Transcript SIP Security Testing Framework

Presentation By
Anil Kumar Marikukala,
Syed Khaja Najmuddin Ahmed.





SIP is a text based and application layer
protocol.
It has several security mechanisms but it is still
vulnerable to attacks.
SIP architecture must be robust to all
vulnerabilities.
A comprehensive security testing is to be done
before deploying.
This framework combines many techniques to
produce many powerful test methodologies.

Message Flooding DoS:

attacker tries to deplete resources on a server.

Message Flow DoS:





This attack tries to disrupt the ongoing call by impersonating one
of the caller.
Malformed Message Attacks:
This attack may contain Embedded Shell codes or Malicious SQL
statements.
Other Attacks :
Attack on DNS server, Spam over Internet Telephony(SPIT)
attacks.

It consists of three tiers.
1. Front Tier.
2. Middle Tier.
3. Target Tier.

Front Tier :

It has uniform GUI(Graphical User Interface) which is dynamic and helps
the user to fine tune the tests using Configuration files.
It acts as an interface between User and Middle tier during the setting up.

Middle Tier :


It consists of Central Control Agent and many other modules each with
different test functionalities.
Control Agent
SIP Entity
Performance Evaluator
DoS Generator
Fuzzing Unit
External Module Wrapper
Monitoring Module




Target Tier :
Test agents spawned by the Control Agent constitute the Target Tier.
Performs tasks based on information from Control Agent and sends
feedback.
Test agents works in parallel.





Fuzz testing is a Software testing technique.
It’s used to find implementation defects using
malformed data.
It is considered as a valuable method in assessing
the robustness and security vulnerabilities of
systems.
Brute force data set, a random data set, known
problematic sets these three are generally used data
sets.
SIP_int, SIP_ip, SIP_string etc., are the data sets
categorized by the authors from combination of
above data sets.

Begin: choosing the initial population from the data sets using any
combination.

Fitness: Evaluating the Fitness.

New Population: Creating New Population using different methods
like: selection, crossover, mutation.



Acceptance: Placing the offspring in the new population.
Improvisation: Using the new offspring for running the
algorithm
Test: stop if the end condition is satisfying.

The following table shows the results after
performing tests by calling to the different
users.

The following graph represents the response of
Registered users and Unregistered users.



SIP security Testing framework provides a
uniform platform to integrate several test
methodologies and generate more test
scenarios.
Fuzzer is not only a protocol aware but also it
has an innovative algorithm which generates
fuzz data.
The results demonstrates that even though
devices are resistant to individual stress and
Fuzz testing, they may be vulnerable to test
scenarios which combines both.