Patent Grant
8929360
The disclosed subject matter relates to systems, methods, media, and means hiding network topology.
Digital devices often exchange messages to communicate with each other. These messages can contain not only the information meant to be communicated, but also other information such as routing information. In some cases, network topology information can be determined by examining, for example, routing information exchanged between digital devices. For example, when sending a message, a sender may insert routing information into the message and send the message to a receiver on a path that travels through various other devices. Some of these devices may add further routing information, such as their network addresses, to the routing information associated with the message. The receiver of the message can include the routing information in its response so that the response can be correctly routed back to the sender. However, network providers may wish to keep this routing information away from, for example, attackers, other networks, network subscribers, or any entity that does require access to the information.
One reason to keep network topology information private is that attackers can use this information to identify parts of a network for attack. For example, an attacker masquerading as a legitimate user may examine the headers of a packet it receives from a network to determine the address of a critical component of that network. The attacker may then directly target the critical component with an attack, such as, for example, a denial-of-service (DoS) attack. A network provider may also want to keep network topology information private for reasons other than attack avoidance. For example, an IP address read from a packet header may reveal that a network provider has contracted to use the equipment of another entity (e.g., a competitor, a sub contractor, etc.). However, the network provider may have preferred to keep this information confidential for business reasons.
One method that can be used to protect network routing information in packets is encryption. For example, a network component that sends a packet to a mobile device can encrypt topology information that is needed by the network for routing responses from mobile devices, but is not directly needed by the mobile devices. A mobile device can insert the encrypted topology information into its response to the network component. The network can then decrypt the encrypted topology information and use it as necessary. However, mere encryption of the header may still leave the network vulnerable. For example, topology information may be inadvertently or maliciously removed such that the packet lacks proper routing information. Alternatively, an encrypted header may be altered so that a response cannot be routed or is routed improperly. It is also possible that an attacker may be able to decrypt an encrypted header and thus access the header and its now unprotected topology information.
Systems, methods, media, and means for hiding network topology are provided. In some embodiments, methods for hiding network topology are provided, the methods including: receiving a message including topology information from a sender; removing at least part of the topology information; associating the removed topology information with an identifier; saving the topology information; sending the message to a receiver; receiving a response from the receiver; retrieving the removed topology information based on the identifier; inserting the removed topology information into the response; and sending the response to the sender.
In some embodiments, computer-readable media storing computer-executable instructions that, when executed by a processor, cause the processor to perform methods for hiding network topology are provided, the methods including: receiving a message including topology information from a sender; removing at least part of the topology information; associating the removed topology information with an identifier; saving the topology information; sending the message to a receiver; receiving a response from the receiver; retrieving the removed topology information based on the identifier; inserting the removed topology information into the response; and sending the response to the sender.
In some embodiments, a intermediate apparatus in a network, including: a memory; an interface; and a processor in communication with the memory and the interface is provided, wherein the processor: receives a message including topology information from the interface; removes at least part of the topology information; associates the removed topology information with an identifier; saves the topology information in the memory; sends the message through the interface; receives a response from the interface; retrieves the removed topology information from the memory based on the identifier; inserts the removed topology information into the response; and sends the response to the through the interface.
In some embodiments, a wireless communication system is provided, including: means for receiving a message including topology information from a sender; means for removing at least part of the topology information; means for associating the removed topology information with an identifier; means for saving the topology information; means for sending the message to a receiver; means for receiving a response from the receiver; means for retrieving the removed topology information based on the identifier; means for inserting the removed topology information into the response; and means for sending the response to the sender.
Systems and methods for inhibiting access to network topology information are disclosed. Using some embodiments of the disclosed subject matter, an intermediate can remove topology information from an outgoing message and store the removed headers in, for example, a database, a memory, and/or a cache. When a response to the message is received at the intermediate, the topology information can be located and inserted into the response and the response can be forwarded to the sender of the message. Removal and reinsertion of topology information can be controlled by, for example, network policy settings. Some embodiments can provide removal and reinsertion of header information in some cases and encryption in others. This can allow, for example, a network operator to control who can address certain parts of a network and can allow different address realms to be used on an internal network and an external network.
Various embodiments of the disclosed subject matter can be used with various network types, protocols, standards, and/or topologies. For example,
Some functions can be grouped into logical units. For example, a Call Session Control Function (CSCF) includes three functions: a Proxy-CSCF (P-CSCF) 101, an Interrogating CSCF (I-CSCF) 102, and a Serving CSCF (S-CSCF) 103. A CSCF can manage much of the signaling that occurs in an IP IMS core. CSCF functions can be embodied in various forms and can be used with various network topologies and/or standards. For example, a CSCF can be use in both the Global System for Mobile Communications (GSM) standard and the Code Division Multiple Access (CDMA) 2000 standard. The 3rd Generation Partnership Project (3GPP) is responsible for IMS which works with GSM systems. The 3rd Generation Partnership Project 2 (3GPP2) is responsible for Multimedia Domain (MMD) which is used with CDMA systems and is based on the 3GPP IMS concept.
In the context of the IMS and MMD systems, a P-CSCF can be the initial interface between, for example, a mobile device and an IMS. A P-CSCF is typically located in a visited network or in a home network when the visited network is not IMS compliant. The P-CSCF acts as a Session Initiation Protocol (SIP) proxy and can forward messages from the user equipment or mobile station to the appropriate network entity and from a network entity to the user equipment/mobile station. The P-CSCF can inspect messages, provide SIP message compression/decompression using, for example, SIGComp, provide a security associate to the UE/MS, and generate charging data records (CDR) because it sits on the path of the signaling message. The P-CSCF can also include or communicate with a policy decision function (PDF) that authorizes media resources such as the provided quality of service (QoS), management of bandwidth, and provided access.
The I-CSCF is the contact point within a network for connections destined to a user of that network or a roaming user currently located within the network's service area. The I-CSCF assigns an S-CSCF to a user so that the user can communicate with the network. The I-CSCF's IP address can be published in a Domain Name System (DNS) so that remote servers can find it and use it as an entry point.
The S-CSCF performs the session control services for the, for example, UE/MS. This includes handling registration of the UE/MS, inspecting messages being routed through the S-CSCF, deciding which application server provides service, providing routing services such as sending messages to the chosen application server or to a PSTN, and enforcing the policies of a network for a given user. The S-CSCF can also communicate with the HSS to access user profiles and other information.
Application servers (e.g., 220 and 221) can host and execute services such as caller ID, call waiting, call holding, push-to-talk, call forwarding, call transfer, call blocking services, lawful interception, announcement services, conference call services, voicemail, location based services, and presence information. The application servers can interface with the S-CSCF using SIP and, depending on the service, can operate in an SIP proxy mode, an SIP user agent mode, or an SIP back-to-back user agent mode.
Returning to the call processing layer 320, this layer includes signaling protocols and call control using universal SIP as an application program interface (API). The signaling protocols can be, for example, SIP, ISUP, MGCP, or H.323. Further, the call processing layer 320 allows inter-working between SIP variants and other protocols through a unified messaging mapping (UMM) interface. The UMM interface can convert protocol specific messages and parameters to the universal SIP like API format. SIP like messaging is used, in some embodiments, because SIP has a large message set and can cover the possible messaging scenarios for SIP and other protocols.
SIP messages can include, for example, request messages such as, INVITE, CANCEL, BYE, and ACK. SIP message can also include, response messages, such as, for example, PRACK, MESSAGE, PUBLISH, REFER, UPDATE, and OPTIONS. SIP message headers can include, for example, Via, Record Route, Route Contact, To, and From. Network topology information can be contained in these headers and these headers can be removed and/or encrypted in some embodiments.
As illustrated in
The topology information can be saved, at 420, in, for example, a database, a cache, RAM, or any appropriate memory. The information can be associated with, for example, a user identifier that can be used to retrieve the information, at 470. The user identifier can be, for example, a public user ID. In some embodiments, the memory space where the information is stored can be reserved and/or allocated to be used for a specific call session and can be released and/or de-allocated when the session ends.
In some embodiments, intermediate 550 can decide to remove only some topology information from message 501. For example, the address of sender 500 can be left in message 501, but other topology information, for example, the addresses of devices that message 501 traveled through between sender 500 and intermediate 550 can be removed. This may be done, for example, if receiver 560 needs to know the address of sender 500. Intermediate 550 can encrypt some topology information and remove other topology information from a message 500. For example, in the previous example, the address of sender 500 can be encrypted. Some embodiments can also select between one of using encryption or removing topology information (e.g. headers) to perform topology hiding. Decisions of whether to and/or what to remove and/or encrypt from topology information can be based on various factors, such as, for example, the identity and/or location of receiver 560, the identity and/or location of sender 500, the identity and/or location of intermediate 550, the type of topology information, the type of message 501, and/or network policy settings (e.g., P-CSCF policy, I-CSCF policy, etc.). In addition, in some embodiments, topology hiding can be enabled or disabled using a command line interface (CLI)/event monitoring service (EMS).
Returning to system 100 of
On receiving 401 from S-CSCF a P-CSCF removes IK and CK values and sends a message to security interface for setting up the security association set up as a result of the challenge. If the security is enabled, a security server header can be inserted in the response. Once the positive response is received from security interface, the P-CSCF can send a returnResultSuccess to callLeg.
On receiving 200 OK response to register, a P-CSCF can check the expires header or expires parameter in contact. If it is non-zero then the service route headers for that public user identity can be stored. The security interface can be sent a message to setup the security association, if a new security association is needed. A message can be sent to the security interface to delete the old security association, if the new association is requested. A P-CSCF can return result success/failure to the callLeg to pass the response received from the security interface.
On receiving a request from UE P-CSCF a P-CSCF can match the service route header for that public user identity against the preloaded route header. If the match is not successful, a result error with a 400 response code can be returned to the callLeg. The P-CSCF's address can be added in the “via” header as configured in the service mode. The P-CSCF's Universal Resource Indicator (URI) can be added in the record route. The P-preferred-ID can removed and the P-Asserted-ID can be added. A globally unique ICID parameter can be created and inserted in the P-charging-Vector header. The result can be sent to the callLeg.
For responses, the P-CSCF can store the value received in the p-charging-function-address header and store the list of record route. The P-CSCF can also change the record route port number to the protected server port number as negotiated with UE during registration.
In some embodiments, a P-CSCF interacts with an IP Security (IPSEC) manager to set up security associations and interact with a policy interface to apply application policies. A P-CSCF can perform I-CSCF discovery in various ways. For example, a P-CSCF can use a configured list of I-CSCF defined by a peering server configuration. In other embodiments, a P-CSCF can perform I-CSCF discovery by using a DNS/Naming Authority Pointer (NAPTR).
IP address spoofing/IMS identity impersonation prevention is provided in certain embodiments. The P-CSCF can compare the IP address the request is received from and the subscriber's contact ip address to make sure the user who is registered is the one trying to make a call. The P-CSCF can also check the ip address allocated at the Packet Data Protocol (PDP) context creation with the IP address in the received SIP request to make sure the user who is paying for the IMS is using its own data access.
In some embodiments, the I-CSCF interfaces with HSS to validate visited network information sent by P-CSCF. If the subscriber is not allowed to roam in the visited network, the HSS sends an error indicating that roaming is not allowed. In certain embodiments, where the CSCF functionality is integrated into a Core CSCF module, the I-CSCF does not have to discover the S-CSCF based on the registering user and capabilities. In the second configuration when P-CSCF is separate I-CSCF is still integrated with S-CSCF therefore discovery is not required. External S-CSCF discovery can also be used by requesting an additional attribute from the HSS and selecting the S-CSCF based on the capabilities requested by the subscriber
Although the invention has been described and illustrated in the foregoing illustrative embodiments, it is understood that the present disclosure has been made only by way of example, and that numerous changes in the details of implementation of the invention can be made without departing from the spirit and scope of the invention, which is limited only by the claims that follow. Features of the disclosed embodiments can be combined and rearranged in various ways within the scope and spirit of the invention.
This application claims the benefit under 35 U.S.C. §119(e) of U.S. Provisional Patent Application No. 60/873,493, filed Dec. 7, 2006, which is hereby incorporated by reference herein in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5850441 | Townsend et al. | Dec 1998 | A |
| 5892924 | Lyon et al. | Apr 1999 | A |
| 6119234 | Aziz et al. | Sep 2000 | A |
| 6138156 | Fletcher et al. | Oct 2000 | A |
| 6327471 | Song | Dec 2001 | B1 |
| 6431875 | Elliott et al. | Aug 2002 | B1 |
| 6477590 | Habusha et al. | Nov 2002 | B1 |
| 6687252 | Bertrand et al. | Feb 2004 | B1 |
| 6714987 | Amin et al. | Mar 2004 | B1 |
| 6775273 | Kung et al. | Aug 2004 | B1 |
| 6778494 | Mauger | Aug 2004 | B1 |
| 6792461 | Hericourt | Sep 2004 | B1 |
| 6810259 | Zhang | Oct 2004 | B1 |
| 6847991 | Kurapati | Jan 2005 | B1 |
| 6853630 | Manning | Feb 2005 | B1 |
| 6854014 | Amin et al. | Feb 2005 | B1 |
| 6888821 | Rasanen et al. | May 2005 | B2 |
| 6973309 | Rygula et al. | Dec 2005 | B1 |
| 6978380 | Husain et al. | Dec 2005 | B1 |
| 6996087 | Ejzak | Feb 2006 | B2 |
| 7222359 | Freund et al. | May 2007 | B2 |
| 7454206 | Phillips et al. | Nov 2008 | B1 |
| 7474894 | Cardina et al. | Jan 2009 | B2 |
| 7613836 | Tober et al. | Nov 2009 | B2 |
| 7701974 | Mayer et al. | Apr 2010 | B2 |
| 7702785 | Bruton et al. | Apr 2010 | B2 |
| 7817635 | Akhtar et al. | Oct 2010 | B2 |
| 8200827 | Hunyady et al. | Jun 2012 | B1 |
| 20010026550 | Kobayashi | Oct 2001 | A1 |
| 20020029260 | Dobbins et al. | Mar 2002 | A1 |
| 20020031131 | Yemini et al. | Mar 2002 | A1 |
| 20020131404 | Mehta et al. | Sep 2002 | A1 |
| 20020194378 | Foti | Dec 2002 | A1 |
| 20030002496 | Beier | Jan 2003 | A1 |
| 20030016630 | Vega-Garcia et al. | Jan 2003 | A1 |
| 20030026260 | Ogasawara et al. | Feb 2003 | A1 |
| 20030027595 | Ejzak | Feb 2003 | A1 |
| 20030050076 | Watanabe | Mar 2003 | A1 |
| 20030055962 | Freund et al. | Mar 2003 | A1 |
| 20030058872 | Berggreen et al. | Mar 2003 | A1 |
| 20030159067 | Stirbu | Aug 2003 | A1 |
| 20030182435 | Redlich et al. | Sep 2003 | A1 |
| 20030188012 | Ford | Oct 2003 | A1 |
| 20030225897 | Krawetz | Dec 2003 | A1 |
| 20030227880 | Heller et al. | Dec 2003 | A1 |
| 20040006573 | Takashi | Jan 2004 | A1 |
| 20040009761 | Money et al. | Jan 2004 | A1 |
| 20040047290 | Komandur et al. | Mar 2004 | A1 |
| 20040054929 | Serpa | Mar 2004 | A1 |
| 20040068574 | Costa Requena et al. | Apr 2004 | A1 |
| 20040109414 | Choi et al. | Jun 2004 | A1 |
| 20040109459 | Madour et al. | Jun 2004 | A1 |
| 20040111476 | Trossen et al. | Jun 2004 | A1 |
| 20040122954 | Shaheen | Jun 2004 | A1 |
| 20040122967 | Bressler et al. | Jun 2004 | A1 |
| 20040137918 | Varonen et al. | Jul 2004 | A1 |
| 20040139230 | Kim | Jul 2004 | A1 |
| 20040152469 | Yla-Outinen et al. | Aug 2004 | A1 |
| 20040181686 | Krause et al. | Sep 2004 | A1 |
| 20040224688 | Fischer | Nov 2004 | A1 |
| 20040228331 | Hansen et al. | Nov 2004 | A1 |
| 20040252694 | Adhikari et al. | Dec 2004 | A1 |
| 20050002381 | Westman et al. | Jan 2005 | A1 |
| 20050005025 | Harville et al. | Jan 2005 | A1 |
| 20050009520 | Herrero et al. | Jan 2005 | A1 |
| 20050021713 | Dugan et al. | Jan 2005 | A1 |
| 20050083974 | Mayer et al. | Apr 2005 | A1 |
| 20050105526 | Stiemerling et al. | May 2005 | A1 |
| 20050111450 | Miyamoto et al. | May 2005 | A1 |
| 20050124341 | Myllymaki et al. | Jun 2005 | A1 |
| 20050190740 | Zhao et al. | Sep 2005 | A1 |
| 20050201357 | Poyhonen | Sep 2005 | A1 |
| 20050204052 | Wang et al. | Sep 2005 | A1 |
| 20050220095 | Narayanan et al. | Oct 2005 | A1 |
| 20050233727 | Poikselka et al. | Oct 2005 | A1 |
| 20060015615 | Merle et al. | Jan 2006 | A1 |
| 20060025132 | Karaoguz et al. | Feb 2006 | A1 |
| 20060031536 | Eydelman et al. | Feb 2006 | A1 |
| 20060031559 | Sorokopud et al. | Feb 2006 | A1 |
| 20060045064 | Qin et al. | Mar 2006 | A1 |
| 20060046714 | Kalavade | Mar 2006 | A1 |
| 20060058056 | Das et al. | Mar 2006 | A1 |
| 20060067244 | Sekaran et al. | Mar 2006 | A1 |
| 20060104431 | Emery et al. | May 2006 | A1 |
| 20060146792 | Ramachandran et al. | Jul 2006 | A1 |
| 20060155871 | Ilkka et al. | Jul 2006 | A1 |
| 20060193295 | White et al. | Aug 2006 | A1 |
| 20060211423 | Ejzak et al. | Sep 2006 | A1 |
| 20060239255 | Ramachandran et al. | Oct 2006 | A1 |
| 20060251050 | Karlsson | Nov 2006 | A1 |
| 20060256751 | Jagadeesan et al. | Nov 2006 | A1 |
| 20060256779 | Lim et al. | Nov 2006 | A1 |
| 20060264213 | Thompson | Nov 2006 | A1 |
| 20060270404 | Tuohino et al. | Nov 2006 | A1 |
| 20070022199 | Tatsubori | Jan 2007 | A1 |
| 20070025301 | Petersson et al. | Feb 2007 | A1 |
| 20070036078 | Chowdhury et al. | Feb 2007 | A1 |
| 20070036079 | Chowdury et al. | Feb 2007 | A1 |
| 20070041320 | Chen et al. | Feb 2007 | A1 |
| 20070058561 | Virgile | Mar 2007 | A1 |
| 20070066286 | Hurtta | Mar 2007 | A1 |
| 20070076729 | Takeda | Apr 2007 | A1 |
| 20070082681 | Kim et al. | Apr 2007 | A1 |
| 20070097967 | Kauppinen et al. | May 2007 | A1 |
| 20070118656 | Anderson et al. | May 2007 | A1 |
| 20070156869 | Galchev et al. | Jul 2007 | A1 |
| 20070184779 | Park et al. | Aug 2007 | A1 |
| 20070195805 | Lindgren | Aug 2007 | A1 |
| 20070206515 | Andreasen et al. | Sep 2007 | A1 |
| 20070206617 | Andreasen et al. | Sep 2007 | A1 |
| 20070209061 | Dekeyzer et al. | Sep 2007 | A1 |
| 20070253371 | Harper et al. | Nov 2007 | A1 |
| 20070254673 | Stenberg et al. | Nov 2007 | A1 |
| 20070271379 | Carlton et al. | Nov 2007 | A1 |
| 20080002592 | Yegani et al. | Jan 2008 | A1 |
| 20080020775 | Willars | Jan 2008 | A1 |
| 20080052387 | Heinz et al. | Feb 2008 | A1 |
| 20080080525 | Chatilov et al. | Apr 2008 | A1 |
| 20080084867 | Foti et al. | Apr 2008 | A1 |
| 20080095339 | Elliott et al. | Apr 2008 | A1 |
| 20080130637 | Kant et al. | Jun 2008 | A1 |
| 20080137541 | Agarwal et al. | Jun 2008 | A1 |
| 20080219218 | Rydnell et al. | Sep 2008 | A1 |
| 20080233947 | Herrero-Veron | Sep 2008 | A1 |
| 20080254768 | Faccin | Oct 2008 | A1 |
| 20090054037 | Kaippallimalil | Feb 2009 | A1 |
| 20090077647 | Schwartz | Mar 2009 | A1 |
| 20090109845 | Andreasen et al. | Apr 2009 | A1 |
| 20090129388 | Akhtar et al. | May 2009 | A1 |
| 20090285225 | Dahod | Nov 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 1414212 | Apr 2004 | EP |
| 2092766 | Aug 2009 | EP |
| WO-0122642 | Mar 2001 | WO |
| WO-2007081727 | Jul 2007 | WO |
| WO-2008070869 | Jun 2008 | WO |
| WO-2009067445 | May 2009 | WO |
| Entry |
|---|
| International Search Report and Written Opinion issued for International Patent Application No. PCT/US2007/086747. |
| <http://www.acmepacket.com/html/page.asp?PageID=%7bFB2657BA-EE7A-46C1-BEA8-F650C93BF5C3%7d>, printed on Dec. 5, 2009. |
| <http://www.3gpp.org/ftp/Specs/html-info/24229.htm>, printed on Dec. 5, 2009. |
| CT Labs Report, “SIP and RTP Denial of Service Attack Tests Summary Report”, pp. 1-4, 2005. |
| 3GPP TS 24.229 V6.12.0 (Sep. 2006), pp. 1-304, Oct. 3, 2006. |
| 3GPP TS 23.401 v8.3.0 (Sep. 2008), 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; General Packet Radio Services (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access (Release 8), http://www.3gpp.org (204 pages). |
| 3GPP TS 29.274 v1.3.0 (Oct. 2008), 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; 3GPP Evolved Packet System; Evolved GPRS Tunnelling Protocol for Control Plane (GTPv2-C0; Stage 3 (Release 8); http://www.3gpp.org (1 page). |
| 3GPP TS 36.413 v8.3.0 (Sep. 2008), 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access Network (E-UTRAN0); S1 Application Protocol (S1AP) (Release 8), http://www.3gpp.org (184 pages). |
| International Search Report for International Application No. PCT/US09/64823 mailed Feb. 12, 2010 (1 page). |
| Nguyen-Vuong. “Mobility Management in 4G Wireless Heterogeneous Networks”, PhD thesis. Jul. 2, 2008. www.biblio.univ.evry.fr/theses/2008/2008EVRY00007.pdf (171 pages). |
| Partial International Search Report issued for International Patent Application No. PCT/US2007/000132 dated Aug. 9, 2007 (2 pages). |
| International Search Report and Written Opinion issued for International Patent Application No. PCT/US2007/086747, issued on May 7, 2008 (6 pages). |
| International Search Report and Written Opinion for corresponding International Patent Application No. PCT/US2007/086884 issued on Apr. 10, 2008 (4 pages). |
| International Search Report and Written Opinion for corresponding International Patent Application No. PCT/US2009/043696 issued on Jun. 24, 2009 (5 pages). |
| International Search Report and Written Opinion for PCT Application No. PCT/US07/86808 issued on Apr. 10, 2008 (4 pages). |
| International Search Report and Written Opinion for PCT Application No. PCT/US07/86886 mailed Apr. 10, 2008 (4 pages). |
| International Search Report and Written Opinion for PCT Application No. PCT/US2007/000132 mailed on Oct. 2, 2007 (12 pages). |
| International Search Report and Written Opinion for PCT Application No. PCT/US2008/83911 issued on Jan. 12, 2009 (5 pages). |
| International Search Report and Written Opinion issued for International Patent Application No. PCT/US2007/086802 issued on May 20, 2008 (6 pages). |
| Number | Date | Country | |
|---|---|---|---|
| 20080137686 A1 | Jun 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60873493 | Dec 2006 | US |
