Geneva, Switzerland, 29 June 2016
Introduction
Signaling System No. 7 (SS7) is a set of telephony signaling protocols developed by ITU-T since 1970s, which is used to set up and tear down most of the world's telephone calls.
SS7 standards are widely applied in public switched telephone network (PSTN), which are well-known as ITU-T Q.700-series Recommendations. The Intelligent Networks standardized by ITU are also related to SS7 (ITU-T Q.1200-Q.1699). With the growth of mobile telecommunications, ETSI has developed the MAP and CAP protocols, which are also based on SS7 and are suitable for public land mobile network (PLMN), e.g. GSM network. In addition, a series of RFCs called SIGTRAN was published by IETF, which make possible to use SS7 over IP network.
SS7 was designed to be managed by operators with the understanding that anyone connected to SS7 network was considered trustable. With the current network environment, including interconnection over the Internet, SS7-based networks become vulnerable and can be attacked. Media reported vulnerabilities and security issues related to SS7 that allow tracking user’s location and voice interception. This was also confirmed by some operators.
ITU-T SG11 is currently researching on SS7 security issues and this event wishes to brainstorm on possible actions to enhance the security mechanisms of SS7.
SS7-related standards
Objectives
This workshop aimed to:
- Share information on SS7 security issues;
- Analyze the current SS7 standards and identify which one was impacted;
- Discuss how to improve SS7 standards in terms of security;
- Discuss the proposals to enhance the security of SS7-based networks for the benefit of users and operators;
- Discuss cooperation with other SDOs and organizations on SS7 security issues.
Target Audience
Both ITU members and non-members were invited. In particular, the participation of operators, vendors, security experts, research institutions and academia, standards bodies and other such similar organizations were welcomed.