Upload
yanni
View
33
Download
3
Embed Size (px)
DESCRIPTION
Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities. Hemant Sengar , George Mason University Ram Dantu , University of North Texas Duminda Wijesekera, George Mason University. Background :. Integration of Voice and Data Network. ?. ?. Public Switched Telephone Network. - PowerPoint PPT Presentation
Citation preview
Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities
Hemant Sengar, George Mason UniversityRam Dantu, University of North TexasDuminda Wijesekera, George Mason University
Background :
Integration of Voice and Data Network
PUBLIC SWITCHED TELEPHONE NETWORK
(PSTN)
PBX
Telephone
Fax
Modem
Comm. Tower
Cell PhonePager
IDC
Mobile Switching Center
InternetIP Gateway
IP Phones
IP Phones
?
?
Public Switched Telephone Network
SS7 Protocol Stack
Message Transfer Part Level 1(Physical Layer)
Message Transfer Part Level 2(Data Link Layer)
Message Transfer Part Level 3(Network Layer)
MTP
ISDN User Part
Signaling Connection ControlPart (SCCP)
ASE OMAP
TCAP
Integrated IP and SS7 Network
SIP Network
SS7 Network
SIPProxyServer
MediaGatewayController
Router
Mobile Deviceswith VoIP
IP Link
SIGTRANbased Link
Enterprise Network Carrier Networks
?
Interconnect IP Network to SS7 Network
SIGTRAN Protocol Suite
IP
SCTP
M2PA M2UA IUASUAM3UA
MTP3 ISUP SCCP ISDNTCAP
TCAP
AdaptationLayer
SignalingTransport
InternetProtocol
SS7 over IP
SIGTRANArchitecture
M2PA in Signaling Transport
MTP1
MTP2
MTP3
ISUP
Service SwitchingPoint (SSP)
SS7
IPSCTP
M2PA
MTP3
ISUP
IPNetwork
Media GatewayController (MGC)
MTP1
MTP2
MTP3
IPSCTP
M2PA
SignalingGateway (SG)
SS7 Network Security Threats
Telecommunication Deregulation Act,1996 has opened up market
SS7 design and development carried out in different environment from the presently existing one.
Convergence of voice and data networks
IP Network Security Threats
Denial of Service (DoS) attacks
Spoofing, Sniffing.
Viruses, Worms etc.
Intrusion
Marriage of SS7 and IP
Exponential growth of IP Telephony More ISPs attach to SS7 Network
Threats to Signaling Nodes
May come from SS7 side or from IP side
Signaling Nodes are Exposed
Potential Threats due to Message Content ISUP’s IAM message populated with Multilevel
Precedence and Preemption (MLPP) parameter
Populating CIC of IAM with 0000 value Caller ID may be spoofed
Contd…
Signaling Nodes are Exposed
MGC is used to bridge SIP and ISUP network Translation of ISUP to SIP and mapping
of ISUP parameters into SIP headers Blind interpretation
Signaling Nodes are Exposed
Traffic Flow Analysis Traffic nature, load, network topology Subscriber’s behavior and identity
Link Status Messages in IP Network Processor Outage Busy Out of Service
Signaling Nodes are Exposed
Misbehaving Node
M2PA based IPSPs have two identifiers
Violation of Protocol State Machine
Continuous Proving Sequence of exchanged messages
Current Status :
IP Network Side Signaling Nodes may use SSL or IPSec
Secure Signaling Architecture :
MTP3
MTP2
MTP1IP
M2PA
SCTP
Security System
SS7 Network IP Network
SecuredTunnel
SecuredTunnel
Signaling Gateway at the Interface
Key-1 Key-2
?
Secure Signaling Architecture :
TrustManagement
Authentication
Gateway Screenin
g(Firewall
) IntrusionDetection
Armor
Trust NegotiationRe-
Authentication
Rule ChangesSignatures
DoS/Vulnerabilities
Trust Management:
Define Service Level AgreementsDefine Access control Policy
Authentication:
IETF has proposed IPSec for IP NetworkOur Proposal of MTPSec for SS7 Network
Proposed Solution
Security Across MTP3 Layer
Combination of two protocol Key Exchange (KE) Protocol Authentication Header (AH) Protocol
Authentication Header Format
Conclusion
Provides Integrity and Authentication solution to all signaling nodes Enforces SLA and ACL policy at the interfacePut checks on misbehaving entities
Thank You !