Research Of Security Problems And Network Architecture In Softswitch

Softswitch is the pivotal technology in Next Generation Network. It adopts layer and open system structure, which break traditional telecom network structure and realize the combination of multi-isomerous network. The problem exists in IP technology and new Softswich technology need to be solved. Especially security problems for Softswitch must not be ignored. And for the sake of security and stability of NGN as an exercisable system, how to solve current security problems in Softswitch network becomes the pivotal problem. By defining the requirement for network information security in Telecom, this paper lays out the popular attack methods currently and point out security service that system should provide. And according to network security, user data security and service security these three aspects, give some security protection measures. This paper analyzes security situation and vulnerability in Voice over IP system and it can strengthen security mechanism by two aspects: 1) Security mechanism in protocol of VoIP system, including security measures in SIP protocol( Authentication by HTTP Digest, hop-to-hop encryption), and security defense provided in H.235 for H.323. 2) Security mechanism outside protocol of VoIP system: such as IPsec and TLS, providing peer-to-peer data encryption. In order to protect the core devices in Softswitch network, use mature technology-MPLS VPN to build Softswitch core security network, guarantee security of Softswitch server, application server, media gateway, signaling gateway etc. Then discuss several solutions for Firewall/NAT traversal, after comparing and analyzing, pick up media-signal proxy as the solution to separate Softswitch core security network from IP network and also well settle traversal problem for FW/NAT. Eventually, on base of APPRDD security model, from network layer, system layer, application layer, service layer and management layer, five sections, deploy security policy in Softswitch network. Then how to set up security Softswitch network is discussed, three kinds of network architecture for Softswitch (isolation signal from media, media-signal proxy and private security network) are brought forward. For model of isolation signal from media, it transfers signaling by private network and media by IP network, which give fairly high security to signaling part and Softswitch core network. For model of media-signal proxy, media-signal proxy is deployed at junction between Softswitch core network and other network, so that shield core devices in Softswitch; For model of private security network, put all the important devices of Softswitch in a security internal network with data tunnel technology like MPLS VPN. Through analyzing pros&cons in these three models, due to the applicable category, give advice on build security Softswitch architecture.