Practical VoIP Security
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Asterisk: The Future of Telephony
Asterisk: The Future of Telephony
Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol (Networking Council)
Security Analysis of Voice-over-IP Protocols
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Billing attacks on SIP-based VoIP systems
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
VPN Analysis and New Perspective for Securing Voice over VPN Networks
ICNS '08 Proceedings of the Fourth International Conference on Networking and Services
Rtp: audio and video for the internet
Rtp: audio and video for the internet
Formal Modeling of Authentication in SIP Registration
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Voice over ip security
SIP Security
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
Many protocols running over the internet are neither formalised, nor formally analysed. The amount of documentation for telecommunication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF and traces of real-world SIP traffic, we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call set-up and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.