Security Analysis of Session Initiation Protocol - a Methodology Based on Coloured Petri Nets

In recent years Voice over Internet Protocol (VoIP) has become a popular multimedia application over the Internet. At the same time critical security issues in VoIP have started to emerge. The Session Initiation Protocol (SIP) is a predominant signalling protocol for VoIP. It is used to establish, maintain and terminate VoIP calls, playing a crucial role in VoIP. This paper is aimed at developing a Coloured Petri Net (CPN)-based approach to analysing security vulnerabilities in SIP, with the ultimate goal of achieving a formal and comprehensive security assessment of SIP specification, and creating a platform for evaluating countermeasures for securing SIP. In the paper we present a method for modelling the behaviour of SIP and its security threats using CPNs, and discuss suitable techniques for analysing the CPNs for investigating SIP security issues. The CPN models and the analysis techniques will then become the platform for analysing the behavior of SIP that is enhanced with proposed security countermeasures.