STI: A Security Architecture for IP Telephony
University Of California-Davis, Davis CA
Investigators
Abstract
IP telephony is a complex application involving multiple layers of the protocols stack and interactions among multiple network devices. The complexity is exacerbated by two additional factors . 1) the requirement that IP telephony interoperate with the Public Switched Telephone Network (PSTN) and 2) the requirement that IP telephony functions with existing network middle-boxes such as network address translators (NATs) and firewalls. These complexities introduce vulnerabilities that are prone to both known and perhaps, new forms of attacks. The goals of this proposed focused research are 1) to perform a comprehensive vulnerability analysis of IP telephony and 2) to design a security architecture to counter various types of denial-of-service (DoS) attacks in IP telephony. The work will proceed as follows: first carry out a detailed vulnerability analysis of IP telephony using a property driven approach. In this approach, define a set of properties that an IP telephony application must satisfy for a specific type of deployment. Then the vulnerabilities will be then enumerated and classified as potential ways to violate these properties using a corresponding attack. This vulnerability analysis will form the basis for designing the security architecture. In developing the security architecture, our focus will be in the design and analysis of sensors to detect and control DoS attacks. While DoS attacks have been studied, IP telephony presents significant new challenges. Next will be an investigation of both signature-based and statistical anomaly detection algorithms. The detection algorithms are complex because the attacks can occur at multiple layers involving multiple network devices and attack both the control and data plane of the protocol architecture. Finally, in a converged network, an attack to the IP telephony system can be made from both the Internet as well as the PSTN. Recovery algorithms that can quickly recover once the attack has ceased will be designed. The overall architecture will involve cross-layer introspection, i.e., the data from the various sensors at the different protocol layers and at the different network elements will have to correlated to determine the type of attack and hence the desired response.
View original record on NSF Award Search →