{"title":"Side effects of identity management in SIP VoIP environment","authors":"Ge Zhang , Yacine Rebahi","doi":"10.1016/j.istr.2011.07.002","DOIUrl":null,"url":null,"abstract":"<div><p>In this article, we summarize the security threats targeting SIP proxy servers or other infrastructures in NGN by misusing a specific signaling authentication mechanism, which has been proposed in RFC 4474 (<span>Peterson and Jennings, 2006</span>). This mechanism is designed to authenticate inter-domain SIP requests based on domain certificates to prevent identity theft. Nevertheless, despite its contribution, this protection raises some “side effects”, that actually lead to new vulnerabilities in both the availability and confidentiality of SIP services. We provide an overview of different attack possibilities and explain them in more detail, including attacks utilizing algorithm complexity, certificates storage, and certificates distribution. We also suggest some alternative design to prevent or reduce the attacks. SIP, VoIP, NGN, Authentication, Denial of Service, Timing attack.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"16 1","pages":"Pages 29-35"},"PeriodicalIF":0.0000,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.07.002","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412711000379","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
In this article, we summarize the security threats targeting SIP proxy servers or other infrastructures in NGN by misusing a specific signaling authentication mechanism, which has been proposed in RFC 4474 (Peterson and Jennings, 2006). This mechanism is designed to authenticate inter-domain SIP requests based on domain certificates to prevent identity theft. Nevertheless, despite its contribution, this protection raises some “side effects”, that actually lead to new vulnerabilities in both the availability and confidentiality of SIP services. We provide an overview of different attack possibilities and explain them in more detail, including attacks utilizing algorithm complexity, certificates storage, and certificates distribution. We also suggest some alternative design to prevent or reduce the attacks. SIP, VoIP, NGN, Authentication, Denial of Service, Timing attack.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
