Costas Lambrinoudakis

Survey of security vulnerabilities in session initiation protocol

The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e.g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.

A framework for protecting a SIP-based infrastructure against malformed message attacks

This paper presents a framework that can be utilized for the protection of session initiation protocol (SIP)-based infrastructures from malformed message attacks. Its main characteristic is that it is lightweight and that it can be easily adapted to heterogeneous SIP implementations. The paper analyzes several real-life attacks on VoIP services and proposes a novel detection and protection mechanism that is validated through an experimental test-bed under different test scenarios. Furthermore, it is demonstrated that the employment of such a mechanism for the detection of malformed messages imposes negligible overheads in terms of the overall SIP system performance.

Utilizing bloom filters for detecting flooding attacks against SIP based services

Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks and, on top of that, they offer a field for new attacks or variations of existing ones. Among the various threats-attacks that a service provider should consider are the flooding attacks, at the signaling level, which are very similar to those against TCP servers but have emerged at the application level of the Internet architecture. This paper examines flooding attacks against VoIP architectures that employ the Session Initiation Protocol (SIP) as their signaling protocol. The focus is on the design and implementation of the appropriate detection method. Specifically, a bloom filter based monitor is presented and a new metric, named session distance, is introduced in order to provide an effective protection scheme against flooding attacks. The proposed scheme is evaluated through experimental test bed architecture under different scenarios. The results of the evaluation demonstrate that the required time to detect such an attack is negligible and also that the number of false alarms is close to zero.

Digital privacy : theory, technologies, and practices

THE PRIVACY SPACE Privacy Enhancing Technologies for the Internet III: Ten Years Later, I. Goldberg Communication Privacy, A. Pfitzmann, A. Juschka, A.-K. Stange, S. Steinbrecher, and S. Kopsell, and Privacy-Preserving Cryptographic Protocols, M.J. Atallah and K.B. Frikken PRIVACY ATTACKS Byzantine Attacks on Anonymity Systems, N. Borisov, G. Danezis, and P. Tabriz Introducing Traffic Analysis, G. Danezis and R. Clayton Privacy, Profiling, Targeted Marketing, and Data Mining, J. Vaidya and V. Atluri PRIVACY ENHANCING TECHNOLOGIES Enterprise Privacy Policies and Languages, M. Backes and M. Durmuth Uncircumventable Enforcement of Privacy Policies via Cryptographic Obfuscation, A. Narayanan and V. Shmatikov Privacy Protection with Uncertainty and Indistinguishability, X.S. Wang and S. Jajodia Privacy-Preserving Techniques in Data Mining, C. Su, J. Zhou, F. Bao, G. Wang, and K. Sakurai USER PRIVACY HCI Designs for Privacy-Enhancing Identity Management, S. Fischer-Hubner, J. Soren Pettersson, M. Bergmann, M. Hansen, S. Pearson, and M. Casassa Mont Privacy Perceptions among Members of Online Communities, M. Karyda and S. Kokolakis Perceived Control: Scales for Privacy in Ubiquitous Computing, S. Spiekermann PRIVACY UBIQUITOUS COMPUTING RFID: Technological Issues and Privacy Concerns, P. Najera and J. Lopez Privacy of Location Information, C.A. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati, and P. Samarati Beyond Consent: Privacy in Ubiquitous Computing (Ubicomp), J. Camp and K. Connelly THE ECONOMICS OF PRIVACY A Risk Model for Privacy Insurance, A.N. Yannacopoulos, S. Katsikas, S. Gritzalis, C. Lambrinoudakis, and S.Z. Xanthopoulos What Can Behavioral Economics Teach Us About Privacy? A. Acquisti and J. Grossklags PRIVACY AND POLICY Privacy of Outsourced Data, S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, and P. Samarati Communications Data Retention: A Pandoras Box for Rights and Liberties? L. Mitrou Surveillance of Emergent Associations: Freedom of Association in a Network Society, K.J. Strandburg

A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment

The advent of Voice over IP (VoIP) has offered numerous advantages but, at the same time, it has introduced security threats not previously encountered in networks with a closed architecture like the Public Switch Telephone Networks (PSTN). One of these threats is that of signaling attacks. This paper examines the signaling attacks in VoIP environments based on the Session Initiation Protocol (SIP), focusing on the design of a robust lightweight protection mechanism against them. The proposed scheme introduces a new SIP header, namely the Integrity-Auth header, which is utilized for protecting the SIP-based VoIP services from signaling attacks while ensuring authenticity and integrity.

Protecting privacy and anonymity in pervasive computing: trends and perspectives

Pervasive computing is expected to enter our everyday life in the foreseeable future. The capabilities of the devices, which operate in such an environment, as well as the range of services offered to the end-users are expected to be significantly increased. However, this new era is expected to have a serious effect on privacy. In this paper, we first refer to the privacy threats identified in a pervasive environment; then, we present a set of principles for ensuring privacy in this context. In the sequel, we examine a number of privacy protection mechanisms for pervasive systems, with a focus on the level of anonymity offered to the end-users. We identify flaws, these mechanisms suffer by, in terms of the limited anonymity level they offer. We conclude by presenting a set of essential actions one should take into account, in order to ensure users anonymity in a pervasive computing environment.

An ontology description for SIP security flaws

Voice over IP (VoIP) services based on the Session Initiation Protocol (SIP) gain ground as compared to other protocols like MGCP or H.323. However, the open SIP architecture constitutes the provided services vulnerable to various attacks, similar to those currently existing in Internet. The lack of a formal way to describe VoIP vulnerabilities hinders the development of tools that could be utilized for identifying such vulnerabilities or for testing the security level of the offered services, in both cases the tools being independent from a specific implementation. This paper introduces such a formalization for SIP-based VoIP services, utilizing ontologies, facilitating an extensible description of known SIP security vulnerabilities that can be employed in a real environment for testing or intrusion detection purposes.

Secure Electronic Voting: the Current Landscape

This paper presents the security requirements and the system wide properties that the voting protocol of an electronic voting system is expected to fulfil. Then, an overview of the existing voting protocols, together with a brief analysis of their characteristics, is provided. The aim is to investigate and discuss the extent to which current voting protocols comply with the identified requirements and thus examine the feasibility of organising and conducting an Internet based election in a secure, efficient and reliable way.

Cryptography Goes to the Cloud

In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.

A security standards' framework to facilitate best practices' awareness and conformity

Purpose – Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awareness of information security practitioners regarding globally known and accepted security standards, and thus, contribute to their adoption.Design/methodology/approach – The paper adopts a conceptual approach and results in a classification framework for categorizing available information security standards. The classification framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC 27001:2005 information security management system.Findings – The paper presents a framework for conceptualizing, categorizing and interconnecting available information security standards dynamically.Research limitations/implications – The comp...