SIP SECURITY TESTING FRAMEWORK

Presentation By Anil Kumar Marikukala,

Syed Khaja Najmuddin Ahmed.

Introduction

SIP is a text based and application layer protocol.

It has several security mechanisms but it is still vulnerable to attacks.

SIP architecture must be robust to all vulnerabilities.

A comprehensive security testing is to be done before deploying.

This framework combines many techniques to produce many powerful test methodologies.

Common Attacks on SIP Message Flooding DoS: attacker tries to deplete resources on a server.

Message Flow DoS: This attack tries to disrupt the ongoing call by

impersonating one of the caller.

Malformed Message Attacks: This attack may contain Embedded Shell codes or

Malicious SQL statements.

Other Attacks : Attack on DNS server, Spam over Internet Telephony(SPIT)

attacks.

Testing Framework It consists of three tiers. 1. Front Tier. 2. Middle Tier. 3. Target Tier.

Front Tier : It has uniform GUI(Graphical User Interface) which is dynamic

and helps the user to fine tune the tests using Configuration files. It acts as an interface between User and Middle tier during the

setting up.

Middle Tier : It consists of Central Control Agent and many other modules

each with different test functionalities.

Target Tier : Test agents spawned by the Control Agent constitute the Target

Tier. Performs tasks based on information from Control Agent and

sends feedback. Test agents works in parallel.

Control Agent SIP Entity Performance Evaluator

DoS Generator Fuzzing Unit External Module Wrapper

Monitoring Module

Fuzz Data Generation Fuzz testing is a Software testing technique. It’s used to find implementation defects using

malformed data. It is considered as a valuable method in

assessing the robustness and security vulnerabilities of systems.

Brute force data set, a random data set, known problematic sets these three are generally used data sets.

SIP_int, SIP_ip, SIP_string etc., are the data sets categorized by the authors from combination of above data sets.

Begin: choosing the initial population from the data sets using any combination.

Fitness: Evaluating the Fitness.

New Population: Creating New Population using different methods like: selection, crossover, mutation.

Acceptance: Placing the offspring in the new population.

Improvisation: Using the new offspring for running the algorithm

Test: stop if the end condition is satisfying.

New Data Generation Algorithm:

Evaluation

The following table shows the results after performing tests by calling to the different users.

Continued..

The following graph represents the response of Registered users and Unregistered users.

Conclusion

SIP security Testing framework provides a uniform platform to integrate several test methodologies and generate more test scenarios.

Fuzzer is not only a protocol aware but also it has an innovative algorithm which generates fuzz data.

The results demonstrates that even though devices are resistant to individual stress and Fuzz testing, they may be vulnerable to test scenarios which combines both.