Article


Article Code : 13930804143332804(DOI : 10.7508/jist.2014.04.003)

Article Title : SIP Vulnerability Scan Framework

Journal Number : 8 Autumn 2014

Visited : 851

Files : 532 KB


List of Authors

  Full Name Email Grade Degree Corresponding Author
1 Mitra Alidoosti alidoosti@comp.iust.ac.ir - M.Sc
2 Hassan Asgharian asgharian@iust.ac.ir - M.Sc
3 Ahmad Akbari akbari@iust.ac.ir Associate Professor PhD

Abstract

The purpose of this paper is to provide a framework for detecting vulnerabilities in SIP (Session Initiation Protocol) networks. We try to find weaknesses in SIP enabled entities that an attacker by exploiting them is able to attack the system and affect it. This framework is provided by the concept of penetration testing and is designed to be flexible and extensible, and has the capability to customize for other similar session based protocols. To satisfy the above objectives, the framework is designed with five main modules for discovery, information modeling, operation, evaluation and report. After setting up a test-bed as a typical VoIP system to show the validity of the proposed framework, this system has been implemented as a SIP vulnerability scanner. We also defined appropriate metrics for gathering the performance statistics of SIP components. Our test bed is deployed by open-source applications and used for validation and also evaluation of the proposed framework.