Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hemant Sengar, George Mason University

Published byKenneth McCormick Modified over 9 years ago

Similar presentations

Presentation on theme: "Hemant Sengar, George Mason University"— Presentation transcript:

1 Securing VoIP and PSTN from Integrated Signaling Network Vulnerabilities
Hemant Sengar, George Mason University Ram Dantu, University of North Texas Duminda Wijesekera, George Mason University

2 Background :

3 Integration of Voice and Data Network
? ?

4 Public Switched Telephone Network

5 SS7 Protocol Stack

6 Integrated IP and SS7 Network
Interconnect IP Network to SS7 Network ?

7 SIGTRAN Protocol Suite

8 M2PA in Signaling Transport

9 SS7 Network Security Threats
Telecommunication Deregulation Act,1996 has opened up market SS7 design and development carried out in different environment from the presently existing one. Convergence of voice and data networks

10 IP Network Security Threats
Denial of Service (DoS) attacks Spoofing, Sniffing. Viruses, Worms etc. Intrusion

11 Marriage of SS7 and IP Exponential growth of IP Telephony
More ISPs attach to SS7 Network Threats to Signaling Nodes May come from SS7 side or from IP side

12 Signaling Nodes are Exposed
Potential Threats due to Message Content ISUP’s IAM message populated with Multilevel Precedence and Preemption (MLPP) parameter Populating CIC of IAM with 0000 value Caller ID may be spoofed Contd…

13 Signaling Nodes are Exposed
MGC is used to bridge SIP and ISUP network Translation of ISUP to SIP and mapping of ISUP parameters into SIP headers Blind interpretation

14 Signaling Nodes are Exposed
Traffic Flow Analysis Traffic nature, load, network topology Subscriber’s behavior and identity Link Status Messages in IP Network Processor Outage Busy Out of Service

15 Signaling Nodes are Exposed
Misbehaving Node M2PA based IPSPs have two identifiers Violation of Protocol State Machine Continuous Proving Sequence of exchanged messages

16 Current Status : IP Network Side Signaling Nodes may use SSL or IPSec

17 Secure Signaling Architecture :
?

18 Secure Signaling Architecture :
Trust Management Authentication Gateway Screening (Firewall) Intrusion Detection Armor DoS/Vulnerabilities Signatures Rule Changes Re-Authentication Trust Negotiation

19 Trust Management: Define Service Level Agreements
Define Access control Policy

20 Authentication: IETF has proposed IPSec for IP Network
Our Proposal of MTPSec for SS7 Network

21 Proposed Solution Security Across MTP3 Layer
Combination of two protocol Key Exchange (KE) Protocol Authentication Header (AH) Protocol

22 Authentication Header Format

23 Conclusion Provides Integrity and Authentication solution to all signaling nodes Enforces SLA and ACL policy at the interface Put checks on misbehaving entities

24 Thank You !

Download ppt "Hemant Sengar, George Mason University"

Similar presentations

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.

SIP-T Status Update Jon Peterson Level(3) Communications 49 th IETF.
The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
www.dynamicsoft.com dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.

dynamicsoft Inc. Proprietary VON Developers Conference 1/19/00 C O N N E C T I N G T H E W O R L D W I T H A P P L I C A T I O N S.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Konrad Hammel Sangoma Technologies

Konrad Hammel Sangoma Technologies
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Signalling Systems System which allows various network components to exchange information –In particular, it supports call / connection control network.

Signalling Systems System which allows various network components to exchange information –In particular, it supports call / connection control network.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

Similar presentations

Ads by Google