ON VULNERABILITY TESTING OF VOIP SOFTWARE - The Megaco/H.248 System as an Example

Son Vuong, Xiaojuan Cai, Ling Yun, Wing Keong Woo

2004

Abstract

The ever increasing quantity of newly discovered computer security holes makes many network-based service including especially Voice over IP (VoIP) system vulnerable, hence impose a heavy impact on business development. Megaco or H.248 is a recent emerging VoIP protocol which will promote carriers to move into VoIP applications. In this paper, we present the vulnerability testing of Megaco protocol, with a focus on the mutation-based syntax testing approach. We discuss the process of vulnerability test suite generation for Megaco, which is based on parameter variation and a TTCN-3 based framework. The result of a demonstrated testing of a commercial Megaco product is also presented

References

  1. RFC3015, 2000: http://www.ietf.org/rfc/rfc3015.txt
  2. Kaksonen, R., Laakso, M., Takanen, A., 2000, Vulnerability Analysis of Software through Syntax Testing, Available: http://www.ee.oulu.fi/research/ouspg/protos/analysis/ WP2000-robustness/index.html
  3. Beizer B., 1990, Software Testing Techniques, Second Edition, ISBN 0-442-20672-0
  4. PROTOS, 1999-2003, "PROTOS - Security Testing of Protocol Implementations". University of Oulu. http://www.ee.oulu.fi/research/ouspg/protos.
  5. MEGACO/1 [142.103.10.92]
  6. Reply=9998{
  7. Context=-{ServiceChange = ROOT {Services{ServiceChangeAddress=2944} }
Download


Paper Citation


in Harvard Style

Vuong S., Cai X., Yun L. and Keong Woo W. (2004). ON VULNERABILITY TESTING OF VOIP SOFTWARE - The Megaco/H.248 System as an Example . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004) ISBN 972-8865-15-5, pages 216-222. DOI: 10.5220/0001406102160222


in Bibtex Style

@conference{svoipnet04,
author={Son Vuong and Xiaojuan Cai and Ling Yun and Wing Keong Woo},
title={ON VULNERABILITY TESTING OF VOIP SOFTWARE - The Megaco/H.248 System as an Example},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004)},
year={2004},
pages={216-222},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001406102160222},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004)
TI - ON VULNERABILITY TESTING OF VOIP SOFTWARE - The Megaco/H.248 System as an Example
SN - 972-8865-15-5
AU - Vuong S.
AU - Cai X.
AU - Yun L.
AU - Keong Woo W.
PY - 2004
SP - 216
EP - 222
DO - 10.5220/0001406102160222