It Takes a Telecommunications Village
It takes a village to raise a child and the same is true of the telecom industry’s latest addition, STIR/SHAKEN.
During SIPit 33, Enable Security, the creator of SIPVicious PRO along with Sippy Software, the creator of Sippy Softswitch, and other industry cohorts https://www.sipforum.org/membership/full-member-listing/ came together to do their part in helping to raise the industry’s new brainchild.
The expectations for STIR/SHAKEN are that it will help to bring consumer confidence back to the telecommunications space. Consumer confidence is critical for the industry’s continued prosperity.
Confidence springs from a feeling of security. From experience, we know that security comes from seeing, understanding and managing threats. The task of creating the right conditions for healthy, secure development was at the forefront of SIPit 33 where Enable Security and Sippy Software contributed their expertise to conclude that STIR/SHAKEN implementations do have a significant attack surface which together they exposed and are moving forward to address.
Considered one of the most robust and secure softswitches on the market, Sippy’s softswitch was used in testing resilience to attack during SIPit 33 so that industry members large and small could gain confidence in their implementation of STIR/SHAKEN.
A key finding by way of Enable Security’s SIPVicious PRO software testing on Sippy was that denial of service vulnerabilities are something that should be of concern to the industry. As a result of a battery of tests like fuzzing, Sippy Software and the other participants stress-tested their platforms and resolved to fortify them.
The teams at Sippy Software and Enable Security learned that both fuzzing and targeted security tests focused on STIR/SHAKEN are crucial in ensuring long-term robustness. Enable Security will further develop its STIR/SHAKEN fuzzing capabilities in SIPVicious PRO to achieve better coverage, and it plans to make available a number of test cases to ensure that known vulnerabilities can be easily tested for, and prevented in active deployments. Sippy Software will implement the recommended solutions in its softswitch and will continue to help STIR/SHAKEN to mature.
Within the larger scope of Sippy’s achievements during SIPit 33, it carried out tests designed to validate its development work around authentication, and verification for interoperability. From Sippy’s perspective, STIR/SHAKEN development is progressing in the right direction, and the know-how its engineering team shared with the industry will be used to advance the process of broad implementation.
SIPit 33 took place over 4 days, involved many industry experts, and had many different goals like testing interoperability. On the security side of the goals, Sippy’s Softswitch was exposed to SIPVicious PRO for the entire 4 days. Many critical questions were answered during SIPit 33, and now the industry knows how their STIR/SHAKEN child would behave if confronted by something like SIPVicious in the dark alleys of the web.