RMLL / LSM 2013: Opening up mobile and telecommunications networks
As part of our effort to further the knowledge on telecommunications technologies in the open source and security community we have presented an introduction into mobile and telecom networks and
From walled garden to open and reviewed security
Telecommunication networks differ from IP networks in several important aspects. First, telecom networks have to provide the infrastructure ensuring high-availability, high throughput as well as resilience for a wide range of services. Second, telecom networks must offer support for legacy network elements and services as old as 40 years, requiring a multitude of protocols for backward compatibility and interoperability. Third, telecom networks support multiple addressing schemes making analysis and mapping more difficult than IP networks. The Internet is based in essence on a comparably small set of basic protocols that offer all the needed capabilities for higher layer services. The existing tools designed for the analysis of IP based networks offer little support for telecom networks and hence necessitate the development of dedicated tools. Here we present the techniques and tools that we have developed in order to better understand telecom networks. These tools allow us to scan, communicate on and visualize telecom networks. SCTPscan allows us to reliably and efficiently scan hosts for open SCTP ports which are possible entry points to the SS7 network. pysctp is a python library providing a simple API to the SCTP protocol, which is the basis for communicating on telecom networks. Finally, we demonstrate the capabilities of our toolset by analysing a typical telecom network and highlighting the aforementioned properties of such networks.
The network architecture of a typical mobile network operator. Telecom networks are powered by a large number of different technologies.
A passive network scan showing the different network elements (nodes) and the communication (edges) between them. The edge width is drawn proportional to the number of exchanged messages in the recorded period of time. (global titles have been anonymized)
We have recently presented this topic at the Libre Software Meeting, Security Track 2013 (slides). Also check out the RMLL website.