1. Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

2.  SIP is a text based and application layer protocol.  It has several security mechanisms but it is still vulnerable to attacks.  SIP architecture must be robust to all vulnerabilities.  A comprehensive security testing is to be done before deploying.  This framework combines many techniques to produce many powerful test methodologies.

3.  Message Flooding DoS:  attacker tries to deplete resources on a server.  Message Flow DoS:  This attack tries to disrupt the ongoing call by impersonating one of the caller.  Malformed Message Attacks:  This attack may contain Embedded Shell codes or Malicious SQL statements.  Other Attacks :  Attack on DNS server, Spam over Internet Telephony(SPIT) attacks.

4.  It consists of three tiers. 1. Front Tier. 2. Middle Tier. 3. Target Tier.

5.  Front Tier :  It has uniform GUI(Graphical User Interface) which is dynamic and helps the user to fine tune the tests using Configuration files.  It acts as an interface between User and Middle tier during the setting up.  Middle Tier :  It consists of Central Control Agent and many other modules each with different test functionalities.  Target Tier :  Test agents spawned by the Control Agent constitute the Target Tier.  Performs tasks based on information from Control Agent and sends feedback.  Test agents works in parallel. Control AgentSIP EntityPerformance Evaluator DoS GeneratorFuzzing UnitExternal Module Wrapper Monitoring Module

6.  Fuzz testing is a Software testing technique.  It’s used to find implementation defects using malformed data.  It is considered as a valuable method in assessing the robustness and security vulnerabilities of systems.  Brute force data set, a random data set, known problematic sets these three are generally used data sets.  SIP_int, SIP_ip, SIP_string etc., are the data sets categorized by the authors from combination of above data sets.

7.  Begin: choosing the initial population from the data sets using any combination.  Fitness: Evaluating the Fitness.  New Population: Creating New Population using different methods like: selection, crossover, mutation.  Acceptance: Placing the offspring in the new population.  Improvisation: Using the new offspring for running the algorithm  Test: stop if the end condition is satisfying.

8.  The following table shows the results after performing tests by calling to the different users.

9.  The following graph represents the response of Registered users and Unregistered users.

10.  SIP security Testing framework provides a uniform platform to integrate several test methodologies and generate more test scenarios.  Fuzzer is not only a protocol aware but also it has an innovative algorithm which generates fuzz data.  The results demonstrates that even though devices are resistant to individual stress and Fuzz testing, they may be vulnerable to test scenarios which combines both.