• DocumentCode
    2855600
  • Title

    Abusing SIP Authentication

  • Author

    Abdelnur, Humberto ; Avanesov, Tigran ; Rusinowitch, Michael ; State, Radu

  • Author_Institution
    Nancy - Grand Est Campus Sci., INRIA, Vandoeuvre-les-Nancy
  • fYear
    2008
  • fDate
    8-10 Sept. 2008
  • Firstpage
    237
  • Lastpage
    242
  • Abstract
    The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
  • Keywords
    Internet telephony; formal specification; message authentication; signalling protocols; telecommunication security; SIP authentication; VoIP security; call hijacking; formal specification method; signalisation protocol; toll fraud; voice over IP infrastructures; Authentication; Codecs; Cryptographic protocols; Formal languages; Formal specifications; Information security; Internet telephony; Robustness; Signal design; Streaming media; AVISPA; SIP protocol; Security threat; VoIP; authentication; formal validation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
  • Conference_Location
    Naples
  • Print_ISBN
    978-0-7695-3324-7
  • Type

    conf

  • DOI
    10.1109/IAS.2008.29
  • Filename
    4627092
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2855600