Analysis and evaluation of security issues for transport of SS7 signaling data over IP networks
S. Kiesel. Universität Stuttgart, Institut für Nachrichtenvermittlung und Datenverarbeitung, Diplomarbeit, (February 2002)
Abstract
Since late 1998 the SIGTRAN (Signaling Transport) working
group of the Internet Engineering Task Force (IETF) has
been working on the specification of a protocol suite for
the transport of SS7 signaling data over IP networks. The
core of this architecture is comprised by a protocol
called SCTP (Stream Control Transmission Protocol), which
basically implemets a reliable datagram service on top of
an unreliable IP network. Several adaptation layers may
reside on top of SCTP and enhance SCTP's services to match
different signaling transport scenarios and requirements.
SCTP uses a sophisticated four-way handshake protocol for
association (connection) setup and so called ``Verification
Tags'' to protect itself against denial-of-service and
``blind spoofing'' attacks.
The goal of this work was to analyze what these security
mechanisms achieve and what they require from their
environment in order to work properly.
The SCTP four-way handshake protocol has been modelized
using the ``BAN logic'', a formal method introduced by
Michael Burrows, Martín Abadi and Roger Needham
in 1989. SCTP's security mechanisms require that the
underlying IP network cannot be wiretapped by hostile
nodes. It has been analyzed what an attacker can achieve if
this assumption is not fulfilled. Possible attacks include
the injection of data into an established SCTP association
and hi-jacking or forced teardown of an association. A
method for modeling the secrecy of a network at different
abstraction levels has been developed. The interworking
of SCTP with IPsec and NAT has been considered.
%0 Thesis
%1 ki-2002-0010
%A Kiesel, Sebastian
%D 2002
%K imported myown tikauthor:kiesel
%T Analysis and evaluation of security issues for transport of SS7 signaling data over IP networks
%X Since late 1998 the SIGTRAN (Signaling Transport) working
group of the Internet Engineering Task Force (IETF) has
been working on the specification of a protocol suite for
the transport of SS7 signaling data over IP networks. The
core of this architecture is comprised by a protocol
called SCTP (Stream Control Transmission Protocol), which
basically implemets a reliable datagram service on top of
an unreliable IP network. Several adaptation layers may
reside on top of SCTP and enhance SCTP's services to match
different signaling transport scenarios and requirements.
SCTP uses a sophisticated four-way handshake protocol for
association (connection) setup and so called ``Verification
Tags'' to protect itself against denial-of-service and
``blind spoofing'' attacks.
The goal of this work was to analyze what these security
mechanisms achieve and what they require from their
environment in order to work properly.
The SCTP four-way handshake protocol has been modelized
using the ``BAN logic'', a formal method introduced by
Michael Burrows, Martín Abadi and Roger Needham
in 1989. SCTP's security mechanisms require that the
underlying IP network cannot be wiretapped by hostile
nodes. It has been analyzed what an attacker can achieve if
this assumption is not fulfilled. Possible attacks include
the injection of data into an established SCTP association
and hi-jacking or forced teardown of an association. A
method for modeling the secrecy of a network at different
abstraction levels has been developed. The interworking
of SCTP with IPsec and NAT has been considered.
@mastersthesis{ki-2002-0010,
abstract = {Since late 1998 the SIGTRAN (Signaling Transport) working
group of the Internet Engineering Task Force (IETF) has
been working on the specification of a protocol suite for
the transport of SS7 signaling data over IP networks. The
core of this architecture is comprised by a protocol
called SCTP (Stream Control Transmission Protocol), which
basically implemets a reliable datagram service on top of
an unreliable IP network. Several adaptation layers may
reside on top of SCTP and enhance SCTP's services to match
different signaling transport scenarios and requirements.
SCTP uses a sophisticated four-way handshake protocol for
association (connection) setup and so called ``Verification
Tags'' to protect itself against denial-of-service and
``blind spoofing'' attacks.
The goal of this work was to analyze what these security
mechanisms achieve and what they require from their
environment in order to work properly.
The SCTP four-way handshake protocol has been modelized
using the ``BAN logic'', a formal method introduced by
Michael Burrows, Mart\'{i}n Abadi and Roger Needham
in 1989. SCTP's security mechanisms require that the
underlying IP network cannot be wiretapped by hostile
nodes. It has been analyzed what an attacker can achieve if
this assumption is not fulfilled. Possible attacks include
the injection of data into an established SCTP association
and hi-jacking or forced teardown of an association. A
method for modeling the secrecy of a network at different
abstraction levels has been developed. The interworking
of SCTP with IPsec and NAT has been considered.},
added-at = {2023-11-17T18:29:11.000+0100},
author = {Kiesel, Sebastian},
biburl = {https://puma.ub.uni-stuttgart.de/bibtex/2ab8d5159b35232b3ea1cd6d07378bbc7/skiesel},
interhash = {d1ab8882851bcd8f5bac0b7d803ae00e},
intrahash = {ab8d5159b35232b3ea1cd6d07378bbc7},
keywords = {imported myown tikauthor:kiesel},
month = feb,
school = {Universit\"{a}t Stuttgart, Institut f\"{u}r Nachrichtenvermittlung und Datenverarbeitung},
timestamp = {2023-11-17T18:29:11.000+0100},
title = {{Analysis and evaluation of security issues for transport of SS7 signaling data over IP networks}},
type = {Diplomarbeit},
year = 2002
}