• The Journal of the Korea Contents Association
• /
• v.15 no.12
• /
• pp.18-23
• /
• 2015

This paper proposes a new protection technique against deregistration attack in SIP. Although it is caused by simple spoofing the REGISTER message of a legitimate SIP UA, its impact is serious. This new protection technique identifies and protects the deregistration attack by removing a binding form the location server after delaying a certain period of time instead of removing the binding immediately after receiving deregistration message. Therefore, this technique makes it possible to establish a secure SIP environment defending the deregistraion attack without any additional overhead such as an encryption or authentication.

• Journal of the Semiconductor & Display Technology
• /
• v.15 no.4
• /
• pp.92-96
• /
• 2016

Although deregistration attack is caused by simple spoofing the REGISTER message of a legitimate SIP UA, its impact is serious. The root cause of this attack is based on the fact that RFC 3261 allows the UA to remove the binding from the Location Server. In this paper, we propose a simple protection method to allow Registrar or Location Server just to ignore deregistration messages. We also show that this method works well by analyzing the process of registration and deregistration. Without any additional overhead such as an encryption or authentication, this method is able to establish a secure SIP environment efficiently protecting against the deregistration attack.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.9
• /
• pp.81-88
• /
• 2021

In this paper, we analyze the possibility of deregistration attack in 5G SNPN (Standalone Non-Public Network) based on 3GPP standard document. In the deregistraion attack, the attacker pretends to be a UE that is normally registered with AMF (Access and Mobility Management Function) and attempts to establish a spoofed RRC (Radio Resource Control) connection, causing AMF to deregister the existing UE. The existing deregistration attack attempts a spoofed RRC connection to the AMF in which the UE is registered. In addition, this paper analyzes whether deregistration attack is possible even when an attacker attempts to establish a spoofed RRC connection to a new AMF that is different from the registered AMF. When the 5G mobile communication network system is implemented by faithfully complying with the 3GPP standard, it is determined that a deregistration attack of a UE is impossible.