1 / 1

DNS server

18.23. Probability distribution of DTW values. Securely installed by S. 6.65. A. B. 24.88. AP. Attack flows V.S. legitimate flows Expect a separation between them. Aggressive flow. SIP flood and spoofing / theft-of-service / authentication attack. 6.25. Mobile VoIP phone.

sadie
Download Presentation

DNS server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 18.23 • Probability distribution of DTW values Securely installed by S 6.65 A B 24.88 AP • Attack flows V.S. legitimate flows • Expect a separation between them. Aggressive flow SIP flood and spoofing / theft-of-service / authentication attack 6.25 Mobile VoIP phone Throttle for S 0.22 0.22 DNS server INVITE sip:john.lui@cuhk.edu.hk To S INVITE sip:john.lui@cuhk.edu.hk 14.1 180 Ringing 200 OK User registration RTS(A) 200 OK 180 Ringing Proxy / redirect server 15.51 SIP signaling / TLS / TCP 0.01 59.9 threshold CTS(A) CTS(A) ACK 6.25 Server Server Wireless attack, jamming, RTS / CTS attack 17.73 RTS(A) Media Stream Throttle for S’ IP network To S’ 6.25 1.40 17.73 VoIP phone BYE 20.53 0.61 Media: RTP/RTCP/UDP defer Media eavesdropping, UDP / RTP flood, encryption attack, faked ToS (theft-of-service) 200 OK 0.95 Media gateway CTS(A) CTS(A) Device Threats Virus, misconfiguration, compromise (phone) TLS flood, authentication / encryption (proxy) RTP port starvation (media gateway) POTS Deployment router Legacy phone time 0.61 0.95 Samplethe traffic Filter the noise Extract the signature • Autocorrelation is adopted to extract the periodic signature of input signal. periodic input => special pattern of its autocorrelation. (Autocorrelation can also mask the difference of time shift S) • Unbiased normalizationM: length of input sequencem: index of autocorrelation Pattern match Robustness of Detection Towards a Scalable and Secure VoIP InfrastructureLab for Advanced Networking SystemsDirector: David K . Y. Yau Algorithm of Detection • 1. Security Challenges: • Traditional telephone network • Highly reliable, voice specific, closed and physically secure system • VoIP network • Unpredictable/open transport, data/voice convergent, publicly connected (intelligent but untrusted/malicious systems) • Security should not be an afterthought • Media, signaling, infrastructure attacks Case 2. Low-rate DoS Attack on TCP Flow • Sample recent instantaneous throughput at a constant rate • Each time of detection consists of a sequence of instantaneous throughput • Normalization is necessary Avg BW= lR/T • The background noise of samples need to be filtered • Background noise(UDP flows and other TCP flows that less sensitive to attack) • For simplicity, a threshold filter can be used. • Sufficiently large attack burst • Packet loss at congested router • TCP time out & retransmit after RTO • Attack period = RTOof TCP flow, • TCP continually incurs loss & achieves zero or very low throughput. 2. VoIP Network Architecture Protocol Stack • Similarity between the template and input should be calculated. • We use the Dynamic Time Warping (DTW). • (The detail algorithm of DTW is provided in our research work) • The smaller the DTW value, the more similar they are. • DTW values will be clustered; threshold can be set to distinguish them. Session Initiation Protocol (SIP) Case 1. Flooding Attack 3. SIP: Security Issues • SIP requires: Proxy server, Redirection Server, Firewall …etc • These servers can be subjected to (1) DDoS attack (2) Low-Rate TCP attack (3) Jamming attack • If not handled carefully, VoIP won’t fly. Case 3. Wi-Fi Jamming • Wireless VoIP using 802.11 • Wi-Fi Security problems: • Common Jamming • Low-rate attack on the control plane • Exploiting the protocol :RTS-CTS RTS-CTSJamming Example Max-min Rates (L=18, H=22) Solution: Router Throttle 4. Conclusion • Security solutions • Initial focus will be on denial-of-service, considering security protocols like SRTP, TLS, S/MIME, SSL, etc • Protocol design and analysis (solutions must be scalable despite encryption, authentication, etc) • Seek experimental evaluation • Realistic testbed network • Hope to evolve into international scope: Bell Labs (NJ), Purdue (IN), Chinese University (Hong Kong), …

More Related