Formal Modeling of Authentication in SIP Registration

Author

Hagalisletto, Anders Moen ; Strand, Lars

Author_Institution

Norwegian Comput. Center & Dept. of Inf., Oslo Univ., Oslo

fYear

2008

fDate

25-31 Aug. 2008

Firstpage

16

Lastpage

21

Abstract

The Session Initiation Protocol (SIP) is increasingly used as a signaling protocol for administrating Voice over IP (VoIP) phone calls. SIP can be configured in several ways so that different functional and security requirements are met. Careless configuration of the SIP protocol is known to lead to a large set of attacks. In this paper we show how different configurations of SIP can be specified in a protocol centric formal language. Both static analysis and simulations can be performed on the resulting specifications by the recently developed tool PROSA. In particular, we analyze the VoIP architecture of a medium size Norwegian company, and show that several of the well known threats can be found.

Keywords

Internet telephony; authorisation; formal specification; protocols; SIP registration; Session Initiation Protocol; VoIP phone calls; administrating voice over IP; authentication; formal modeling; protocol centric formal language; signaling protocol; static analysis; Access protocols; Analytical models; Authentication; Communication system security; Data security; Formal languages; Informatics; Information security; Internet telephony; Performance analysis; SIP authentication attack; formal modelling;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on

Conference_Location

Cap Esterel

Print_ISBN

978-0-7695-3329-2

Electronic_ISBN

978-0-7695-3329-2

Type

conf

DOI

10.1109/SECURWARE.2008.61

Filename

4622555