Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

Similar presentations


Presentation on theme: "Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed."— Presentation transcript:

1 Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

2  SIP is a text based and application layer protocol.  It has several security mechanisms but it is still vulnerable to attacks.  SIP architecture must be robust to all vulnerabilities.  A comprehensive security testing is to be done before deploying.  This framework combines many techniques to produce many powerful test methodologies.

3  Message Flooding DoS:  attacker tries to deplete resources on a server.  Message Flow DoS:  This attack tries to disrupt the ongoing call by impersonating one of the caller.  Malformed Message Attacks:  This attack may contain Embedded Shell codes or Malicious SQL statements.  Other Attacks :  Attack on DNS server, Spam over Internet Telephony(SPIT) attacks.

4  It consists of three tiers. 1. Front Tier. 2. Middle Tier. 3. Target Tier.

5  Front Tier :  It has uniform GUI(Graphical User Interface) which is dynamic and helps the user to fine tune the tests using Configuration files.  It acts as an interface between User and Middle tier during the setting up.  Middle Tier :  It consists of Central Control Agent and many other modules each with different test functionalities.  Target Tier :  Test agents spawned by the Control Agent constitute the Target Tier.  Performs tasks based on information from Control Agent and sends feedback.  Test agents works in parallel. Control AgentSIP EntityPerformance Evaluator DoS GeneratorFuzzing UnitExternal Module Wrapper Monitoring Module

6  Fuzz testing is a Software testing technique.  It’s used to find implementation defects using malformed data.  It is considered as a valuable method in assessing the robustness and security vulnerabilities of systems.  Brute force data set, a random data set, known problematic sets these three are generally used data sets.  SIP_int, SIP_ip, SIP_string etc., are the data sets categorized by the authors from combination of above data sets.

7  Begin: choosing the initial population from the data sets using any combination.  Fitness: Evaluating the Fitness.  New Population: Creating New Population using different methods like: selection, crossover, mutation.  Acceptance: Placing the offspring in the new population.  Improvisation: Using the new offspring for running the algorithm  Test: stop if the end condition is satisfying.

8  The following table shows the results after performing tests by calling to the different users.

9  The following graph represents the response of Registered users and Unregistered users.

10  SIP security Testing framework provides a uniform platform to integrate several test methodologies and generate more test scenarios.  Fuzzer is not only a protocol aware but also it has an innovative algorithm which generates fuzz data.  The results demonstrates that even though devices are resistant to individual stress and Fuzz testing, they may be vulnerable to test scenarios which combines both.


Download ppt "Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed."

Similar presentations


Ads by Google