短信行业应用的安全研究
|
摘要
在目前移动通信市场同质竞争日益激烈的情况下,短信行业应用作为各家运营商均着力发展的集团客户行业数据应用之一,能为运营企业带来新的利润增长点,但是其在发展过程中的安全问题却也一直是大家关注的焦点。
从本质上说,短信行业应用是短信业务应用的一个特例,是指由集团客户(EC)或者业务集成商(SI)提供、通过短信行业应用网关(IAGW)实现、服务于多个用户的行业应用。由于目前的实现方式中EC/SI与BOSS之间没有接口,所以在短信行业应用中只能采取对短信息的接收方进行收费的方式,存在的隐患显而易见。因此在短信行业应用的发展过程中,如何从网络层面和业务层面去保障行业应用的安全性是当前急需考虑的问题。
本文主要从现有业务应用的实际出发,从IAGW的组网结构、CMPP协议的应用、各类接口管理等方面着手,着重对今后短信行业应用的组网和运营中的安全性进行研究,在IAGW系统架构重新调整的基础上,通过对现有相关业务流程的优化调整,实现对SP更有效地监控和管理,解决现有的虚假鉴权、垃圾或不良谋利信息下发给用户带来的危害,保证用户和运营商的利益不受侵害。
由于受本人能力、时间、篇幅及研究重点等方面的限制,本文只是着重探讨了短信行业应用中组网结构、业务流程的优化,以及防止SP进行短信欺诈和违规操作等方面的安全保障,但相信本文所获得的成果将对今后的短信网络维护管理提供有益参考。
Nowadays, the competition in mobile telecommunication market is getting more and more dramatic. Short message is one of the most important data applications for all of the mobile companies because it can bring mobile companies new revenue increasing opportunity. However, the information security problem is always focused on during the development.
Essentially, Industry Application is a special case of short message which means the application provided by the Enterprise Customer (EC) or System Integration (SI) to realize the industry application for multi-users through the short message Industry Application Gateway (IAGW). Because the current solution doesn’t provide the interface between EC/SI and BOSS , it’s obviously that there will be hidden troubles caused by the billing mode as it can only charge the short message receiver. Therefore, it’s urgent to solve the security problem of industry application from the network and operation level.
This document focuses on the network structure of the IAGW, the application of CMPP protocol and the interfaces management in order to investigate the networking and operating security. By the rebuilding of the IAGW system architecture, we hope to optimize the business process so that we can monitor and manage the SPs more effectively, solve the current issues like inveracious authentification as well as harmful push short messages to avoid the economic loss of our customers.
I only focus on the network structure of Industry Application System, the business process optimizing and keeping away the short message trick and get out of line operations of SP related to short message industry application because of the limitation of my knowledge, time, length and research area in this document. I wish it will be a good reference for short message network maintenance and management in the future.
从本质上说,短信行业应用是短信业务应用的一个特例,是指由集团客户(EC)或者业务集成商(SI)提供、通过短信行业应用网关(IAGW)实现、服务于多个用户的行业应用。由于目前的实现方式中EC/SI与BOSS之间没有接口,所以在短信行业应用中只能采取对短信息的接收方进行收费的方式,存在的隐患显而易见。因此在短信行业应用的发展过程中,如何从网络层面和业务层面去保障行业应用的安全性是当前急需考虑的问题。
本文主要从现有业务应用的实际出发,从IAGW的组网结构、CMPP协议的应用、各类接口管理等方面着手,着重对今后短信行业应用的组网和运营中的安全性进行研究,在IAGW系统架构重新调整的基础上,通过对现有相关业务流程的优化调整,实现对SP更有效地监控和管理,解决现有的虚假鉴权、垃圾或不良谋利信息下发给用户带来的危害,保证用户和运营商的利益不受侵害。
由于受本人能力、时间、篇幅及研究重点等方面的限制,本文只是着重探讨了短信行业应用中组网结构、业务流程的优化,以及防止SP进行短信欺诈和违规操作等方面的安全保障,但相信本文所获得的成果将对今后的短信网络维护管理提供有益参考。
Nowadays, the competition in mobile telecommunication market is getting more and more dramatic. Short message is one of the most important data applications for all of the mobile companies because it can bring mobile companies new revenue increasing opportunity. However, the information security problem is always focused on during the development.
Essentially, Industry Application is a special case of short message which means the application provided by the Enterprise Customer (EC) or System Integration (SI) to realize the industry application for multi-users through the short message Industry Application Gateway (IAGW). Because the current solution doesn’t provide the interface between EC/SI and BOSS , it’s obviously that there will be hidden troubles caused by the billing mode as it can only charge the short message receiver. Therefore, it’s urgent to solve the security problem of industry application from the network and operation level.
This document focuses on the network structure of the IAGW, the application of CMPP protocol and the interfaces management in order to investigate the networking and operating security. By the rebuilding of the IAGW system architecture, we hope to optimize the business process so that we can monitor and manage the SPs more effectively, solve the current issues like inveracious authentification as well as harmful push short messages to avoid the economic loss of our customers.
I only focus on the network structure of Industry Application System, the business process optimizing and keeping away the short message trick and get out of line operations of SP related to short message industry application because of the limitation of my knowledge, time, length and research area in this document. I wish it will be a good reference for short message network maintenance and management in the future.
引文
[1] 汪兵锋,移动短信在行业应用中的发展研究,增值电信(电子版),2005,1(35)
[2] 吕廷杰,杨宁,吴海军等,电信运营支撑系统 OSS-理论、策略与实践,北京,人民邮电出版社,2003
[3] 何廷润,移动门户:发展移动数据业务的关键因素,中国新通信, 2005,4
[4] 欧阳洁,李刚,中国移动通信服务行业的竞争发展及其战略调整,管理世界 2003,6
[5] 单广玉, 范晓晖, 杨义先,短消息业务系统安全性分析[J],信息网络安全, 2003,11,52-54
[6] CNCERT/CC(国家计算机网络应急技术处理协调中心),2006年网络安全工作报告,2007.1
[7] 易阳峰,垃圾短信监控的原理与实现,中兴通讯技术,2005,6(64)
[8] 黄岩,中国移动业务运营支撑系统(BOSS)技术规范(1.5 版),2004
[9] 唐培正,构架新一代综合电信业务支撑系统,现代电信科技, 2004,4,15-17
[10] 中国移动通信集团公司,省 BOSS 与省行业网关接口规范单行本(V1.2.3),2006.7
[11] 徐志发,构筑面向客户的电信运营支撑系统,通讯产业报, 2004.3
[12] SMS Forum,Short Message Peer to Peer Protocol Specification v3.4, DocumentVersion:12-oct-1999 Issue 1.2.
[13] ETS 300 536: GSM 03.40 version 4.13.0, October 1996
[14] 中国移动通信集团公司,中国移动通信互联网短信网关接口协议(China Mobile Peer to Peer, CMPP) v2.0,2002.4
[15] TMF GB921 v4.0,Enhanced Telecom Operations Map (eTOM)—The Business Process Framework[S],2004
[16] TMF 053 v4.0,The NGOSS Technology Neutral Architecture (TNA)[S], 2004
[17] 邱雪松、王计艳,基于 NGOSS 体系结构的服务等级协定管理框架[J],中兴通讯技术,2003,3,9-12
[18] 陈颖慧,电信运营支撑系统的标准及其进展[J],中兴通讯技术, 2003,3,1-4
[19] 中国移动通信集团公司,行业应用网关设备规范(Industry-Application GateWay Equipment Specification) V 1.0.0,2007.01
[20] TMF C3650, NGOSS Release 5.0 Solution Suite Release Notes[S],2005
[21] 中国移动通信集团公司,全网行业应用接口规范(Interface Spec. for Industry Application Service) V 1.1.0,2007.01
[22] TMF GB922 v4.0 , Shared Information/Data(SID) Model—Concept ,Principle and Domains[S],2004
[23] TMF GB926 v4.0,Shared Information/Data(SID) Model—System View:Concept and Principles[S],2004
[24] TMF 050 v4.0,The NGOSS Compliance Testing Strategy Technical Specification[S],2004.
[25] 中国移动通信集团公司,中国移动通信互联网短信网关接口协议(China Mobile Peer to Peer, CMPP) v3.0,2003.6
[26] 宁宁,中国移动业务运营支撑系统的发展,通信世界,2002,4,34-35
[27] 陈龙,电信运营支撑系统,北京,人民邮电出版社,2005
[28] 鲁春丛,影响运营支撑系统应用效率的管理因素分析[J],中兴通讯技术,2003,9(3),17-20
[29] 中国移动通信集团公司,中国移动通信行业应用网关测试规范 v1.1.0,2007.1
[30] 孔令萍,新一代运营支撑系统体系结构[J],中兴通讯技术,2003,3,5-8
[2] 吕廷杰,杨宁,吴海军等,电信运营支撑系统 OSS-理论、策略与实践,北京,人民邮电出版社,2003
[3] 何廷润,移动门户:发展移动数据业务的关键因素,中国新通信, 2005,4
[4] 欧阳洁,李刚,中国移动通信服务行业的竞争发展及其战略调整,管理世界 2003,6
[5] 单广玉, 范晓晖, 杨义先,短消息业务系统安全性分析[J],信息网络安全, 2003,11,52-54
[6] CNCERT/CC(国家计算机网络应急技术处理协调中心),2006年网络安全工作报告,2007.1
[7] 易阳峰,垃圾短信监控的原理与实现,中兴通讯技术,2005,6(64)
[8] 黄岩,中国移动业务运营支撑系统(BOSS)技术规范(1.5 版),2004
[9] 唐培正,构架新一代综合电信业务支撑系统,现代电信科技, 2004,4,15-17
[10] 中国移动通信集团公司,省 BOSS 与省行业网关接口规范单行本(V1.2.3),2006.7
[11] 徐志发,构筑面向客户的电信运营支撑系统,通讯产业报, 2004.3
[12] SMS Forum,Short Message Peer to Peer Protocol Specification v3.4, DocumentVersion:12-oct-1999 Issue 1.2.
[13] ETS 300 536: GSM 03.40 version 4.13.0, October 1996
[14] 中国移动通信集团公司,中国移动通信互联网短信网关接口协议(China Mobile Peer to Peer, CMPP) v2.0,2002.4
[15] TMF GB921 v4.0,Enhanced Telecom Operations Map (eTOM)—The Business Process Framework[S],2004
[16] TMF 053 v4.0,The NGOSS Technology Neutral Architecture (TNA)[S], 2004
[17] 邱雪松、王计艳,基于 NGOSS 体系结构的服务等级协定管理框架[J],中兴通讯技术,2003,3,9-12
[18] 陈颖慧,电信运营支撑系统的标准及其进展[J],中兴通讯技术, 2003,3,1-4
[19] 中国移动通信集团公司,行业应用网关设备规范(Industry-Application GateWay Equipment Specification) V 1.0.0,2007.01
[20] TMF C3650, NGOSS Release 5.0 Solution Suite Release Notes[S],2005
[21] 中国移动通信集团公司,全网行业应用接口规范(Interface Spec. for Industry Application Service) V 1.1.0,2007.01
[22] TMF GB922 v4.0 , Shared Information/Data(SID) Model—Concept ,Principle and Domains[S],2004
[23] TMF GB926 v4.0,Shared Information/Data(SID) Model—System View:Concept and Principles[S],2004
[24] TMF 050 v4.0,The NGOSS Compliance Testing Strategy Technical Specification[S],2004.
[25] 中国移动通信集团公司,中国移动通信互联网短信网关接口协议(China Mobile Peer to Peer, CMPP) v3.0,2003.6
[26] 宁宁,中国移动业务运营支撑系统的发展,通信世界,2002,4,34-35
[27] 陈龙,电信运营支撑系统,北京,人民邮电出版社,2005
[28] 鲁春丛,影响运营支撑系统应用效率的管理因素分析[J],中兴通讯技术,2003,9(3),17-20
[29] 中国移动通信集团公司,中国移动通信行业应用网关测试规范 v1.1.0,2007.1
[30] 孔令萍,新一代运营支撑系统体系结构[J],中兴通讯技术,2003,3,5-8