SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud

RFC 3261 Overview Known Authentication Attacks Unknown Attack

SIP Digest Access AuthenticationRELAY-ATTACK for Toll-Fraud

Humberto J. AbdelnurHumberto.Abdelnur@loria.fr

Radu StateRadu.State@loria.fr

Olivier FestorOlivier.Festor@loria.fr

Madynes teamhttp://madynes.loria.frLORIA-INRIA Lorraine

November 2, 2007

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Outline

1 RFC 3261 OverviewDirect Callre-INVITE RequestAuthenticated Call

2 Known Authentication AttacksMITM AttackReplay Attack

3 Unknown AttackRelay Attack

RFC 3261 Overview Known Authentication Attacks Unknown Attack

RFC 3261 Overview

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Direct Call

Direct Call from user B to A

RFC 3261 Overview Known Authentication Attacks Unknown Attack

re-INVITE Request

re-INVITE overview

“This modification can involve changing addresses or ports, adding a media

stream, deleting a media stream, and so on. This is accomplished by sending a

new INVITE request within the same dialog that established the session. An

INVITE request sent within an existing dialog is known as a re-INVITE.”1

1RFC 3261 Section 14 Modifying an Existing Session

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Authenticated Call

Call from User B to User A via a Proxy using DigestAccess Authentication (RFC 2617)

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Known Authentication AttacksRFC 2617 Section 4.5 ReplayAttacks

RFC 3261 Overview Known Authentication Attacks Unknown Attack

MITM Attack

Man in the Middle Attack

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Replay Attack

Replay Attack

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Unknown Authentication Attack toSIP

RFC 3261 Overview Known Authentication Attacks Unknown Attack

Relay Attack

Trigger a re-INVITE on User B in order to request himto authenticate