By Leonid Burakovsky, Juniper Networks
Jun 4, 2007 4:55 PM
Have you ever wondered how many mobile phones were shipped last year? The statistic is actually quite amazing: According to a February 2007 press release issued by IDC more than 1 billion mobile devices were shipped in 2006, of which more than 80 million of those were converged mobile devices—handsets that offer additional data services beyond just voice. Today, major drivers for the purchase of new handsets include music and camera capabilities. But already we’re starting to see additional drivers that include richer services like navigation, mobile gaming, mobile TV, even mobile banking. With the current trend toward the general “mobilfication” of society, mobile phones are morphing into true multimedia devices.
And this mobilfication is having a big impact on mobile operator networks. For example, mobile networks are no longer voice-only, but are instead becoming converged multiservice networks with many differentiated services running over them. Today’s leading operators have streaming media, VoIP, and video telephony all running over a single IP Infrastructure. With all the new services and corresponding increase in mobile Internet traffic and access, the dark side of these new mobile services is starting to show—serious security threats to mobile users and mobile network operators.
Several recent studies have demonstrated a very menacing increase in security incidents. First, a McAfee study released in February 2007 reported that the number of mobile security incidents in 2006 increased by 500 percent and that 83 percent of mobile operators had been hit by mobile infections. According to the study, the impact on customer satisfaction was ranked as the most serious issue arising from this explosion in attacks. The impact to network performance was ranked as the second most serious problem—a problem that of course also impacts consumers’ satisfaction levels. According to this same study, even with this huge jump in security incidents, less than 30 percent of the mobile operators who claim that they consider device and application-level security to be important actually installed such protections!
A similar trend can be seen in the results reported in IBM’s ISS 2006 Survey “The State of Security In Carrier Service Delivery”. According to this survey, an astounding 55 percent of senior managers at the biggest carriers said that security issues were impeding their rollout of Triple- and Quad-play service bundles. In addition, 78 percent said that, within these bundles, security is essential to the long-term viability of VoIP services and a shocking 30 percent said that they consider IPTV to be "not secure at all."
These statistics highlight the fact that service providers are facing several new security challenges. On the business side, hacking (also called “cracking”) has begun to significantly impact the bottom line. On the technology side, new viruses like Polymorphic, which change their byte sequences to throw off antivirus software, can take up to a week to analyze. In a report released by the FBI earlier this year, the agency estimated that “computer-related crimes cost U.S. business a staggering $67.2 billion a year.” According to that same report, responding to worms, viruses, and Trojan horses was the most costly, followed by computer theft, financial fraud, and network intrusion
Fixed Mobile Converged Security
FMC breaks the vertical silos of legacy architectures and defines three horizontal layers: the IP transport layer, the control and policy layer, and the services and applications layer. Open, standards-based protocols such as DIAMETER, COPS, XML, and others are used between these layers.
This layered approach marks a paradigm shift away from a fundamentally vertical model that relies largely on proprietary protocols. Instead, this new horizontal model leverages standards-based interfaces for working with partner and third-party network elements.
There is little doubt that FMC offers real and important advantages. However, there is also little doubt that security will become one of its major challenges. As carriers offer more services over IP (VoIP, streaming media, video telephony, and IPTV) security will be more important than ever. Furthermore, within the carrier’s own organization, there is often no clear owner for next-generation IP-based security. For a variety of reasons, it is difficult to determine who is in charge of this key function. Is it network groups (IP specialists)? Is it signaling folks (specialists in SS7, SIP, DIAMETER)? Is it IT folks, SoftSwitch folks, or Service Layer folks? Until now, very few service providers have been successful at solving this puzzle. And now for an even harder question: which operator will be willing to delay their next service launch in order to improve security?
The Importance of Signaling Network Security
At this time, all evidence points to the fact that FMC security challenges will be much more serious than many are anticipating. The whole concept of security is changing, and the current focus on transport plane security (or lack thereof) will be replaced with a complex, multi-layer security matrix, wherein the need for control and signaling layer security (SIP, DIAMETER, SIP-T, SIGTRAN, SOAP), and service / application layer security (SMS, MMS, MAP) will be just as important as transport plane security, if not more so. In addition, security for all layers will need to include integrated policy enforcement and secure access technology using multi-protocol authentication and authorization services.
The most comprehensive approach (and really the only approach that can work) is to protect the entire network with layered security. In this approach, multiple security components are applied in layers:
In the case of VoIP, operators must implement not only protocol anomaly detection for SIP and H.323 signaling, but also build customizable attack signatures whereby, keeping the state of all signaling messages involved in the same session, they can detect any unusual or suspicious behavior on the application layer. This ability to build customized attack signatures based on stateful protocol inspection, attack patterns, and behavioral learning will be the major security differentiation between service providers’ security capabilities in the future.
One of the latest trends in networks is to run signaling over Stream Control Transmission Protocol (SCTP), an emerging alternative to TCP which adds functionality such as multi-homing, additional resilience, and additional security at the time of association establishment. Many protocols like MEGACO, DIAMETER, the SIGTRAN family (IUA, M3UA, SUA) and upper SS7 protocols will run over SCTP sooner or later. Also, there is a growing trend toward running SIP over SCTP. While SCTP is definitely a better choice than TCP, new security concerns should be taken into consideration, such as address camping or stealing, association hijacking and redirection, and bombing attacks.
Protecting Mobile Networks
For example, GTP doesn’t specify any kind of authentication or data integrity checking, so GTP protection should include (in addition to simple sanity checking) GTP IMSI prefix and APN filters, rate limiting, SGSN and GGSN redirection, support for GSN pooling, lawful intercept, and similar useful features.
Another angle of this comprehensive network security approach is to define and group possible destinations and sources of attacks and define appropriate security measures.
To protect servers, mobile operators should implement application-layer attack detection and prevention (e.g. RADIUS server attacks, buffer overflows, SIP flooding, RTP flooding).
To protect network infrastructure, mobile network security must be able to detect and prevent DoS and DDoS attacks, port scans, and buffer overflows.
User protections must include these as well as worm and virus detection and SIP or RTP flooding.
Firewall and Deep Packet Inspection techniques are an excellent means by which to protect the transport layer infrastructure, network users and traffic from DoS, DDoS, and other attacks. In addition, the FMC network infrastructure and traffic can be secured at the control layer by using SIP, SCCP and H.323 Application Layer Gateways (ALGs)--including stateful inspection, thresholding, Back-to-back User Agent (B2BUA), and other techniques.
One of the most critical safety mechanisms is the ability to build customized attack signatures based on stateful protocol inspection, attack patterns, and behavioral learning. Another exceptional capability is bandwidth management and service top-offs for instant messaging (IM) and peer-to-peer (P2P) traffic, along with visibility at the subscriber level. It is also important to provide protection at the service layer for SIP-based application servers and protects end users from viruses, worms, and trojans via IDP (Intrusion Detection and Prevention) platforms. As part of a comprehensive mobile security strategy, service providers should strongly consider security platforms that have the ability to secure not only the transport layer, but also to provide comprehensive, proven security for the entire FMC network.
With growing promises of user access to voice, video, and data services from ANY location, at ANY time, using ANY device via ANY access method or network available, the challenges of securing mobile networks and services are likewise increasing. While no network will ever be 100 percent secure, mobile operators can dramatically reduce the risk of security breaches—and their corresponding costs—by implementing a comprehensive approach to securing their mobile and FMC networks. A comprehensive security strategy must consider all three layers of the network: IP transport, control plane and service layer, as well as the major sources and targets of attacks. By securing their networks in this manner, mobile operators will be able to offer truly secure mobile data services. We are already seeing the clouds gathering, bringing with them serious implications for security. And though we aren’t sure yet how bad the storm will be, let’s resolve to be ready.