Reference : Abusing SIP authentication

	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/3842

Title :	Abusing SIP authentication
Language :	English
Author, co-author :	Abdelnur, Humberto J. [INRIA > Lorraine, Loria]
	Avanesov, Tigran [INRIA > Lorraine, Loria]
	Rusinowitch, Michael [INRIA > Lorraine, Loria]
	State, Radu [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC)]
Publication date :	2009
Journal title :	Journal of Information Assurance and Security
Publisher :	Dynamic
Volume :	4
Pages :	311–318
Peer reviewed :	Yes (verified by ORBilu)
Audience :	International
ISSN :	1554-1010
e-ISSN :	1554-1029
City :	Atlanta
Country :	GA
Keywords :	[en] Security threat ; VoIP ; SIP protocol ; authentication ; formal validation ; AVISPA
Abstract :	[en] The recent and massive deployment of Voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
Permalink :	http://hdl.handle.net/10993/3842

	File(s) associated to this reference
	Fulltext file(s): File Commentary Version Size Access Limited access jias-SIP.pdf Publisher postprint 471.06 kB Request a copy

All documents in ORBi^lu are protected by a user license.

 

University of Luxembourg Library |  Feedback |  Legal notices Site Map