研究生: |
楊家聲 Chia - Sheng Yang |
---|---|
論文名稱: |
SS7信號系統安全機制建構之研究 The Security Mechanism Construction for SS7 Signaling System |
指導教授: |
邱榮輝
Jung-Hui Chiu |
口試委員: |
王煥宗
Wang,Huan-Chun 吳宗杉 Wu T.S, 林仁紅 Jen-Hon Lin |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 電子工程系 Department of Electronic and Computer Engineering |
論文出版年: | 2005 |
畢業學年度: | 93 |
語文別: | 中文 |
論文頁數: | 97 |
中文關鍵詞: | 完整性 、加密 、鑑別 |
外文關鍵詞: | SS7 |
相關次數: | 點閱:247 下載:3 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
SS7信號系統是目前最多電信系統採用的信號方式,但因其並無安全設計之考量及電信的傳輸環境不夠安全,形成攻擊者的入侵點。SS7信號系統傳送的資料內含私密的資料,如GSM系統的用戶資料MSISDN、IMSI、IMEI、認證三參數及連線監控訊息等,都可能因SS7信號系統對接取的信號節點無鑑別性機制、信號傳輸過程無加密及完整性檢測等安全機制,而有可能遭受偽造身分者入侵或信號遭受竊取及篡改之危險。本文針對SS7信號系統安全問題提出下列建構SS7信號系統安全機制之四項改善方案如下:
(1) 建構安全模式、維護模式及正常模式,改善信號傳輸環境安全問題。
(2) 建構鑑別機制,改善信號節點接取網路之鑑別問題。
(3) 建構加密機制,改善承載資料明文傳送問題。
(4) 建構完整性檢測機制,改善承載資料完整問題。
The SS7 signaling system is the signaling network in which the telecommunication system adopts at present mostly. Because the current SS7 signaling system and the transmission environment do not have enough consideration about security issues, there are some vulnerabilities existed. The private data of subscriber, such as MSISDN, IMSI, IMEI, authentication triplet transfered in the SS7 signaling system are suffered from the related attack. Since SS7 signaling system does not have authentication, encryption and integrity mechanism, it can be attacked by faking user identity, leaking and modifying the signaling data. In this paper, the security programs are addressed and four mechanisms are provides to improve the security of the SS7 signaling system. There are show as follows:
(1) To modify working mode into the security mode, maintenance mode and normal mode, to improve the security problem of the signaling transmission environment.
(2) To construct the authentication mechanism of SS7 signaling system, to improve the signaling node authentication.
(3) To construct the encryption mechanism of SS7 signaling system, to improve transmission confidentiality.
(4) To construct the integrity mechanism of SS7 signaling system, to improve the integrity of the signaling data.
【1】 呂道鴻,李鎮谷,王培元,“第七號共通道信號系統概要”, 中華電信訓練所,1996.
【2】 John G. van Bosse, “Signaling in Telecommunication Network” ,John Wiley & Sons(2002).
【3】 “CISCO SS7 Fundamentals”, CISCO documents, 78-11278-01.
【4】 謝續平, “網路安全概論”電子書, http://dsns.csie.nctu.edu.tw/course/intro-security/2005,國立交通大學資訊工程研究所,2005.
【5】 William Stallings, “Cryptography and Network Security : Principles and Practice ”Second Edition, Prentice Hall,1999.
【6】 T.Moore , T.Kosloff , J.Keller , G.Manes , S.Shenoi , “Signaling System 7(SS7)Network Security”, Circuits and Systems, MWSCAS-2002. The 2002 45th Midwest Symposium on Volume 3, 4-7 Aug. 2002 Page(s):III-496 - III-499 vol.3., 2002.
【7】 駱襄陽, “GSM交換系統概要”, 中華電信訓練所,1996.
【8】 ETSI,GSM 03.20, “Digital Cellular Telecommunications System(Phase 2+);Security Related Network Functions”.
【9】 林昇和, “改善UMTS行動通信系統身分認證、完整性及金鑰更新機制”,台灣科技大學,碩士論文2003.