Security testing of SIP implementations
Christian Wieser; Marko Laakso; Henning G. Schulzrinne
- Security testing of SIP implementations
Schulzrinne, Henning G.
- Technical reports
- Computer Science
- Permanent URL:
- Columbia University Computer Science Technical Reports
- Part Number:
- Department of Computer Science, Columbia University
- Publisher Location:
- New York
- The Session Initiation Protocol (SIP) is a signaling protocol for Internet telephony, multimedia conferencing and instant messaging. Although SIP implementations have not yet been widely deployed, the product portfolio is expanding rapidly. We describe a method to assess the robustness of SIP implementation by describing a tool to find vulnerabilities. We prepared the test material and carried out tests against a sample set of existing implementations. Results were reported to the vendors and the test suite was made publicly available. Many of the implementations available for evaluation failed to perform in a robust manner under the test. Some failures had information security implications, and should be considered vulnerabilities.
- Computer science
- Item views: