The Session Initiation Protocol (SIP) is an application-layer control protocol for creating, modifying, and terminating Voice/Video over IP sessions. While deployed globally to facilitate multimedia communications, SIP is subject to various attacks. The defense against SIP attacks, however, often lack expertise due to the limited resources within the organization. When there is a large footprint of SIP systems, scaling and keeping up SIP defense becomes crucial in safeguarding these systems. This paper proposes SIPchain, a distributed SIP defense cluster system that leverages Blockchain technology as a distributed, highly-available, and permanent ledger of Indicator of Compromise (IOC). Each node in this cluster is a sensor and shares attack intelligence with other nodes via Blockchain. Each node reads information from the Blockchain and implements the appropriate firewall rule based on this information. This approach scales the defense because each node can leverage the actionable intelligence provided by other nodes and does not have to perform detection on their own. Experiments have been performed using a cluster of three SIP nodes in three different countries (US, UK, and Singapore) and the Ethereum Blockchain network. The result shows that when a node detected an attack, it produced and stored the IOC information at the Ethererum. Fellow SIP nodes retrieved this information, implemented firewall rule based on this information, and were proactively prepared when the same attack was launched against them. This SIPchain approach scales the SIP defense effort by utilizing Blockchain technology to secure the ever-growing footprint of SIP systems within the organization.
|Title of host publication
|IPTComm 2019: Principles, Systems and Applications of IP Telecommunications
|Institute of Electrical and Electronics Engineers (IEEE)
|Number of pages
|Published - 5 Dec 2019