A survey on registration hijacking attack consequences and protection for session initiation protocol (SIP)

Abstract

Today, many organizations are transforming their traditional telephone services into Voice over Internet Protocol (VoIP) systems. These services are simple to implement, but they are often vulnerable to attacks because they are packet-switched IP networks to support the circuit-switched used for voice communication. SIP is widely used as a signaling protocol to facilitate video and voice communication, as well as for more multimedia applications. However, it is not protected against various types of attacks because of its open nature and lack of a clear line of defense against the growing number of security threats. Among these risks, registration hijacking assaults, known by its harmful effect, attack both the User Agent Server (UAS) and the User Agent Client (UAC). In particular, the REGISTER message is evaluated as one of the main reasons of registration hijacking assaults in SIP. An attacker who deactivates the SIP registration of a valid user and replaces it with the logical address of the hacker. This allows the hacker to block incoming calls as well as redirect, replay or end calls at will. In this survey, we present a complete study of the registration attack against SIP, communicating its different alternatives and analyzing its consequences. We have also categorized current solutions based on the different registration hijacking attack approaches they face, their types, and their targets. In addition, We conduct an in-depth review of the robustness and inefficiency of these solutions, as well as an in-depth analysis of each one’s basic assumptions to better understand their limitations. Finally, we recommend protecting the UAC registration method against registration-hijacking by using the Media Access Control (MAC) address to improve the efficiency of the studied solutions.