Black-box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service: work in progress

Authors:
Peter Steinbacher;Florian Fankhauser;Christian Schanes;Thomas Grechenig
Affiliations:
Vienna University of Technology, Vienna, Austria;Vienna University of Technology, Vienna, Austria;Vienna University of Technology, Vienna, Austria;Vienna University of Technology, Vienna, Austria
Venue:
Principles, Systems and Applications of IP Telecommunications
Year:
2010

Citing 13
Cited 0

Testing Computer Software

Testing Computer Software
The Performance Analysis of SIP-T Signaling System in Carrier Class VoIP Network

AINA '03 Proceedings of the 17th International Conference on Advanced Information Networking and Applications
Introduction to Computer Security

Introduction to Computer Security
Aggregate Traffic Models for VoIP Applications

ICDT '06 Proceedings of the international conference on Digital Telecommunications
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
Performance Evaluation of Load Control Techniques in SIP Signaling Servers

ICONS '08 Proceedings of the Third International Conference on Systems
Application of evolutionary algorithms in detection of SIP based flooding attacks

Proceedings of the 11th Annual conference on Genetic and evolutionary computation
A Survey of Voice over IP Security Research

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
A SIP security testing framework

CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Evaluating DOS attacks against SIP-based VoIP systems

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine
Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the main security objectives for systems connected to the Internet which provide services like Voice over Internet Protocol (VoIP) is to ensure robustness against security attacks to fulfill Quality of Service (QoS). To avoid system failures during attacks service providers have to integrate counter-measures which have to be tested. This work evaluates a test approach to determine the efficiency of counter-measures to fulfill QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main objective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., Denial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with different security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using different VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reflect the behavior of SIP systems availability under various attacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be predicted.