Billing attacks on SIP-based VoIP systems
作者: Xuxian Jiang , Ruishan Zhang , Xiaohui Yang , Xinyuan Wang
DOI:
关键词:
摘要: Billing is fundamental to any commercial VoIP services and it has direct impact on each individual subscriber. One of the most basic requirements billing function that must be reliable trustworthy. From subscriber's perspective, should only charge them for calls they have really made duration called. Existing based signaling. Therefore, vulnerability in signaling a potential billing. In this paper, we examine how vulnerabilities SIP can exploited compromise reliability trustworthiness SIP-based systems. Specifically, focus attacks will create inconsistencies between what subscribers received service providers provided. We present four could result charges not or overcharges made. Our experiments show Vonage AT&T are vulnerable these attacks.
参考文章(17)
Dipak Ghosal, Brennen Reynolds, Secure IP Telephony using Multi-layered Protection. network and distributed system security symposium. ,(2003)
Jonathan Rosenberg, The Real Time Transport Protocol (RTP) Denial of Service (Dos) Attack and its Prevention( ,(2003)
F. Andreasen, B. Foster, Media Gateway Control Protocol (MGCP) Version 1.0 RFC. ,vol. 3435, pp. 1- 210 ,(2003)
J. Arkko, A. Niemi, G. Camarillo, V. Torvinen, T. Haukka, Security Mechanism Agreement for the Session Initiation Protocol (SIP) RFC. ,vol. 3329, pp. 1- 24 ,(2003)
M. Handley, Colin Perkins, V. Jacobson, SDP: Session Description Protocol RFC. ,vol. 2327, pp. 1- 42 ,(1998) , 10.17487/RFC8866
B. Ramsdell, S/MIME Version 3 Message Specification RFC 2633. ,vol. 2633, pp. 1- 32 ,(1999)
D. McGrew, M. Naslund, K. Norrman, M. Baugher, E. Carrara, The Secure Real-time Transport Protocol (SRTP) RFC. ,vol. 3711, pp. 1- 56 ,(2004)
SIP: Session Initiation Protocol RFC3261. ,vol. 2543, pp. 1- 151 ,(2002) , 10.1201/9781420070910-13
V. Jacobson, R. Frederick, H. Schulzrinne, S. Casner, RTP: A Transport Protocol for Real-Time Applications RFC 1889. ,vol. 1889, pp. 1- 104 ,(2003)
J. Franks, P. Hallam-Baker, A. Luotonen, S. Lawrence, J. Hostetler, L. Stewart, P. Leach, HTTP Authentication: Basic and Digest Access Authentication RFC2617. ,vol. 2617, pp. 1- 34 ,(1999)