Global ETD Search

1	SS7 Honeypoty - proaktivní ochrana proti podvodům v mobilních sítích / SS7 Honeypots - Proactive Mobile Networks Fraud Protection Kubiš, Juraj January 2020 (has links) This diploma thesis deals with the issue of attacks and fraud against mobile networks, with the main aim being implementation of a honeypot-type tool possessing the ability to respond to these accordingly. Thus, this thesis contains a basic introduction into mobile networks, their topology and commonly used protocols, along with analysis of their general security. This is followed by a clarification of the term honeypot itself, with an explanation of motivations for its deployment into the networks, together with listing of advantages and disadvantages such deployment may bring. The rest of the thesis deals with the actual implementation of such tool, specifically with its design, realisation and testing. This thesis presents a method for responding to the supported frauds, a detailed description of the implementation, configuration and outputs of the tool. The process of testing whether the implementation corresponds to the presented design is described here. The implemented tool is evaluated and its further possible improvements are discussed. SS7; fraud; GSM; honeypot; podvod
2	Možnosti implementace signalizačního systému číslo 7 v PBX Asterisk / Signalling system No. 7 implementations for Asterisk Janíček, Martin January 2009 (has links) Semestral project describes signaling system number 7, it's settings options and options of signaling over IP networks, especially two transport protocols SCTP and BICC for signaling SS7 over IP. Analyses kinds of implemetations of this signaling system to the Asterisk PBX with TDM E1 card support. Further part of this work is dedicated to the open source implementations libss7 of Digium and chan_ss7 which is currently developed by Dicea. Describes in detail their installation to the open source PBX Asterisk including testing of both and comparing these two open source solutions. Last part is focused on realization of gateway which converts communication from TDM network to IP network. For this part, three computers are used. First as SS7 signalling end softswitch, second as SIP signalling end softswitch and last as gateway between them. This gate works as interface between SS7 signalling and SIP signalling. Testing call was realized successfully for both directions. libss7; SS7; chan_ss7; Asterisk; TDM
3	Prototyping and evaluation of TCAPsec Chung, Kang January 2008 (has links) <p>Today, the most frequently used signaling system for telecommunication is called Signaling</p><p>System No. 7 (SS7). The growing usage of mobile telephones and mobile data communication,</p><p>and the development of new services mean that the risk of intrusion and exploitation of</p><p>the SS7 signaling networks increases. The increasing problem with unauthorized access to</p><p>sensitive information and the operators’ growing demand for security is the origin of our</p><p>work. This thesis presents a prototype design and implementation of a Security Gateway</p><p>(SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec</p><p>is a security concept for introducing security mechanisms to the signaling system. The prototype</p><p>includes three different protection modes that provide security services, ranging from</p><p>almost no protection to full protection with the use of encryption algorithms. The thesis also</p><p>contains an evaluation study of the delay penalties caused by the use of these security services.</p><p>With regards to the restrictions on the prototype, the conclusion drawn from the evaluation</p><p>results was that the protection mechanisms in the different protection modes did not inflict</p><p>any significant time penalties. Instead, the results of the study indicate that the routing process</p><p>of messages in the network is a more significant delaying part in the communication between</p><p>different nodes. This result implies that the routing process takes longer time than the security</p><p>services. The thesis also presents a number of discovered features that will require further</p><p>investigation and development before the TCAPsec concept can be realized.</p> Telecommunication SS7 User Security Computer science Datavetenskap
4	Utvärdering av Elastic Stack som verktyg för detektering av skadlig SS7-trafik / Evaluation of Elastic Stack as a tool for detecting harmful SS7 traffic Nilsson, Sammie, Wester, Håkan January 2019 (has links) Det finns idag fortfarande komponenter i det globala mobilnätet som använder teknologi som utvecklades på 70-talet. Nyare, säkrare system har införts i flera länder, men även dessa behåller sin förmåga att kommunicera med de mer sårbara äldre systemen och delar därmed deras säkerhetsproblem. Det är speciellt protokollstacken SS7, grunden till 2G som har stora säkerhetsbrister. Syftet med denna uppsats är primärt att designa samt implementera en Elastic Stack pipeline och avgöra vad för information som kan erhållas vid användandet av denna pipeline på SS7-signaleringstrafik från ett faktiskt mobilnätssystem. Ur detta formulerades även ett antal delsyften. En pipeline implementerades och testades ihop med flera olika format på inläst data. Det gjordes fyra experiment där olika funktionaliteter testades med hjälp av utvalda dataset vars syfte var att agera substitut till den sekretessbelagda faktiska mobilnätsdatan. Elastic Stack är enligt vår uppfattning ett lovande verktyg för att övervaka och analysera SS7-signaleringstrafik, men det finns ett antal hinder som bara delvis beror på att mjukvaran är under utveckling. Dessa går dock till större del att kringgå. / There are currently components of the global mobile network that use technology developed in the 1970s. Newer, more secure systems have been introduced in several countries, but even these retain their ability to communicate with the more vulnerable older systems, and thus share their security issues. The purpose of this thesis is primarily to design and implement an Elastic Stack pipeline and determine what information can be attained through the use of this pipeline on SS7 signalling traffic from an actual mobile network system. To accomplish this, a series of sub-purposes also emerged. A pipeline was implemented and tested with several different formats of data. A series of four experiments were performed where different functionalities were tested with the help of selected data sets whose purpose was to act as substitutes for the classified actual mobile network data. Elastic Stack is, in our opinion, a promising tool for monitoring and analyzing SS7 signalling traffic, but there are a number of issues that can only partially be attributed to the software being still in development. They are however largely circumventable. Elastic Elastic Stack SS7 Computer and Information Sciences Data- och informationsvetenskap
5	Implementação de uma solução modular e escalável das funções DAED para o nível 2 do sistema de sinalização por canal comum número 7 usando dispositivos de lógica programável Lima, Hillermann Ferreira Osmídio 18 December 2012 (has links) Made available in DSpace on 2015-04-22T22:00:45Z (GMT). No. of bitstreams: 1 Hillermann Ferreira Osmidio Lima.pdf: 1820292 bytes, checksum: 0434ed2f2545deea32acce6f4ff7b7c3 (MD5) Previous issue date: 2012-12-18 / This dissertation presents an implementation in VHDL of the MTP-2 layer of SS7, Low part, together with a Programmable Switching Matrix, to reach, as more generic as possible, a modular, portable (reusable) and scalable solution to be used in various technologies and telecommunications equipments with different architectures and capabilities. As parallel contributions, this work includes: the development of a methodology for implementing digital circuits in VHDL based on a visual description using flowcharts; the proposing of a technique for generating random vectors using the MATLAB software for simulation and validation of digital circuits using hardware description language, allowing the detection of fault conditions that would hardly be evaluated with manually generated vectors. As a result, this work generated practical use artifact, presenting a substantial increase capacity on treatment of SS7 links in telecommunications equipments, when compared with previous related works. / Esta dissertação apresenta uma implementação em VHDL da camada MTP-2 da SS7, parte Low, em conjunto com uma Matriz de Comutação Programável de modo a constituir, da forma mais genérica possível, uma solução modular, portável (reutilizável) e escalável para poder ser usada em várias tecnologias e em equipamentos de telecomunicações com diferentes arquiteturas e capacidades. Como contribuições paralelas do trabalho destacam-se: o desenvolvimento de uma metodologia para implementação em VHDL de circuitos digitais a partir de uma descrição visual com o uso de fluxogramas; a proposta de uma técnica de geração de vetores de forma aleatória usando o software MATLAB para simulação e validação de circuitos digitais usando linguagem de descrição de hardware, permitindo a detecção de condições de falha que dificilmente seriam avaliadas com vetores gerados de forma manual. Como resultado, este trabalho gerou artefato de utilização prática, apresentando um considerável aumento na capacidade de tratamento de Enlaces SS7 de equipamentos de telecomunicações, quando comparado com trabalhos realizados anteriormente. SS7 Descrição de hardware Hardware description ENGENHARIAS: ENGENHARIA ELÉTRICA
6	Prototyping and evaluation of TCAPsec Chung, Kang January 2008 (has links) Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communication, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The prototype includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized. Telecommunication SS7 User Security Computer Sciences Datavetenskap (datalogi)
7	Prototyping and evaluation of TCAPsec Chung, Kang January 2007 (has links) <p>Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communica-tion, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The proto-type includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized.</p> prototyping evaluation TCAPsec concept telecommunication SS7 network security encryption cryptography Computer science Datavetenskap
8	Experimental Study of GPRS/WLAN Systems Integration / Experimentell Studie av GPRS/WLAN System Integration Nyström, Joakim, Seppälä, Mikael January 2003 (has links) <p>The convergence of future networks relies on the evolution of technology that enables seamless roaming abilities across non-heterogenous networks for mobile clients. This thesis presents an experimental study of a GPRS-WLAN integration scenario where the objective is to analyze various aspects of the issues related to charging, mobility, roaming and security between GPRS and WLAN networks. The mainly discussed integration scenario in this thesis is loosely coupled systems working on RADIUS platforms, which together with MobileIP and IPSec provides the mobile client with a secure and access-technology independent network access platform. </p><p>In order to accommodate GPRS client authentication for WLAN operators, there is a prominent need for the incorporation of necessary GPRS functionality into present AAA servers. RADIUS has been studied as the initial target for the implementation of a GPRS interface towards SMS-Cs and HLRs.The authentication of a mobile client is performed against a HLR/AuC in a GPRS network, either over SS7 links or through the incorporation of SIGTRAN protocols over SCTP. SIGTRANsolutions has the ability to join WLAN networks in a SS7 resource sharing model where the SS7 authentication signalling traffic is transported over IP networks to a Signalling Gateway acting as the logical interface against SS7 networks. </p><p>GPRS-WLAN accounting may be solved through direct roaming agreements between mobile operators and in such a case transport CDR’s over FTP between their billing systems. If roaming agreements does not exist, it may be viable to establish relationships between WLANs and brokers as well as mobile operators and brokers. The brokering model provides a scalable model that allows easier exchange of charging and billing information on an infrastructure based on WLAN and GPRS billing systems. Standardised transmission protocols for accounting information such as GTP’/TAP3 may be utilised in order to provide a generic billing exchange format between billing systems and operators. </p><p>Furthermore, different network architectures may have different requirements in order to accommodate GPRS clients with WLAN access. A few network architectures has been analysed, and the developed GPRS AAA Interface Daemon (GAID) has been put into context in order to present a generic GPRS-WLAN systems integration solution for WLAN operators. </p><p>The analysed solutions in this thesis give various possibilities for WLAN operators to setup wireless services for bypassing mobile clients. The implementational work provides a RADIUS platform, which can be enhanced with functionality that enables communication over any interface in the future.</p> Informationsteknik GPRS WLAN Integration RADIUS MobileIP OTP SMS SS7 SIGTRAN Informationsteknik Information technology Informationsteknik
9	Experimental Study of GPRS/WLAN Systems Integration / Experimentell Studie av GPRS/WLAN System Integration Nyström, Joakim, Seppälä, Mikael January 2003 (has links) The convergence of future networks relies on the evolution of technology that enables seamless roaming abilities across non-heterogenous networks for mobile clients. This thesis presents an experimental study of a GPRS-WLAN integration scenario where the objective is to analyze various aspects of the issues related to charging, mobility, roaming and security between GPRS and WLAN networks. The mainly discussed integration scenario in this thesis is loosely coupled systems working on RADIUS platforms, which together with MobileIP and IPSec provides the mobile client with a secure and access-technology independent network access platform. In order to accommodate GPRS client authentication for WLAN operators, there is a prominent need for the incorporation of necessary GPRS functionality into present AAA servers. RADIUS has been studied as the initial target for the implementation of a GPRS interface towards SMS-Cs and HLRs.The authentication of a mobile client is performed against a HLR/AuC in a GPRS network, either over SS7 links or through the incorporation of SIGTRAN protocols over SCTP. SIGTRANsolutions has the ability to join WLAN networks in a SS7 resource sharing model where the SS7 authentication signalling traffic is transported over IP networks to a Signalling Gateway acting as the logical interface against SS7 networks. GPRS-WLAN accounting may be solved through direct roaming agreements between mobile operators and in such a case transport CDR’s over FTP between their billing systems. If roaming agreements does not exist, it may be viable to establish relationships between WLANs and brokers as well as mobile operators and brokers. The brokering model provides a scalable model that allows easier exchange of charging and billing information on an infrastructure based on WLAN and GPRS billing systems. Standardised transmission protocols for accounting information such as GTP’/TAP3 may be utilised in order to provide a generic billing exchange format between billing systems and operators. Furthermore, different network architectures may have different requirements in order to accommodate GPRS clients with WLAN access. A few network architectures has been analysed, and the developed GPRS AAA Interface Daemon (GAID) has been put into context in order to present a generic GPRS-WLAN systems integration solution for WLAN operators. The analysed solutions in this thesis give various possibilities for WLAN operators to setup wireless services for bypassing mobile clients. The implementational work provides a RADIUS platform, which can be enhanced with functionality that enables communication over any interface in the future. Informationsteknik GPRS WLAN Integration RADIUS MobileIP OTP SMS SS7 SIGTRAN Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
10	Prototyping and evaluation of TCAPsec Chung, Kang January 2007 (has links) Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communica-tion, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The proto-type includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized. prototyping evaluation TCAPsec concept telecommunication SS7 network security encryption cryptography Computer Sciences Datavetenskap (datalogi)

Search results