Thèse de doctorat en Informatique
Sous la direction de Farid Naït-Abdesselam.
Soutenue le 08-07-2013
à Paris 5 , dans le cadre de École doctorale Informatique, télécommunications et électronique (Paris) .
Le président du jury était Mohamed Nadif.
Pas de titre en français
Pas de résumé en français
Session Initiation Protocol (SIP) is the widely used signaling protocol for voiceand video communication as well as other multimedia applications. Despiteof its flexibility and a common standard that can be leveraged to efficientlycombine a wide array of communication systems and technologies, it is exposedto a number of problems, including the vulnerability to several types of attacksdue to its open nature, in particular, and lack of a clear defense line. Likewise,flooding attack is one of the most destructive attacks targeting both User AgentServer (UAS) and User Agent Client (UAC), leading to a Denial of Service (DoS)in VoIP applications. In particular, INVITE message is considered as one of themajor root causes of flooding attacks in SIP. This is due to the fact that an attackermay send numerous INVITE requests without waiting for responses from theUAS or proxy in order to exhaust their resources. Moreover, SPIT problem inSIP is also a challenging issue which needs proper attention and appropriatesolutions.Most of the solutions proposed to overcome the flooding attacks are eitherdifficult to deploy in practice or require significant changes in the SIP servers.Additionally, the diverse nature of flooding attacks offers a huge challenge toenvisage appropriate prevention mechanisms. In this survey, we present acomprehensive study on flooding attacks against SIP by addressing its differentvariants and analyzing its consequences. We also classify the existing solutionscorresponding to different flooding behaviors, types and targets, and then weperform an extensive investigation of their main weaknesses and strengths.Additionally, we also take into account the underlying assumptions of eachsolution for a better understanding of its limitations. Specifically, we havethoroughly analyzed SPIT problems and few of the existing solutions proposedfor their prevention.The theoretical framework derived from our extensive literature survey led us topropose a solution for handling specific number of SIP requests in a particulartime window. Our proposed "Light Weight Scheme" is implemented in a SERSIP server. The evaluation results presented in this thesis depict the satisfactoryperformance of this approach. In order to cope with SIP flooding attacks, wepropose another solution based on "Strategy Based Proxy". This solution isdesigned for a SIP proxy that calculates the probability of a call being maliciouson the basis of its current experience. The obtained experience is also utilized tocalculate the probabilities of a successful call setup. This approach is useful forboth state-ful and state-less proxy servers.For dealing with SPIT, we have designed a 2-step solution. In first step, weextract the useful information from the VoIP traffic. In second step, we apply aNaive Bayes classifier on the date extracted from first step to determine whetherthe nature of an incoming SIP call is malicious or it is a harmless routine call.With this mechanism, we can detect the SPIT calls from a group of incomingSIP calls. Finally, we presents a detailed discussion and conclusions derivedfrom our case study carried out in this thesis along with future directions andpotential research areas related to VoIP security threats.