Designing attacks on SIP call set-up
Source: International Journal of Applied Cryptography, Volume 2, Number 1, 1 July 2010 , pp. 13-22(10)
Publisher: Inderscience Publishers
Abstract:Many protocols running over the internet are neither formalised, nor formally analysed. The amount of documentation for telecommunication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF and traces of real-world SIP traffic, we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call set-up and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.
Keywords: COMPUTING AND MATHEMATICS; Applied and Computational Mathematics; Communications and Mobile Technology; Computing Science, Applications and Software; Information Systems and Technology; Internet and Web Services; RISK, SAFETY AND EMERGENCY MANAGEMENT; Security and Emergency Management
Document Type: Research article
Affiliations: 1: Department of Applied Research in Information Technology (DART), Norwegian Computing Center, Norway. 2: Department of Applied Research in Information Technology (DART), Norwegian Computing Center, Norway
Publication date: 2010-07-01
- Information security is important to the rapid growth of the Internet and advances of computer systems. However, existing journals on information security mainly focus on either theory or specific areas of information and computer security.
The International Journal of Applied Cryptography aims to introduce new ground between these two areas. It proposes and fosters discussion on cryptographic algorithms and protocols that are directly applicable.
- Information for Authors
- Submit a Paper
- Subscribe to this Title
- Terms & Conditions
- ingentaconnect is not responsible for the content or availability of external websites