How to cope with security risks of the NGN Platform

In the next generation network (NGN), value-added services are mainly provided by the NGN service platform. As NGN is based on a group network and based on an IP/ATM network, its security is inferior to that of traditional networks. At the same time, the next generation network must be an open platform, supports the access of various third-party applications. In addition, the forms of user terminals in the next-generation network tend to be diversified, including common phones and Session Initiation protocols (SIP) terminals, H.323 terminals, integrated access devices (IAD), and PCs. These factors objectively make the NGN business platform more likely to be attacked. Therefore, security needs to be fully considered in various aspects when constructing the NGN business platform.

At this stage, the value-added services provided by carriers based on the next generation network are basically developed by equipment manufacturers and run directly on the NGN business platform. At this time, because the two sides are in an internal trusted relationship, you do not need to consider the security of open business interfaces too much. However, many value-added services (such as PC telephone services) provided by the NGN service platform are based on the Internet, and there are various types of terminals. In terms of security, there are many security risks in service use. These hidden risks are generally not encountered in value-added services in traditional networks, but they need to be carefully considered in the next generation networks.

When carrying out value-added services in the next generation network, absolute security is required at a considerable cost, and the overall performance of the services will be greatly affected, therefore, we need to strike a balance between security, performance, and cost in actual business development. Security Assurance only targets key security risks and does not require full security protection. At the device level, it is necessary to ensure the security and normal operation of the core NGN service platform and internal network, and complete most of the security detection and protection functions at the same time.

The main security problems faced by the service on the NGN business platform and the corresponding countermeasures are analyzed as follows:

For users' counterfeit problems, the existing solution of the NGN business platform is to require users to authenticate before using the business, and also require authentication information, for example, the user account and password are encrypted before sending. This method follows the traditional smart network authentication method and is not secure enough in NGN. The solution is to issue digital certificates to each value-added service user of NGN. The NGN Service Platform judges the legality of the user based on the user's digital certificate information to ensure the security of the user terminal. The issuance of digital certificates can be similar to the issue of the user identification module (SIM) card in the current mobile phone system. The carrier issues the certificate to legal users when the service is activated, after obtaining a digital certificate, a legal user can use the various services provided by the carrier and the business provider that cooperates with the carrier.

To defend against malicious attacks on the NGN business platform, you must deploy a firewall and intrusion detection system before the NGN business platform to enhance the anti-Attack Capability of application layer packets. At the same time, the NGN service platform needs to control the load of packets at the application layer. in a certain period of time, only a certain number of session packets are processed and other packets are discarded. Load control can be performed after a call intensity is exceeded, or after the resource usage of the NGN Service Platform exceeds a certain proportion. The call concept in NGN is more extensive than that in traditional networks. Therefore, when load control is performed, call classes (such as traditional voice calls) can be used separately) and other types (such as data and message communication processes.

After roaming to a remote location, if the user still registers with the NGN business platform through In-ternet and calls the user In the location of the NGN business platform, this will change users' long-distance or international long-distance calls into local calls, resulting in loss of the carrier's phone charges. Therefore, the NGN business platform should be able to support the management of users' territories and clarify users' regions. This work can be carried out in conjunction with the aforementioned issue of user digital certificates, add the user's local information to the digital certificate information. At the same time, the NGN business platform should be able to identify whether the user is roaming (which can be determined based on the network segment of the IP address to which the user is connected) and provide the configuration of whether to continue the call, the operator controls the operation according to the operation policy. For services provided by the NGN service platform when users are roaming, The NGN service platform is required to display the user roaming information in the ticket, so that operators can adopt the corresponding tariff policies.

As many value-added services of NGN are operated on an Inter-net-based group network, it is easy for users to initiate malicious calls or other improper calls, posing a threat to the security of the NGN business platform. To solve this problem, the NGN business platform must be able to display the user's access IP address in real time in call tracking, or the IP address of the user's network address translation device, to track malicious calls from the bearer network. When you need to listen to a media stream, the NGN business platform can control the connection of the call to the listening device.

With the rapid development of the next generation network, the pace of constructing the NGN Service Platform for operators is also increasing. At present, the industry has made a lot of research on the openness of the NGN business platform and the special services that can be carried out, but has little attention to the security of the NGN business platform. Based on the development status and development trend of the NGN business platform, this paper analyzes the open business interfaces and security of the service, and points out the security risks, A preliminary solution is proposed, hoping to Promote the Development of the NGN business platform.

It is foreseeable that with the continuous construction and operation of the NGN business platform, more and more attention will be paid to the security of the NGN business platform, and more research will be conducted.

1. Security Issues and Countermeasures of NGN
2. How to build a safer NGN business platform