Title: Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities
1Securing VoIP and PSTN from Integrated Signaling
Network Vulnerabilities
- Hemant Sengar, George Mason University
- Ram Dantu, University of North Texas
- Duminda Wijesekera, George Mason University
2Background
3Integration of Voice and Data Network
?
?
4Public Switched Telephone Network
5SS7 Protocol Stack
6Integrated IP and SS7 Network
- Interconnect IP Network to SS7 Network
?
7SIGTRAN Protocol Suite
8M2PA in Signaling Transport
9SS7 Network Security Threats
- Telecommunication Deregulation Act,1996 has
opened up market - SS7 design and development carried out in
different environment from the presently existing
one. - Convergence of voice and data networks
10IP Network Security Threats
- Denial of Service (DoS) attacks
- Spoofing, Sniffing.
- Viruses, Worms etc.
- Intrusion
11Marriage of SS7 and IP
- Exponential growth of IP Telephony
- More ISPs attach to SS7 Network
-
- Threats to Signaling Nodes
- May come from SS7 side
- or from IP side
12Signaling Nodes are Exposed
- Potential Threats due to Message Content
- ISUPs IAM message populated with Multilevel
Precedence and Preemption (MLPP) parameter - Populating CIC of IAM with 0000 value
- Caller ID may be spoofed
- Contd
13Signaling Nodes are Exposed
- MGC is used to bridge SIP and ISUP network
- Translation of ISUP to SIP and mapping of ISUP
parameters into SIP headers - Blind interpretation
-
14Signaling Nodes are Exposed
- Traffic Flow Analysis
- Traffic nature, load, network topology
- Subscribers behavior and identity
- Link Status Messages in IP Network
- Processor Outage
- Busy
- Out of Service
-
15Signaling Nodes are Exposed
- Misbehaving Node
- M2PA based IPSPs have two identifiers
- Violation of Protocol State Machine
- Continuous Proving
- Sequence of exchanged messages
-
16Current Status
- IP Network Side
- Signaling Nodes may use
- SSL
- or IPSec
17Secure Signaling Architecture
?
18Secure Signaling Architecture
Trust Management
Authentication
Gateway Screening (Firewall)
Intrusion Detection
Armor
DoS/Vulnerabilities
Signatures
Rule Changes
Re-Authentication
Trust Negotiation
19Trust Management
- Define Service Level Agreements
- Define Access control Policy
20Authentication
- IETF has proposed IPSec for IP Network
- Our Proposal of MTPSec for SS7 Network
21Proposed Solution
- Security Across MTP3 Layer
- Combination of two protocol
- Key Exchange (KE) Protocol
- Authentication Header (AH) Protocol
-
22Authentication Header Format
23Conclusion
- Provides Integrity and Authentication solution to
all signaling nodes - Enforces SLA and ACL policy at the interface
- Put checks on misbehaving entities
24Thank You !