论文信息 - An Analysis of Security Threats and Tools in SIP-Based VoIP Systems

An Analysis of Security Threats and Tools in SIP-Based VoIP Systems

Security tools such as protocol analyzers, vulnerability assessment utilities and security monitoring utilities are among the common tools in a security professional’s arsenal. Such tools have reached a high level of dependence among security professionals for evaluating potential vulnerabilities in such areas as operating systems, device configuration, networking protocols and applications. However, these tools have their limitations, such as (1) where they are applied, (2) how they are implemented and (3) how they are maintained and updated. Furthermore, while such tools are fairly robust for more mature technology, it remains difficult to develop comprehensive security tools for emerging technology. Voice over Internet Protocol is an example of such an emerging technology. This paper explores the known VoIP-related vulnerabilities and tests several of the more popular open source and commercial VoIP security tools with the intention of demonstrating the gap that exists between vulnerability and detection. Understanding this gap will help to identify what issues need to be addressed in the future development of VoIP security tools.

S. McGann

[1] Edsger W. Dijkstra,et al. Notes on structured programming , 1970 .

[2] Johann Thalhammer,et al. Security in VoIP-Telephony Systems , 2002 .

[3] Luca Veltri,et al. SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[4] Radia J. Perlman,et al. DoS protection for UDP-based protocols , 2003, CCS '03.

[5] Henning Schulzrinne,et al. Security testing of SIP implementations , 2003 .

[6] Ryan Spangler. Packet Sniffing on Layer 2 Switched Local Area Networks , 2003 .

[7] Zou Wei,et al. Security mechanisms for SIP-based multimedia communication infrastructure , 2004, 2004 International Conference on Communications, Circuits and Systems (IEEE Cat. No.04EX914).

[8] Saurabh Bagchi,et al. SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[9] John W. Rittinghouse,et al. Voice over Internet Protocol (VoIP) Security , 2004 .

[10] Intrusion Prevention : The Future of VoIP Security , 2004 .

[11] Thomas J. Walsh,et al. Security Considerations for Voice Over IP Systems , 2005 .