Page 26 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 26

FIGURE A.1:  The SS7 Protocol stack




                    OSI Model                     Application Entity                       SS7 Level


                      Layer 7             TCAP




                   Layers 4, 5, 6         ASP           TUP      ISUP     BISUP             Level 4



                                          SCCP
                      Layer 3

                                                      NETWORK                                Level 3


                      Layer 2                        DATA LINK                      MTP      Level 2



                      Layer 1                         PHYSICAL                               Level 1








             and LTE Advanced air interface), 3GPP legacy sys-  A.3 EPC PROTOCOL STACK
             tems (for example GERAN or UTRAN, air interfaces
             of GPRS and UMTS respectively), but also non-3GPP   A.3.1 MME (Mobility Management Entity) protocols
             systems (for example WIFI, WiMAX or CDMA2000)    The MME protocol stack consists of:
           The main component of the SAE architecture is the   •  S1-MME stack to support S1-MME interface with
           Evolved Packet Core (EPC), also known as SAE Core.   eNodeB
           The EPC will serve as the equivalent of GPRS networks
           (via the Mobility Management Entity, Serving Gateway   •  S11 stack to support S11 interface with Serving Gate-
           and PDN Gateway subcomponents).                      way
             The Non-Access Stratum (NAS) protocols form the
           highest stratum of the control plane between the user   MME supports the S1 interface with eNodeB. The inte-
           equipment (UE) and MME. [3] NAS protocols support   grated S1 MME interface stack consists of IP, SCTP, S1AP.
           the  mobility of the  UE and the  session management   •  SCTP (Stream Control Transmission Protocol) is a
           procedures to establish and maintain IP connectivity   common transport protocol that uses the services of
           between the UE and a PDN GW. They define the rules   Internet Protocol (IP) to provide a reliable datagram
           for a mapping between parameters during inter-system   delivery service to the adaptation modules, such
           mobility with 3G networks or non-3GPP access net-    as the S1AP. SCTP provides reliable and sequenced
           works. They also provide the NAS security by integrity   delivery on top of the existing IP framework. The
           protection and ciphering of NAS signalling messages.   main features provided by SCTP are:
           EPS provides the subscriber with a “ready-to-use” IP   i)  Association set up: An association is a connec-
           connectivity and an “always-on” experience by linking   tion that is set up between two endpoints for
           between  mobility  management  and  session  manage-    data transfer, much like a TCP connection. A SCTP
           ment procedures during the UE attach procedure.         association can have multiple addresses at each
             Complete NAS transactions consist of specific         end.
           sequences of elementary procedures with EPS Mobil-
           ity Management (EMM) and EPS Session Management      ii) Reliable Data Delivery: Delivers sequenced data
           (ESM) protocols                                         in a stream (Elimination of head-of-line blocking):




           24 • Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
   21   22   23   24   25   26   27   28   29   30   31