VoLTEFuzz: framework for stateful analysis of SIP in VoLTE스테이트를 고려한 VoLTE SIP 프로토콜 구현 취약점 분석
VoLTE and SMS over IMS are services that provide voice calls and Short Messages Service(SMS) in LTE. These services are supported by SIP communication between the UE and IMS. Since voice calls and SMS are indispensable in our daily lives, vulnerabilities in SIP communications can cause significant threats such as voice phishing, smishing, and denial of service. To prevent these threats, previous studies have analyzed vulnerabilities in SIP communication between the device and IMS, but those studies have had two major limitations. First, they focus on detecting vulnerabilities in IMS. Second, while SIP communication takes place in several stages, the studies only focus on vulnerability in stateless cases.
In this work, we designed a framework named VoLTEFuzz to find implementation vulnerabilities in SIP via LTE which offers a stateful and bidirectional testing environment. This characteristic supports the test to be conducted in more diverse states than previous works. VoLTEFuzz controls the flow of SIP packets in a commercial UE like a MitM in consideration of SIP messages’ state. We generated test cases based on three attack scenarios: identity spoofing, authentication bypass, charging bypass. We tested 25 cases on 2 carriers with VoLTEFuzz and found four vulnerabilities.
- Advisors
- Kim, Yongdaeresearcher; 김용대researcher
- Description
- 한국과학기술원 :정보보호대학원,
- Publisher
- 한국과학기술원
- Issue Date
- 2021
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2021.2,[iv, 26 p. :]
- Keywords
VoLTE▼aSMS▼aSIP▼aDevice testing▼aIMS testing▼aStateful Fuzzing; VoLTE▼a단문 메시지 서비스▼aSIP▼a단말 취약점 탐지▼aIMS 망 취약점 탐지▼a스테이트를 고려한 퍼징
- Appears in Collection
- IS-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.