Analysing Protocol Implementations
作者: Anders Moen Hagalisletto , Lars Strand , Wolfgang Leister , Arne-Kristian Groven
DOI: 10.1007/978-3-642-00843-6_16
关键词:
摘要: Many protocols running over the Internet are neither formalised, nor formally analysed. The amount of documentation for tele- communication used in real-life applications is huge, while available analysis methods and tools require precise clear-cut protocol clauses. A manual formalisation Session Initiation Protocol (SIP) Voice IP (VoIP) not feasible. Therefore, by combining information retrieved from specification documents published IETF, traces real world SIP traffic we craft a formal addition to an implementation protocol. In course our work detected several weaknesses, both call setup Asterisk These weaknesses could be exploited pose as threat authentication non-repudiation VoIP calls.
springer.com
sci-hub.st 参考文章(17)
Xuxian Jiang, Ruishan Zhang, Xiaohui Yang, Xinyuan Wang, Billing attacks on SIP-based VoIP systems WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies. pp. 4- ,(2007)
Henry Sinnreich, Alan B. Johnston, Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol ,(2006)
Mark Collier, David Endler, Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions ,(2006)
J. Arkko, A. Niemi, G. Camarillo, V. Torvinen, T. Haukka, Security Mechanism Agreement for the Session Initiation Protocol (SIP) RFC. ,vol. 3329, pp. 1- 24 ,(2003)
Sandra L. Murphy, BGP Security Vulnerabilities Analysis RFC. ,vol. 4272, pp. 1- 22 ,(2006)
D. Dolev, A. Yao, On the security of public key protocols IEEE Transactions on Information Theory. ,vol. 29, pp. 198- 208 ,(1983) , 10.1109/TIT.1983.1056650
Prateek Gupta, Vitaly Shmatikov, Security Analysis of Voice-over-IP Protocols ieee computer security foundations symposium. pp. 49- 63 ,(2007) , 10.1109/CSF.2007.31
SIP: Session Initiation Protocol RFC3261. ,vol. 2543, pp. 1- 151 ,(2002) , 10.1201/9781420070910-13
J. Franks, P. Hallam-Baker, A. Luotonen, S. Lawrence, J. Hostetler, L. Stewart, P. Leach, HTTP Authentication: Basic and Digest Access Authentication RFC2617. ,vol. 2617, pp. 1- 34 ,(1999)
Anders Moen Hagalisletto, Lars Strand, Formal Modeling of Authentication in SIP Registration international conference on emerging security information, systems and technologies. pp. 16- 21 ,(2008) , 10.1109/SECURWARE.2008.61