CC HNH THC TN CNG V GII PHP BO V MNG 3G UMTS

3.1 Cc kiu tn cng vo mng di ng 3G UMTS3.1.1 Cc e do ti cc my di ng (Malware) Khi cng ngh 3G c trin khai, chng ta cn cnh gic vi cc nguy c bo mt ti cc my di ng t cc loi malware khc nhau. Malware (hay phn mm c hi) c th l chng trnh (hay on m chng trnh) c hi, khng c c quyn, hoc khng mong i bt k c mc ch l thc hin cc tc v bt hp php ln my tnh, cc phn t mng, hoc thit b u cui di ng [2]. Mt s v d v cc tc v m mt malware c th thc hin gm: do thm lu lng v tuyn, ghi li cc thng tin c nhn, nh cp v phn phi thng tin ring t v b mt, cm cc my tnh, v xo cc file. Malware c th c phn chia thnh tm th loi khc nhau [2]: 1. Worms: Mt worm (su) l mt chng trnh thc hin copy bn thn n (bng cc cch khc nhau nh copy bn thn n s dng email hoc c ch truyn ti khc). Mt worm c th lm hi v/hoc tho hip s bo mt ca my tnh b nhim bng cch thc hin cc tc v c bit. Cc loi Worm ph bin trn cc my in thoi di ng l: Cabir Worm, Lasco Worm, Commwarrior Worm. 2. Zombies: Mt zombie l mt chng trnh thc hin b mt qua mt my tnh khc c gn vi Internet v sau s dng my tnh thc hin cc tn cng gy kh khn trace ngi khi to zombie. Cc zombie c th c s dng thc hin cc tn cng t chi dch v (DoS), in hnh chng li cc Website mc tiu. Cc zombie c th c ci t trn hng trm my tnh thuc v cc bn th ba khng nghi ng. Chng thng c s dng ng b gy qu ti mc tiu nn nhn bng cch trin khai cc tn cng mnh trn ngp lu lng Internet. 3. Viruses: Mt virus l mt chui m ngun c chn vo m ngun khc c th thc hin c, tho mn khi chng trnh chy th m ngun gy ra bi virus cng c thc hin. M ngun gy ra bi virus gy ra mt copy bn thn n c

chn vo trong mt hoc nhiu hn mt chng trnh. Cc virus khng phi l cc chng trnh ring bit, chng khng th t chy v cn c chng trnh ch, m virus l mt phn ca chng trnh ch ny, chy v kch hot chng. Mt s loi virus in hnh trong thng tin di ng nh Duts virus, Pseudo-virus,... 4. Trojan Horses: Mt Trojan l mt malware thc hin cc tc v bt hp php, thng l c hi. S khc nhau ch yu gia mt Trojan v mt virus l s khng c kh nng nhn bn bn thn ca Trojan. Ging nh virus, Trojan c th gy hi hoc mt phn ng h thng khng mong i, v c th tho hip s bo mt ca cc h thng. Mt Trojan ging nh mt chng trnh bnh thng bt k, nhng n c mt s m ngun c hi nm n bn trong n. Cc loi Trojan ph bin trn cc my in thoi di ng l: Skull Trojan, Mosquito Trojan, Brador Trojan, Cardtrap.A, MetalGear 5. Logic Bombs: Mt logic bomb l mt on m chng trnh c chn b mt hoc ch . Bomb c thit k thc hin di nhng iu kin c bit, nh mt khong thi gian tri qua k t khi s kin xy ra. N l mt virus hoc Trojan my tnh c tc v tr. Mt logic bomb c th c thit k hin th mt bn tin gi mo, xo d liu, corrupt d liu, hoc c cc nh hng khng mong mun khc khi c thc hin. 6. Trap Doors: Mt trap door, i khi c gi l back door, l im u vo b mt trong chng trnh cho php k tn cng cnh gic v trapdoor nhn c quyn truy nhp m khng phi thc hin cc th tc truy nhp bo mt. S khc nhau gia mt trap door v mt Trojan truy nhp t xa (RAT) l trap door ch m mt cng, RAT c thit k vi kin trc client-server. 7. Phishing Scam (PS): Mt PS l mt trang Web, mt email, hoc mt tin nhn vn bn khng trung thc thu ht nhng ngi s dng khng nghi ng l cc thng tin nhy cm nh password, cc thng tin ti chnh, hoc d liu c nhn khc. 8. Spyware: Mt spyware l mt phn mm nhm l thng tin c nhn ca ngi s dng di ng hoc h thng my tnh ca n ti cc k nghe trm. V d nh

FlexiSpy l mt spyware c bung ra nm 2006. N gi mt log cc cuc gi di ng v cc bn sao cc vn bn v cc tin nhn MMS ti mt server Internet thng mi c th xem c bi bn th ba. 3.1.2 Cc kiu tn cng trn mng 3G 3.1.2.1 Phn loi cc kiu tn cng Vic phn loi cc kiu tn cng trn mng 3G c th da trn ba chiu l [2]: (a) Cc th loi tn cng; (b) Cc phng tin tn cng; (c) Chiu truy nhp vt l, trong cc tn cng c phn loi da trn mc truy nhp vt l m k tn cng s dng ti mng 3G. a) Phn loi da trn cc th loi: Ngn chn Gi mo/pht lp Bin i cc ngun ti nguyn T chi dch v (DoS) Ngt qung: b) Phn loi da trn cc phng tin tn cng: Cc tn cng da trn d liu Cc tn cng da trn cc bn tin Tn cng logic dch v c) Phn loi da theo chiu truy nhp vt l: Cc tn cng truy nhp vt l I Cc tn cng truy nhp vt l II Cc tn cng truy nhp vt l III Cc tn cng truy nhp vt l IV Cc tn cng truy nhp vt l V

3.1.2.2 Mt s tn cng in hnh Cc tn cng trn mng 3G c th khi ngun t hai ngun chnh l: T bn ngoi mng di ng: T mng Internet cng cng, cc mng ring, v cc mng ca nh khai thc khc; Bn trong mng di ng: T cc thit b nh cc my cm tay c kh nng x l d liu, cc my in thoi thng minh, cc my tnh c nhn hoc cc my tnh bn c kt ni ti mng di ng 3G. Trong bng 3.1 nu mt s kiu tn cng in hnh trn mng di ng 3G. Bng 3. 1 Cc kiu tn cng khc nhau trn mng di ng 3G Kiu tn cng Worm, Virus, Trojan, SMS/MMS spam T chi dch v (DoS), SYNflood, cc tn cng lp ng dng (trn cc server, trn b m, SIP flooding, RTP flooding,...) Tn cng Overbilling Mc tiu Mc ch Cc ngi s dng khc, Quy ry, t chi dch cc phn t mng (cc v (DoS), ngt dch v server ni dung) HLR, AAA, cc server ni dung, cc node bo hiu Tn cng kh nng cung cp dch v

Cc phn t qun l ca nh khai thc (AAA, HLR, VLR, ...) Cc phin ca ngi s dng

Gian ln

Spoofed PDP context

n trm dch v Tn cng kh nng cung cp dch v

Cc tn cng mc bo Cc node bo hiu hiu (SIGTRAN, SIP) gm bin i, ngn chn, DoS

Cc tn cng trn cc giao din mng Cc giao din quan trng ca mng thng tin di ng 3G gm c: Gi: Giao din gia mng 3G v mng bn ngoi nh mng Internet; Gp: Giao din gia hai nh khai thc mng di ng, ch yu cho chuyn vng (roaming); Ga: Giao din ti cc h thng tnh cc; Gn: Giao din ni b gia SGSN v GGSN ca nh khai thc mng di ng.

Hnh 3. 1 Cc giao din ca mng 3G. Cc tn cng c th xy ra trn cc giao din ny, c bit l trn cc giao din Gp v Gi, ni m mng ca nh khai thc di ng kt ni vi mng ca nh khai thc khc. Cc dch v bo mt cung cp s bo v chng li cc nguy c tn cng khc nhau, cc dch v bo mt c th c phn loi nh sau: Tnh ton vn, Tnh b mt, Nhn thc, Tnh hp php (c c quyn), Tnh kh dng

Khi nghin cu cc nguy c bo mt trn cc giao din ca mng 3G, chng ta xem xt cc tn cng chng li cc dch v bo mt ny. quyt nh la chn gii php bo mt ph hp, trc tin cn xc nh kiu lu lng v cc dch v d liu c cung cp, sau phn tch cc nguy c bo mt c th i vi cc dch v ny. Di y, chng ta s phn tch cc nguy c bo mt trn cc giao din ca mng 3G. a) Cc tn cng trn giao din Gp Giao din Gp l kt ni logic gia cc mng di ng mt t cng cng (PLMN), c s dng h tr ngi s dng di ng chuyn vng (roaming). Giao thc ng hm GPRS (GTP) c s dng thit lp mt kt ni gia mt SGSN ni ht v GGSN thng tr ca ngi s dng. Bao gm cc kiu tn cng sau: Tnh kh dng: Kiu tn cng ph bin nht vo tnh kh dng l tn cng t chi dch v (DoS). Cc dng tn cng DoS trn giao din Gp gm: -

Lm bo ho bng thng ca gateway bin (BG) Lm ngp DNS Lm ngp GTP Bn tin GTP PDP Context Delete b la o Thng tin nh tuyn BGP ti

DSN Cache Poisoning Nhn thc v c c quyn: K la o c th gi mo nh l mt thu bao hp l. Cc tn cng vo s nhn thc v c c quyn trn giao din Gp gm: Bn tin Create PDP Context Request b la o Bn tin Update PDP Context Request b la o

Cc tn cng overbilling. Tnh b mt v ton vn: K tn cng c th v tr truy nhp ti lu lng GTP hoc DNS. b) Cc tn cng trn giao din Gi

Giao din Gi l giao din m d liu c khi u bi MS c gi ra ngoi, truy nhp ti Internet hoc mng doanh nghip. y l giao din c phi by ti cc mng d liu cng cng v cc mng ca cc khch hng doanh nghip. Lu lng c gi ra t GGSN trn giao din Gi hoc n mt MS trn giao din Gi c th l bt k kiu lu lng no bi v ng dng c s dng MS l khng c bit. Tnh kh dng: Ging nh giao din Gp, tn cng t chi dch v (DoS) l nguy c bo mt ln nht trn giao din Gi. Cc tn cng in hnh gm: Lm bo ho bng thng Gi Lm ngp lt MS Tnh b mt: Bi v khng c c ch bo mt d liu t MS ti mng d liu cng cng hoc mng doanh nghip, do cc bn th ba c th xem d liu nu IPSec hoc bo mt lp ng dng khng c s dng. Tnh ton vn: D liu c gi qua cc mng d liu cng cng c th b thay i bi bn th ba tr khi bo mt lp cao hn c s dng. Nhn thc v c c quyn: Tr khi cc ng hm lp 2 hoc lp 3 c s dng GGSN kt ni ti mng doanh nghip, MS c th truy nhp ti mng doanh nghip ca khch hng khc. a ch ngun ca lu lng mng khng th c tin cy i vi cc mc ch nhn thc v c c quyn bi v MS hoc cc host sau MS c th to ra cc gi vi a ch bt k bt chp a ch IP c gn cho MS. c) Cc tn cng trn giao din Gn Giao din Gn l giao din bn trong mng ca nh cung cp dch v di ng. Cc nguy c bo mt c th khi ngun t bn trong mng ca nh cung cp, hoc c th xut hin t bn ngoi nhng truyn dn bn trong mng ca nh cung cp ch khi phn mang ca mng b chc thng. Cc tn cng giao din Gn trong mng c th dn n lm sp mng tu theo mc ca tn cng. Tc ng ny c th dn n downtime mng, mt dch v, mt li nhun, v lm cho khch hng thy bc tc. SGSN hoc GGSN b la o

-

Bn tin GTP PDP Context Delete b la o Cc tn cng t mt khch hng di ng ti mt khch hng di ng khc.

3.2 Cc im yu ca bo mt mng 3G UMTSMc d kin trc bo mt mng 3G cung cp cc dch v bo mt tin tin v chng li rt nhiu cc nguy c bo mt c lit k trong mng 3G, nhng kin trc bo mt 3G vn cn c cc im yu c th lm cho mng v dch v b nguy him, cc im yu ny l [2, 18]: Truyn thng vi mt BS sai Truyn thng vi BS/MS sai Tn cng cc cuc gi ra trong cc mng vi mt m ho b cm Tn cng cc cuc gi vo trong cc mng vi mt m ho b cm Mt im yu trong kin trc bo mt 3G l th tc backup i vi vic phn b li TMSI [3] Mt im yu khc na l ngi s dng c th c m t bi IMSI trong cc trao i bo hiu ng hu tuyn. Th tc to kho v nhn thc mng 3G cng l hai im yu bo mt quan trng [3]: im yu th nht cho php k tn cng nh hng li lu lng ca ngi s dng t mng ny sang mng khc. im yu th hai lin quan n th tc nhn thc mng 3G cho php k tn cng s dng cc vector nhn thc b ngt t mt mng gi mo cc mng khc.

3.3 Cc gii php bo v mng 3G UMTSTrong bng 3.2 tng hp mt s gii php chng li cc dng tn cng c th vo mng di ng 3G.

Bng 3. 2 Bo v chng li cc dng tn cng c th Cc dng tn cng Worm, Virus, Trojan, SMS/MMS spam T chi dch v (DoS), SYNflood, cc tn cng vo lp ng dng (trn b m, SIP flooding, RTP flooding...) Tn cng Overbilling Mc tiu Gii php bo v Cc ngi s dng khc, Phn mm dit virus cc phn t mng (cc mng v thit b; cng server ni dung) ngh qut ni dung HLR, AAA, cc server ni dung, cc node bo hiu Cc bc tng la, cc bc tng la bo hiu v cc h thng pht hin v ngn nga xm nhp (IDP) Cc h thng pht hin v ngn nga xm nhp (IDP) Cc bc tng la bo hiu Cc bc tng la, cc bc tng la bo hiu v cc h thng pht hin v ngn nga xm nhp (IDP)

Cc phn t qun l ca nh khai thc (AAA, HLR, VLR...) Cc phin ca ngi s dng

Spoofed PDP context

Cc tn cng mc bo Cc node bo hiu hiu (SIGTRAN, SIP) gm bin i, ngn chn, v DoS

3.3.1 Bo v chng li Malware Bc u tin trong vic bo v chng li malware l trin khai cc phn mm dit virus v bc tng la trn tt c cc thit b truy nhp mng (cc phn mm ny c th c cung cp min ph cho khch hng hoc c cung cp vi chi ph thp bi nh khai thc);

Cc nh khai thc cng nn xem xt vic trin khai cng ngh qut ni dung trong mng; v d nhiu nh khai thc Chu u trin khai sn phm RMSC trong mng. 3.3.2 Bo v bng cc bc tng la Bc tng la c th c nh ngha l mt thit b truyn thng c t gia mng (mng cn c bo v) v mt mng mng khc (mng cng cng), mng khc ny c th c php truy nhp mt cch chn lc ti mng c bo v [2]. Bc tng la quan st tt c lu lng c nh tuyn gia hai mng kim tra xem lu lng ny c p ng cc tiu chun c th hay khng. Nu mt tiu chun p ng, th lu lng c nh tuyn gia cc mng, nu tiu chun khng p ng th lu lng b chn li. Cc bc tng la c th c s dng quan st tt c n lc mun thm nhp vo mng c bo v v a ra cc cnh bo cc hot ng xm nhp bt hp php. Cc bc tng la c th lc cc gi da trn ni dung ca cc trng lc a ch (s dng cc a ch ngun v a ch ch, cc s cng) v lc giao thc (s dng kiu lu lng mng c th).

Hnh 3. 2 Bo v bng bc tng la.

Vai tr quan trng ca bc tng la c nhn trong thng tin di ng c th c tm tt nh sau [2]: Bc tng la c nhn ngn nga mt di rng cc tn cng t mng bao gm: spoofing a ch IP, qut cng, v t chi dch v; Bc tng la c nhn ngn nga cc tn cng billing, trong k tn cng c th s dng cc ca ngi s dng khc ch bng cch n gin lm cho h c lin quan n s trao i lu lng IP; Bc tng la c nhn ng gp vo vic ngn nga cc my di ng tiu th thm cng sut lm tiu hao pin ca my. iu ny c th c thc hin bng cch b sung vo bc tng la cc quy tc lc gim lu lng i vo v i ra khng cn thit, trnh r r thng tin; Bc tng la c nhn h tr mt cch hiu qu cc chc nng trong thng tin di ng nh cc dch v peer-to-peer qua IP. Bc tng la cng bo v cc giao thc truyn thng nh WAP v HTTP;

-

-

Bc tng la c nhn bo v cc my u cui di ng khi b nh hng bi cc loi virus v ni dung khng an ton trong cc tr chi c ti v v cc ng dng t Internet. iu ny c th c thc hin bi cc chc nng c th ca bc tng la c nhn nh kho Pop-Ups JavaScript, tp cc mu thi quen... Nh vy, bo v mng di ng, cc nh khai thc mng di ng nn trin khai gii php s dng cc bc tng la cc im ph hp bo v cc mc: mc gi, mc phin, mc ng dng. Cc bc tng la nn c s dng bo v h tng mng khi cc tn cng qua cc giao din chnh kt ni vi cc mng bn ngoi (qua giao din Gp v Gi), bo v chng li cc nguy c e do tim nng bn trong mng (qua cc giao din Ga v Gn).

-

Bo v mng bng cc h thng pht hin v ngn nga xm nhp

Hnh 3. 3 Bo v mng bng Firewall v IDP.

Cc h thng pht hin v ngn nga xm nhp (IDP) b sung thm vo vai tr ca cc bc tng la trong vic bo v mng thng tin di ng. Cc h thng IDP c thit k pht hin s c mt ca cc tn cng trong dng lu lng c cho php i vo trong mng. Cc h thng IDP thc hin chc nng ny nh: Cc du hiu c ch. Pht hin s bt bnh thng v giao thc Pht hin lu lng gy ra bi cc worm v Trojan; S pht hin bt bnh thng v lu lng. Thu ht cc k tn cng tim nng ti cc dch v khng tn ti;

Cc du hiu kt hp: Kt hp cc du hiu trng thi m t cc tn cng c th lan trn nhiu phin. Cc h thng IDP thng c t sau bc tng la (Hnh 3.3) thit b c th kim tra cc gi i vo v i ra khi mng. Khi lu lng c hi c pht hin, thit b IDP s ngn nga lu lng ny khng c i vo mng hoc ri khi mng. t mt h thng IDP trn ng lin kt u ra l quan trng bi v IDP cho php

nh khai thc ngn nga cc tn cng khi ngun t bn trong mng khng tc ng ti cc nh khai thc khc. 3.3.4 Bo v mng bng VPN Bo v mng bng mng ring o (VPN) c m t trn Hnh 3.4. K thut bo v lp mng tt nht l IPsec, IPsec bo v lu lng trn mi kt ni v do c lp vi lp ng dng chy trn n, ngoi ra IPsec c s dng thc hin cc mng VPN. Mt mng VPN da trn IPsec c s dng nhn thc v cho php ngi s dng truy nhp ti cc ngun ti nguyn; thit lp cc ng hm bo mt gia cc thc th truyn thng; ng gi v bo v d liu c pht bi mng. S dng VPN, cc nh khai thc mng di ng khc phc c cc im yu ca giao thc GTP bng cch mt m ho lu lng qua mt IPsec VPN v trin khai cc bc tng la kho cc dng lu lng c nh khai thc cc im yu ca GTP.

Hnh 3. 4 Bo v mng bng IPsec VPN.

trin khai VPN trn h tng ca mng di ng 3G, ba s bo mt c ngh l [3]: (1) S bo mt end-to-end, (2) S bo mt mng rng, (3) S da trn ng bin. Cc s ny khc nhau ch yu v tr m chc nng bo mt c t trong kin trc mng 3G (MS, RNC v GGSN), v d liu c c pht dng tng minh (cleartext) hay c th b xm nhp bi bn ngoi. 3.3.5 Bo v trn cc giao din ca mng Mt cch d dng hiu kiu kin trc bo mt trong mng di ng 3G l phn chia mng thnh cc vng bo mt logic nh biu din trn Hnh 3.5. Bng s phn chia ny, nh khai thc mng di ng c th nh gi mc quan trng ca thng tin trong mi vng, cc kiu tn cng trong mi vng v c ch bo v tt nht trong mi vng.

Hnh 3. 5 Cc vng bo mt trong mng di ng 3G.

Cc nh khai thc mng di ng cn phi thc hin bo mt cc kt ni gia cc thnh phn trong mng v gia cc mng: Gi, Gp, Ga, Gn. Trong , cc giao din Gp v Gi l cc im kt ni chnh gia mng ca nh khai thc v cc mng bn

ngoi khng ng tin cy. Cc nh khai thc phi bo mt mng ca mnh khi cc tn cng c ngun gc t cc mng bn ngoi. Cc gii php bo v trn giao din Gp Vn c bn vi cc nguy c bo mt trn giao din Gp l do thiu s bo mt ca giao thc ng hm GTP. GTP c s dng ng gi d liu t MS, v cng gm cc c ch thit lp, di chuyn, xo cc ng hm gia SGSN v GGSN trong cc tnh hung chuyn vng (roaming). Thc hin IPsec gia cc bn tham gia chuyn vng v qun l cc tc lu lng c th loi b phn ln cc nguy c bo mt trn giao din Gp. Cc gii php bo mt trn giao din Gp c khuyn ngh l: Thc hin lc gi vo v ra Thc hin lc gi GTP trng thi To dng lu lng GTP Thc hin cc ng hm IPsec gia cc bn tham gia roaming

Ngn chn tn cng overbilling Hnh 3.6 m t mt cu hnh c khuyn ngh i vi giao din Gp, s dng sn phm NS-500 ca Juniper.

Hnh 3. 6 Bo v giao din Gp.

3.3.5.2 Cc gii php bo v trn giao din Gi Giao din Gi l giao din m mng di ng 3G kt ni vi cc mng bn ngoi nh mng Internet, mng doanh nghip, mng ca cc nh cung cp dch v khc. Bi v cc ng dng ca thu bao c th l bt k, do cc nh khai thc mng di ng s phi phi by mng ca mnh giao din Gi ti tt c cc kiu lu lng mng. Cc gii php bo mt giao din Gi c khuyn ngh l: Thc hin ng hm logic t GGSN ti cc mng doanh nghip Gii hn tc lu lng Kim tra gi trng thi Thc hin lc gi vo v gi ra

Ngn nga tn cng Overbilling Hnh 3.7 m t s bo v giao din Gi, s dng sn phm NS-500 ca Juniper.

Hnh 3. 7 Bo v giao din Gi.

3.3.5.3 Cc gii php bo v trn giao din Gn v Ga Giao din Gn l giao din gia SGSN v GGSN, chuyn tip phn ln lu lng GTP bn trong mng ca nh khai thc. S dng qun l v cu hnh da trn chnh sch, cc nh cung cp dch v di ng c th bo v chng li cc nguy c bo mt ny sinh bn trong mng UMTS. Cc gii php bo v giao din Gn c khuyn ngh l: Qun l bc tng la da trn chnh sch, bc tng la kim tra trng thi. Trin khai bc tng la GTP l gii php ph hp cung cp s iu khin nhm xc nh kiu lu lng GTP no c cho php i qua bc tng la gia SGSN, GGSN, v gateway bin (BG). Lu lng qua giao din Ga c th dng cc chuyn tip FTP batch, cp nht c s d liu thi gian thc, hoc n gin l cc bn ghi chi tit cuc gi (CDRs). Do , gii php bo v l s dng bc tng la IP hoc b nh tuyn/chuyn mch lc gi.

Hnh 3. 8 Bo v giao din Gn.

3.3.6 Bo v t kha cnh qun tr h thng 3.3.6.1 Chnh sch iu khin truy nhp Chnh sch iu khin truy nhp vo cc phn t ca mng 3G phi cht ch vi chnh sch iu khin truy nhp ni chung c nh ngha bi chnh sch bo mt ca nh khai thc. Cc quy tc sau y nn c p dng: Tun th cc nguyn tc trong vic cp quyn truy nhp cho ngi s dng ti cc phn t ca mng 3G hoc h tr cc h thng IT. Cc nhn vin ca nh khai thc phi chu trch nhim v vic lu gi bo mt v s dng cc phn t thc hin iu khin truy nhp tin cy.

Mi ngi s dng mt h thng xc nh nn c cung cp bng mt c t (tn log-in, tn ti khon) duy nht. Vic cp php y hoc rt rng quyn truy nhp ti cc ngun ti nguyn nn b hn ch v iu khin cht ch.

3.3.6.2 Bo mt cc phn t mng lin kt ni Cc phn t mng 3G phi cung cp cc phng thc c th qun l, bo dng t xa v truyn thng vi cc h thng IT (v d nh h thng tnh cc). Thng thng, mt mng my tnh ca nh khai thc c s dng cho mc ch ny. iu ny lm gim chi ph h tng ng k nhng cng t ra cc nguy c bo mt quan trng i vi cc thc th ca h thng 3G. Nu bo mt khng c s dng, th mi ngi s dng mng my tnh ny c th truy nhp t xa ti mt phn t mng 3G nu a ch mng ca phn t ny c bit. V nguyn l, cc phn t mng 3G nn c tch ri, t nht v mt logic, khi mng my tnh ca nh khai thc. Mt tn ngi s dng v mt password duy nht nn m t mi nhn vin c cp quyn truy nhp ti phn t mng 3G. ng dng chnh xc v cc log h thng nn c duy tr, xem xt li, v c bo v. Truy nhp t xa ti cc thc th ca mng nn c xem l ch ca chnh sch bo mt ca nh khai thc v c bo v khi s nghe trm v hijacking phin. Truy nhp vt l ti cc phn t mng 3G nn c iu khin bi cc phng thc bo mt vt l ph hp. V tr vt l ca cc phn t mng nn c xem l thng tin cn c bo v. 3.3.6.3 Bo mt node truyn thng c thc hin bi cc thnh phn bo mt sau: c t ID: Mi hot ng lin quan n qu trnh chy mt node trong mng 3G nn c kt hp vi ID ngi s dng tng ng. Node mng 3G nn cm ID ngi s dng nu n khng tch cc qua mt giai on thi gian c th. Nhn thc: Tt c cc cng u vo dng cho vn hnh, qun l, bo dng v cung cp (OAM&P) ca node mng 3G (gm truy nhp v quay s trc tip) u yu cu nhn thc ngi yu cu phin thng qua cc password. iu khin truy nhp h thng: Node mng 3G khng nn cho php truy nhp ti bt k ngi yu cu phin no, tr khi c m t v c nhn thc; khng c c ch mc nh hu iu ny.

iu khin truy nhp ngun ti nguyn: Truy nhp ti cc ngun ti nguyn nn c iu khin trn c s c quyn (cho php truy nhp) kt hp vi ID ngi s dng v knh; khng nn da trn mt password kt hp vi chc nng truy nhp bi v password s phi b chia s gia cc ngi s dng yu cu truy nhp. Mt m ho cng khng nn c s dng nh l c ch iu khin truy nhp chnh. Gii trnh v kim tra: Node mng 3G nn to ra mt log bo mt gm thng tin kim tra s tn tht hoc khng chnh xc. Qun tr bo mt: Node mng 3G nn h tr cc chc nng qun l d liu lin quan n bo mt (v d: cc tham s bo mt nh cc ID ngi s dng, cc password, cc c quyn,...), cc chc nng qun l ny nn tch ri khi cc chc nng ngi s dng khc. Qun tr bo mt ch c dnh cho mt ngi qun tr ph hp. Ti liu: Bt k nh cung cp/vendor node mng 3G no nn cung cp ti liu v bo mt cho nhng ngi qun tr, nhng ngi khai thc, v nhng ngi s dng. Cc ti liu ny c th l ti liu ring hoc l cc phn kt hp vi sch ch dn ca vendor. 3.3.6.4 Bo mt h thng bo hiu s 7 Cc mng di ng ch yu s dng h thng bo hiu s 7 (SS7) truyn ti cc thng tin nh nhn thc, cp nht v tr, cc dch v b sung, v iu khin cuc gi gia cc mng. Cc bn tin c truyn ti l cc bn tin MAP. H thng SS7 cng t ra nhiu nguy c bo mt nh cc bn tin c th b thay i, b chn, hoc b xo theo mt cch khng mong mun... Do , cc nh khai thc mng di ng cn bo v mng ca mnh khi cc tn cng t cc hacker v hot ng s xut c th lm ngng mng hoc vn hnh mng khng chnh xc. 3.3.6.5 Bo mt bn trong mng Bo v b ghi nh v thng tr HLR: Truy nhp bt hp php n HLR c th dn n kt qu kch hot cc thu bao khng c hin th bi h thng tnh cc, do khng th b tnh cc. Cc dch v cng c th b kch hot hoc b ngng kch hot i vi mi thu bao, do cho php truy nhp bt hp php ti cc dch v

hoc cc tn cng t chi dch v DoS. Trong nhng trng hp c th, c th s dng cc dng lnh Man-Machine (MM) gim st hot ng ca ngi s dng HLR khc, iu ny cho php truy nhp bt hp php ti d liu. Bo v trung tm nhn thc AuC: K xm nhp nhn c quyn truy nhp trc tip ti AuC c th v hiu ho tt c cc thu bao c d liu m k xm nhp truy nhp ti. Bo v cc giao din mng: K xm nhp nhn c quyn truy nhp ti cc giao din ca mng 3G c th truy nhp ti cc thng tin c gi trn giao din. Cc tn cng Dos cng c th xy ra. H thng chm sc khch hng, h thng tnh cc: Cc h thng chm sc khch hng/tnh cc l cc k quan trng m bo kinh doanh ca nh khai thc. 3.3.6.6 USIM v th thng minh USIM c tch hp trn mt th thng minh nhiu ng dng, cn phi m bo rng kho Ki lu gi trn USIM khng th c c hoc c s dng bi ng dng bt k no khc ng dng ca 3GPP. Cn c cc th tc r rng v bo mt t cc ng dng v thng tin trn th thng minh, m bo rng thng tin 3GPP khng th b thay i theo cch khng hp php. Cn c cc trch nhim v cc th tc r rng i vi trng hp th USIM b nh cp hoc b s dng sai chc nng. 3.3.6.7 Cc thut ton Thut ton nhn thc: Thut ton nhn thc c cha trong USIM, cc nh khai thc nn la chn phin bn ca thut ton nhn thc mnh tun theo cc tiu chun xut bn ca 3GPP.Kho ring l i vi mi IMSI phi c chn ngu nhin, v phi c bo v ngn nga ngi s dng khi b lp li. Thng qua qu trnh bo mt, kho Ki phi c bo v. Thut ton b mt v ton vn: Cc thut ton b mt v ton vn tiu chun da trn KASUMI c bao gm trong tt c cc my di ng v bo v d liu ca ngi s dng di ng ti node phc v.

3.4 Thc t trin khai bo mt 3G ca mt s doanh nghip3.4.1 Thc t trin khai bo mt 3G ca VinaPhone Ngay 2/4/2009, VinaPhone c B TT-TT thng bao u iu kin c cp phep trin khai cng ngh 3G trn mang VinaPhone. Ngy 11/8/2009, Vinaphone chinh thc nhn giy phep thit lp mng v cung cp dch v vin thng di ng mt t tiu chun IMT-2000 trong bng tn 1900-2200 MHz. Mng 3G ca Vinaphone s dng cng ngh WCDMA/HSPA tn s 2100 MHz, cho php trin khai cc dch v 3G di ng bng rng, cung cp cho khch hng tc truy cp ln ti 14,4 Mbps. Vic cung cp dch v trn 2 hoc 3 bng tn gn nh khng gy kh khn cho khch hng v cc my u cui i mi hin nay phn ln h tr 2 bng tn 900 MHz/1800 MHz v cc my 3G u h tr bng tn 2100 MHz. Cc dch v 3G hin ang c VinaPhone trin khai gm: MobileTV, Mobile Internet, Mobile Camera, Mobile Broadband, Video Call v 3G Portal. Hin ti, VinaPhone khng s dng thm bt k gii php no bo v trn ng truy nhp v tuyn. Cc thut ton bo mt 3GPP c xem l mnh v rt an ton bo v giao din v tuyn. phn mng li, VinaPhone s dng cc gii php VPN, IPsec, Firewall vi thit b Netscreen-ISG2000 ca Juniper bo v cc giao din mng, c bit l bo v cc dch v ca VinaPhone trn giao din Gi (Hnh 3.9), gii php phn mm bo mt mng VPN Checkpoint bo v khch hng CP. min ng dng, cc gii php WAP, HTTP c s dng. Theo VinaPhone, cc hacker nu tn cng s tn cng IP, v tn cng ch yu vo cc dch v ca VinaPhone (vng DMZ). VinaPhone cng khuyn ngh khch hng nn t trang b thm cc phn mm dit virus, antispyware nh Kaspersky... bo v my di ng ca mnh khi truy nhp ti cc ng dng mng 3G ca VinaPhone. Thi gian ti, VinaPhone s trin khai thm cc gii php bo mt mng li ca Juniper.

Hnh 3. 9 Bo mt mng 3G ca VinaPhone.

3.4.2 Thc t trin khai bo mt 3G ca MobiFone Mng MobiFone 3G la mang vin thng di ng mt t tiu chun IMT-2000, s dng bng tn 2100 MHz c MobiFone chnh thc khai thac t ngy 15 thang 12 nm 2009 theo giy phep s 1118/GP-BTTTT do B TT-TT cp ngay 11/8/2009. MobiFone la chn cng ngh HSPA (High Speed Package Access) cho 3G. y l cng ngh cho php khch hng truy cp internet, email hay nhn cc dch v ni dung s vi tc ln ti 7.2 Mbps. Mt s dch v 3G hin ang c MobiFone trin khai gm: Wapportal, Mobile TV, Mobile Internet, Fast Connect v Video Call.

Da NangSGSNInternet

Gi Can ThoSGSN

Gn Ha noiGGSN /SGSN

Gp

Gn GnIP BackBone

Roaming Border Gateway (France Telecom )SGSN

GGSN /SGSN

TP HCM

Hai Phong

Gi

Internet

Hnh 3. 10 Bo v mng 3G ca MobiFone.

Hin ti, MobiFone khng s dng thm bt k gii php no bo v trn ng truy nhp v tuyn ca mng 3G MobiFone. Cc thut ton bo mt 3GPP c xem l mnh v rt an ton bo v giao din v tuyn. phn mng li, MobiFone s dng cc gii php VPN, IPsec, Firewall vi thit b ca Juniper nh SRX 3400 bo v cc giao din mng (Hnh 3.10). min ng dng, cc gii php WAP 1.x (vi cc thit b u cui th h trc) v WAP 2.0, HTTP c s dng. Vo thi im hin ti, mng thng tin di ng 3G mi c trin khai ca MobiFone cha thy xut hin bt k tn cng no, nhng cc tn cng tim nng u c th xut hin; nn MobiFone s dng gii php ca Juniper vi cc chnh sch bo mt ngn nga cc tn cng c th xy ra trn mng 3G ca MobiFone. Cng theo MobiFone, cc hacker nu tn cng s tn cng IP, v tn cng ch yu vo cc ng dng data. MobiFone cng khuyn ngh khch hng nn t trang b thm cc phn mm dit virus, antispyware... bo v my di ng ca mnh khi truy nhp ti cc ng dng ca mng 3G.