CN104869116B - Telecommunications network signaling security active protection method - Google Patents

Abstract

The invention relates to an active protection method for signaling security in a telecommunication network. By performing multi-dimensional and integrated dynamic equivalent transformation on signaling data carried by protocol types, call identifiers, carried parameters and transmission channels, the same call or different calls involve Control signaling loses its inherent similarity and certainty in the space-time domain and presents diversification, dynamics and randomization, forming an active defense capability against signaling attacks. The present invention has a good ability to detect and prevent network attacks or pre-attack preparations for the purpose of obtaining network information and stealing user privacy information in advance, and introduces signaling data without changing the specification of the signaling protocol format The multi-level dynamic equivalence transformation mechanism makes the signaling data irregular and jumping in the space-time domain to third parties other than the communication parties, making it more difficult for network attackers to intercept and correctly reassemble and restore the signaling information, achieving The purpose of improving the security protection capability of telecommunication network signaling.

Description

Active protection method for signaling security in telecommunication network

technical field

The invention relates to the field of communication technology, in particular to a method for actively protecting signaling security of a telecommunication network.

Background technique

Implement security protection methods for the signaling information of the telecommunication network based on post-event statistical rules to passively discover and block signaling attacks that have occurred Behaviors do not have the ability to detect and prevent. The present invention provides an active protection method for telecommunication network signaling security to solve the above technical problems. The invention provides a new solution for the security protection of telecommunication network signaling. Relevant methods are applicable to the construction or security performance upgrade of private telecommunication networks with high security level requirements using various technical systems such as PSTN and softswitch. Communication signaling is the control signal of the telecommunication network, and all kinds of telecommunication services complete the call connection and communication process under the control and guidance of the signaling. Signaling carries a large amount of information closely related to network topology and communication individual behavior. Taking a basic telephone call as an example, in the process from the beginning of the call to the end of the call, the telephone exchange equipment needs to communicate the network route and channel address, service type and media codec format, terminal type and identity, and caller User number, called user number, call start time, end time and other information. By analyzing and counting these information, we can understand key network information such as configuration and distribution of core network elements of the telecom network, network scale and topology, service routing composition and resource allocation, user number segment allocation and number of users, as well as telecom user numbers. Private information such as mailing addresses, personal habits and behavior patterns, and social relations. Once a network attacker has access to this information, it will not only help attack activities such as disrupting and paralyzing the core area of the network and key node equipment, but also use signaling guidance to carry out communication eavesdropping, business hijacking, or denial of service attacks on target telecom users. Illegal Internet Behavior.

At present, the main methods for implementing security protection for signaling information in telecommunication networks include abnormal signaling monitoring, abnormal signaling traffic control, signaling black and white list authentication, etc. These methods are based on post-event statistical rules to passively discover and block existing The signaling attacks that occur do not have the ability to detect and prevent network attacks or pre-attack preparations for the purpose of obtaining network information and stealing user privacy information.

Contents of the invention

Aiming at the deficiencies in the prior art, the present invention provides an active protection method for telecommunication network signaling security, which is suitable for the construction or security performance upgrade of dedicated telecommunication networks with high security level requirements using technical systems such as PSTN and softswitch.

According to the design scheme provided by the present invention, a method for active protection of telecommunication network signaling security includes the following steps:

Step 1. Dynamic switching of heterogeneous protocols. During the interaction process of signaling data, a pseudo-protocol including basic procedures, messages and parameters is generated according to the common elements of the heterogeneous call control protocols of the telecommunication network. During call control, the call control logic adopts Pseudo-protocols are used for interaction, and heterogeneous call control protocols of the telecommunications network are randomly and dynamically selected on the physical bearer for call control;

Step 2. call identity virtualization, set up a virtual call identity corresponding to the call identity group, the call identity group contains a plurality of call identities with different source signaling equipment, destination signaling equipment and call numbers, when calling, the source signal The command device and the destination signaling device use the virtual call ID to complete the handshake, and then the source signaling device and the destination signaling device randomly and variablely select a call ID in the call ID group according to the call ID group corresponding to the virtual call ID Perform subsequent signaling message interaction and call identification;

Step 3. The user information is scattered and carried. In the signaling control, the calling user information and the called user information are forcibly separated and combined with the virtual call identifier in step 2 to release the coupling between different signaling messages in the same call signaling flow. ;

Step 4. Signaling multi-channel transmission. Based on the heterogeneous call control protocol, different types of signaling transmission channels are established between signaling nodes, and multiple signaling devices are configured for the same type of signaling transmission channel. address, the signaling channel dynamic switching mechanism is established by both sides of the signaling device, combined with the dynamic switching of heterogeneous protocols in step 1, the signaling flow of the same-direction call or the same-source-same-destination call is randomly changed in the signaling data transmission according to the prefabricated strategy Signaling channel type and physical path used.

The step 3 also includes splitting the information of the calling user or the information of the called user into multiple pieces for sensitive users, and carrying and transmitting them through different signaling messages.

The telecommunications network heterogeneous call control protocol in step 1 includes SS7 TUP and ISUP protocols, BICC protocol, and SIP protocol.

In step 2, the call identity virtualization establishes a virtual call identity corresponding to the call identity group according to the SS7 multi-point code and the IP port multi-address, and the virtual call identity and the call identity group have the same coding and distribution method.

Beneficial effects of the present invention:

1. The present invention performs multi-dimensional and integrated dynamic equivalent transformation on the signaling data in terms of the type of protocol carried, the call identifier, the carried parameters, and the transmission channel, so that the control signaling involved in the same call or different calls, no matter from the signaling data In terms of the parameter structure and semantics of the message itself, or from the composition of the signaling flow and the transmission mode, etc., it loses its inherent similarity and certainty in the space-time domain, and presents diversification, dynamics and randomization. Even if the attacker intercepts the signaling data, it is difficult to correctly reorganize and restore a large amount of discrete and irregular data, thereby forming an active defense capability against signaling attacks and improving the level of network information security.

2. The present invention aims at presenting orderliness and regularity to all network roles in the signaling generation and transmission mechanism of the existing telecommunication services, and is easy to be exploited by network attackers, without changing the specification of the signaling protocol format Under the premise, the multi-level dynamic equivalent transformation mechanism of signaling data is introduced, so that the signaling data presents irregularities and jumps in the space-time domain to third parties other than the two parties in communication, thereby increasing the effective interception and correctness of network attackers. The difficulty of recombining and restoring signaling information achieves the purpose of improving the security protection capability of telecommunication network signaling, and is suitable for the development of various types of secure telecommunication network call control equipment, signaling gateway equipment, etc.

3. The present invention has a good ability to detect and prevent network attacks or pre-attack preparations for the purpose of obtaining network information and stealing user privacy information. This method aims at the orderliness and regularity of all network roles in the signaling generation and transmission mechanism of the existing telecommunication services, which is easy to be exploited by network attackers. , introducing a multi-level dynamic equivalent transformation mechanism for signaling data, so that the signaling data presents irregularity and jumps in the space-time domain to third parties other than the two parties in communication, thereby increasing the effective interception and correct recombination and restoration of network attackers The difficulty of signaling information achieves the purpose of improving the security protection capability of telecommunication network signaling.

Description of drawings:

FIG. 1 is a schematic diagram of the working principle of the active protection method for signaling security of a telecommunication network according to the present invention.

detailed description:

The present invention will be described in further detail below in conjunction with the accompanying drawings and technical solutions, and the implementation of the present invention will be described in detail through preferred embodiments, but the implementation of the present invention is not limited thereto.

Heterogeneous protocol dynamic switching, call identification virtualization, user information fragmentation and portability, and signaling channel dynamic switching technology, and multi-level dynamic equivalent of signaling data in terms of the type of protocol carried, call identification, carried parameters, and transmission channels. Transformation to establish the technical principle of telecommunication network signaling control and transmission dynamics and disorder in third-party view. Commonly used telecommunication network call control protocols include SS7 TUP and ISUP protocols, BICC protocol, SIP protocol, etc. They have different message sets, different message structures, different parameter types and different message encoding methods, etc., but in In terms of the interaction process and the information elements of the interaction, there are commonalities among different protocols. Based on this, a "pseudo-protocol" including basic processes, messages, and parameters can be abstracted. When a call is set up, a "pseudo-protocol" is used for interaction in the call control logic, but various real protocols are randomly selected for encapsulation according to the current security policy during the physical bearer, so as to realize different control processes for different calls or even the same call. Select a heterogeneous signaling protocol for call control. Through the dynamic switching mechanism of heterogeneous protocols, on the one hand, it can present diversification and randomness at the level of signaling information, increasing the difficulty for attackers to use signaling data analysis to grasp key network parameters and user private information; on the other hand, it can also effectively Avoid network security risks caused by attackers using possible loopholes in a certain signaling protocol to initiate signaling attacks. Call ID is a group of related label information used to distinguish different calls and uniquely determine a call within a certain time and space range in the signaling control process. It usually contains three basic elements: source signaling device identification, destination signaling device ID and call number. Call IDs imply network devices and their interconnection relationships. In existing network planning and actual operation, call IDs are generally one-to-one static configurations. By analyzing the call identification carried in the signaling message, it is easy to extract the network topology and service relationship. User information is the attribute parameters of both the calling user and the called user during the communication process, including the user's phone number or network address. The user information is encapsulated in the signaling message, which is transmitted through the signaling as an important communication parameter, and is used for authentication and address translation of the call, and guides the call control device to perform route selection and establish a call connection. By analyzing a large amount of user information, it is possible to understand sensitive information such as user composition, quantity, and mutual communication relationship in the network. In the standard signaling process design, user information is usually carried centrally through a signaling message (such as a call setup message). The advantage is that it can simplify the communication control process and improve the efficiency of call connection. A single signaling message of the call service may achieve the purpose of stealing sensitive user information or carrying out other attacks based on it without intercepting the complete signaling process. A signaling channel refers to a network path used to transfer signaling data. For the purpose of signaling transmission service balance principle and convenient management, the signaling transmission channel is generally statically bound with the signaling source, destination and media port identifier, unless the signaling channel is congested or faulty, the signaling path of the same call is relatively fixed. While this feature brings "order and convenience" to network operators, it also leaves a relatively large security risk. Attackers only need to track and analyze the intercepted signaling data within a certain period of time to find out Rules and make use of them, the following are described in detail through the embodiments.

Embodiment 1, as shown in FIG. 1, a method for active protection of telecommunication network signaling security includes the following steps:

Step 1. Dynamic switching of heterogeneous protocols. During the interaction process of signaling data, a pseudo-protocol including basic procedures, messages and parameters is generated according to the common elements of the heterogeneous call control protocols of the telecommunication network. During call control, the call control logic adopts Pseudo-protocol interaction, random and dynamic selection of telecommunications network heterogeneous call control protocols on the physical bearer for call control, in which common elements mainly refer to elements such as commands and parameters with different forms and names but the same meaning and function;

Step 2. call identity virtualization, set up a virtual call identity corresponding to the call identity group, the call identity group contains a plurality of call identities with different source signaling equipment, destination signaling equipment and call numbers, when calling, the source signal The command device and the destination signaling device use the virtual call ID to complete the handshake, and then the source signaling device and the destination signaling device randomly and variablely select a call ID in the call ID group according to the call ID group corresponding to the virtual call ID For subsequent signaling message interaction and call identification, the same triplet is used to identify the same call from the beginning to the end of the call. This method allocates multiple different triplets to identify the same call, and the call identifier is changed from the current Some one-to-one relationships are changed to many-to-one relationships, so as to realize the virtualization of call identification;

Step 3. The user information is scattered and carried. In the signaling control, the calling user information and the called user information are forcibly separated and combined with the virtual call identifier in step 2 to release the coupling between different signaling messages in the same call signaling flow. Firstly, the virtual call ID is used to disassociate the association between different signaling messages in the signaling flow involved in the same call based on the call ID, and secondly, by separating the calling and called user information usually carried in the same message Carried in the message, so as to further associate the calling and called user information;

Step 4. Signaling multi-channel transmission. Based on the heterogeneous call control protocol, different types of signaling transmission channels are established between signaling nodes, and multiple signaling devices are configured for the same type of signaling transmission channel. address, the signaling channel dynamic switching mechanism is established by both sides of the signaling device, combined with the dynamic switching of heterogeneous protocols in step 1, the signaling flow of the same-direction call or the same-source-same-destination call is randomly changed in the signaling data transmission according to the prefabricated strategy The type of signaling channel and physical path used, wherein the predictive strategy includes dynamically changing the adopted signaling protocol and its routing according to different time periods or different call times.

Embodiment 2 is basically the same as Embodiment 1, except that step 3 also includes splitting the calling user information or called user information into multiple segments for sensitive users, and carrying and transmitting them through different signaling messages.

Embodiment 3 is basically the same as Embodiment 1, except that: the heterogeneous call control protocol of the telecommunications network in step 1 includes SS7 TUP and ISUP protocols, BICC protocol, and SIP protocol.

Embodiment 4 is basically the same as Embodiment 1, and the difference is that in step 2, the call identifier virtualization is based on SS7 multi-point code and IP port multi-address to establish a virtual call identifier corresponding to the call identifier group, and the virtual call The ID has the same encoding and distribution method as the call ID group.

The present invention is not limited to the specific embodiments described above, and those skilled in the art can also make various changes accordingly, but any changes that are equivalent or similar to the present invention should be covered within the scope of the claims of the present invention.

Claims (4)

1. A telecommunication network signaling security active protection method, characterized in that: comprises the following steps: Step 1. Dynamic switching of heterogeneous protocols. During the interaction process of signaling data, a pseudo-protocol including basic procedures, messages and parameters is generated according to the common elements of the heterogeneous call control protocols of the telecommunication network. During call control, the call control logic adopts Pseudo-protocols are used for interaction, and heterogeneous call control protocols of the telecommunications network are randomly and dynamically selected on the physical bearer for call control; Step 2, call identity virtualization, set up a virtual call identity corresponding to the call identity group, the call identity group includes a plurality of call identities with different source signaling equipment, destination signaling equipment and call numbers, when the call is started, the source signal The command device and the destination signaling device use the virtual call ID to complete the handshake, and then the source signaling device and the destination signaling device randomly and variablely select a call ID in the call ID group according to the call ID group corresponding to the virtual call ID Perform subsequent signaling message interaction and call identification; Step 3, user information is scattered and carried, and the calling user information and called user information are forcibly separated in signaling control and combined with the virtual call identifier in step 2 to release the coupling between different signaling messages in the same call signaling flow ; Step 4. Signaling multi-channel transmission. Based on the heterogeneous call control protocol, different types of signaling transmission channels are established between signaling nodes. For the same type of signaling transmission channel, multiple signaling devices are configured at both ends of the signaling channel. address, the signaling channel dynamic switching mechanism is established by both sides of the signaling device, combined with the dynamic switching of heterogeneous protocols in step 1, the signaling flow of the same-direction call or the same-source-same-destination call is randomly changed in the signaling data transmission according to the prefabricated strategy Signaling channel type and physical path used. 2. The active protection method for telecommunication network signaling security according to claim 1, characterized in that: said step 3 also includes, for sensitive users, splitting the calling user information or the called user information into multiple sections, through different The signaling message carries the transmission. 3. The active protection method for telecommunication network signaling security according to claim 1, characterized in that: said telecommunication network heterogeneous call control protocol in step 1 includes SS7 TUP and ISUP protocols, BICC protocol, and SIP protocol. 4. The active protection method for telecommunication network signaling security according to claim 1, characterized in that: in the step 2, call identification virtualization is based on SS7 multi-point code and IP port multi-address establishment corresponding to the call identification group The virtual call ID has the same encoding and distribution method as the call ID group.