Title :
A SIP Security Testing Framework
Author :
Srinivasan, Hemanth ; Sarac, Kamil
Author_Institution :
Dept. of Comput. Sci., Univ. of Texas at Dallas, Richardson, TX
Abstract :
Session Initiation Protocol (SIP) has emerged as the predominant protocol for setting up, maintaining, and terminating Voice over Internet Protocol (VoIP) sessions. In spite of the security mechanisms that it offers, several attacks are being made on the SIP architecture. In this paper we take a proactive approach and highlight the importance of testing SIP from a security perspective. We first give a brief introduction to some of the most common attacks on SIP. We then describe a framework to effectively test several security aspects of a SIP network and thereby help mitigate such attacks. We also present a genetic algorithm that we developed and used to generate data in our fuzz testing. Finally, we present the results of some tests performed on popular SIP devices using our framework.
Keywords :
Internet telephony; genetic algorithms; signalling protocols; telecommunication security; SIP security testing framework; Session Initiation Protocol; VoIP sessions; Voice over Internet Protocol; fuzz testing; genetic algorithm; Computer crime; Computer science; Computer security; Data security; IP networks; Internet telephony; Protocols; Robustness; System testing; Web and internet services;
Conference_Titel :
Consumer Communications and Networking Conference, 2009. CCNC 2009. 6th IEEE
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4244-2308-8
Electronic_ISBN :
978-1-4244-2309-5
DOI :
10.1109/CCNC.2009.4784778
