Designing attacks on SIP call set-up

Authors:
Anders Moen Hagalisletto;Lars Strand
Affiliations:
Department of Applied Research in Information Technology (DART), Norwegian Computing Center, Norway.;Department of Applied Research in Information Technology (DART), Norwegian Computing Center, Norway
Venue:
International Journal of Applied Cryptography
Year:
2010

Citing 12
Cited 0

Practical VoIP Security

Practical VoIP Security
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Asterisk: The Future of Telephony

Asterisk: The Future of Telephony
Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol (Networking Council)

Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol (Networking Council)
Security Analysis of Voice-over-IP Protocols

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Billing attacks on SIP-based VoIP systems

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
VPN Analysis and New Perspective for Securing Voice over VPN Networks

ICNS '08 Proceedings of the Fourth International Conference on Networking and Services
Rtp: audio and video for the internet

Rtp: audio and video for the internet
Formal Modeling of Authentication in SIP Registration

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Voice over ip security

Voice over ip security
SIP Security

SIP Security
SIP security issues: the SIP authentication procedure and its processing load

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many protocols running over the internet are neither formalised, nor formally analysed. The amount of documentation for telecommunication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF and traces of real-world SIP traffic, we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call set-up and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.