【作者】 方鑫；

【导师】 李小勇； 陈凯；

【作者基本信息】 上海交通大学 ， 计算机应用技术， 2008， 硕士

【摘要】 Voice over IP (VoIP)的应用日益广泛,但同时VoIP也引入了很多安全问题。以SIP协议为例,例如Bye/Cancel攻击,通过截获双方通信所发送的报文,然后伪造BYE或CANCEL报文并发送,使服务器错误地中止服务。又例如RTP注入攻击,通过截取通话双方呼叫建立时SIP报文中SDP携带的端口号,向特定的端口号发送伪造的RTP报文,使受攻击方听到伪造的语音信息。本论文针对VoIP安全问题进行研究,设计并实现了一套VoIP的安全评估系统,具体工作如下:1.针对各种典型的VoIP攻击进行了模拟实验,除了前面提到的攻击外,还包括:注册劫持攻击、注册擦除攻击、注册添加攻击、SIP电话重启攻击、通话劫持攻击、洪泛攻击、窃听攻击、重定向攻击等。2.提出并实现了一套可扩展的分布式VoIP安全评估系统。该系统的特点包括:a)集成所有常见SIP协议攻击,具备一定的深度和广度,能测试VoIP系统常见的安全漏洞;b)采用分布式的结构,在多台VoIP系统的客户端机器上同时安装可交互的主控端和客户端,从而真实地模拟攻击时使用的网络环境;c)具有良好的扩展性,在新的攻击方法或安全漏洞被发现时,可以方便地加入到系统中。更多还原

【Abstract】 Voice over IP (VoIP) is being more and more widely used, but on the other side, VoIP brings a lot of secure problems. Take SIP for example, the bye/cancel attack, who captures the packets being interacted by both sides of communication, tears down, and utilizes those information to forge and send the BYE or CANCEL packets, thus makes the server wrongly terminates the service. Another example is the RTP insertion attacking, which is according to the port number brought by SDP in SIP packets captured when initiating the call, and sends forged RTP packets to specified ports, thus make the victim hear the forged voice information.This thesis fouced on the problems of VoIP security, designed and realized an extensible distributed evaluating system of VoIP security, the detailed content are as below:1. Aiming to the secure problems of VoIP. Simulative experiments for kinds of typical VoIP attacks were performed, including: bye/cancel attacking, RTP insertion, register hijacking, register removal, register additional, SIP phone rebooting, call hijacking, flooding, eavesdropping, and redirection attacking.2. Based on these experiments, an extensible distributed evaluating system of VoIP security were designed and realized. The features of the system are:a) Integrated all popular weaknesses of SIP, which focuses on certain depth and scope, so it can test VoIP system for popular VoIP weaknesses.b) Used distributed architecture, i.e. it is installed on multiple PC clients, which is able to simulate the real network environment when attacking.c) Extensible. When new attacking methods are found, it is convenient to be added in the system.更多还原