Title: Single-message denial-of-service attacks against voice-over-internet protocol terminals

Authors: Jan Seedorf, Kristian Beckers, Felipe Huici

Addresses: NEC Laboratories Europe, Kurfuerstenanlage 36, Heidelberg 69115, Germany. ' NEC Laboratories Europe, Kurfuerstenanlage 36, Heidelberg 69115, Germany. ' NEC Laboratories Europe, Kurfuerstenanlage 36, Heidelberg 69115, Germany

Abstract: The session initiation protocol (SIP) is widely used for signalling in multimedia communications. However, many SIP implementations are still in their infancy and vulnerable to malicious messages. We investigate flaws in the SIP implementations of eight phones, showing that the deficient verification of SIP dialogs further aggravates the problem by making it easier for attacks to succeed. Our results show that the majority of the phones we tested are susceptible to these attacks.

Keywords: session initiation protocol; SIP dialogue authentication; testing SIP implementations; VoIP security; voice over internet protocol; denial-of-service attacks; multimedia communications; malicious messages; electronic security.

DOI: 10.1504/IJESDF.2009.023873

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.1, pp.29 - 34

Published online: 17 Mar 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article