An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems.dvi
نویسندگان
چکیده
Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle or remote attacker could transparently 1) hijack selected E911 calls and impersonate the Public Safety Answering Point (PSAP); and 2) spoof the voicemail servers of both the caller and the callee of selected VoIP calls; and 3) make spam calls to VoIP subscribers even if Do Not Disturb is enabled. These empirical results confirm that leading deployed SIP-based VoIP systems have serious security vulnerabilities.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملAn Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle ...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملAnalysis and Modeling of VoIP Servers: A Linear Programming Approach
The SIP protocol was standardized by the IETF at the application layer for initiating, managing, and terminating multimedia sessions and has been widely used as the main signaling protocol on both the Internet and VoIP networks. Most challenges in this protocol are overload and lack of proper state distribution. These challenges cause a wide range of next-generation network users to face a shar...
متن کامل