Analysing Protocol Implementations

Authors:
Anders Moen Hagalisletto;Lars Strand;Wolfgang Leister;Arne-Kristian Groven
Affiliations:
Norwegian Computing Center,;Norwegian Computing Center,;Norwegian Computing Center,;Norwegian Computing Center,
Venue:
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Year:
2009

Citing 10
Cited 0

Practical VoIP Security

Practical VoIP Security
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Asterisk: The Future of Telephony

Asterisk: The Future of Telephony
Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol (Networking Council)

Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol (Networking Council)
Security Analysis of Voice-over-IP Protocols

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Billing attacks on SIP-based VoIP systems

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
VPN Analysis and New Perspective for Securing Voice over VPN Networks

ICNS '08 Proceedings of the Fourth International Conference on Networking and Services
Formal Modeling of Authentication in SIP Registration

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
SP 800-58. Security Considerations for Voice Over IP Systems

SP 800-58. Security Considerations for Voice Over IP Systems
SIP security issues: the SIP authentication procedure and its processing load

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many protocols running over the Internet are neither formalised, nor formally analysed. The amount of documentation for tele- communication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF, and traces of real world SIP traffic we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call setup and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.