Billing Attacks on SIP-Based VoIP Systems
Billing is fundamental to any commercial VoIP services and it has direct impact on each individual VoIP subscriber. One of the most basic requirements of any VoIP billing function is that it must be reliable and trustworthy. From the VoIP subscriber's perspective, VoIP billing should only charge them for the calls they have really made and for the duration they have called. Existing VoIP billing is based on VoIP signaling. Therefore, any vulnerability in VoIP signaling is a potential vulnerability of VoIP billing. In this paper, the authors examine how the vulnerabilities of SIP can be exploited to compromise the reliability and trustworthiness of the billing of SIP-based VoIP systems.