inria-00166947, version 1

See detailed view

BibTeX  EndNote  TEI  RefWorks %% inria-00166947, version 1 %% http://hal.inria.fr/inria-00166947/en/ @inproceedings{ABDELNUR:2007:INRIA-00166947:1, HAL_ID = {inria-00166947}, URL = {http://hal.inria.fr/inria-00166947/en/}, title = { {K}i{F}: {A} stateful {SIP} {F}uzzer}, author = {{A}bdelnur, {H}umberto and {F}estor, {O}livier and {S}tate, {R}adu}, abstract = {{W}ith the recent evolution in the {V}o{IP} market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. {A}mong the most dangerous threats to {V}o{IP}, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. {I}n this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. {W}e describe an automated attack approach capable to self-improve and to track the state context of a target device. {W}e implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software.}, keywords = {{S}oftware {T}esting {T}echniques, {P}rotocol {F}uzzer, {V}o{IP} {S}ecurity, {SIP} {V}ulnerabilities}, language = {{E}nglish}, affiliation = {{MADYNES} - {INRIA} {L}orraine - {LORIA} - {INRIA} - {CNRS} : {UMR}7503 - {U}niversit{\'e} {H}enri {P}oincar{\'e} - {N}ancy {I} - {U}niversit{\'e} {N}ancy {II} - {I}nstitut {N}ational {P}olytechnique de {L}orraine }, booktitle = {1st {I}nternational {C}onference on {P}rinciples, {S}ystems and {A}pplications of {IP} {T}elecommunications ({IPTC}omm) }, publisher = {{ACM} {SIGCOMM} }, address = {{N}ew {Y}ork {U}nited {S}tates }, organization = {{C}olumbia {U}niversity }, audience = {international }, day = {19}, month = {07}, year = {2007}, URL = {http://hal.inria.fr/inria-00166947/PDF/Kif_A_stateful_SIP_Fuzzer.pdf}, } %F inria-00166947, version 1 %0 Conference Proceedings %U http://hal.inria.fr/inria-00166947/en/ %2 INFO:INFO_NI %T KiF: A stateful SIP Fuzzer %A Abdelnur, Humberto %A Festor, Olivier %A State, Radu %+ MADYNES - INRIA Lorraine - LORIA - INRIA - CNRS : UMR7503 - Université Henri Poincaré - Nancy I - Université Nancy II - Institut National Polytechnique de Lorraine %X With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software. %G English %2 international %B 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm) %2 New York %2 United States %8 2007-07-19 %2 Columbia University %I ACM SIGCOMM %K Software Testing Techniques, Protocol Fuzzer, VoIP Security, SIP Vulnerabilities %2 2007 <?xml version="1.0" encoding="UTF-8"?> <listBibl xmlns="http://www.tei-c.org/ns/1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:mml="http://www.w3.org/1998/Math/MathML"> <listBibl type="inproceedings"><head>Peer-reviewed conferences/proceedings</head> <biblStruct type="inproceedings" xml:id="inria-00166947"><analytic> <author><persName><forename>Humberto</forename><surname>Abdelnur</surname></persName> <affiliation> <orgName type="laboratory">INRIA Lorraine - LORIA</orgName> <orgName type="team">MADYNES</orgName> <country>FR</country> <orgName type="institution">INRIA</orgName> <orgName type="institution">CNRS : UMR7503</orgName> <orgName type="institution">Université Henri Poincaré - Nancy I</orgName> <orgName type="institution">Université Nancy II</orgName> <orgName type="institution">Institut National Polytechnique de Lorraine</orgName> </affiliation> </author> <author><persName><forename>Olivier</forename><surname>Festor</surname></persName> <affiliation> <orgName type="laboratory">INRIA Lorraine - LORIA</orgName> <orgName type="team">MADYNES</orgName> <country>FR</country> <orgName type="institution">INRIA</orgName> <orgName type="institution">CNRS : UMR7503</orgName> <orgName type="institution">Université Henri Poincaré - Nancy I</orgName> <orgName type="institution">Université Nancy II</orgName> <orgName type="institution">Institut National Polytechnique de Lorraine</orgName> </affiliation> </author> <author><persName><forename>Radu</forename><surname>State</surname></persName> <affiliation> <orgName type="laboratory">INRIA Lorraine - LORIA</orgName> <orgName type="team">MADYNES</orgName> <country>FR</country> <orgName type="institution">INRIA</orgName> <orgName type="institution">CNRS : UMR7503</orgName> <orgName type="institution">Université Henri Poincaré - Nancy I</orgName> <orgName type="institution">Université Nancy II</orgName> <orgName type="institution">Institut National Polytechnique de Lorraine</orgName> </affiliation> </author> <title type="main" level="a">KiF: A stateful SIP Fuzzer</title></analytic><monogr><meeting>1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm)</meeting><imprint><publisher>ACM SIGCOMM</publisher><pubPlace><settlement>New York</settlement><country>United States</country></pubPlace></imprint></monogr><idno type="HALid">http://hal.inria.fr/inria-00166947/en/</idno><idno type="HALFile">http://hal.inria.fr/inria-00166947/PDF/Kif_A_stateful_SIP_Fuzzer.pdf</idno></biblStruct> </listBibl> </listBibl>

KiF: A stateful SIP Fuzzer Humberto Abdelnur () 1, Olivier Festor () 1, Radu State 1 (2007-07-19)

Access to full text PDF

1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm) (2007)

Abstract: With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software.

1:	MADYNES (INRIA Lorraine - LORIA)
	INRIA – CNRS : UMR7503 – Université Henri Poincaré - Nancy I – Université Nancy II – Institut National Polytechnique de Lorraine

Domain

:

Computer Science/Networking and Telecommunication

Keywords : Software Testing Techniques – Protocol Fuzzer – VoIP Security – SIP Vulnerabilities

inria-00166947, version 1

http://hal.inria.fr/inria-00166947/en/

oai:hal.inria.fr:inria-00166947

From: Humberto Abdelnur <>

Submitted on: Tuesday, 14 August 2007 09:37:30

Updated on: Tuesday, 14 August 2007 11:39:39