120 likes | 135 Views
FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009). Security & Regulatory Issues in NGN. NK Goyal President, Communications & Manufacturing Association of India (CMAI) Chairman Emeritus, Telecom Equipment Manufacturers Association of India (TEMA)
E N D
FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009) Security & Regulatory Issues in NGN NK Goyal President, Communications & Manufacturing Association of India (CMAI) Chairman Emeritus, Telecom Equipment Manufacturers Association of India (TEMA) Director, National Fertilizers Ltd. NFL ( Govt. of India Undertaking) 7-10th April, 2009 Sri Lanka nkgoyals@nkgoyals.comnkgoyals@yahoo.co.in +91 98 111 29879 www.nkgoyals.com
Indian Telecom Sector • 281 Access service licensees. Of these, 121 UAS licenses were awarded in January, 2008. • The total number of telephone connections stood at 400.05 million at the end of January, 2009. Second largest in world. • Monthly additions 10-15 Millions • The overall tele-density is 40.50% and the rural tele-density is only 13.13%.
Next Generation Networks An ITU-T defined telecommunications Network architectures & Technologies NGN is a broadband Network where service layer, transport layer & application layers have an independent function of each other An Internet with an IMS architecture is NGN An evolutionary approach from PSTN/ISDN networks to advanced network called NGN Move from current H.323 protocol to Session based Session Initiation Protocol
VoIP PSTN Security Regulation of “Plain Old Telephone Service (POTS)” Privacy Consumer protection NGN Quality of Service Numbering Emergency Access Competition Interconnection “Next Generation” Longer term issues • Core policy areas: • Competition (level-playing field), Interconnection • Consumer (QOS, privacy, emergency access) • Security & legal interception • Scope for self-regulation Short term issues Regulatory implications of NGN 4 Source: ASTAP05_WS.IP&NGN-09
Typical attacks in SIP Malformed Message Attacks Buffer Overflow Attacks Denial-of Service attacks RTP session hijacking Injection of unauthentic RTP packets into existing RTP flows Re-use of compromised SIP credentials Hostile SIP network elements
Session Border Controller An insecure network cannot charge for its use or provide a guaranteed QoS service, because unauthorized users cannot be prevented from overusing limited network resources. SBCs can provide security and protection against unauthorized access into the trusted network invalid or malicious calls, including Denial of Service (DoS) attacks bandwidth theft by authorized users unusual network conditions, for example a major emergency.
NGN Security Security requirements for Transport Home Network domain Core Network Interfaces Security requirements for Service IMS domain Transport stratum to IMS domain IMS to Application domain security Application domain security Home Network to Application domain security Home Network-to-IMS domain security Open service platform to valued-added service provider security
LI Challenges Majority of mass telecommunication traffic today doesn’t traverse any part of the well-controlled Circuit Switched network: IP multimedia traffic between GPRS/UMTS mobile phones The traffic to and from Internet exchanged on high bandwitdhISPs (ADSL, FTTH, cable…) Telephone traffic between two VoIP terminals, maybe connected to different VoIP operators. Encrypted traffic without proper mechanisms Decentralized Peer to Peer networks
Challenges for NGN security • Network Address Translation (NAT): Calls may not materialized in due to NAT implementation in some router & firewall. • SIP: Message are sent in plain, uuencoded text although encryption option is available but there is no standard. • RTP: Vulnerable to interception & alteration • Code & script attacks: SIP phone are potentially vulnerable to attack from executable code or scripts. It may results in denial of service. • No standard Spam detection solutions
Cyber Security • With the growing number of applications to exploit on the converged Mobile IP Networks, a plethora of online avenues and revenues to pilfer, and many more corporate networks to hack, cyber-criminals appear to have no shortage of targets to pursue. • The heightened interest and response from law enforcement worldwide in bringing cyber criminals to justice may well result in malicious hackers being increasingly aggressive and creative in their efforts. • The threat of Malware, Trojans and lots others and it’s impact to operators is also big challenge.
Summary of Next Gen Security & Other aspects 3G/NGN/4G/IMS security issues seems to remain a threat for a good amount of time in near future. Technical security of NGN systems well designed but likely to suffer implementation problems Increased connectivity means the security exposure will become more serious and harder to manage Protocols such as SIP (e.g. in IMS model) likely to be abused by NGP (next generation phreakers) Open and distributed nature Lack of inherent security mechanisms Increasingly complicated network concept Running of mission critical Applications Deployed before fully matured likely to cause operational problems Few expert solutions for effective management Require time and Cost consuming Integration and configuration
Where is my cell phone mama.. I want to SMS to God that I have reached safely!