Work in progress: Black-Box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service

Abstract

One of the main security ob jectives for systems connected to the Internet which provide services like Voice over Inter- net Protocol (VoIP) is to ensure robustness against security attacks to fulfill Quality of Service (QoS). To avoid system failures during attacks service providers have to integrate countermeasures which have to be tested. This work evalu- ates a test approach to determine the efficiency of counter- measures to fulfill QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main ob jective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., De- nial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with different security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using different VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reflect the behavior of SIP systems availability under various at- tacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be pre- dicted.

Publication
Talk: Principles, Systems and Applications of IP Telecommunications (IPTComm'10), München, Deutschland; 08-02-2010 - 08-03-2010; in: “Proceedings of IPTComm 2010 Principles, Systems and Applications of IP Telecommunications”, Technische Universität München, Germany, (2010), ISSN: 1868-2642; 107 - 116
Thomas Grechenig
Thomas Grechenig
Ao.Univ.Prof. Dipl.-Ing. Dr.techn.