Hemant Sengar, George Mason University

Slides:



Advertisements
Similar presentations
SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.
Advertisements

The leader in session border control for trusted, first class interactive communications.
dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Konrad Hammel Sangoma Technologies
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IS Network and Telecommunications Risks
Signalling Systems System which allows various network components to exchange information –In particular, it supports call / connection control network.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Voice over Internet Protocol (VoIP) Training and Development.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Advanced Signalling Research Lab. Fall ‘99 VON VON protocols - SIP Gonzalo Camarillo Atlanta September 28th, 1999 Gonzalo Camarillo
Presented by Zhi-Hong Guo Instructed by Assistant Professor Quincy Wu
Voice & Data Convergence Network Services January 11, 2001.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.
Personal data security in telemedicine M. Grayvoronskyy, A. Novikov NTUU “KPI”, Kiev, Ukraine.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Signaling & Network Control Dr. Eng. Amr T. Abdel-Hamid NETW 704 Winter 2006 Intelligent Networks.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.
M3UA Patrick Sharp.
A Hybrid, Stateful, and Cross- Protocol Intrusion Detection System for Converged Applications Department of Electrical Engineering University of Cape Town.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Sridhar Ramachandran Chief Technology Officer Core Session Controller.
Csci5233 Computer Security1 Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) ( )
VOICE OVER INTERNET PROTOCOL. INTRODUCTION SCENARIOS IN INTERNET TELEPHONY VOIP GATEWAYS IMPORTANCE OF VOICE OVER IP BENEFITS & APPLICATIONS ADVANTAGES.
Future Emergency Telecommunication Scenarios over the Internet Dr. Ken Carlberg Emergency Telecommunications Workshop 26’th-27’th,
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Karlstad University IP security Ge Zhang
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
PTCL Training & Development
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signaling Gateway A Signaling Gateway creates a bridge between the SS7 network and an IP network, under the control of the Gateway Controller. A Signaling.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
Chapter 1: Explore the Network
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Computer Security Network Security
Virtual Private Networks (VPNs)
TDR authentication requirements
Presentation transcript:

Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities Hemant Sengar, George Mason University Ram Dantu, University of North Texas Duminda Wijesekera, George Mason University

Background :

Integration of Voice and Data Network ? ?

Public Switched Telephone Network

SS7 Protocol Stack

Integrated IP and SS7 Network Interconnect IP Network to SS7 Network ?

SIGTRAN Protocol Suite

M2PA in Signaling Transport

SS7 Network Security Threats Telecommunication Deregulation Act,1996 has opened up market SS7 design and development carried out in different environment from the presently existing one. Convergence of voice and data networks

IP Network Security Threats Denial of Service (DoS) attacks Spoofing, Sniffing. Viruses, Worms etc. Intrusion

Marriage of SS7 and IP Exponential growth of IP Telephony More ISPs attach to SS7 Network Threats to Signaling Nodes May come from SS7 side or from IP side

Signaling Nodes are Exposed Potential Threats due to Message Content ISUP’s IAM message populated with Multilevel Precedence and Preemption (MLPP) parameter Populating CIC of IAM with 0000 value Caller ID may be spoofed Contd…

Signaling Nodes are Exposed MGC is used to bridge SIP and ISUP network Translation of ISUP to SIP and mapping of ISUP parameters into SIP headers Blind interpretation

Signaling Nodes are Exposed Traffic Flow Analysis Traffic nature, load, network topology Subscriber’s behavior and identity Link Status Messages in IP Network Processor Outage Busy Out of Service

Signaling Nodes are Exposed Misbehaving Node M2PA based IPSPs have two identifiers Violation of Protocol State Machine Continuous Proving Sequence of exchanged messages

Current Status : IP Network Side Signaling Nodes may use SSL or IPSec

Secure Signaling Architecture : ?

Secure Signaling Architecture : Trust Management Authentication Gateway Screening (Firewall) Intrusion Detection Armor DoS/Vulnerabilities Signatures Rule Changes Re-Authentication Trust Negotiation

Trust Management: Define Service Level Agreements Define Access control Policy

Authentication: IETF has proposed IPSec for IP Network Our Proposal of MTPSec for SS7 Network

Proposed Solution Security Across MTP3 Layer Combination of two protocol Key Exchange (KE) Protocol Authentication Header (AH) Protocol

Authentication Header Format

Conclusion Provides Integrity and Authentication solution to all signaling nodes Enforces SLA and ACL policy at the interface Put checks on misbehaving entities

Thank You !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.