Title :
Abusing SIP Authentication
Author :
Abdelnur, Humberto ; Avanesov, Tigran ; Rusinowitch, Michael ; State, Radu
Author_Institution :
Nancy - Grand Est Campus Sci., INRIA, Vandoeuvre-les-Nancy
Abstract :
The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
Keywords :
Internet telephony; formal specification; message authentication; signalling protocols; telecommunication security; SIP authentication; VoIP security; call hijacking; formal specification method; signalisation protocol; toll fraud; voice over IP infrastructures; Authentication; Codecs; Cryptographic protocols; Formal languages; Formal specifications; Information security; Internet telephony; Robustness; Signal design; Streaming media; AVISPA; SIP protocol; Security threat; VoIP; authentication; formal validation;
Conference_Titel :
Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
Conference_Location :
Naples
Print_ISBN :
978-0-7695-3324-7
DOI :
10.1109/IAS.2008.29
