Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities - PowerPoint PPT Presentation

About This Presentation
Title:

Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities

Description:

Telecommunication Deregulation Act,1996 has opened up market ... Spoofing, Sniffing. Viruses, Worms etc. Intrusion. Marriage of SS7 and IP ... – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 25
Provided by: PRIN181
Category:

less

Transcript and Presenter's Notes

Title: Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities


1
Securing VoIP and PSTN from Integrated Signaling
Network Vulnerabilities
  • Hemant Sengar, George Mason University
  • Ram Dantu, University of North Texas
  • Duminda Wijesekera, George Mason University

2
Background
3
Integration of Voice and Data Network
?
?
4
Public Switched Telephone Network
5
SS7 Protocol Stack
6
Integrated IP and SS7 Network
  • Interconnect IP Network to SS7 Network

?
7
SIGTRAN Protocol Suite
8
M2PA in Signaling Transport
9
SS7 Network Security Threats
  • Telecommunication Deregulation Act,1996 has
    opened up market
  • SS7 design and development carried out in
    different environment from the presently existing
    one.
  • Convergence of voice and data networks

10
IP Network Security Threats
  • Denial of Service (DoS) attacks
  • Spoofing, Sniffing.
  • Viruses, Worms etc.
  • Intrusion

11
Marriage of SS7 and IP
  • Exponential growth of IP Telephony
  • More ISPs attach to SS7 Network
  • Threats to Signaling Nodes
  • May come from SS7 side
  • or from IP side

12
Signaling Nodes are Exposed
  • Potential Threats due to Message Content
  • ISUPs IAM message populated with Multilevel
    Precedence and Preemption (MLPP) parameter
  • Populating CIC of IAM with 0000 value
  • Caller ID may be spoofed
  • Contd

13
Signaling Nodes are Exposed
  • MGC is used to bridge SIP and ISUP network
  • Translation of ISUP to SIP and mapping of ISUP
    parameters into SIP headers
  • Blind interpretation

14
Signaling Nodes are Exposed
  • Traffic Flow Analysis
  • Traffic nature, load, network topology
  • Subscribers behavior and identity
  • Link Status Messages in IP Network
  • Processor Outage
  • Busy
  • Out of Service

15
Signaling Nodes are Exposed
  • Misbehaving Node
  • M2PA based IPSPs have two identifiers
  • Violation of Protocol State Machine
  • Continuous Proving
  • Sequence of exchanged messages

16
Current Status
  • IP Network Side
  • Signaling Nodes may use
  • SSL
  • or IPSec

17
Secure Signaling Architecture
?
18
Secure Signaling Architecture
Trust Management
Authentication
Gateway Screening (Firewall)
Intrusion Detection
Armor
DoS/Vulnerabilities
Signatures
Rule Changes
Re-Authentication
Trust Negotiation
19
Trust Management
  • Define Service Level Agreements
  • Define Access control Policy

20
Authentication
  • IETF has proposed IPSec for IP Network
  • Our Proposal of MTPSec for SS7 Network

21
Proposed Solution
  • Security Across MTP3 Layer
  • Combination of two protocol
  • Key Exchange (KE) Protocol
  • Authentication Header (AH) Protocol

22
Authentication Header Format
23
Conclusion
  • Provides Integrity and Authentication solution to
    all signaling nodes
  • Enforces SLA and ACL policy at the interface
  • Put checks on misbehaving entities

24
Thank You !
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!