H. Abdelnur, T. Avanesov, M. Rusinowitch, R. State
{"title":"滥用SIP认证","authors":"H. Abdelnur, T. Avanesov, M. Rusinowitch, R. State","doi":"10.1109/IAS.2008.29","DOIUrl":null,"url":null,"abstract":"The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.","PeriodicalId":103328,"journal":{"name":"2008 The Fourth International Conference on Information Assurance and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"37","resultStr":"{\"title\":\"Abusing SIP Authentication\",\"authors\":\"H. Abdelnur, T. Avanesov, M. Rusinowitch, R. State\",\"doi\":\"10.1109/IAS.2008.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.\",\"PeriodicalId\":103328,\"journal\":{\"name\":\"2008 The Fourth International Conference on Information Assurance and Security\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"37\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 The Fourth International Conference on Information Assurance and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAS.2008.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The Fourth International Conference on Information Assurance and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAS.2008.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The recent and massive deployment of voice over IP infrastructures had raised the importance of the VoIP security and more precisely of the underlying signalisation protocol SIP. In this paper, we will present a new attack against the authentication mechanism of SIP. This attack allows to perform toll fraud and call hijacking. We will detail the formal specification method that allowed to detect this vulnerability, highlight a simple usage case and propose a mitigation technique.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
