 |
|
|
The IP family of protocols from IETF is stomping through the once calm fields of telephony like a dragon in search of beautiful princesses to devour. The dragon’s interest in voice traffic (VoIP) is well known, as is internet access from wireless data devices, but there are other aspects of telecom networks that will need to be replaced if a ubiquitous IP telecom network is to be developed. And, perhaps the most sensitive of those areas is the use of IP for the transmission of signaling data.
It is the signaling protocols (particularly GSM MAP and TIA/EIA-41) that verify that a cellular or PCS account is valid, that the authentication data is valid and that define what services the user is entitled to. The ISUP signaling protocol allows wireless systems to connect calls to other telephone networks, and other protocols are used for billing, maintenance and many other important functions. Because signaling data carries information about customers, business agreements, billing and network operations, it is critical that it be protected. What is not clear is how this goal can be attained if it is sent over the internet.
Much of today’s signaling traffic uses the SS7 network, although there is still significant use of tone-based signaling instead of SS7 ISUP connections to the PSTN, and still some use of X.25 to transport TIA/EIA-41 messaging. SS7 is a physically secure network, because public access to the network is not allowed. Furthermore, SS7 security is enhanced through the obscure nature of the protocol, the high cost of equipment and the low profile of applications using SS7 among the general hackers. Consequently, it is not a major target for hackers and criminals. Another consequence is, however, that SS7 relies on security due to its isolation from more widespread protocols, not because of any inherent protections from attack. It is, ironically, the relatively obscure nature of the protocol that makes SS7 equipment more expensive. Reliability requirements are higher, but the market is smaller and it is mainly medium to large corporations that are interested in purchasing it, consequently pushing the price up much higher than computer equipment supporting IP protocols.
Network security can be severely threatened by the ability to eavesdrop, and even more by the ability to generate fraudulent traffic. The internet has shown that sheer vandalism is perhaps an even bigger threat.
Eavesdropping would allow fraudsters to obtain the information to clone phones, and information that customers might rather remained private, such as their location. Much of the information transmitted on signaling networks has a great deal of competitive value, and might be of interest to unethical employees of carriers. Identification of heavy-use customers, along with their phone numbers, would allow targeted attacks on the customer base of other carriers.
The ability to generate fraudulent traffic would allow fraudulent mobiles to be validated. The initial validation could be sent to the home system, and denied, but could be followed by a validation that appears to come from the home system (but actually does not) that changes the status of the mobile to allow calls.
Denial of service attacks are one of the simplest forms of network vandalism. While they do not generate anything of value to the perpetrator, they can be a serious threat to a telecom network that promises 99.99% availability. These simple attacks merely require access to the target network. The work of routing, analyzing and ultimately discarding packets can, if the quantity is large enough, bring a network to its knees, and prevent legitimate traffic from proceeding.
The public internet is a wild and woolly place, with enormous potential for interception of information. But the use of internet protocols does not mandate the use of this network. One alternative is the use of a physically separate internet, but this would require the replacement of the current SS7 network by a completely separate telecom internet. Even then, it wouldn’t be truly physically separate, because it would probably run on the same fiber optic backbone connections as the public internet. And the expense of such total replacement may be completely unjustifiable. What is more likely is the use of a virtual private network, that may share some facilities with the public internet, but that may have critical pieces physically separated.
A virtual private network will make most security threats manageable, although they cannot ever be totally eliminated. There is no reason for telecom network elements to be directly addressable from the public internet. Without the ability to address the network, there is no ability to generate fraudulent traffic or launch denial of service attacks.
As the integration of computer and telephony networks proceeds, there may be a need to provide addressing between these networks. For example, carriers may want to provide a service by which websites can be addressed by phone numbers. For example, http://800-441-0294.phone might be equivalent to http://www.wirelessreview.com. To implement these, the public internet would have to have access to domain name servers containing telephone numbers, which may also be used by IP-based telephony signaling networks. A denial of service attack on the domain name server could prevent it from routing signaling traffic. This problem could be solved by providing a shadow DNS for these queries, but each new level of integration will come with new security challenges.
|
Encryption is playing an increasing role in securing the public internet. The ability to intercept messages is of no value if the messages cannot be interpreted, and there is no ability to generate false traffic if they cannot be encrypted correctly. However, encryption cannot prevent denial of service attacks, because the IP address portion of messages cannot be encrypted, and this is because IP routers need to be able to interpret them directly.
There were some discussions of encrypting wireless signaling traffic, initiated by the CTIA, several years ago. The project never went anywhere because there was no evidence that the SS7 network was seriously threatened. However, migration to IP may renew interest in this subject.
Encryption will not be a short-term solution because first a standard solution would have to be developed that would be robust, extremely efficient and adaptable to a network of ad hoc communications. Unlike most other networks, wireless signaling networks are characterized by the common need to send small quantities of data to many other points on the network. Even if every network element has a public key, the key still has to be obtained before messages can be encrypted. If two network elements want to exchange one message, they would generate more network traffic in obtaining the key than the one message being exchanged. In e-commerce applications, by contrast, it can be assumed that most sessions will involve the exchange of a considerable number of messages, so encryption results in less overhead.
The IETF is developing a number of standards in its SIGTRAN group to address telephony needs (e.g. SCTP, SIP, M3UA, SUA). However, these standards are immature, and although the tree currently bears many flowers, not all of them will ripen into fruit. Consequently, it is too early for carriers to commit to major expenses, for fear that their investment will be stranded if most other carriers bite into a different apple.
Signaling traffic represents the ‘crown jewels’ of wireless networks. While the number of bits represented by this traffic is dwarfed by the amount devoted to voice and data traffic, they are of equal importance to the carrier. It is inevitable that the current SS7 network will give way to an IP-based network, but the challenges (of which security is but one) are so great that the transition will be slow and gradual. Telecom carriers have their reputations for reliability as well as massive investments to protect; their decisions are far more complex than rushing out to an electronics superstore and dropping this month’s salary on a web-enabled PC!
© – Copyright