Analysing Protocol Implementations

  • Anders Moen Hagalisletto
  • Lars Strand
  • Wolfgang Leister
  • Arne-Kristian Groven
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)

Abstract

Many protocols running over the Internet are neither formalised, nor formally analysed. The amount of documentation for tele- communication protocols used in real-life applications is huge, while the available analysis methods and tools require precise and clear-cut protocol clauses. A manual formalisation of the Session Initiation Protocol (SIP) used in Voice over IP (VoIP) applications is not feasible. Therefore, by combining the information retrieved from the specification documents published by the IETF, and traces of real world SIP traffic we craft a formal specification of the protocol in addition to an implementation of the protocol. In the course of our work we detected several weaknesses, both of SIP call setup and in the Asterisk implementation of the protocol. These weaknesses could be exploited and pose as a threat for authentication and non-repudiation of VoIP calls.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Anders Moen Hagalisletto
    • 1
  • Lars Strand
    • 1
  • Wolfgang Leister
    • 1
  • Arne-Kristian Groven
    • 1
  1. 1.Norwegian Computing CenterNorway

Personalised recommendations