Professional Documents
Culture Documents
Hemant Sengar, George Mason University Ram Dantu, University of North Texas Duminda Wijesekera, George Mason University
Background :
?
Telephone
PBX
Modem
IDC
Fax
Mobile Switching Center
IP Phones
?
IP Gateway
Comm. Tower
Internet
IP Phones
TCAP
Message Transfer Part Level 2 (Data Link Layer) Message Transfer Part Level 1 (Physical Layer)
MTP
IP Link
SIP Network
SS7 Network
SIGTRAN based Link
Enterprise Network
Carrier Networks
MTP3
ISUP
SCCP
TCAP
ISDN
M2PA
M2UA
M3UA SCTP IP
SUA
IUA
SIGTRAN Architecture
SS7 over IP
MTP2 MTP1
MTP2 MTP1
M2PA SCTP IP
M2PA SCTP IP
SS7
IP Network
ISUPs IAM message populated with Multilevel Precedence and Preemption (MLPP) parameter Populating CIC of IAM with 0000 value Caller ID may be spoofed
Contd
Translation of ISUP to SIP and mapping of ISUP parameters into SIP headers Blind interpretation
Current Status :
IP Network Side Signaling Nodes may use
SSL or IPSec
IP Network
?
Secured Tunnel
Secured Tunnel
Armor
Signatures
DoS/Vulnerabilities
Trust Management:
Define Service Level Agreements Define Access control Policy
Authentication:
IETF has proposed IPSec for IP Network Our Proposal of MTPSec for SS7 Network
Proposed Solution
Security Across MTP3 Layer
Combination of two protocol
Conclusion
Provides Integrity and Authentication solution to all signaling nodes Enforces SLA and ACL policy at the interface Put checks on misbehaving entities
Thank You !