PROTOS Test-Suite

The Session Initiation Protocol (SIP) is a signalling protocol for Internet telephony, instant messaging and alike. Although SIP implementations have not yet been widely deployed, the product portfolio is expanding rapidly. A subset of SIP, namely INVITE messages, was chosen as the subject protocol for vulnerability assessment through syntax testing and test-suite creation. A survey of the related standards was made. Test-material was prepared and tests were carried out against a sample set of existing implementations. Results were gathered and reported. Many of the implementations available for evaluation failed to perform in a robust manner under the test. Some failures had information security implications, and should be considered as vulnerabilities. In order to achieve a robustness baseline for SIP products this test-material should be adopted for their evaluation and development. A more comprehensive test-suite should be developed as the SIP scene matures.