Managing Risks at Runtime in VoIP Networks and Services

Similar documents
Automated Runtime Risk Management for Voice over IP Networks and Services

YANG-Based Configuration Modeling - The SecSIP IPS Case Study

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

Malware models for network and service management

Risk Management in VoIP Infrastructures using Support Vector Machines

Multimedia CTI Services for Telecommunication Systems

Change Detection System for the Maintenance of Automated Testing

Fault-Tolerant Storage Servers for the Databases of Redundant Web Servers in a Computing Grid

Dynamic Exposure Control in P2PSIP Networks

Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function

Tacked Link List - An Improved Linked List for Advance Resource Reservation

Future of DDoS Attacks Mitigation in Software Defined Networks

Structuring the First Steps of Requirements Elicitation

BoxPlot++ Zeina Azmeh, Fady Hamoui, Marianne Huchard. To cite this version: HAL Id: lirmm

The New Territory of Lightweight Security in a Cloud Computing Environment

Framework for Hierarchical and Distributed Smart Grid Management

A Voronoi-Based Hybrid Meshing Method

Reverse-engineering of UML 2.0 Sequence Diagrams from Execution Traces

How to simulate a volume-controlled flooding with mathematical morphology operators?

Linked data from your pocket: The Android RDFContentProvider

A Methodology for Improving Software Design Lifecycle in Embedded Control Systems

X-Kaapi C programming interface

SIM-Mee - Mobilizing your social network

Robust IP and UDP-lite header recovery for packetized multimedia transmission

A Resource Discovery Algorithm in Mobile Grid Computing based on IP-paging Scheme

Taking Benefit from the User Density in Large Cities for Delivering SMS

Service Reconfiguration in the DANAH Assistive System

Every 3-connected, essentially 11-connected line graph is hamiltonian

An Experimental Assessment of the 2D Visibility Complex

FIT IoT-LAB: The Largest IoT Open Experimental Testbed

On Code Coverage of Extended FSM Based Test Suites: An Initial Assessment

Hardware Acceleration for Measurements in 100 Gb/s Networks

An FCA Framework for Knowledge Discovery in SPARQL Query Answers

Natural Language Based User Interface for On-Demand Service Composition

Simulations of VANET Scenarios with OPNET and SUMO

Mokka, main guidelines and future

Relabeling nodes according to the structure of the graph

HySCaS: Hybrid Stereoscopic Calibration Software

MUTE: A Peer-to-Peer Web-based Real-time Collaborative Editor

Setup of epiphytic assistance systems with SEPIA

Generative Programming from a Domain-Specific Language Viewpoint

A case-based reasoning approach for unknown class invoice processing

YAM++ : A multi-strategy based approach for Ontology matching task

A 64-Kbytes ITTAGE indirect branch predictor

BugMaps-Granger: A Tool for Causality Analysis between Source Code Metrics and Bugs

NP versus PSPACE. Frank Vega. To cite this version: HAL Id: hal

UsiXML Extension for Awareness Support

GDS Resource Record: Generalization of the Delegation Signer Model

Linux: Understanding Process-Level Power Consumption

Comparator: A Tool for Quantifying Behavioural Compatibility

Regularization parameter estimation for non-negative hyperspectral image deconvolution:supplementary material

The SANTE Tool: Value Analysis, Program Slicing and Test Generation for C Program Debugging

An Efficient Numerical Inverse Scattering Algorithm for Generalized Zakharov-Shabat Equations with Two Potential Functions

Assisted Policy Management for SPARQL Endpoints Access Control

Deformetrica: a software for statistical analysis of anatomical shapes

Using Isolation Spheres for Cooperative Processes Correctness

Towards a Self-Adaptive Data Management System for Cloud Environments

Traffic Grooming in Bidirectional WDM Ring Networks

Fuzzy sensor for the perception of colour

A N-dimensional Stochastic Control Algorithm for Electricity Asset Management on PC cluster and Blue Gene Supercomputer

Quality of Service Enhancement by Using an Integer Bloom Filter Based Data Deduplication Mechanism in the Cloud Storage Environment

Moveability and Collision Analysis for Fully-Parallel Manipulators

Teaching Encapsulation and Modularity in Object-Oriented Languages with Access Graphs

Computing and maximizing the exact reliability of wireless backhaul networks

Corrupted GOOSE Detectors: Anomaly Detection in Power Utility Real-Time Ethernet Communications

Scalewelis: a Scalable Query-based Faceted Search System on Top of SPARQL Endpoints

Blind Browsing on Hand-Held Devices: Touching the Web... to Understand it Better

Catalogue of architectural patterns characterized by constraint components, Version 1.0

A Generic Architecture of CCSDS Low Density Parity Check Decoder for Near-Earth Applications

A Practical Evaluation Method of Network Traffic Load for Capacity Planning

Real-time FEM based control of soft surgical robots

Very Tight Coupling between LTE and WiFi: a Practical Analysis

ASAP.V2 and ASAP.V3: Sequential optimization of an Algorithm Selector and a Scheduler

Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression

Formal modelling of ontologies within Event-B

Zigbee Wireless Sensor Network Nodes Deployment Strategy for Digital Agricultural Data Acquisition

Study on Feebly Open Set with Respect to an Ideal Topological Spaces

Security Analysis of Mobile Phones Used as OTP Generators

CORON: A Framework for Levelwise Itemset Mining Algorithms

Prototype Selection Methods for On-line HWR

An SCA-Based Middleware Platform for Mobile Devices

DANCer: Dynamic Attributed Network with Community Structure Generator

Modelling and simulation of a SFN based PLC network

Privacy-preserving carpooling

Syrtis: New Perspectives for Semantic Web Adoption

Lossless and Lossy Minimal Redundancy Pyramidal Decomposition for Scalable Image Compression Technique

Open Digital Forms. Hiep Le, Thomas Rebele, Fabian Suchanek. HAL Id: hal

Search-Based Testing for Embedded Telecom Software with Complex Input Structures

Light field video dataset captured by a R8 Raytrix camera (with disparity maps)

The Proportional Colouring Problem: Optimizing Buffers in Radio Mesh Networks

Hinky: Defending Against Text-based Message Spam on Smartphones

Developing interfaces for the TRANUS system

XML Document Classification using SVM

THE COVERING OF ANCHORED RECTANGLES UP TO FIVE POINTS

Application of RMAN Backup Technology in the Agricultural Products Wholesale Market System

Implementing an Automatic Functional Test Pattern Generation for Mixed-Signal Boards in a Maintenance Context

Technical Overview of F-Interop

Comparison of radiosity and ray-tracing methods for coupled rooms

DSM GENERATION FROM STEREOSCOPIC IMAGERY FOR DAMAGE MAPPING, APPLICATION ON THE TOHOKU TSUNAMI

FStream: a decentralized and social music streamer

Transcription:

Managing Risks at Runtime in VoIP Networks and Services Oussema Dabbebi, Remi Badonnel, Olivier Festor To cite this version: Oussema Dabbebi, Remi Badonnel, Olivier Festor. Managing Risks at Runtime in VoIP Networks and Services. Burkhard Stiller; Filip Turck. 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2010, Zurich, Switzerland. Springer, Lecture Notes in Computer Science, LNCS-6155, pp.89-92, 2010, Mechanisms for Autonomous Management of Networks and Services. <10.1007/978-3-642-13986-4_11>. <inria-00538685v2> HAL Id: inria-00538685 https://hal.inria.fr/inria-00538685v2 Submitted on 20 Aug 2014 HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d enseignement et de recherche français ou étrangers, des laboratoires publics ou privés. Distributed under a Creative Commons Attribution 4.0 International License

Managing Risks at Runtime in VoIP Networks and Services O. Dabbebi, R. Badonnel and O. Festor INRIA Nancy Grand Est - LORIA Campus Scientifique - BP 239 Technopôle de Nancy Brabois 54506 Vandœuvre-lès-Nancy, France Abstract. IP telephony is less confined than traditional PSTN telephony. As a consequence, it is more exposed to security attacks. These attacks are specific to VoIP protocols such as SPIT, or are inherited from the IP layer such as ARP poisoning. Protection mechanisms are often available, but they may seriously impact on the quality of service of such critical environments. We propose to exploit and automate risk management methods and techniques for VoIP infrastructures. Our objective is to dynamically adapt the exposure of a VoIP network with regard to the attack potentiality while minimizing the impact for the service. This paper describes the challenges of risk management for VoIP, our runtime strategy for assessing and treating risks, preliminary results and future work. 1 Introduction and challenges Voice over IP (VoIP) defines a new paradigm for telephony services. It permits to transmit telephony communications directly over IP networks at a low cost and with a higher flexibility than traditional PSTN 1 telephony. It relies on an infrastructure composed of VoIP phones, IPBX servers for establishing and managing call sessions, and VoIP gateways for interconnecting with the PSTN. It exploits dedicated protocols including signaling protocols such as SIP 2 or H.323, and transport protocols such as RTP or RTCP. However, VoIP communications are less confined, and then are more exposed to security attacks. They are concerned by security attacks inherited from the IP layer such as poisoning and flooding attacks, and also by VoIP-specific attacks such as SIP spoofing and SPIT 3 [1]. Moreover, security mechanisms may significantly deteriorate the quality and usability of these services. Typically, the application of encryption, filtering and authentication techniques may seriously increase delays and loads of VoIP communications. Risk management provides new opportunities for dealing with these security issues in such critical environments. It can be defined as a process which consists 1 Public Switch Telephony Network 2 Session Initiation Protocol 3 Spam Over IP Telephony

in assessing risks and treating them, i.e. taking steps in order to minimize them to an acceptable level[2]. Existing work related to risk assessment in VoIP infrastructures includes approaches for assessing threats (defender viewpoint) such as honeypot architectures and intrusion detection systems based on signatures, or based on anomalies [3, 4]. They also include approaches for assessing vulnerabilities (attacker side) such as fuzzing-based discovery and auditing/benchmarking tools [5]. Risk models supporting this assessment may be qualitative (based on linguistic scales), quantitative (based on probabilities) or mixed (based on aggregations of qualitative parameters) [6]. Existing work on risk treatments permit to eliminate risks (risk avoidance) by applying best practices, to reduce and mitigate them (risk optimization) by deploying protection and prevention systems [7], to ensure against them (risk transfert) by subscribing an insurance contract or to accept them (risk retention) [8]. When we look further at these approaches proposed for VoIP networks and services, we can clearly observe that most of them do not really address risk management. They usually do not integrate any risk model, or at least not explicitly, and they only cover partially the risk management process. There is therefore a serious need for applying risk management in these environments in order to protect them efficiently, while maintaining their quality of service. 2 Runtime risk management for VoIP We propose to investigate risk management methods and techniques for VoIP infrastructures. In particular, we are interested in automating risk management at runtime: the objective is to dynamically adapt the exposure of the VoIP network and its components with respect to the potentiality of attacks. This automation aims at reinforcing the coupling between the risk assessment phase and the risk treatment phase. The exposure is continuously controlled based on the activation and the deactivation of countermeasures (or safeguards). A countermeasure permits to reduce the performance of a security attack, but it may also deteriorate the service by introducing additional delays or reducing the access to some specific features. In that context, we have extended the rheostat runtime risk model [9] to VoIP environments. Let consider a security attack noted a A with A defining the set of potential VoIP attacks. Risk is typically defined as the combination of the potentiality P(a) of the related threat, the exposure E(a) of the VoIP infrastructure, and the consequence C(a) on that infrastructure if the attack succeeds (see Equation 1). R = a AP(a) E(a) C(a) (1) Rheostat exploits a risk reduction algorithm and a risk relaxation algorithm. The risk reduction algorithm permits to reduce the risk level when the potentiality P(a) of the threat is high, by activating security safeguards (such as passwords

and turing tests). This activation reduces the exposure E(a) of the infrastructure, and then permits to decrease the risk level to an acceptable value. The risk relaxation algorithm permits to minimize the impact on the infrastructure by deactivating security safeguards when the risk level is low. We have evaluated this risk model and specified several safeguards for specific VoIP attacks in [10]. We are generalizing this work to multiple VoIP security attacks. Fig. 1. Runtime risk management for VoIP environments We have also specified a functional architecture for supporting runtime risk management in these environments, as depicted on Figure 1. This architecture is composed of an intrusion detection system responsible for detecting threats in the VoIP platform, a risk manager for managing risks and selecting security safeguards with respect to a given context, and a configuration server for dynamically activating or deactivating the security safeguards. We are determining several strategies for deploying this architecture on a VoIP infrastructure. 3 Preliminary results We have developed a first implementation of the risk manager component and have evaluated its behavior based on a set of experiments. We have focused on SPIT attacks and have considered two main scenarios: a first one corresponding to the case when the threat potentiality increases over time (risk reduction algorithm), and a second one corresponding to the case when the potentiality decreases (risk relaxation algorithm). We have shown the capability of the risk manager to reduce risks due to VoIP attacks and to minimize costs induced by safeguards. We have also shown the benefits and limits of our approach in comparison with traditional strategies. Our runtime solution permits to mitigate the risk level (benefits of up to 41%) and to maintain the continuity of the VoIP service in an dynamic manner. The benefits are limited in the case of instantaneous VoIP attacks. We are performing additional and complementary experiments of this schema based on Monte-Carlo simulations.

4 Conclusions and perspectives Telephony over IP has known a large-scale deployment. VoIP communications are less confined than in traditional telephony, and are exposed to multiple attacks. Security mechanisms are required for protecting these communications. Their application may however seriously deteriorate the performances of such a critical service: a VoIP communication becomes incomprehensible as soon as the delay is more than 150 ms, or the packet loss is more than 5%. In that context, we propose to exploit and automate risk management methods and techniques at runtime in VoIP networks and services. Our aim is to dynamically adapt the exposure of the VoIP infrastructure based on a set of security safeguards in order to provide a graduated and progressive answer to risks. We have exploited the rheostat risk management model, specified a functional architecture, and evaluated the case scenario of SPIT attacks. We are extending this approach to multiple VoIP attacks, and are quantifying the impact of parameters based on Monte-Carlo simulations. For future work we are planning to evaluate several configurations for deploying our functional architecture, and will investigate return-on-experience mechanisms for automatically configuring and refining the risk model parameters. References 1. Thermos, P., Takanen, A.: Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. Addison-Wesley Professional (2007) 2. Kuhn, D.R., Walsh, T.J., Fries, S.: Security Considerations for Voice Over IP Systems. National Institute of Standards and Technology, http://csrc.nist.gov/publications/ (2005) 3. Dantu, R., Kolan, P., Cangussu, J.W.: Network Risk Management using Attacker Profiling. Security and Communication Networks 2(1) (2009) 83 96 4. Shin, D., Shim, C.: Progressive Multi Gray-Leveling: A Voice Spam Protection Algorithm. IEEE Network Magazine 20 (September 2006) 5. Bunini, M., Sicari, S.: Assessing the Risk of Intercepting VoIP Calls. Elsevier Journal on Computer Networks (May 2008) 6. Bedford, T., Cooke, R.: Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press (April 2001) 7. D Heureuse, N., Seedorf, J., Niccolini, S., Ewald, T.: Protecting SIP-based Networks and Services from Unwanted Communications. In: Proc. of IEEE/Global Telecommunications Conference (GLOBECOM 08). (December 2008) 8. ISO/IEC 27005: Information Security Risk Management, International Organization for Standardization, http://www.iso.org (June 2008) 9. Gehani, A., Kedem, G.: RheoStat: Real Time Risk Management. In: Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004). (2004) 10. Dabbebi, O., Badonnel, R., Festor, O.: Automated Runtime Risk Management for Voice over IP Networks and Services. In: Proc. of the 12th IEEE/IFIP Network Operations and Management Symposium (NOMS 2010). (April 2010)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback