presentation on: a sip security testing framework by: vijay kumar reddy pesari sai sharan korvi
TRANSCRIPT
Presentation On:A SIP Security Testing Framework
BY:
VIJAY KUMAR REDDY PESARI
SAI SHARAN KORVI
Contents Of the paper:
SIP and its functions
What does a Testing framework mean?
Threats to SIP
The Framework proposed in paper
The Fuzz data generation algorithm
Various tests performed
Conclusion
What is a Session Initiation Protocol (SIP) ?
SIP is a signaling communications protocol, used widely to control communication sessions over Internet.
Functions of SIP
Call Initialization
Call Maintenance
Call Termination
Changing call features when SIP session is in progress
The Testing Framework: Testing framework is a structured body which is
used to examine a particular entity. (For Example: a software).
What is a SIP Security testing framework:Because of increasing threat to the SIP, there is a
need to ensure its security. For this purpose, a testing framework is proposed in this paper, which tests
the performance ability of SIP under several conditions. The various vulnerabilities can be due to:
- Performance Limitations- DoS attacks- Fuzz attacks and protocol non-performance
Different attacks on SIP 1) Message Flooding DoS Attacks: This attack sends messages such as, REGISTER and INVITE to the registrar and Server leading to Denial of service to the legitimate users.
2) Message flow DoS attack: In this case, an attacker can disrupt an ongoing call by imitating one of the entities. The Man in the Middle attack can be an example for this.
3) Malformed Message Attacks: A SIP can be attacked with the malicious data such as embedded shell codes and SQL statements.
SIP security Test Framework
This Frame work mainly consists of Three tiers Front Tier
Middle Tier
Target Tier
Front Tier It provides uniform GUI to establish test cases and is incorporated
with the middle Tier
It’s GUI is dynamic because user has flexibility in changing its interface by tuning the configuration files
Middle Tier
Here, there is a control agent which handles all the other entities to implement a particular test and also, modify the data set.
Target Tier
This tier consists of the test agents to which the fuzz data information is passed. These test agents are responsible for
testing the SIP finally.
The FUZZ data generation algorithm:
- The aim of fuzzing is to examine the robustness of software systems.
- We can use a brute date, a random data or a problematic data set.
- Instead of using only the pre-defined data, we can use this algorithm to derive new fuzz data from this.
The data generation algorithm is as follows:
Begin- Select a particular data set
Fitness- Evaluate its fitness
New Data Set- This is obtained by altering the main data set
Acceptance- The newly created data set should be placed as the new data set
Improvisation- This newly created data can now be used to generate new data again
Test- We can perform test with the data set now and return the best solution
Repeat- In order to repeat the test, we should go to the fuzzing computation.
Evaluations
Performance tests
Here calls were made to user agents at different instances and their response times of dropped calls are observed
DoS tests
DoS tests are performed on proxy servers
Fuzz Data Generation Tests
The test case consisted of making calls to UA’s at 1cps with fuzzed INVITE messages.
Strezz tests
Here multiple tests are performed at a time
Conclusion
This framework can be used to examine the performance of SIP under various circumstances.
The advantage of this framework is, we can define the values in the data set and modify that data to test the SIP in the desired way.
Critique- The algorithm proposed in the paper is not explained clearly
- The mathematical calculation for the “fitness” value is not justified
Thank you.