| 3G is becoming more and more widely used. The UMTS is one of the new'third generation'. The security of the core network determines the security of the entire network and user data. GTP protocol is a key protocol in the core network, so it's significant to study with it.Howerver, the attack for the GTP is often seen. Stateful inspection technology as one of the most important technology of the firewall will protect the core network of the UMTS effectively. Due to the speciality of GTP, the existent stateful inspection technology could not be used for reference. So it's important to research the proper method of the stateful inspection technology for the GTP protocol.Firstly, the format of the GTP header and the GTP protocol's workflow is in-depth analyzed in this thesis, which indicates that the field TEID determines the current state of the GTP data packer during the GTP communications. Thus, this field is a key to identity the state of a GTP packet during the transmissions. The state table entries of the Current GTP stateful inspection technology is only to rise, which will make the state table the possibility of the overflow. This will provide a security vulnerability for the attacker, as well as reduces the efficiency of the state match. It is proposed that the GSITP scheme to solve the problems above in this thesis. By joining the timeout processor, the timeout items will be dealed with in time and effectively. Thereby reduce the overflows of the state table and reduce the delay of the GTP state detection.At the end, a emulator OpenGGSN to test the GSITP scheme is used, which shows that the latency of the GTP stateful inspection based on the timeout processor is low, and the GSITP scheme is a effective GTP stateful inspection method. |
PDF Full Text Request