Model-checking DoS amplification for VoIP session initiation
Authors: 
Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José MeseguerAuthors Info & Claims
Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José MeseguerAuthors Info & ClaimsPages 390 - 405
Abstract
Current techniques for the formal modeling analysis of DoS attacks do not adequately deal with amplification attacks that may target a complex distributed system as a whole rather than a specific server. Such threats have emerged for important applications such as the VoIP Session Initiation Protocol (SIP). We demonstrate a modelchecking technique for finding amplification threats using a strategy we call measure checking that checks for a quantitative assessment of attacker impact using term rewriting. We illustrate the effectiveness of this technique with a study of SIP. In particular, we show how to automatically find known attacks and verify that proposed patches for these attacks achieve their aim. Beyond this, we demonstrate a new amplification attack based on the compromise of one or more SIP proxies. We show how to address this threat with a protocol change and formally analyze the effectiveness of the new protocol against amplification attacks.
References
[1]
Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340-354. Springer, Heidelberg (2004).
[2]
Agha, G., Gunter, C.A., Greenwald, M., Khanna, S., Meseguer, J., Sen, K., Thati, P.: Formal modeling and analysis of DoS using probabilistic rewrite theories. In: International Workshop on Foundations of Computer Security, FCS 2005 (2005).
[3]
Agha, G., Meseguer, J., Sen, K.: PMaude: Rewrite-based specification language for probabilistic object systems. Electronic Notes in Theoretical Computer Science 153(2), 213-239 (2006).
[4]
AlTurki, M., Meseguer, J., Gunter, C.A.: Probabilistic modeling and analysis of DoS protection for the ASV protocol. Electron. Notes Theor. Comput. Sci. 234, 3-18 (2009).
[5]
Chadha, R., Gunter, C.A., Meseguer, J., Shankesi, R., Viswanathan, M.: Modular preservation of safety properties by cookie-based DoS-protection wrappers. In: Formal Methods for Open Object-Based Distributed Systems, pp. 39-58 (2008).
[6]
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework: How to Specify, Program, and Verify Systems in Rewriting Logic. LNCS. Springer, Heidelberg (2007).
[7]
Denker, G., Meseguer, J., Talcott, C.L.: Protocol specification and analysis in Maude. In: Proc. of Workshop on Formal Methods and Security Protocols (1998).
[8]
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247-311 (2004).
[9]
Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1), 162-202 (2006).
[10]
Goodloe, A.E.: A Foundation for Tunnel-Complex Protocols. PhD thesis, University of Pennsylvania (2008).
[11]
Gupta, P., Shmatikov, V.: Security analysis of voice-over-ip protocols. In: 20th IEEE Computer Security Foundations Symposium, Venice, Italy, pp. 49-63. IEEE Computer Society Press, Los Alamitos (2007).
[12]
IETF. SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard), Updated by RFCs 3265, 3853, 4320, 4916, 5393 (June 2002).
[13]
IETF. Addressing an Amplification Vulnerability in Forking Proxies draft-ietf-sipfork-loop-fix-00. Internet-Draft (February 2006).
[14]
IETF. Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies. RFC 5393 (Proposed Standard) (December 2008).
[15]
Kim, M.-Y., Stehr, M.-O., Talcott, C., Dutt, N., Venkatasubramanian, N.: A probabilistic formal analysis approach to cross layer optimization in distributed embedded systems. In: Bonsangue, M.M., Johnsen, E.B. (eds.) FMOODS 2007. LNCS, vol. 4468, pp. 285-300. Springer, Heidelberg (2007).
[16]
Lafrance, S., Mullins, J.: An information flow method to detect denial of service vulnerabilities. J. UCS 9(11), 1350-1369 (2003).
[17]
Mahimkar, A., Shmatikov, V.: Game-based analysis of denial-of-service prevention protocols. In: IEEE Computer Security Foundations Workshop (CSFW-18 2005). IEEE Computer Society Press, Los Alamitos (2005).
[18]
Meadows, C.: A formal framework and evaluation method for network denial of service. In: CSFW, pp. 4-13 (1999).
[19]
Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73-155 (1992).
[20]
Meseguer, J.: Rewriting logic and maude: a wide-spectrum semantic framework for object-based distributed systems. In: Smith, S.F., Talcott, C.L. (eds.) FMOODS. IFIP Conference Proceedings, vol. 177, pp. 89-117. Kluwer, Dordrecht (2000).
[21]
Sen, K., Viswanathan, M., Agha, G.A.: On Statistical Model Checking of Stochastic Systems. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 266-280. Springer, Heidelberg (2005).
[22]
Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice pharming attack and the trust of VoIP. In: SecureComm 2008: Proceedings of the 4th international conference on Security and privacy in communication netowrks, pp. 1-11. ACM Press, New York (2008).
[23]
Younes, H.L.S., Simmons, R.G.: Statistical probabilistic model checking with a focus on time-bounded properties. Inf. Comput. 204(9), 1368-1409 (2006).
[24]
Yu, C.-F., Gligor, V.D.: A specification and verification method for preventing denial of service. IEEE Trans. Softw. Eng. 16(6), 581-592 (1990).
- Model-checking DoS amplification for VoIP session initiation
Recommendations
Probabilistic model checking for the quantification of DoS security threats
Secure authentication features of communication and electronic commerce protocols involve computationally expensive and memory intensive cryptographic operations that have the potential to be turned into denial-of-service (DoS) exploits. Recent ...
Stochastic Game-Based Analysis of the DNS Bandwidth Amplification Attack Using Probabilistic Model Checking
EDCC '14: Proceedings of the 2014 Tenth European Dependable Computing ConferenceThe Domain Name System (DNS) is an Internet-wide, hierarchical naming system used to translate domain names into numeric IP addresses. Any disruption of DNS service can have serious consequences. We present a formal game-theoretic analysis of a notable ...
Comments
Information & Contributors
Information
Published In
Sponsors
- DCSSI
- Alcatel-Lucent
- EADS
- Fondation Métivier
- INRIA: Institut Natl de Recherche en Info et en Automatique
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 21 September 2009
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 08 Feb 2025