INTERSTATE: A Stateful Protocol Fuzzer for SIP

Presented at DEF CON 15 (2007), Aug. 3, 2007, 6:30 p.m. (20 minutes)

We present the INTERSTATE fuzzer to detect security vulnerabilities in VOIP phones which implement Session Initiation Protocol (SIP). INTERSTATE generates an input sequence for a SIP phone which is constructed to reveal common security vulnerabilities. SIP is a stateful protocol so a state machine description of the SIP protocol is used by INTERSTATE to ensure that the entire state space is explored. The input sequence consists of SIP request messages as well as GUI input sequences which are remotely applied to the phone under test. The input sequence is generated to perform a random walk through the state space of the protocol. The application of GUI inputs is essential to ensure that all parts of the state machine can be tested. Faults are injected into SIP messages to trigger common vulnerabilities. INTERSTATE also checks the SIP response messages received from the phone under test against the expected responses described in the state machine. Checking response messages allows for the detection of security bugs whose impact is more subtle than a simple crash. We have used INTERSTATE to identify a previously unknown DoS vulnerability in an existing open source SIP phone. The vulnerability could not have been discovered without exploring multiple paths through the state machine, and applying GUI inputs during the fuzzing process. Ian would like to give recognition to the following co-authors for their contributions. Thoulfekar Alrahem, Alex Chen, Nick DiGiussepe, Jefferey Gee, Shang-Pin Hsiao, Sean Mattox, Taejoon Park, Albert Tam, and Marcel Carlsson.

Presenters:

• Ian G. Harris - University of California Irvine
  Ian G. Harris is currently an Associate Professor in the Computer Science Department at the University of California Irvine. He received his BS degree in Computer Science from Massachusetts Institute of Technology in 1990. He received his MS and PhD degrees in Computer Science from the University of California San Diego in 1992 and 1997 respectively. His research interests involve the testing of hardware and software systems. His current research projects include fuzzing of embedded software, and hardware/software covalidation.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Harris
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - Ian Harris - Interstate - A Stateful Protocol Fuzzer for SIP - Video.mp4
• https://www.youtube.com/watch?v=NEybnc7n-sQ

Similar Presentations:

• DEF CON 28 (2020) Virtual / Practical VoIP/UC Hacking Using Mr.SIP: SIP-Based Audit & Attack Tool
• DEF CON 21 (2013) / VoIP Wars: Return of the SIP
• HOPE X (2014) / Are You Ready to SIP the Kool-Aid?