软交换中网络安全的研究
|
摘要
随着下一代网络的发展,各大运营商积极实行软交换商化的同时,如何提供一个安全可靠的网络是网络建设过程中所必须要考虑到的问题,尤其对于软交换这样一个运营系统而言,安全问题显得尤为重要。由于软交换网络的研究是刚刚发展起来的领域,所以目前这方面的研究还不够成熟。以软交换为核心的下一代网络一直是研究的热点,不仅设备制造商投人大量的金钱和人力研发设备,而且移动运营商也开展大量的测试和实验。用来验证设备的稳定性、协议的标准化程度以及规模组网的可行性。
本文的研究目标就是针对软交换中的安全隐患,提出软交换的安全解决方案,对软交换的网络安全起到了一定的保护作用,实现了IPSec和NAT的兼容以及NAT在软交换网络中的穿越。最后以贵州移动网络为例,提出软交换在贵州移动网络改造建设中的应用方案和网络安全的具体解决方案,设计方案具有良好的可操作性。
本文以软交换中网络安全技术为研究方向,第一章对课题的背景、研究的动向和研究的内容进行分析;第二章为软交换技术的概念、功能结构、网络结构、接口、协议进行论述;第三章是对软交换的网络安全隐患进行论述,研究了具体安全解决方案;第四章以贵州移动网络为例论述安全组网在实际中的效果;第五章对全文作出总结和研究展望。
With the development of the NGN, while all the operators commercialize the Softswitch, how to provide a secure and reliable net will be the matter that must be considered in the construction of network. As for the operating Softswitch system, security appears especially important. Because of a new scientific research on Softswitch, there is not much study on it. The research focuses on Softswitch which is the core in NEN. Not only did the equipment manufacturers spend a large amount of money and manual work on developing equipment, but mobile operators did a large number of tests and experiments on this technology. The purpose is to test its constancy, the standard degree of agreement and the feasibility of the scale group net.
The target of the study is to work out the problem of the security with Softswitch and make combination IPSec with NAT, and make NAT used in the network with Softswitch. At last, taking Guizhou mobile network as example, the study suggests the project of applying Softswitch in the reconstruction of Guizhou mobile network, and the specific project of solution to the problem of net security. The design of the project is well-operative.
This essay is based on the research on net security technology with Softswitch. The first chapter is to analyze the background of the program, the tendency and content of the research. The second chapter is to dissert the conception of Softswitch technology, function, net structure, interface, and agreement. The third chapter is also to dissert the feasibility of security of net with soft-switch and is about the specific solution to the problem of security. The fourth chapter is about, taking Guizhou mobile network as example, the factual effect of safe group net. The fifth chapter is to draw a conclusion and the research expectation of the whole essay.
本文的研究目标就是针对软交换中的安全隐患,提出软交换的安全解决方案,对软交换的网络安全起到了一定的保护作用,实现了IPSec和NAT的兼容以及NAT在软交换网络中的穿越。最后以贵州移动网络为例,提出软交换在贵州移动网络改造建设中的应用方案和网络安全的具体解决方案,设计方案具有良好的可操作性。
本文以软交换中网络安全技术为研究方向,第一章对课题的背景、研究的动向和研究的内容进行分析;第二章为软交换技术的概念、功能结构、网络结构、接口、协议进行论述;第三章是对软交换的网络安全隐患进行论述,研究了具体安全解决方案;第四章以贵州移动网络为例论述安全组网在实际中的效果;第五章对全文作出总结和研究展望。
With the development of the NGN, while all the operators commercialize the Softswitch, how to provide a secure and reliable net will be the matter that must be considered in the construction of network. As for the operating Softswitch system, security appears especially important. Because of a new scientific research on Softswitch, there is not much study on it. The research focuses on Softswitch which is the core in NEN. Not only did the equipment manufacturers spend a large amount of money and manual work on developing equipment, but mobile operators did a large number of tests and experiments on this technology. The purpose is to test its constancy, the standard degree of agreement and the feasibility of the scale group net.
The target of the study is to work out the problem of the security with Softswitch and make combination IPSec with NAT, and make NAT used in the network with Softswitch. At last, taking Guizhou mobile network as example, the study suggests the project of applying Softswitch in the reconstruction of Guizhou mobile network, and the specific project of solution to the problem of net security. The design of the project is well-operative.
This essay is based on the research on net security technology with Softswitch. The first chapter is to analyze the background of the program, the tendency and content of the research. The second chapter is to dissert the conception of Softswitch technology, function, net structure, interface, and agreement. The third chapter is also to dissert the feasibility of security of net with soft-switch and is about the specific solution to the problem of security. The fourth chapter is about, taking Guizhou mobile network as example, the factual effect of safe group net. The fifth chapter is to draw a conclusion and the research expectation of the whole essay.
引文
[1]石友康.下一代网络NGN标准进展.通信世界,2002年第7期:7-9.
[2]薛宁,胡绍海,池毓东等.IP电话及其增值业务技术.第一版.北京:人民邮电出版
[3]Ki-Young Jung,Mi-Jung Hong.Design considerations for NGN softswitch-element management systemNetwork Operations and Management Symposium,IEEE Vol.1,April 2004:909-910.
[4]白跃彬.网络安全若干关键技术研究.博士学位论文.西安交通大学.西安交通大学图书馆.2001.
[5]夏雷.软交换网络与现有网络融合的研究.北京邮电大学学报,2004,第27卷增刊:102-107.
[6]Williams.S.The softswitch advantage.IEE Review Volume 48,Issue 4,July 2002:25-29.
[7]严军.NGN网络业务NAT穿透技术探讨.通信世界.2003年37期:31-32.
[8]陈云坤,付光轩.软交换中的网络安全问题.贵州大学学报(自然科学报),2007年,第24卷第2期:179-183.
[9]殷月明.IMS、软交换、NGN三者关系与网络演进[J].通信技术与标准,2005(3).
[10]常永宏,第三代移动通信系统与技术,北京:人民邮电出版社,2002.
[11]庄振运.软交换技术及其标准.电流技术.2001年第4期.31-35.
[12]张晓晖,张辉.浅谈软交换技术的应用.中国数据通信,2003年第1期:24-26.
[13]费娟,黄本雄.智能业务与软交换的互通的设计与实现.微机发展,2005年第4期:8-10.
[14]王鹍.软交换中增值业务的提供的研究与实现:硕士学位论文.华中科技大学:华中科技大学图书馆,2004.
[15]Aljaz.T,Brodnik.A.Supplementary services in telecommunication next generation networks.Network Operations and Management Symposium,IEEE Vol.2,April 2004:159-172.
[16]软交换技术设备总体技术要求.中华人民共和国信息产业部科学技术司印发,2002:9-12.
[17]3GPP,TS23.002.NetWOrk architecture[S],2002.
[18]罗国庆.软交换的工程实现[M].北京:人民邮电出版社,2004.13-31,82-183.
[19]陈建亚,余浩.软交换与下一代网络[M].北京:北京邮电大学出版社,2003.16-58.
[20]Ohrman J R F D.软交换技术[M].北京:电子工业出版社,2003.88-247.
[21]欧阳星明,刘迎午.基于软交换的流媒体QoS支撑环境的研究[J].计算机工程与设计,2005,26(9):2381-2383.
[22]周正等,通信工程新技术实用手册,交换技术分册,北京:北京邮电大学出版社,2002.
[23]王健,姜楠,刘培玉.两种网络安全协议分析与比较.电视技术,2003年第10期:82-85.
[24]ITU-T H.248,Gateway control protocol[S].2000.
[25]IETF RFC2705,Media gateway control protocol(MGCP) version 1.0[S].1999.
[26]Josef Glasmann,Wolfgang Kellerer,Haraled Muller.Service architectures in H.323 and SIP:A comparison[J].IEEE Communications Surveys Tutorials,2003,5(2):32-47.
[27]The parlay group parlay API specification[EB/OL].2005-12-30.http://www.cbinews.com/channel/showcontent.jsp?articleid=28596.
[28]Jin-Cherng Lin;Ching-Tien Chang;Wei-Tao Chung.Design,implementation and performance evaluation of IP-VPN.Advanced Information Networking and Applications,AINA 2003.17th International Conference on 27-29 March 2003:206-209.
[29]Xintai Gou,Weidong Jin.Multi-agent System for Multimedia Communications Traversing NAT/Firewall in Next Generation Networks.Proceedings of the Second Annual Conference on Communication Networks and Services Research(CNSR'04).IEEE 2004.
[30]郭谦,王东辉.软交换中的安全机制.中国数据通信,2002.02,92-94.
[31]姜华.NGN组网的安全性分析与安全策略.现代移动科技,2003年12期:6-8.
[32]李海花.软交换网络中的安全机制.移动网技术,2003.12期:10-13.
[33]ISC.Softswitch applications in wireless care networks-an overview[EB/OL].2002.http://www.softswitch.org.
[34]Kyung-Hyu Lee,Kyu-Ok Lee and Kwon-Chul Park.Architecture To be Deployed on Strategies of Next Generation Networks.2003 IEEE:819-822.
[35]G.Montenegro,M.Borella.RSIP Support for End-to-End IPSec.IETF RFC3104,Oct 2001.
[36]M.Borella,D.Grabelsky,J.Lo,K.Taniguchi.RFC3103:Realm Specific IP:Protocol Specification.October 2001.
[37]Xintai Gou,Weidong Jin.Multi-agent System for Multimedia Communications Traversing NAT/Firewall in Next Generation Networks.Proceedings of the Second Annual Conference on Communication Networks and Services Research(CNSR'04).IEEE 2004.
[38]付光轩,高鸿峰,卢朝晖.下一代互联网核心通信协议--IPV6原理及应用.贵州:贵州教育出版社,2004年:89-102
[39]J.Rosenberg,J.Weinberger,C.Huitema,R.Mahy.RFC3489:STUN-Simple Traversal of User Datagram Protocol(UDP) Through Network Address Translators(NATs).March 2003.
[40]查月华,许建真,胡建彰.基于防火墙的网络安全实现.电视技术,2002年第6期:43-45
[41]吕屹.软交换业务实现防火墙和地址转换设备穿越的技术方案.广东通信技术,2004年第6期:11-15
[42]李瑾坤,孙淑霞.NAT技术探讨及应用实例.成都理工学院学报.2002年第3期:324-328
[43]严军.NGN网络业务NAT穿透技术探讨.通信世界.2003年37期:31-32
[44]梅黎.基于软交换的NAT/防火墙穿透技术研究.现代电信科技.2005年第1期:28-30
[45]J.Rosenberg,J.Weinberger,C.Huitema,R.Mahy.RFC3489:STUN-SimpleTraversal of User Datagram Protocol(UDP) Through Network Address Translators(NATs).March 2003
[46]P.Srisuresh,J.Rosenberg.RFC3303:Middlebox communication architecture andframework,August 2002
[47]李伟.NGN承载网建设思路探析[J].邮电设计技术,2005(11).
[2]薛宁,胡绍海,池毓东等.IP电话及其增值业务技术.第一版.北京:人民邮电出版
[3]Ki-Young Jung,Mi-Jung Hong.Design considerations for NGN softswitch-element management systemNetwork Operations and Management Symposium,IEEE Vol.1,April 2004:909-910.
[4]白跃彬.网络安全若干关键技术研究.博士学位论文.西安交通大学.西安交通大学图书馆.2001.
[5]夏雷.软交换网络与现有网络融合的研究.北京邮电大学学报,2004,第27卷增刊:102-107.
[6]Williams.S.The softswitch advantage.IEE Review Volume 48,Issue 4,July 2002:25-29.
[7]严军.NGN网络业务NAT穿透技术探讨.通信世界.2003年37期:31-32.
[8]陈云坤,付光轩.软交换中的网络安全问题.贵州大学学报(自然科学报),2007年,第24卷第2期:179-183.
[9]殷月明.IMS、软交换、NGN三者关系与网络演进[J].通信技术与标准,2005(3).
[10]常永宏,第三代移动通信系统与技术,北京:人民邮电出版社,2002.
[11]庄振运.软交换技术及其标准.电流技术.2001年第4期.31-35.
[12]张晓晖,张辉.浅谈软交换技术的应用.中国数据通信,2003年第1期:24-26.
[13]费娟,黄本雄.智能业务与软交换的互通的设计与实现.微机发展,2005年第4期:8-10.
[14]王鹍.软交换中增值业务的提供的研究与实现:硕士学位论文.华中科技大学:华中科技大学图书馆,2004.
[15]Aljaz.T,Brodnik.A.Supplementary services in telecommunication next generation networks.Network Operations and Management Symposium,IEEE Vol.2,April 2004:159-172.
[16]软交换技术设备总体技术要求.中华人民共和国信息产业部科学技术司印发,2002:9-12.
[17]3GPP,TS23.002.NetWOrk architecture[S],2002.
[18]罗国庆.软交换的工程实现[M].北京:人民邮电出版社,2004.13-31,82-183.
[19]陈建亚,余浩.软交换与下一代网络[M].北京:北京邮电大学出版社,2003.16-58.
[20]Ohrman J R F D.软交换技术[M].北京:电子工业出版社,2003.88-247.
[21]欧阳星明,刘迎午.基于软交换的流媒体QoS支撑环境的研究[J].计算机工程与设计,2005,26(9):2381-2383.
[22]周正等,通信工程新技术实用手册,交换技术分册,北京:北京邮电大学出版社,2002.
[23]王健,姜楠,刘培玉.两种网络安全协议分析与比较.电视技术,2003年第10期:82-85.
[24]ITU-T H.248,Gateway control protocol[S].2000.
[25]IETF RFC2705,Media gateway control protocol(MGCP) version 1.0[S].1999.
[26]Josef Glasmann,Wolfgang Kellerer,Haraled Muller.Service architectures in H.323 and SIP:A comparison[J].IEEE Communications Surveys Tutorials,2003,5(2):32-47.
[27]The parlay group parlay API specification[EB/OL].2005-12-30.http://www.cbinews.com/channel/showcontent.jsp?articleid=28596.
[28]Jin-Cherng Lin;Ching-Tien Chang;Wei-Tao Chung.Design,implementation and performance evaluation of IP-VPN.Advanced Information Networking and Applications,AINA 2003.17th International Conference on 27-29 March 2003:206-209.
[29]Xintai Gou,Weidong Jin.Multi-agent System for Multimedia Communications Traversing NAT/Firewall in Next Generation Networks.Proceedings of the Second Annual Conference on Communication Networks and Services Research(CNSR'04).IEEE 2004.
[30]郭谦,王东辉.软交换中的安全机制.中国数据通信,2002.02,92-94.
[31]姜华.NGN组网的安全性分析与安全策略.现代移动科技,2003年12期:6-8.
[32]李海花.软交换网络中的安全机制.移动网技术,2003.12期:10-13.
[33]ISC.Softswitch applications in wireless care networks-an overview[EB/OL].2002.http://www.softswitch.org.
[34]Kyung-Hyu Lee,Kyu-Ok Lee and Kwon-Chul Park.Architecture To be Deployed on Strategies of Next Generation Networks.2003 IEEE:819-822.
[35]G.Montenegro,M.Borella.RSIP Support for End-to-End IPSec.IETF RFC3104,Oct 2001.
[36]M.Borella,D.Grabelsky,J.Lo,K.Taniguchi.RFC3103:Realm Specific IP:Protocol Specification.October 2001.
[37]Xintai Gou,Weidong Jin.Multi-agent System for Multimedia Communications Traversing NAT/Firewall in Next Generation Networks.Proceedings of the Second Annual Conference on Communication Networks and Services Research(CNSR'04).IEEE 2004.
[38]付光轩,高鸿峰,卢朝晖.下一代互联网核心通信协议--IPV6原理及应用.贵州:贵州教育出版社,2004年:89-102
[39]J.Rosenberg,J.Weinberger,C.Huitema,R.Mahy.RFC3489:STUN-Simple Traversal of User Datagram Protocol(UDP) Through Network Address Translators(NATs).March 2003.
[40]查月华,许建真,胡建彰.基于防火墙的网络安全实现.电视技术,2002年第6期:43-45
[41]吕屹.软交换业务实现防火墙和地址转换设备穿越的技术方案.广东通信技术,2004年第6期:11-15
[42]李瑾坤,孙淑霞.NAT技术探讨及应用实例.成都理工学院学报.2002年第3期:324-328
[43]严军.NGN网络业务NAT穿透技术探讨.通信世界.2003年37期:31-32
[44]梅黎.基于软交换的NAT/防火墙穿透技术研究.现代电信科技.2005年第1期:28-30
[45]J.Rosenberg,J.Weinberger,C.Huitema,R.Mahy.RFC3489:STUN-SimpleTraversal of User Datagram Protocol(UDP) Through Network Address Translators(NATs).March 2003
[46]P.Srisuresh,J.Rosenberg.RFC3303:Middlebox communication architecture andframework,August 2002
[47]李伟.NGN承载网建设思路探析[J].邮电设计技术,2005(11).