HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Journal articles

Abusing SIP authentication

Humberto Abdelnur 1, * Tigran Avanesov 2, * Michael Rusinowitch 2, * Radu State 1, 3, *
* Corresponding author
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
2 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
3 FSTC - Faculté des Sciences, de la Technologie et de la Communication
Abstract : The recent and massive deployment of Voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
Keywords : VoIP SIP protocol authentication formal validation AVISPA Security threat
Document type :
Journal articles
Complete list of metadata

Cited literature [9 references]  Display  Hide  Download
https://hal.inria.fr/inria-00405356
Contributor : Tigran Avanesov Connect in order to contact the contributor
Submitted on : Monday, July 20, 2009 - 12:42:27 PM
Last modification on : Friday, January 21, 2022 - 3:09:02 AM
Long-term archiving on: : Tuesday, June 15, 2010 - 8:33:23 PM

File

Vignette du document
jias-SIP.pdf
Explicit agreement for this submission

Identifiers

  • HAL Id : inria-00405356, version 1

Collections

CNRS | INRIA | UNIV-FCOMTE | INRIA2 | UNIV-BM | FEMTO-ST | UNIV-BM-THESE | LORIA | UNIV-LORRAINE | LORIA-FM

Citation

Humberto Abdelnur, Tigran Avanesov, Michael Rusinowitch, Radu State. Abusing SIP authentication. Journal of Information Assurance and Security, Dynamic Publishers Inc., USA, 2009, Special Issue on Access Control and Protcols, 4 (4), pp.311-318. ⟨inria-00405356⟩

Export

BibTeX TEI DC DCterms EndNote Datacite

Share

Metrics

Record views

185

Files downloads

508

 

Contact                    Legal Notice                    Personal Data