Back to Search
Start Over
A survey on registration hijacking attack consequences and protection for session initiation protocol (SIP)
- Source :
- Computer Networks. 175:107250
- Publication Year :
- 2020
- Publisher :
- Elsevier BV, 2020.
-
Abstract
- Today, many organizations are transforming their traditional telephone services into Voice over Internet Protocol (VoIP) systems. These services are simple to implement, but they are often vulnerable to attacks because they are packet-switched IP networks to support the circuit-switched used for voice communication. SIP is widely used as a signaling protocol to facilitate video and voice communication, as well as for more multimedia applications. However, it is not protected against various types of attacks because of its open nature and lack of a clear line of defense against the growing number of security threats. Among these risks, registration hijacking assaults, known by its harmful effect, attack both the User Agent Server (UAS) and the User Agent Client (UAC). In particular, the REGISTER message is evaluated as one of the main reasons of registration hijacking assaults in SIP. An attacker who deactivates the SIP registration of a valid user and replaces it with the logical address of the hacker. This allows the hacker to block incoming calls as well as redirect, replay or end calls at will. In this survey, we present a complete study of the registration attack against SIP, communicating its different alternatives and analyzing its consequences. We have also categorized current solutions based on the different registration hijacking attack approaches they face, their types, and their targets. In addition, We conduct an in-depth review of the robustness and inefficiency of these solutions, as well as an in-depth analysis of each one’s basic assumptions to better understand their limitations. Finally, we recommend protecting the UAC registration method against registration-hijacking by using the Media Access Control (MAC) address to improve the efficiency of the studied solutions.
- Subjects :
- Session Initiation Protocol
Voice over IP
Computer Networks and Communications
Computer science
business.industry
computer.internet_protocol
020206 networking & telecommunications
02 engineering and technology
Computer security
computer.software_genre
Signaling protocol
Logical address
User agent
0202 electrical engineering, electronic engineering, information engineering
Media access control
020201 artificial intelligence & image processing
business
computer
Hacker
Subjects
Details
- ISSN :
- 13891286
- Volume :
- 175
- Database :
- OpenAIRE
- Journal :
- Computer Networks
- Accession number :
- edsair.doi...........de33b29341531dfb2b2adaba0bdb5208