Lead Inventor:
Henning Schulzrinne, Ph.D.
Theft of Service Prevention for Session Initiation Protocol Services:
Session Initiation Protocol (SIP) based Voice-over-IP (VoIP) services are more susceptible to theft of service since calls are established over an IP-based network. Theft of service can happen due to various reasons such as identity assurance, multiple call endpoints, unsolicited intrusion in the VoIP network and of services such as emergency dialing and voicemail access. Many computers may run a soft-phone or a physical phone with Java virtual machine and can be exploited to circumvent security schemes including TLS, S/MIME, or digest authentication mechanisms. Additionally, calls can be routed to unauthorized multiple end-points. Finally, processing spurious SIP requests can lead to compromise of SIP servers.
Theft of Service Tool for VoIP Services:
The technology is a software tool that can detect three types of theft of service, i.e., those of identity, multiple call end points, and unsolicited SIP requests. The tool provides a modular web-based interface. It checks if the SIP servers are processing unsolicited messages, whether user is allowed launch simultaneous calls, and the robustness of SIP systems against crafted messages, all in an automated manner.
Applications:
• Organizations deployinng VoIP networks
• Comprehensive tool set for use in QA for telephone service providers
• Carrier grade VoIP providers
Advantages:
• An easy to configure single tool that can be used by the network/security departments of an organization to find vulnerabilities in their VoIP networks
• An organization interested in purchasing a VoIP system can request potential sellers to verify their security claims against this tool
Patent Status: Patent Pending (US 2009/007220-A1) ~ see link below.
Licensing Status: Available for Licensing and Sponsored Research Support