakas N.
AU - Geneiatakis D.
AU - Lambrinoudakis C.
PY - 2011
SP - 275
EP - 280
DO - 10.5220/0003519602750280


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - IS IP MULTIMEDIA SUBSYSTEM AFFECTED BY ‘MALFORMED MESSAGE’ ATTACKS? - An Evaluation of OpenIMS
SN - 978-989-8425-71-3
AU - Vrakas N.
AU - Geneiatakis D.
AU - Lambrinoudakis C.
PY - 2011
SP - 275
EP - 280
DO - 10.5220/0003519602750280