Research On The Method Of Node Information Detection In LTE Network

The fourth generation communication system LTE is a widely used mobile communication technology at present,which is superior to previous generations in terms of data transmitting velocity,connection quality and network security.However,because of the IP-used network,the security of LTE networking protocol is facing enormous challenge while data transmitting velocity improving.The detection and defending of node information is a crucial means for operators in network management,which not just facilitate the bug-finding in time for network operators,prevent troubles before they emerge,but also used in the network intrusion detection.Available researches of network protocol security mechanism globally mainly focus on the security analysis in processing mechanism to the protocol information and logical deduction to the security process,while the research on how to detect the internal node information of operators by using network protocol security mechanism is being in blank.The network node information detection technology is the basis of LTE security protocol verification,therefore,in this dissertation,LTE network node information detection is the main study object,utilizing two most commonly used protocols in LTE network--GTP and SCTP,to work out the method of node information detection based on GTP and SCTP.For verifying the effectiveness of this method,a simulation test environment for mobile operators is constructed in this dissertation,which conforms to the standard of 3GPP,while completing the detection to a large number of network elements in this test environment and estimation to node information and network element types,therefore providing significant evidence to detect security threats of unknown network.The main work of this dissertation:specific to the GTP or SCTP that relied by ports including S6a?S5/S8?S9 involved in LTE roaming network,through the specific mechanism of these protocol to enable the detection of node survival and node information,data package forging.Based on GTP's error return mechanism,channel maintenance mechanism and SCTP's handshaking mechanism,we complete the detection aiming to target node survival and information parameter in the roaming network by sending forging data package and checking the response status to the target network node.For verifying the effectiveness of this detection method,a simulation test environment based on LTE core network protocol security detection mechanism for mobile operators is constructed in this dissertation.In terms of the network element function of the core network,it is configured and developed by the EPC's basic module in the OAI open-source platform,therefore simulating the real configuration of operators in reality,to model the network element and COM port for testing.This emulated environment supports the signaling process in primary core network,as well as processes of interconnection across different network and global roaming by IPX network.The main innovation in this dissertation includes the following three points.First,we provide an active detection method of the EPC node based on the GTP request/response mechanism.This method is capable of detecting the network node information in GTPV2 protocol to IP address of specified and fixed segments in local or roaming network,for working out the problem that is short of real-time estimation to survival network element based on GTP in available network detection tools.Second,we present an active detection method of the EPC node based on SCTP full-connection.In this method,a forged data package is used to detect the network node information of port 36412 and port 36422 based on SCTP protocol,to solve the problem that mainstream detection tools for network port is short of initiative and instantneity in SCTP's transport protocol,and shows relatively high accuracy.Second,we present an active detection method of the EPC node based on SCTP full-connection.In this method,a forged data package is used to detect the network node information of port 36412 and port 36422 based on SCTP protocol,to solve the problem that mainstream detection tools for network port is short of initiative and instantaneity in SCTP's transport protocol,and shows relatively high accuracy.Third,we provide an active detection method of the EPC node based on SCTP semi-connection.This method is an improvement for SCTP full-connection detection.It is found that SCTP service can be estimated only by executing the SCTP handshaking mechanism twice in this dissertation.By using the specified header format,sending echo package to forged data package,the target node and receiving reflection can be deceived.Since it reduces the number of connection log dramatically,the method has got a better invisibility.In this dissertation,a simulation experiment about above researching methods is conducted in the simulation test environment.The result verifies the feasibility and effectiveness of the detection model and methods mentioned above.