Page 25 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 25
ANNEX A
Technical description of SS7 and diameter
A.1 THE SS7 PROTOCOL STACK layer for air interface protocols such as BSSAP and
RANAP. TCAP provides transaction capabilities to its
Signalling System No. 7 (SS7) is a set of telephony Users (TC-Users), such as the Mobile Application Part,
signalling protocols developed in 1975, which is used the Intelligent Network Application Part and the CAMEL
to set up and tear down most of the world’s public Application Part.
switched telephone network (PSTN) telephone calls. It The Message Transfer Part (MTP) covers a portion of
also performs number translation, local number por- the functions of the OSI network layer including: net-
tability, prepaid billing, Short Message Service (SMS), work interface, information transfer, message handling
and other mass market services. and routing to the higher levels. Signalling Connection
In North America it is often referred to as CCSS7, Control Part (SCCP) is at functional Level 4. Together
abbreviated for Common Channel Signalling System 7. with MTP Level 3 it is called the Network Service Part
In the United Kingdom, it is called C7 (CCITT number 7), (NSP). SCCP completes the functions of the OSI net-
number 7 and CCIS7 (Common Channel Interoffice Sig- work layer: end-to-end addressing and routing, connec-
nalling 7). In Germany, it is often called ZZK-7 (Zentraler tionless messages (UDTs), and management services
ZeichengabeKanal Nummer 7). for users of the Network Service Part (NSP). Telephone
The only international SS7 protocol is defined by ITU- User Part (TUP) is a link-by-link signalling system used
T’s Q.700-series recommendations in 1988. Of the many to connect calls. ISUP is the key user part, providing a
national variants of the SS7 protocols, most are based circuit-based protocol to establish, maintain, and end
on variants of the international protocol as standardized the connections for calls. Transaction Capabilities Appli-
by ANSI and ETSI. National variants with striking char- cation Part (TCAP) is used to create database queries
acteristics are the Chinese and Japanese (TTC) national and invoke advanced network functionality, or links to
variants. Intelligent Network Application Part (INAP) for intel-
The Internet Engineering Task Force (IETF) has ligent networks, or Mobile Application Part (MAP) for
defined the SIGTRAN protocol suite that implements mobile services.
levels 2, 3, and 4 protocols compatible with SS7. Some-
times also called Pseudo SS7, it is layered on the Stream
Control Transmission Protocol (SCTP) transport mech- A.2 THE DIAMETER PROTOCOL STACK
anism.
The SS7 protocol stack may be partially mapped to The diameter protocol is used to communicate between
the OSI Model of a packetized digital protocol stack. components in the System Architecture Evolution
OSI layers 1 to 3 are provided by the Message Transfer (SAE). SAE is the core network architecture of 3GPP’s
Part (MTP) and the Signalling Connection Control Part LTE wireless communication standard. SAE is the evolu-
(SCCP) of the SS7 protocol (together referred to as the tion of the GPRS Core Network, with some differences:
Network Service Part (NSP)); for circuit related signal-
ling, such as the BT IUP, Telephone User Part (TUP), or • simplified architecture
the ISDN User Part (ISUP), the User Part provides layer • all-IP Network (AIPN)
7. Currently there are no protocol components that pro-
vide OSI layers 4 through 6. The Transaction Capabili- • support for higher throughput and lower latency
ties Application Part (TCAP) is the primary SCCP User in radio access networks (RANs)
the Core Network, using SCCP in connectionless mode. • support for, and mobility between, multiple hetero-
SCCP in connection-oriented mode provides transport geneous access networks, including E-UTRA (LTE
Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 23