SURVEY OF SECURITY VULNERABILITIES IN SESSION INITIATION PROTOCOL

被引:125
作者
Geneiatakis, Dimitris [1 ]
Dagiuklas, Tasos [1 ]
Kambourakis, Georgios [1 ]
Lambrinoudakis, Costas [1 ]
Gritzalis, Stefanos [1 ]
Ehlert, Sven [2 ]
Sisalem, Dorgham [2 ]
机构
[1] Univ Aegean, Dept Informat & Commun Syst Engn, Karlovassi, Greece
[2] Fraunhofer Fokus Inst, Aachen, Germany
来源
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS | 2006年 / 8卷 / 03期
关键词
D O I
10.1109/COMST.2006.253270
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e. g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.
引用
收藏
页码:68 / 81
页数:14
相关论文
共 49 条
[1]  
ANLEY C, 2002, ADV SQL INJECTION IN
[2]  
[Anonymous], SNOM VOIP PHON
[3]  
[Anonymous], YOUR SOURCE OPEN SOU
[4]  
[Anonymous], 2008, SIP EXPRESS ROUTER
[5]  
[Anonymous], 3851 IETF RFC
[6]  
[Anonymous], P 2004 INT C DEP SYS
[7]  
[Anonymous], 1998, 2327 RFC
[8]  
[Anonymous], 3702 RFC
[9]  
[Anonymous], 2003, 3588 RFC
[10]  
[Anonymous], Oracle Database
12345