Modular Preservation of Safety Properties by Cookie-Based DoS-Protection Wrappers
FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Formal Models and Analysis of Secure Multicast in Wired and Wireless Networks
Journal of Automated Reasoning
Analysing Protocol Implementations
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Multimedia Internet Rekeying for secure session mobility in ubiquitous mobile networks
Journal of Systems and Software
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers
Information Security Applications
Model-checking DoS amplification for VoIP session initiation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
SIP authentication based on HOTP
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
Designing attacks on SIP call set-up
International Journal of Applied Cryptography
Confidentiality of VOIP data using efficient ECDH key exchanging mechanism
ELECTRO'10 Proceedings of the 8th WSEAS international conference on Applied electromagnetics, wireless and optical communications
Socio-technical aspects of remote media control for a NG9-1-1 system
Multimedia Tools and Applications
Hi-index | 0.00 |
The transmission of voice communications as datagram packets over IP networks, commonly known as Voice-over- IP (VoIP) telephony, is rapidly gaining wide acceptance. With private phone conversations being conducted on insecure public networks, security of VoIP communications is increasingly important. We present a structured security analysis of the VoIP protocol stack, which consists of signaling (SIP), session description (SDP), key establishment (SDES, MIKEY, and ZRTP) and secure media transport (SRTP) protocols. Using a combination of manual and tool-supported formal analysis, we uncover several design flaws and attacks, most of which are caused by subtle inconsistencies between the assumptions that protocols at different layers of the VoIP stack make about each other. The most serious attack is a replay attack on SDES, which causes SRTP to repeat the keystream used for media encryption, thus completely breaking transport-layer security. We also demonstrate a man-in-the-middle attack on ZRTP, which allows the attacker to convince the communicating parties that they have lost their shared secret. If they are using VoIP devices without displays and thus cannot execute the "human authentication" procedure, they are forced to communicate insecurely, or not communicate at all, i.e., this becomes a denial of service attack. Finally, we show that the key derivation process used in MIKEY cannot be used to prove security of the derived key in the standard cryptographic model for secure key exchange.