• DocumentCode
    2751304
  • Title

    A SIP Security Testing Framework

  • Author

    Srinivasan, Hemanth ; Sarac, Kamil

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Texas at Dallas, Richardson, TX
  • fYear
    2009
  • fDate
    10-13 Jan. 2009
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Session Initiation Protocol (SIP) has emerged as the predominant protocol for setting up, maintaining, and terminating Voice over Internet Protocol (VoIP) sessions. In spite of the security mechanisms that it offers, several attacks are being made on the SIP architecture. In this paper we take a proactive approach and highlight the importance of testing SIP from a security perspective. We first give a brief introduction to some of the most common attacks on SIP. We then describe a framework to effectively test several security aspects of a SIP network and thereby help mitigate such attacks. We also present a genetic algorithm that we developed and used to generate data in our fuzz testing. Finally, we present the results of some tests performed on popular SIP devices using our framework.
  • Keywords
    Internet telephony; genetic algorithms; signalling protocols; telecommunication security; SIP security testing framework; Session Initiation Protocol; VoIP sessions; Voice over Internet Protocol; fuzz testing; genetic algorithm; Computer crime; Computer science; Computer security; Data security; IP networks; Internet telephony; Protocols; Robustness; System testing; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Consumer Communications and Networking Conference, 2009. CCNC 2009. 6th IEEE
  • Conference_Location
    Las Vegas, NV
  • Print_ISBN
    978-1-4244-2308-8
  • Electronic_ISBN
    978-1-4244-2309-5
  • Type

    conf

  • DOI
    10.1109/CCNC.2009.4784778
  • Filename
    4784778
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2751304