Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

TL;DR

This paper presents an adaptive firewall pinholing method to prevent DDoS attacks on IMS emergency services in Next Generation Networks, enhancing security while maintaining legitimate client access.

Contribution

The paper introduces a novel, efficient firewall pinholing approach specifically designed to protect IMS emergency services from DDoS attacks.

Findings

The solution effectively blocks malicious traffic in test scenarios.

It allows legitimate clients to access emergency services without disruption.

The approach is simple to implement and adaptable to different network conditions.

Abstract

Emergency services are vital services that Next Generation Networks (NGNs) have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs, 3GPP has carried the burden of specifying a standardized IMS-based emergency services framework. Unfortunately, like any other IP-based standards, the IMS-based emergency service framework is prone to Distributed Denial of Service (DDoS) attacks. We propose in this work, a simple but efficient solution that can prevent certain types of such attacks by creating firewall pinholes that regular clients will surely be able to pass in contrast to the attackers clients. Our solution was implemented, tested in an appropriate testbed, and its efficiency was proven.