1 / 24

Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities

Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities. Hemant Sengar , George Mason University Ram Dantu , University of North Texas Duminda Wijesekera, George Mason University. Background :. Integration of Voice and Data Network. ?. ?. Public Switched Telephone Network.

yanni
Download Presentation

Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities Hemant Sengar, George Mason University Ram Dantu, University of North Texas Duminda Wijesekera, George Mason University

  2. Background :

  3. Integration of Voice and Data Network ? ?

  4. Public Switched Telephone Network

  5. SS7 Protocol Stack

  6. Integrated IP and SS7 Network • Interconnect IP Network to SS7 Network ?

  7. SIGTRAN Protocol Suite

  8. M2PA in Signaling Transport

  9. SS7 Network Security Threats • Telecommunication Deregulation Act,1996 has opened up market • SS7 design and development carried out in different environment from the presently existing one. • Convergence of voice and data networks

  10. IP Network Security Threats • Denial of Service (DoS) attacks • Spoofing, Sniffing. • Viruses, Worms etc. • Intrusion

  11. Marriage of SS7 and IP • Exponential growth of IP Telephony • More ISPs attach to SS7 Network • Threats to Signaling Nodes • May come from SS7 side • or from IP side

  12. Signaling Nodes are Exposed • Potential Threats due to Message Content • ISUP’s IAM message populated with Multilevel Precedence and Preemption (MLPP) parameter • Populating CIC of IAM with 0000 value • Caller ID may be spoofed Contd…

  13. Signaling Nodes are Exposed • MGC is used to bridge SIP and ISUP network • Translation of ISUP to SIP and mapping of ISUP parameters into SIP headers • Blind interpretation

  14. Signaling Nodes are Exposed • Traffic Flow Analysis • Traffic nature, load, network topology • Subscriber’s behavior and identity • Link Status Messages in IP Network • Processor Outage • Busy • Out of Service

  15. Signaling Nodes are Exposed • Misbehaving Node M2PA based IPSPs have two identifiers • Violation of Protocol State Machine • Continuous Proving • Sequence of exchanged messages

  16. Current Status : IP Network Side • Signaling Nodes may use • SSL • or IPSec

  17. Secure Signaling Architecture : ?

  18. Secure Signaling Architecture : Trust Management Authentication Gateway Screening (Firewall) Intrusion Detection Armor DoS/Vulnerabilities Signatures Rule Changes Re-Authentication Trust Negotiation

  19. Trust Management: • Define Service Level Agreements • Define Access control Policy

  20. Authentication: • IETF has proposed IPSec for IP Network • Our Proposal of MTPSec for SS7 Network

  21. Proposed Solution • Security Across MTP3 Layer • Combination of two protocol • Key Exchange (KE) Protocol • Authentication Header (AH) Protocol

  22. Authentication Header Format

  23. Conclusion • Provides Integrity and Authentication solution to all signaling nodes • Enforces SLA and ACL policy at the interface • Put checks on misbehaving entities

  24. Thank You !

More Related