“…Besides this categorization, [32] also discriminates internal and external attacks and the effects of attacks in terms of confidentiality, integrity, authentication and service availability. Based on these categories, [32] provides a thorough evaluation of the robustness of the IMS architecture proposed by the 3GPP as well as considering a series of state-of-the-art research proposals.…”
Section: Ims Signaling Plane Securitymentioning
confidence: 99%
“…IMS security and privacy has been a challenging topic and has received a significant amount of attention during the last few years [32,22]. Although IMS benefits from specific security and privacy mechanisms in the LTE air interface and core infrastructure [16], additional IMS-level mechanisms are required especially in multi-domain communications.…”
IP Multimedia Subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-tomiddle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17% overhead to a standard IMS call setup in the signaling plane.
“…Besides this categorization, [32] also discriminates internal and external attacks and the effects of attacks in terms of confidentiality, integrity, authentication and service availability. Based on these categories, [32] provides a thorough evaluation of the robustness of the IMS architecture proposed by the 3GPP as well as considering a series of state-of-the-art research proposals.…”
Section: Ims Signaling Plane Securitymentioning
confidence: 99%
“…IMS security and privacy has been a challenging topic and has received a significant amount of attention during the last few years [32,22]. Although IMS benefits from specific security and privacy mechanisms in the LTE air interface and core infrastructure [16], additional IMS-level mechanisms are required especially in multi-domain communications.…”
IP Multimedia Subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an end-tomiddle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17% overhead to a standard IMS call setup in the signaling plane.
“…12 Moreover, this category contains, the efforts made by attackers to disturb sequence of messages. A malicious user can target these ongoing connections in order to disturb users' calls through manipulated messages.…”
Section: Sip Flow Tamperingmentioning
confidence: 99%
“…BYE, CAN-CEL, UPDATE, Re-INVITE, and REGISTER requests can be applied to launch such attacks. 12 Moreover, this category contains, the efforts made by attackers to disturb sequence of messages. In this case, the attacker can put system's accessibility at risk by creating numerous pending requests especially when the proxy server is stateful.…”
Due to the various features of Voice over Internet Protocol (VoIP), this technology has attracted the attention of many users in comparison with the traditional telephony system. However, with the growth of this technology, the security issues and protection of its users against different kinds of threats have been raised as an essential requirement. Session Initiation Protocol is a predominant protocol to initiate and terminate multimedia sessions in VoIP networks that provide simplicity and text-based features. Despite its mentioned advantages, these features impose several vulnerabilities on VoIP networks. Denial of Service attack, as one of the most common attacks against VoIP networks, is also a noted security issue in the Internet Protocol platforms. In such attacks, the attacker tries to prevent service from authorized users by consuming server resources. These attacks can be launched by sending out-of-sequence messages, malformed messages, and flooding different kinds of messages. In this study, a new anomaly-based method is presented for detection and prevention of these attacks. Normal traffic of a VoIP network is modeled by making a finite state machine, which is used for attack detection besides other proposed modules. Furthermore, a whitelist method is implemented using Bloom data structure for attack prevention. The proposed method is completely implemented and tested using different test scenarios. The obtained results show that by using proposed method, attacks can be detected more accurately with lower false ratios and delay in comparison with the existing methods.
KEYWORDSVoIP network, SIP security, DoS attacks, finite state machine (FSM)
“…Reference [13] differentiates between the 3GPP intra and inter domain security architectures and categorizes the possible time-dependent and time-independent attacks to the IMS signaling plane. Besides this categorization, [32] also discriminates internal and external attacks and the effects of attacks in terms of confidentiality, integrity, authentication and service availability. Based on these categories, [32] provides a thorough evaluation of the robustness of the IMS architecture proposed by the 3GPP as well as considering a series of state-of-the-art research proposals.…”
IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS security and privacy has gained much attention in the few last years. The review of recent IMS security activities stresses the inclusion of intermediate nodes in the media path of secured communications as an open issue. This paper presents an endto-middle-to-end solution which enables the usage of IMS media plane elements such as recorders, transcoders and novel cross-ciphering functions in a secure way. The proposed solution, which is fully compliant with IMS, includes the network architecture, the signaling plane for session signaling and key management, and the media-plane security characteristics. Experimental results demonstrate that the proposed solution can provide media interoperability (both transcoding and cross-ciphering) with a cost of 17 % overhead to a standard IMS call setup in the signaling plane.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.