Columbia Technology Ventures

Session Initiation Protocol (SIP) Aware Firewalls Tests for Vulnerability

Lead Inventor: Henning Schulzrinne, Ph.D.

Session Initiation Protocol (SIP)-Based Voice-Over-IP (VoIP) Systems Firewalls Session Initiation Protocol (SIP) is an application layer protocol for establishing multimedia sessions. Networks implementing SIP-based voice-over-IP (VoIP) systems may use devices such as firewalls to block unwanted and malicious traffic from infiltrating the network. Typical network protection devices fail to cope with the complexity of VoIP protocols at carrier class performance.

Measurement to Test, Analyze, and Validate Large Scale SIP-Aware Firewalls The technology describes a mechanism to test, analyze, and validate large scale SIP-aware firewalls. The technology can be used to determine if SIP-aware firewall rules are properly set, and to calculate excessive delay in opening pinholes through firewall for establishing a media session. The excessive delay may result in unintentional Denial-of-Service (DoS). The invention can be used to trigger alerts, if the delay exceeds a certain threshold. The invention can also be used to determine if the pinholes through a firewall are incorrectly allocated.

Applications:
• Measuring the vulnerability of SIP-aware firewalls for data and voice services
• Determine if the firewall rules are correctly set

Advantages:
• Programmable control of pinhole vulnerabilities
• Provides mechanism to alert the VoIP network administrator if the setup delay exceeds a threshold.


Patent Status: Patent Pending (US 2007/012483-A1) ~ see link below.

Licensing Status: Available for Licensing and Sponsored Research Support