NGN中SIP协议安全测试系统的设计与实现
|
摘要
在新的电信形势下,市场管制放开、运营商之间竞争日益增强、数据话务量的爆炸性增长以及用户多媒体业务需求和移动性需求的不断增长,加剧了NGN(New Generation Network,下一代网络)的发展和演进。传统的电信网络由封闭的PSTN网络向开放式的网络架构演进,为电信网的可管理性和安全性带来了严峻的挑战。
随着电信网向NGN的演进,网络安全问题越来越突出。可以从网络体系构架、网元、协议实现和管理等多个方面分析下一代电信网潜在的安全威胁,而网络设备上的协议实现则可为网络安全测试与评估的切入点。因此,对NGN中软交换设备的关键协议——SIP协议实现进行安全性测试,对下一代电信网的安全性研究工作具有重大意义。
本文首先对SIP协议进行深入分析,在此基础上,提出SIP协议安全测试规范。然后,介绍了协议测试理论和当前协议测试的一些基本方法以及协议测试的标准、实现和执行,对测试用例编译执行和解释执行进行了比较,着重说明了测试例描述语言TDS,设计并实现SIP协议安全测试系统。
In the new situation of telecommunications, control of the market opening, competition between carriers increasing, the explosive growth of data traffic and user demand for multimedia services and mobile nature of demand growth, exacerbate the NGN (next generation network) development and evolution. The networks of telecommunication are changing from PSTN to IP network, which is the open-ended of network architecture. The network security and manageability of telecommunication network have been posed a serious challenge.
In the course of evolution which is the network changing from telecommunication network to the Next Generation Network, the security of the network becomes more and more important. We can analyze the security threaten at several aspect such as the system of network, Network Element, the implement of protocol, management. Analyzing the implement of protocol running on the equipment of network is one of the most important way to testing the security of network. So, the security of testing of SIP which is one of the core protocols in NGN is very important to the security of The Next Generation Network.
Firstly, in the paper, there principally analyses and research SIP. In addition, on the research of SIP, we present the model of the SIP protocol security testing. Secondly, there mainly introduce the theory of testing science and the methods of protocol testing and the standard、realization and performance of that. Then comparing the languages, which describe the test suit, and a description language is designed specifically to describe the SIP test suite. In the end, expatiate the design and realize of testing tools of Session Initiation Protocol.
随着电信网向NGN的演进,网络安全问题越来越突出。可以从网络体系构架、网元、协议实现和管理等多个方面分析下一代电信网潜在的安全威胁,而网络设备上的协议实现则可为网络安全测试与评估的切入点。因此,对NGN中软交换设备的关键协议——SIP协议实现进行安全性测试,对下一代电信网的安全性研究工作具有重大意义。
本文首先对SIP协议进行深入分析,在此基础上,提出SIP协议安全测试规范。然后,介绍了协议测试理论和当前协议测试的一些基本方法以及协议测试的标准、实现和执行,对测试用例编译执行和解释执行进行了比较,着重说明了测试例描述语言TDS,设计并实现SIP协议安全测试系统。
In the new situation of telecommunications, control of the market opening, competition between carriers increasing, the explosive growth of data traffic and user demand for multimedia services and mobile nature of demand growth, exacerbate the NGN (next generation network) development and evolution. The networks of telecommunication are changing from PSTN to IP network, which is the open-ended of network architecture. The network security and manageability of telecommunication network have been posed a serious challenge.
In the course of evolution which is the network changing from telecommunication network to the Next Generation Network, the security of the network becomes more and more important. We can analyze the security threaten at several aspect such as the system of network, Network Element, the implement of protocol, management. Analyzing the implement of protocol running on the equipment of network is one of the most important way to testing the security of network. So, the security of testing of SIP which is one of the core protocols in NGN is very important to the security of The Next Generation Network.
Firstly, in the paper, there principally analyses and research SIP. In addition, on the research of SIP, we present the model of the SIP protocol security testing. Secondly, there mainly introduce the theory of testing science and the methods of protocol testing and the standard、realization and performance of that. Then comparing the languages, which describe the test suit, and a description language is designed specifically to describe the SIP test suite. In the end, expatiate the design and realize of testing tools of Session Initiation Protocol.
引文
[1]蔡康,李洪等.下一代网络(NGN)业务及运营 人民邮电出版社2005年152-154
[2]Tabrizipoor A.l.,Pirhadi M.,Mirzabaghi M.,etal.A Testbed for Next Generation Network Interoperability Basic Call Assessment[A].The 9th International Conference on Advanced Communication Technology[C].February 2007,vol.3,pp.1597-1601
[3]赵阳.电信网安全评估方法及实施探讨[J].电信网技术,2006,5(5):11-14
[4]黄元飞,金丽萍.网络与信息安全标准化现状及下一步研究重点[J].电信科学,2006,2:23-26
[5]赵慧玲,叶华.下一代NGN的研究.通讯世界,2001.10
[6]Internet RFC 3261,SIP:Session initiation protocol[S].Rosenberg J,Schulzrinne H,Camanilo G.,2002
[7]周海华,边恩炯等.下一代网络SIP原理与应用 机械工业出版社 2006,6123-125
[8]陈昌鹏,晋磊,陈凯等.SIP协议的安全分析[J].计算机应用与软件,2007,24(8):172-174
[9]Internet RFC 4475,Session Initiation Protocol(SIP) Torture Test Messages.Network Working Group,2006
[10]Avresky,D.R.Formal verification and testing of protocol[J].Computer Communications 22,1999,p681-690
[11]Tretmans J.,Kars P.,Brinksma E.Protocol conformance testing:a formal perspective on ISO IS-9646[A].Proceedings of IFIP the 4th International Workshop on Protocol Test System[C].North-Holland:Chapman&Hall,1991.131-142
[12]Sarikaya B.Principles of Protocol Engineering and Conformance Testing[M].Ellis Horwood,1993
[13]ISO/IEC 9646-1,IT-OSI-Conformance testing methodology and framework:Part 1:General concepts.[S].1996
[14]ISO/IEC 9646-5,IT-OSI-Conformance testing methodology and framework:Part 5:Requirements on test laboratories and clients for the conformance assessment process.[S].1996
[15]ISO/IEC 9646-4,IT-OSI-Conformance testing methodology and framework:Part 4:Test realization[S].1996
[16] Brinksma E. A framework for test selection[A]. Proceedings of IFIP the 11th International Workshop on Protocol Specification, Testing and Verification[C]. North-holland: Chapman&Hall, 1991.67-80
[17] Hao R., Wu J. Test execution based on TTCN's operational semantics[J]. Journal of Communications, 1995, 20(2), 89-124
[18] ISO/IEC 9646-3, IT-OSI-Conformance testing methodology and framework: Part 3: The tree and combined notation (TTCN)[S]. 1996
[19] RFC 793, Transmission Control Protocol[S], September 1981
[20] RFC768, User Datagram Protocol[S]. Postel J., ISI, 1980
[2]Tabrizipoor A.l.,Pirhadi M.,Mirzabaghi M.,etal.A Testbed for Next Generation Network Interoperability Basic Call Assessment[A].The 9th International Conference on Advanced Communication Technology[C].February 2007,vol.3,pp.1597-1601
[3]赵阳.电信网安全评估方法及实施探讨[J].电信网技术,2006,5(5):11-14
[4]黄元飞,金丽萍.网络与信息安全标准化现状及下一步研究重点[J].电信科学,2006,2:23-26
[5]赵慧玲,叶华.下一代NGN的研究.通讯世界,2001.10
[6]Internet RFC 3261,SIP:Session initiation protocol[S].Rosenberg J,Schulzrinne H,Camanilo G.,2002
[7]周海华,边恩炯等.下一代网络SIP原理与应用 机械工业出版社 2006,6123-125
[8]陈昌鹏,晋磊,陈凯等.SIP协议的安全分析[J].计算机应用与软件,2007,24(8):172-174
[9]Internet RFC 4475,Session Initiation Protocol(SIP) Torture Test Messages.Network Working Group,2006
[10]Avresky,D.R.Formal verification and testing of protocol[J].Computer Communications 22,1999,p681-690
[11]Tretmans J.,Kars P.,Brinksma E.Protocol conformance testing:a formal perspective on ISO IS-9646[A].Proceedings of IFIP the 4th International Workshop on Protocol Test System[C].North-Holland:Chapman&Hall,1991.131-142
[12]Sarikaya B.Principles of Protocol Engineering and Conformance Testing[M].Ellis Horwood,1993
[13]ISO/IEC 9646-1,IT-OSI-Conformance testing methodology and framework:Part 1:General concepts.[S].1996
[14]ISO/IEC 9646-5,IT-OSI-Conformance testing methodology and framework:Part 5:Requirements on test laboratories and clients for the conformance assessment process.[S].1996
[15]ISO/IEC 9646-4,IT-OSI-Conformance testing methodology and framework:Part 4:Test realization[S].1996
[16] Brinksma E. A framework for test selection[A]. Proceedings of IFIP the 11th International Workshop on Protocol Specification, Testing and Verification[C]. North-holland: Chapman&Hall, 1991.67-80
[17] Hao R., Wu J. Test execution based on TTCN's operational semantics[J]. Journal of Communications, 1995, 20(2), 89-124
[18] ISO/IEC 9646-3, IT-OSI-Conformance testing methodology and framework: Part 3: The tree and combined notation (TTCN)[S]. 1996
[19] RFC 793, Transmission Control Protocol[S], September 1981
[20] RFC768, User Datagram Protocol[S]. Postel J., ISI, 1980