Sökning: id:"swepub:oai:DiVA.org:kau-4079" >
Revealing the calli...
Revealing the calling history on SIP VoIP systems by timing attacks
-
- Zhang, Ge (författare)
- Karlstads universitet,Avdelningen för datavetenskap
-
- Fischer-Hübner, Simone, 1963- (författare)
- Karlstads universitet,Avdelningen för datavetenskap
-
- Martucci, Leonardo A. (författare)
- Karlstads universitet,Avdelningen för datavetenskap
-
visa fler...
-
- Ehlert, Sven (författare)
- Fraunhofer FOKUS, Berlin, Germany
-
visa färre...
-
(creator_code:org_t)
- IEEE Computer Society, 2009
- 2009
- Engelska.
-
Ingår i: Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009), IEEE Press. - : IEEE Computer Society. - 9781424435722 ; , s. 135-142
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Many emergent security threats which did not exist in the traditional telephony network are introduced in SIP VoIP services. To provide high-level security assurance to SIP VoIP services, an inter-domain authentication mechanism is defined in RFC 4474. However, this mechanism introduces another vulnerability: a timing attack which can be used for effectively revealing the calling history of a group of VoIP users. The idea here is to exploit the certificate cache mechanisms supported by SIP VoIP infrastructures, in which the certificate from a caller's domain will be cached by the callee's proxy to accelerate subsequent requests. Therefore, SIP processing time varies depending whether the two domains had been into contact beforehand or not. The attacker can thus profile the calling history of a SIP domain by sending probing requests and observing the time required for processing. The result of our experiments demonstrates that this attack can be easily launched. We also discuss countermeasures to prevent such attacks
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)
Nyckelord
- VoIP services
- security
- Computer and systems science
- Data- och systemvetenskap
- Computer Science
- Datavetenskap
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas