skip to main content
10.1145/1326304.1326313acmconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

KiF: a stateful SIP fuzzer

Published: 19 July 2007 Publication History

Abstract

With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software.

References

[1]
H. Abdelnur, R. State, I. Chrisment, and C. Popi. "Assessing the security of VoIP Services". In The 10th IFIP/IEEE Symposium on Integrated Management (IM 2007), Munich, Germany, May 2007.
[2]
D. Aitel. "The Advantages of Block-Based Protocol Analysis for Security Testing". Immunity Inc, February 2002.
[3]
D. Aitel. "MSRPC Fuzzing with SPIKE 2006". Immunity Inc, August 2006.
[4]
G. Banks, M. Cova, V. Felmetsger, K. C. Almeroth, R. A. Kemmerer, and G. Vigna. Snooze: Toward a stateful network protocol fuzzer. In S. K. Katsikas, J. Lopez, M. Backes, S. Gritzalis, and B. Preneel, editors, ISC, volume 4176 of Lecture Notes in Computer Science, pages 343--358. Springer, 2006.
[5]
B. Beizer. Software Testing Techniques. John Wiley & Sons, Inc., New York, NY, USA, 1990.
[6]
D. Crocker. "Augmented BNF for Syntax Specifications: ABNF". Standards Track, November 1997.
[7]
S. Embleton, S. Sparks, and R. Cunningham. "Sidewinder: An Evolutionary Guidance System for Malicious Input Crafting". Black Hat, August 2006.
[8]
B. Ford. "Parsing Expression Grammars: A Recognition-Based Syntactic Foundation". Symposium on Principles of Programming Languages, January 2004.
[9]
R. Kaksonen. "A Functional Method for Assessing Protocol Implementation Security", Licentiate Thesis. VTT Publications 447. ISBN 951-38-5873-1, 2001.
[10]
D. Lee, D. Chen, R. Hao, R. Miller, J. Wu, and X. Yin. "A Formal Approach for Passive Testing of Protocol Data Portions". In ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols, pages 122--131. IEEE Computer Society, 2002.
[11]
L. Li, N. Krasnogor, and J. Garibaldi. "Automated self-assembly programming paradigm: Initial investigations". In The Third IEEE International Workshop on Engineering of Autonomic and Autonomous Systems, pages 25--34, Potsdamn, Germany, 2006. IEEE Computer Society.
[12]
P. M. Maurer. "Generating Test Data with Enhanced Context-Free Grammars". IEEE Softw., 7(4):50--55, 1990.
[13]
H. Sengar, D. Wijesekera, H. Wang, and S. Jajodia. Voip intrusion detection through interacting protocol state machines. In DSN, pages 393--402. IEEE Computer Society, 2006.
[14]
O. University. PROTOS Test-Suite: c07-sip. http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip, 2005.

Cited By

View all
  • (2024)Fuzzers for Stateful Systems: Survey and Research DirectionsACM Computing Surveys10.1145/364846856:9(1-23)Online publication date: 25-Apr-2024
  • (2024)A Survey of Software Dynamic Analysis MethodsProgramming and Computing Software10.1134/S036176882401007950:1(90-114)Online publication date: 1-Feb-2024
  • (2024)MSGFuzzer: Message Sequence Guided Industrial Robot Protocol Fuzzing2024 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST60714.2024.00021(140-150)Online publication date: 27-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IPTComm '07: Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
July 2007
107 pages
ISBN:9781605580067
DOI:10.1145/1326304
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 July 2007

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. SIP vulnerabilities
  2. VoIP security
  3. protocol fuzzer
  4. software testing techniques

Qualifiers

  • Research-article

Conference

IPTComm07
Sponsor:

Acceptance Rates

Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)25
  • Downloads (Last 6 weeks)2
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Fuzzers for Stateful Systems: Survey and Research DirectionsACM Computing Surveys10.1145/364846856:9(1-23)Online publication date: 25-Apr-2024
  • (2024)A Survey of Software Dynamic Analysis MethodsProgramming and Computing Software10.1134/S036176882401007950:1(90-114)Online publication date: 1-Feb-2024
  • (2024)MSGFuzzer: Message Sequence Guided Industrial Robot Protocol Fuzzing2024 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST60714.2024.00021(140-150)Online publication date: 27-May-2024
  • (2024)A Review of Fuzz Testing for Configuration-Sensitive Software2024 9th International Conference on Signal and Image Processing (ICSIP)10.1109/ICSIP61881.2024.10671554(388-398)Online publication date: 12-Jul-2024
  • (2024)Vulnerability detection through machine learning-based fuzzing: A systematic reviewComputers & Security10.1016/j.cose.2024.103903143(103903)Online publication date: Aug-2024
  • (2024)Improving Search Space Analysis of Fuzzing Mutators Using Cryptographic StructuresAI Applications in Cyber Security and Communication Networks10.1007/978-981-97-3973-8_10(153-172)Online publication date: 18-Sep-2024
  • (2024)Fuzzing an Industrial Proprietary ProtocolFormal Methods for Industrial Critical Systems10.1007/978-3-031-68150-9_7(119-135)Online publication date: 21-Aug-2024
  • (2023)A Survey on the Development of Network Protocol Fuzzing TechniquesElectronics10.3390/electronics1213290412:13(2904)Online publication date: 1-Jul-2023
  • (2023)FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the NetworkProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607226(499-512)Online publication date: 16-Oct-2023
  • (2023)NSFuzz: Towards Efficient and State-Aware Network Service FuzzingACM Transactions on Software Engineering and Methodology10.1145/358059832:6(1-26)Online publication date: 31-Mar-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media