Title :
Formal Modeling of Authentication in SIP Registration
Author :
Hagalisletto, Anders Moen ; Strand, Lars
Author_Institution :
Norwegian Comput. Center & Dept. of Inf., Oslo Univ., Oslo
Abstract :
The Session Initiation Protocol (SIP) is increasingly used as a signaling protocol for administrating Voice over IP (VoIP) phone calls. SIP can be configured in several ways so that different functional and security requirements are met. Careless configuration of the SIP protocol is known to lead to a large set of attacks. In this paper we show how different configurations of SIP can be specified in a protocol centric formal language. Both static analysis and simulations can be performed on the resulting specifications by the recently developed tool PROSA. In particular, we analyze the VoIP architecture of a medium size Norwegian company, and show that several of the well known threats can be found.
Keywords :
Internet telephony; authorisation; formal specification; protocols; SIP registration; Session Initiation Protocol; VoIP phone calls; administrating voice over IP; authentication; formal modeling; protocol centric formal language; signaling protocol; static analysis; Access protocols; Analytical models; Authentication; Communication system security; Data security; Formal languages; Informatics; Information security; Internet telephony; Performance analysis; SIP authentication attack; formal modelling;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
978-0-7695-3329-2
Electronic_ISBN :
978-0-7695-3329-2
DOI :
10.1109/SECURWARE.2008.61
