Vulnerabilities of signaling system number 7 (SS7) to cyber attacks and how to mitigate against these vulnerabilities. by Bob Kamwendo.pdf

(5074 KB) Pobierz
VULNERABILITIES OF SIGNALING SYSTEM NUMBER 7 (SS7) TO
CYBER ATTACKS AND HOW TO MITIGATE AGAINST THESE
VULNERABILITIES.
BOB KAMWENDO
A Research Report submitted to the Faculty of Engineering and the Built Environment,
University of the Witwatersrand, in partial fulfillment of the requirements
for the award of the degree of Master of Science in Engineering
Johannesburg, August 25, 2015
Declaration
I declare that this research project is my own unaided work. It is being submitted as a partial
fulfillment for the Degree of Master of Science in Engineering to the University of the Witwater-
srand, Johannesburg. It has not been submitted before for any degree or examination to any other
University.
Candidate Name: Bob Kamwendo
Candidate Signature:................................
Date: 25 th August, 2015
i
Abstract
As the mobile network subscriber base exponentially increases due to some attractive offerings
such as anytime anywhere accessibility, seamless roaming, inexpensive handsets with sophisticated
applications, and Internet connectivity, the mobile telecommunications network has now become
the primary source of communication for not only business and pleasure, but also for the many life
and mission critical services. This mass popularisation of telecommunications services has resulted
in a heavily loaded Signaling System number 7 (SS7) signaling network which is used in Second
and Third Generations (2G and 3G) mobile networks and is needed for call control and services
such as caller identity, roaming, and for sending short message servirces. SS7 signaling has enjoyed
remarkable popularity for providing acceptable voice quality with negligible connection delays, pos-
sibly due to its circuit-switched heritage. However, the traditional SS7 networks are expensive to
lease and to expand, hence to cater for the growing signaling demand and to provide the seamless
interconnectivity between the SS7 and IP networks a new suite of protocols known as Signaling
Transport (SIGTRAN) has been designed to carry SS7 signaling messages over IP.
Due to the intersignaling between the circuit-switched and the packet-switched networks, the mo-
bile networks have now left the “walled garden”, which is a privileged, closed and isolated ecosystem
under the full control of mobile carriers, using proprietary protocols and has minimal security risks
due to restricted user access. Potentially, intersignaling can be exploited from the IP side to disrupt
the services provided on the circuit-switched side.
This study demonstrates the vulnerabilities of SS7 messages to cyber-attacks while being trans-
ported over IP networks and proposes some solutions based on securing both the IP transport and
SCTP layers of the SIGTRAN protocol stack.
ii
Acknowledgements
Heartfelt gratitude to my supervisor, Professor Rex Van Olst for his time, guidance and unwavering
support. Thank you Prof. for your constant reminders on the deliverables due dates and always
being available to help and give direction.
Many thanks also go to my work colleague, Patrick Khaile, for the technical assistance rendered
throughout the course of this research. Ntates, your contribution was invaluable and priceless.
Finally, I would like to thank my daughter Sindi and Captain Ken for thier patience and under-
standing. The times you wanted me to teach you some alphabet symbols and draw you pictures, I
was also busy with my work. You never gave up on me but kept on coming.
iii
Dedication
To my departed father and sister. How I wish you were here to witness and celebrate with me for
achieving this milestone. I am not despaired, though, because I know that you are happy for me
wherever you are.
iv

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin