ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Packet IN
August 2002

Securing SS7 As Networks Converge


Signaling System 7 (SS7) is one of the largest packet networks in the world, linking telecommunication networks of all types into one large global communication network. It is the glue between networks that enables call setup and teardown as well as advanced services. An overlay to the voice network, SS7 is an out-of-band digital network. It does not handle any bearer traffic; its sole focus is to carry messages that connect and disconnect calls between subscribers and to access databases to deliver advanced services such as caller-ID, call forwarding, toll free, and local number portability.

The SS7 architecture is comprised of three signaling points: Service switching points (SSPs); signal transfer points (STPs); and service control points (SCPs). As the entry and exit points for the SS7 network, SSPs originate, terminate, and �tandem� telephone calls. STPs function as routers, relaying messages from SSP to SSP and to SCPs, the interface to the telephone company databases.

The SS7 network design was based on the assumption that there would be a limited number of carriers interconnecting to the local exchange carriers (LECs). As a closed network, data is only exchanged between switches and databases with very little human intervention. With a limited number of carriers and limited points of interconnection, the LECs could assume with fair certainty that all of the elements passing data were trusted sources.

The security measures employed in today�s SS7 network reflect that assumption. Unlike IP protocols, security features like authentication and encryption were not built into the SS7 protocol. Rather, the focus has been placed on creating secure physical environments for the network equipment rather than secure protocols. The central offices (COs) in which the network elements are housed are well protected. Management access to the equipment is safeguarded by telco methods and procedures developed over many years.

While physical security has been a primary focus, there are also security measures employed at the network level. STPs, the routers of the SS7 network, perform gateway screening to prohibit inbound and outbound messages from unauthorized nodes. The addresses of individual nodes within a network are isolated. Global title translation (GTT) enables a network to receive messages from other networks without disclosing the unique addresses, called point codes, of its own nodes.

The advent of deregulation and the convergence of voice and data networks have changed the network landscape. Not only are there many more players in the game than originally envisioned, but the players are using the network for a much broader range of applications than originally planned. SS7 is no longer a closed network. It interfaces to wide variety of customers and to an array of other networks.

The increasing number and complexity of interfaces between SS7 and other networks increases its vulnerability to attack. Every point of interconnection is a potential point of access. The developing interdependence between SS7 and IP networks is increasing that vulnerability. It is a misconception to think that a network is secure if it is not IP-based. If there is an IP network anywhere in the chain of interconnection, all the connected networks are vulnerable to some extent. There is no encryption or authentication in the signaling network to ensure the validity of sending nodes outside the network boundary. A rogue server in the IP network sending damaging management messages could seriously impair the signaling network and take down service.

Anyone capable of generating SS7 messages and introducing them to the network can cripple PSTN service. For example, a hacker with access to ISDN could spoof the source address and introduce harmful packets into the network by modifying and fabricating ISDN user part (ISUP) messages. SS7 network elements are also susceptible to packet sniffing.

Each element in the SS7 network is engineered to handle a certain amount of traffic. A hacker can flood a node by generating more traffic than it can handle and take it down. When this occurs, call processing in that section of the network can come to a halt.

Signaling is critical to all network operations, and it is essential to secure and protect the network. There are a number of steps that can be taken to maintain its integrity.

One of the best ways to create a safer signaling network is to create a smarter SS7 network. STPs provide a unique vantage point from which to view the network and gather valuable information. All of the traffic to and from SSPs and SCPs passes through them. An SS7 firewall application on an STP enables carriers to define screening parameters to identify messages that are out of context or exhibit irregularities. Next-generation STPs take security intelligence to a new level. They can actually analyze message behavior, identify anomalies, and invoke procedures to recommend a course of action.

The SS7 and VoIP interconnection architecture should be designed to minimize the risk. Creating an architecture that uses centralized SS7 to IP gateways increases security by minimizing the number of points of interconnection to the SS7 network. Rather than front-end each media gateway with SS7 over IP signaling, a single scalable, high-capacity signaling gateway can be deployed to control a farm of media gateways. By creating a single point of connection, it is also easier to firewall the SS7 network because the security wall can be installed at fewer points.

Running SS7 signals and other types of traffic such as corporate data on a single network can introduce potential risks. Since the network is most vulnerable at the edge, physically separating the signaling and bearer traffic on different networks significantly increases security. Within the core of the network, which is more secure, the network can be shared for multiple traffic types.

Secure management interfaces are also an essential network protection measure. Loopholes in current IP management protocols such as simple network management protocol (SNMP) can give hackers and attackers access to the signaling network. Secure management protocols must be augmented with strict methods and procedures such as password aging, non-reusable passwords, activity log, and audit trails to enhance the security.

Securing the global voice network will become increasingly important as new cutting-edge technology is introduced. It is critical to address network security to prevent a slowdown in the rate of adoption of new technology. The job of securing the network is never complete and is a continuous learning process. The industry as a whole must maintain a constant alert and continue to evolve security solutions to make the telecommunication infrastructure robust.

Ravi Ravishankar is director, Advanced Technology Planning, at Tekelec. His focus is on defining signaling solutions and products for the next-generation packet telephony and 3G wireless networks. Tekelec is a leading developer of telecommunications signaling infrastructure, softswitches, testing and diagnostic solutions, and service applications. Please visit their Web site at www.tekelec.com.

[ Return To The August 2002 Table Of Contents ]

Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas