Research On Security Issues Caused By IP-based EPC

IP-based EPC is one of the major trends in the evolution of mobile communication network.However new network security features in information security aspects have been brought by the combination of IP and telecom.Many fields arise new security issues owing to IP-based EPC,such as interfaces,protocols,userdata and so on.Seven security instances in the above aspects are classified and analyzed in this thesis,including NDS/IP security,Diameter protocol security,SCTP protocol security,GTP protocol security,Sl-AP service reset security,IP network element procedure security,HeNB subsystem security etc.The thesis focuses on the following three aspects,namely EPC access security research based on HeNB subsystem,EPC control plane security research based on SCTP protocol and subscriber identity security research based on GTP protocol.The thesis exploits security threats and measures by analyzing protocol procedures and data packets' elements.On the basis of security research,the thesis designs and simulates the founded defects.According to the simulation results,the thesis puts forward the corresponding measures,which has great reference value for security guard of IP-based EPC.The paper's main innovation points are as follows.In terms of EPC access security for HeNB,the thesis spotted three security threats in self-launch process and SPOF in HeNB's S1-C interface.In view of the above questions,the thesis puts forward the following measures.The server address requesting procedure should strengthen the validity detection and cryptographic operations.Configuration requesting procedure should follow the principle of similitude to do the validation.XML document uploading procedure should increase safety from code and system sides.Vulnerability scanning and timely repair for the open port and service of HeNB-GW is badly needed.In terms of SCTP protocol security,the thesis proposed two security threats,namely large resource occupation quantity in COOKIE calculation and verification,DoS attack brought by address confliction in EPC functional entity with multi-address.In view of the above questions,the thesis puts forward that the server entity should compromise while responsing to connection request and do the access or not judge through risk assessment for the paths.In terms of subscriber identity security,this thesis indicates that GTP protocol allows the subscriber to own more identity in spite of hiding the intrinsic identification.What's worse is that the relationship between the intrinsic one and the added ones is easy to find according to bearing established mechanism.In view of the above questions,the thesis puts forward the following measures.IMSI encryption processing is a must while IMSI is a necessary parameter.As for the data packets that take both IMSI and TEID,IMSI should be dynamically replaced.