Technical aspects of information security in ATSC-90.

Technical aspects of information security in ATSC-90.

Technical aspects of information security in ATSC-90

The first generation of software-controlled telephone exchanges began with the introduction of AT&T's ESS#1 in 1965 (like almost everything else in telephony). The use of software control made it possible to increase the number of services available to network subscribers and improve the quality of their service with relatively simple means.

At the same time, the specifics of using software are such that even accidental, and especially intentional, malicious distortion of information can lead to serious consequences. Ensuring the confidentiality of information and providing access to it only to those who have the right to do so are matters of paramount importance.

The introduction of new functions, subscriber and network interfaces in modern telephone exchanges using standard computer equipment and information technology for this purpose increases the number of threats to information security (IS).

Systems become vulnerable when, in the presence of one or more threats, there are no security measures or there are deficiencies in the system of such measures. In this case, the threat of unauthorized access (UA) is directly associated with the inadequacy of access control, and the threat of losing important system functions is associated with ineffective planning for emergency situations, etc.

The ATSC-90 of L4 and L5 levels with ISDN functions uses a wide range of terminal equipment, subscriber and network interfaces, types of signaling and types of service provided to the user.

The network structure based on the ATSC-90 equipment (Fig. 1) ensures connection with subscribers of other telephone exchanges, as well as the establishment of non-telephone connections with subscribers of data transmission networks operating in the Interconnected Communications Network (ICN).

Fig. 1. ICN network architecture

The main aspects of information security of such a system are:

1) reliability of hardware and software;

2) user identification and verification;

3) registration and accountability.

A hardware or software failure (requirement 1) can compromise confidentiality in an access control device, with subsequent downgrading of the protection level to restore functionality. Sometimes even a minor failure of one of the memory chips, for example during copying, can lead to loss of information.

For four types of PBXs used in the USA, changing the software version is a direct threat to information security, as confirmed by data from the US Federal Communications Commission. In the context of this article, the curves below are considered a special case, so the names of the PBXs and manufacturers are not indicated.

Requirement 2 assumes:

• authorization of the terminal and/or personnel with an exact definition of the sets of commands and processes available to a particular user, with identifiers assigned by the network operator;

• defining a user profile to prevent unauthorized actions;

• protecting files with passwords up to 40 characters long. The password is not displayed when typed, and the secret part of the session protocol is suppressed.

Finally, requirement 3 assumes registration of all communication sessions. It must be possible to register MML commands or attempts to access data closed to a given user that are not authorized for that user. Information about such attempts must be sent to the Central Control Center or a special center.

The concept of the ATSC-90 information security must be based on meeting the requirements for network components and transmission protocols, including guarantees of data reliability and integrity.

Ensuring the ATSC-90/L5 information security must be achieved using a comprehensive information protection system (CIPS), regulated by the State Technical Commission under the President of the Russian Federation.

CIPS in information technology and communication systems and means includes the implementation of requirements for protection against:

• interception of information in communication channels;

• unauthorized access to information;

• information leakage through side channels;

• the introduction of special technical devices for intercepting information;

• software and hardware impacts and virus programs.

Compliance of technical means with information security requirements is established and monitored in the «Certification System for Information Security Means According to Security Requirements». ROSS RU.0001. BIOO of the State Technical Commission of Russia.

The presence of possible software backdoors (BH) in the software and their activation can disrupt the operation of both a separate station and the entire network. There are various options for using control signals to activate the BH, for example:

• a special mode such as «additional service», not specified in the technical documentation;

• a special subscriber number or special manipulations with the subscriber handset to bypass the SORM system;

• the TSAR subsystem as part of OKS7 and the application subsystems organized on its basis, such as MAP, INAP, OMAR, etc.

Based on the results of the analysis of the typical structure of the ATS and the currently available documents of the State Technical Commission of Russia, we will consider the concept of the ATSC-90/Ь5 ​​information security for protection against unauthorized access.

Taking into account the approach set out in the guidance document of the State Technical Commission of Russia «Automated Systems. Protection against Unauthorized Access to Information. Classification of Automated Systems and Information Security Requirements», ATSC90/L5 consists of two subsystems — switching and control.

Fig. 2. Time of complete shutdown by types of switching systems per year

Main components of the switching subsystem (Fig. 3):

• digital switching field (DSF);

• modules for interfacing with subscriber lines (MA);

• modules for interfacing with connecting lines to other automatic telephone exchanges (MASL, MSL);

• modules for interfacing with connecting lines to the technical operation center — TOC (MTE).

The main components of the control subsystem are:

• control devices (CD), consisting of hardware (HW) and software (SW) tools;

• automated workstations of station operators (AWS).

The UU interacts with each functional block of the switching system (SS) via the intra-station interface.

The set of equipment and station interfaces ATCL[-90/L5 ensures efficient operation not only as part of the CSIO, but also in the analog-digital network. It also provides for interfacing with analog subscriber lines and implementation on connecting lines to other PBXs (except for OKS No. 7) of linear signaling protocols of the 2ВСК and 1ВСК types using a PCM interface with speeds of 2.048 and 1.024 Mbit/s.

Fig. 3. Structural and functional diagram of the organization of interfaces on ATCU-90/L5 and NSD channels (1-7)

Composition and characteristics of station interfaces (see Fig. 3):

1. Interfaces «usernetwork»:

• interface Z (analog subscriber line interface);

• VI, V3 interfaces, providing the ability to organize one basic (VI) and one primary access (V3);

• V5.1 and V5.2 interfaces, allowing the use of one digital line (V5.1) and up to 16 digital lines (V5.2) with a symbol transfer rate of 2048 kbps.

2. Network-to-network interface:

• A, B and C interfaces with a symbol transfer rate of 2048 (A), 8448 (B) kbps and a 2- and 4-wire analog interface for receiving an analog connection (C);

• Q3 interface — for the interface with the central heating station.

3. Intra-station interfaces:

• F interface between the ATC-90 and the automated workplace;

• G interface (human-machine interface) for technical operation functions implemented in accordance with ITU-T Z.300 series recommendations.

In such a structure, when identifying a potential intruder and creating his model, it is necessary to proceed from the fact that the intruder has experience in the operation and knowledge of the technical and software means of the ATS, has physical access to the standard means of the ATS-90 and the ability to work with these means for a certain time without outside control.

Fig. 4. Possible models of the NSD kATSC-90

The intruder can use the following main methods of NSD to information (Fig. 4):

• direct access to access objects;

• creation of software and technical means that perform access to access objects bypassing security means;

• modification of security means that allows for unauthorized access;

• introduction of software and technical mechanisms into the technical means of the ATC that violate the intended structure and functions of the ATC and allow for unauthorized access;

• manifestation of malfunctions of the PBX equipment, leading to unauthorized access. In accordance with the recommendations of the State Technical Commission of Russia, the classification of unauthorized access violators is carried out depending on the level of capabilities provided to them by the standard means of the PBX.

The first level of capabilities is launching from a fixed set of tasks (programs) implementing pre-provisioned functions for processing information.

The second level is determined by the ability to create and launch your own programs with new functions for processing information.

The third level is associated with participation in managing the functioning of the system, that is, influencing its basic software, composition and configuration of equipment.

The fourth, highest level in the system, is determined by the entire scope of capabilities of persons engaged in the design, implementation, operation and repair of technical equipment, up to the inclusion of their own technical equipment with new functions for processing information in the equipment.

Potential violators of the rules for restricting access to information of the ATSC-90 are:

• programmers participating in the development and manufacture of the ATSC-90/L5 (level 4);

• ATC operators (level 3);

• TSC operators (level 3);

• electronic engineers* (level 4).

If the classification of NSD violators is carried out according to the level of capabilities, then the actions of a potential violator can be divided into two groups depending on the following situations:

• absence of software and hardware bugs in the ASC-90;

• presence of the specified bugs.

For the first group, the following strategy for organizing a threat protection system is envisaged:

• use of a software or hardware-software protection complex on the automated workplace that has a certificate from the State Technical Commission of Russia, for example, «Accord», Dallas Lock, Secret Net. Additionally, special software and hardware protection tools should be developed based on an analysis of the vulnerability of the automatic telephone exchange;

• application of duplication, backup and response tools at the CS, which should ensure the required reliability and reduce the probability of occurrence of «hazardous events» to acceptable limits;

• development of alarm systems when equipment is opened to control physical access to the nodes of the CS and information highways;

• conducting certification tests in the certification system of the State Technical Commission of Russia ROSS RU.0001.01 BIOO.

Organization of protection of the ATSC-90 for the second group of potential violators is based on the following approach:

• Detection in the composition of the station software and blocking of embedded PPs are impossible.

• Detection and blocking of information about activation of the software in real time is not possible.

• It is necessary to implement a number of operational rules on the ATSC-90, according to which the personnel periodically executes a command to copy to a specially allocated external storage device (SED) the working areas of the random access memory (RAM), station control devices, as well as RAM areas storing programs, current variables and constant data on the resources of the station and the system. After the copying operation is completed, the SED must be physically disconnected from the system.

• If the station personnel detect signs of activation of the PP, a complete restart of the station must be organized in the manual control mode of the initial start from the SED disk.

• For the automated workstation operators, it is necessary to develop and implement technical means for character-by-character documentation of all information entered from the consoles with strict continuous administrative control of the console time regulations.

• An agreement is required between the communications administration and the international network administration to exclude the transmission of messages with non-telephone functions via the KS No. 7 from the international switching center to the AMTS and UAC VSS of Russia stations (to prevent activation of the PZ, TSAR and OMAR formats), as well as the development of special testing devices on the international section that ensure the detection and recording of all cases of transmission of non-telephone messages of the fourth level.

Based on the analysis of the structural and functional diagram of a modern automatic telephone exchange with ISDN functions (using the ATSC-90 as an example), it is possible to determine the objects and elements of protection.

Based on the analysis of access subjects and their potential capabilities for implementing NSD, it is possible to develop the most technically probable scenario for the impact on the software of stations with ISDN functions in the presence of PZ and to provide the functional and target characteristics of the NSD program functioning model.