Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

Slides:

Advertisements

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Advertisements

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.

Deployment and Mobility of Software Software architecture must eventually be “realized” ---- that is –a) implemented and – b) deployed Deployment is the.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.

CSLA Presenter Sergey Barskiy, senior consultant at Magenic Technologies your questions Send an in order.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Web-based Distributed Flexible Manufacturing System (FMS) Monitoring and Control Student: Wei Liu Instructor: Dr. Chang Apr. 23, 2003.

Interpret Application Specifications

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Microsoft Operations Manager Presented by: Alen Plicanic.

August 13-14, 2002 Washington, DC Gary Richenaker Chair ENUM Forum

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

November 2011 At A Glance GREAT is a flexible & highly portable set of mission operations analysis tools that increases the operational value of ground.

VoIP Security Assessment Service Mark D. Collier Chief Technology Officer

Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Wireless Ad Hoc VoIP Thesis by: Patrick Stuedi & Gustavo Alonso Presentation by: Anil Kumar Marukala & Syed Khaja Najmuddin Ahmed.

MICHAEL EDDINGTON Advanced Fuzzing with Peach 2.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

SEC835 Database and Web application security Information Security Architecture.

Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Implementation & Integration Phase Implementation, then integration: Implementation, then integration:  Each module is implemented by member of programmer.

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.

A Framework for Automated Web Application Security Evaluation

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.

Security Architecture

VoIP Security Assessment: Methods and Tools H. Abdelnur, V. Cridlig, R. State and O. Festor Madynes, LORIA-INRIA.

IMPROVING QOS FOR VOIP SESSION ESTABLISHMENT WITH SIP CHANNEL REALLOCATION SCHEME Presentation by: Anil Kumar Marikukala Syed Khaja Najmuddin Ahmed.

Software Testing. What is Testing? The process consisting of all life cycle activities, both static and dynamic, concerned with planning, preparation.

CPT 123 Internet Skills Class Notes Internet Security Session A.

Open Service Gateway Initiative (OSGi) Reporter : 林學灝侯承育 1.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

1.1 Chapter 1 Introduction Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

TESTING LEVELS Unit Testing Integration Testing System Testing Acceptance Testing.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Ingredients of Security

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

VMM Based Rootkit Detection on Android

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

START Application Spencer Johnson Jonathan Barella Cohner Marker.

Some Great Open Source Intrusion Detection Systems (IDSs)

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Business System Development

Peer-to-peer networking

Module 8: Securing Network Traffic by Using IPSec and Certificates

Security concerns of web applications with database access

Analysis models and design models

Internet Protocols IP: Internet Protocol

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

Presentation By Anil Kumar Marikukala, Syed Khaja Najmuddin Ahmed.

 SIP is a text based and application layer protocol.  It has several security mechanisms but it is still vulnerable to attacks.  SIP architecture must be robust to all vulnerabilities.  A comprehensive security testing is to be done before deploying.  This framework combines many techniques to produce many powerful test methodologies.

 Message Flooding DoS:  attacker tries to deplete resources on a server.  Message Flow DoS:  This attack tries to disrupt the ongoing call by impersonating one of the caller.  Malformed Message Attacks:  This attack may contain Embedded Shell codes or Malicious SQL statements.  Other Attacks :  Attack on DNS server, Spam over Internet Telephony(SPIT) attacks.

 It consists of three tiers. 1. Front Tier. 2. Middle Tier. 3. Target Tier.

 Front Tier :  It has uniform GUI(Graphical User Interface) which is dynamic and helps the user to fine tune the tests using Configuration files.  It acts as an interface between User and Middle tier during the setting up.  Middle Tier :  It consists of Central Control Agent and many other modules each with different test functionalities.  Target Tier :  Test agents spawned by the Control Agent constitute the Target Tier.  Performs tasks based on information from Control Agent and sends feedback.  Test agents works in parallel. Control AgentSIP EntityPerformance Evaluator DoS GeneratorFuzzing UnitExternal Module Wrapper Monitoring Module

 Fuzz testing is a Software testing technique.  It’s used to find implementation defects using malformed data.  It is considered as a valuable method in assessing the robustness and security vulnerabilities of systems.  Brute force data set, a random data set, known problematic sets these three are generally used data sets.  SIP_int, SIP_ip, SIP_string etc., are the data sets categorized by the authors from combination of above data sets.

 Begin: choosing the initial population from the data sets using any combination.  Fitness: Evaluating the Fitness.  New Population: Creating New Population using different methods like: selection, crossover, mutation.  Acceptance: Placing the offspring in the new population.  Improvisation: Using the new offspring for running the algorithm  Test: stop if the end condition is satisfying.

 The following table shows the results after performing tests by calling to the different users.

 The following graph represents the response of Registered users and Unregistered users.

 SIP security Testing framework provides a uniform platform to integrate several test methodologies and generate more test scenarios.  Fuzzer is not only a protocol aware but also it has an innovative algorithm which generates fuzz data.  The results demonstrates that even though devices are resistant to individual stress and Fuzz testing, they may be vulnerable to test scenarios which combines both.