Survey of security vulnerabilities in session initiation protocol

Dimitris Geneiatakis; Tasos Dagiuklas; Georgios Kambourakis; Costas Lambrinoudakis; Stefanos Gritzalis; Sven Ehlert; Dorgham Sisalem

doi:10.1109/COMST.2006.253270

Survey of security vulnerabilities in session initiation protocol

Dimitris Geneiatakis, Tasos Dagiuklas, Georgios Kambourakis, Costas Lambrinoudakis, Stefanos Gritzalis, Sven Ehlert, Dorgham Sisalem

Research output: Contribution to journal › Review article › peer-review

172 Citations (Scopus)

Abstract

The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e.g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.

Original language	English
Pages (from-to)	68-81
Number of pages	14
Journal	IEEE Communications Surveys and Tutorials
Volume	8
Issue number	3
DOIs	https://doi.org/10.1109/COMST.2006.253270
Publication status	Published - Sept 2006
Externally published	Yes

Access to Document

10.1109/COMST.2006.253270

Cite this

@article{5e3103e1766047e8be2010663d917878,

title = "Survey of security vulnerabilities in session initiation protocol",

abstract = "The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e.g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.",

author = "Dimitris Geneiatakis and Tasos Dagiuklas and Georgios Kambourakis and Costas Lambrinoudakis and Stefanos Gritzalis and Sven Ehlert and Dorgham Sisalem",

year = "2006",

month = sep,

doi = "10.1109/COMST.2006.253270",

language = "English",

volume = "8",

pages = "68--81",

number = "3",

}

TY - JOUR

T1 - Survey of security vulnerabilities in session initiation protocol

AU - Geneiatakis, Dimitris

AU - Dagiuklas, Tasos

AU - Kambourakis, Georgios

AU - Lambrinoudakis, Costas

AU - Gritzalis, Stefanos

AU - Ehlert, Sven

AU - Sisalem, Dorgham

PY - 2006/9

Y1 - 2006/9

N2 - The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e.g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.

AB - The open architecture of the Internet and the use of open standards like Session Initiation Protocol (SIP) constitute the provisioning of services (e.g., Internet telephony, instant messaging, presence, etc.) vulnerable to known Internet attacks, while at the same time introducing new security problems based on these standards that cannot been tackled with current security mechanisms. This article identifies and describes security problems in the SIP protocol that may lead to denial of service. Such security problems include flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level. A qualitative analysis of these security flaws and their impacts on SIP systems is presented.

UR - http://www.scopus.com/inward/record.url?scp=84881472647&partnerID=8YFLogxK

U2 - 10.1109/COMST.2006.253270

DO - 10.1109/COMST.2006.253270

M3 - Review article

AN - SCOPUS:84881472647

VL - 8

SP - 68

EP - 81

JO - IEEE Communications Surveys and Tutorials

JF - IEEE Communications Surveys and Tutorials

IS - 3

ER -

Survey of security vulnerabilities in session initiation protocol

Abstract

Access to Document

Other files and links

Cite this