CN108391271B - False position updating and identifying method - Google Patents
False position updating and identifying method Download PDFInfo
- Publication number
- CN108391271B CN108391271B CN201810056136.2A CN201810056136A CN108391271B CN 108391271 B CN108391271 B CN 108391271B CN 201810056136 A CN201810056136 A CN 201810056136A CN 108391271 B CN108391271 B CN 108391271B
- Authority
- CN
- China
- Prior art keywords
- location
- request message
- vlr
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a false position updating and identifying method, which comprises the following steps: step 1: intercepting a location update request message entering from an international signaling gateway by a false location update identification function; step 2: extracting an analysis value required in the location update request message; and step 3: constructing a location query request message; and 4, step 4: sending a location query request message; and 5: extracting parameters for identifying the information of the current service MSC/VLR of the user; step 6: comparing the extracted analysis value based on the extracted parameters of the service MSC/VLR information, and analyzing whether the received location updating request message is legal or not; and 7: and forwarding the received location updating request message to a home location register to update the location information of the user. The invention can effectively resist the position tampering attack of the mobile communication network.
Description
Technical Field
The invention relates to the technical field of mobile communication network security, in particular to a false location update identification method.
Background
At present, a communication protocol MAP (Mobile Application Part) between Mobile communication systems and a signaling system seven (SS 7) carrying the MAP protocol do not have any security protection mechanism, a Mobile user faces a security threat that data is illegally tampered, and an attacked user cannot obtain normal service within a certain time.
The essential differences between mobile communication networks and fixed telephone networks are: mobile communication networks need to support the mobility characteristics of users, i.e. in case of a change of user location, still providing effective services to mobile users through an efficient mobility management mechanism. At present, a mobile communication network completes mobility management of a mobile user through cooperation among terminal equipment, radio access network equipment and core network equipment, and a special mobile user Location management equipment is arranged in a mobile core network to be responsible for managing Location information of the user, such as HLR (Home Location Register) equipment, when the mobile user roams from one MSC/VLR service area to another MSC/VLR service area or the mobile user is switched from a power-off state to a power-on state, as shown in fig. 2, the mobile terminal sends a Location UPDATE request message to the network, and sends a Location UPDATE request MAP operation to the mobile user Location management equipment HLR by a current service VLR (Visitor Location Register), such as UPDATE _ Location operation, to inform the HLR of updating the Location information of the user; when the mobile user is powered off, the mobile terminal sends a power-off request message to the network, and a current service VLR of the user sends a user deactivation request to the HLR to inform the HLR of deleting the position information of the user; in addition, mobile communication networks require the user to periodically (referred to as a mobile station auto-registration period) transmit current location and status information to the network side while in an active state due to regulatory requirements.
In order to effectively serve users, the service areas of a mobile communication network are generally divided continuously, partial areas may be covered in a cross manner, a wireless signal coverage blind area may occur in partial areas such as an area where the user density is low and a wireless base station is inconvenient to erect, and when a user enters the wireless signal coverage blind area or cannot regularly send current position and state information to a network side due to other reasons, the network side may automatically delete the position information of the user after a "mobile station automatic registration period" is finished.
Theories and facts have proved that the location update of a virtual user can be realized by utilizing the security loophole of a No. seven signaling system of a mobile communication network, a VLR of a certain visiting network is imitated to send a location update request to a home network of the user, and the home HLR of the user is triggered to modify the location identification of the user, so that the purpose of disturbing or blocking the communication of the user is achieved. In order to solve the problems, the invention provides a false location update identification method, which realizes interception of false location update requests and effectively enhances the safety protection capability of a mobile communication network.
Disclosure of Invention
Aiming at the defects and shortcomings of the prior art, the invention provides a false location update identification method which can effectively enhance the safety protection capability of the current mobile communication network.
In order to realize the purpose, the invention adopts the technical scheme that: a false location update identification method, comprising the steps of:
step 1: intercepting a location update request message entering from an international signaling gateway by a false location update identification function;
step 2: extracting an analysis value required in the location update request message;
and step 3: constructing a location query request message;
and 4, step 4: sending a location query request message;
and 5: extracting parameters for identifying the information of the current service MSC/VLR of the user;
step 6: comparing the extracted analysis value based on the extracted parameters of the service MSC/VLR information, and analyzing whether the received location updating request message is legal or not;
and 7: and forwarding the received location updating request message to a home location register to update the location information of the user.
Further, the analysis values required in step 2 include values of "IMSI", "MSC address identifier", and "VLR number" parameters.
Further, the step 3 specifically includes: and constructing a location query request message by using the IMSI parameter value extracted from the location update request message, wherein the location query request message is used for querying the relevant information of the serving MSC/VLR of the user associated with the IMSI number.
Further, the step 4 specifically includes: and sending the constructed position inquiry request information to a home location register of the user identified by the parameter value of the IMSI.
Further, the step 5 specifically includes:
step 5.1: the home location register of the user identified by the IMSI parameter value responds to the location query request information and sends a location query response message;
step 5.2: the false location update identification function receives the location query response message and extracts the parameter capable of identifying the information of the current service MSC/VLR of the user from the location query response message.
Further, the step 6 specifically includes:
step 6.1: if the current position of the user obtained from the parameters of the extracted service MSC/VLR information is an internal network, the received position updating request message is determined to be illegal, and the message is directly intercepted; otherwise, executing step 6.2;
step 6.2: comparing the extracted parameters and analysis values of the service MSC/VLR information, analyzing whether the MSC/VLR identified by the service MSC/VLR information and the service MSC/VLR information belong to the same country, if the MSC/VLR identified by the service MSC/VLR belongs to the same country, determining that the received location updating request message is legal, and executing the step 7; otherwise, the false location update identification function generates an alarm.
The invention has the beneficial effects that:
1. the invention deploys the false location update identification function body in the mobile communication network, and effectively identifies the false location update request message entering from the international signaling gateway by comparing and analyzing the parameters carried in the location update request message and the location query response message, thereby providing a reliable protection means for resisting the location tampering attack of the mobile communication network and enhancing the safety protection capability of the current mobile communication network.
2. The invention makes full use of the service area characteristics of the mobile communication network and the mobility management characteristics of the mobile communication network to the users, and the technical principle and the realization method are simple and easy to understand.
Drawings
FIG. 1 is an overall flow diagram of the process of the present invention.
Fig. 2 is a flow chart of information interaction during location update of a mobile communication network in the prior art.
Fig. 3 is a flow chart of information interaction during location update of the mobile communication network according to the method of the present invention.
Detailed Description
The invention is described in further detail below with reference to the following figures and detailed description:
example 1: as shown in fig. 1, a false location update identification method includes the following steps:
step S101: intercepting a location update request message entering from an international signaling gateway by a false location update identification function;
step S102: extracting an analysis value required in the location update request message;
step S103: constructing a location query request message;
step S104: sending a location query request message;
step S105: extracting parameters for identifying the information of the current service MSC/VLR of the user;
step S106: comparing the extracted analysis value based on the extracted parameters of the service MSC/VLR information, and analyzing whether the received location updating request message is legal or not;
step S107: and forwarding the received location updating request message to a home location register to update the location information of the user.
Example 2: as shown in fig. 3, a method for identifying a false location update includes the following steps:
step S201: the false LOCATION UPDATE identification function intercepts the LOCATION UPDATE request message inbound from the international signaling gateway, i.e., the UPDATE LOCATION message in fig. 3.
Step S202: the false location update identity function extracts the values of the parameters "IMSI", "MSC address identity" and "VLR number" in the location update request message.
Wherein, the IMSI parameter value identifies the user with position update; the two parameter values of "MSC address identification" and "VLR number" identify the information of the serving MSC and serving VLR where the current user is located.
Step S203: the false location update identity function constructs a location query request message, i.e. ANY _ TIME _ interval message in fig. 3, using the "IMSI" parameter value extracted from the location update request message, for querying information about the serving MSC/VLR of the subscriber associated with the "IMSI" number.
Step S204: the false location update identification function sends the constructed location query request message to the home location register of the subscriber identified by the "IMSI" parameter value.
Step S205: the home location register of the user identified by the "IMSI" parameter value sends a location query response message, i.e., ANY _ TIME _ interval ACK message in fig. 3, in response to the location query request message.
Step S206: the false location update identification function receives the location query response message and extracts the parameter capable of identifying the information of the current service MSC/VLR of the user from the location query response message.
Step S207: if the current position of the user obtained from the parameters of the extracted service MSC/VLR information is an internal network, the false position updating identification function body determines that the received position updating request message is illegal and directly intercepts the message; otherwise, step S208 is performed.
Step S208: comparing the extracted parameters and analysis values of the service MSC/VLR information, analyzing whether the MSC/VLR identified by the service MSC/VLR information and the service MSC/VLR information belong to the same country, if the MSC/VLR identified by the service MSC/VLR belongs to the same country, determining that the received location updating request message is legal, and executing step 209; otherwise, the false location update identification function generates an alarm.
After the false position updating and identifying function generates an alarm, a post-processing function can be configured for further judgment and processing; such as: using the geographic information, whether the parameter value such as "MSC number" or "VLR number" extracted in step S206 is adjacent to the networks of two different countries or operators represented by the parameter value such as "MSC address identifier" or "VLR number" extracted in step S202 is analyzed. The invention does not limit the relevant functions of the post-processing.
Step S209: and forwarding the received location updating request message to a Home Location Register (HLR) to update the location information of the user.
The invention provides a false location update identification method, which is used for identifying location update request messages from an overseas network; the method deploys a false location update identification function body in the mobile communication network, and effectively identifies the false location update request message entering from the international signaling gateway by analyzing parameters carried in the location update request message and the location query response message, thereby providing a reliable means for resisting location tampering attack of the mobile communication network and enhancing the safety protection capability of the current mobile communication network; the invention makes full use of the service area characteristics of the mobile communication network and the mobility management characteristics of the mobile communication network to the users, and the technical principle and the realization method are simple and easy to understand.
It should be noted that the above-mentioned embodiments are only used for illustrating or explaining the principle of the present invention, and not for limiting the present invention, therefore, several improvements and modifications can be made without departing from the spirit and scope of the present invention, and these improvements and modifications should be considered as within the scope of the claims of the present invention.
Claims (1)
1. A false location update identification method is characterized by comprising the following steps:
step 1: intercepting a location update request message entering from an international signaling gateway by a false location update identification function;
step 2: extracting analysis values required in the location updating request message, wherein the required analysis values comprise values of parameters of IMSI, MSC address identifier and VLR number;
and step 3: constructing a location query request message, specifically comprising: using the 'IMSI' parameter value extracted from the location updating request message to construct a location query request message for querying the relevant information of the service MSC/VLR of the user associated with the 'IMSI' number;
and 4, step 4: sending a location query request message, specifically including: sending the constructed position inquiry request information to a home location register of a user identified by the IMSI parameter value;
and 5: extracting the parameters for identifying the information of the current service MSC/VLR of the user specifically comprises the following steps:
step 5.1: the home location register of the user identified by the IMSI parameter value responds to the location query request information and sends a location query response message;
step 5.2: the false location updating and identifying function receives the location inquiry response message, and extracts the parameter capable of identifying the current service MSC/VLR information of the user from the location inquiry response message;
step 6: comparing the extracted analysis value based on the extracted parameters of the service MSC/VLR information, and analyzing whether the received location updating request message is legal or not, specifically comprising the following steps:
step 6.1: if the current position of the user obtained from the parameters of the extracted service MSC/VLR information is an internal network, the received position updating request message is determined to be illegal, and the message is directly intercepted; otherwise, executing step 6.2;
step 6.2: comparing the extracted parameters and analysis values of the service MSC/VLR information, analyzing whether the MSC/VLR identified by the service MSC/VLR information and the service MSC/VLR information belong to the same country, if the MSC/VLR identified by the service MSC/VLR belongs to the same country, determining that the received location updating request message is legal, and executing the step 7; otherwise, the false position updating and identifying function body generates an alarm;
and 7: and forwarding the received location updating request message to a home location register to update the location information of the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810056136.2A CN108391271B (en) | 2018-01-20 | 2018-01-20 | False position updating and identifying method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810056136.2A CN108391271B (en) | 2018-01-20 | 2018-01-20 | False position updating and identifying method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108391271A CN108391271A (en) | 2018-08-10 |
| CN108391271B true CN108391271B (en) | 2021-02-09 |
Family
ID=63077420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810056136.2A Active CN108391271B (en) | 2018-01-20 | 2018-01-20 | False position updating and identifying method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108391271B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111328073B (en) * | 2018-12-14 | 2023-08-15 | 中国移动通信集团广西有限公司 | Method and device for defending risk of No. seven signaling |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101198154A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Method for protecting positional information of mobile subscriber |
| CN101106818B (en) * | 2007-06-18 | 2010-08-04 | 中兴通讯股份有限公司 | A system and method for summarizing user roaming status in GSM network service area |
| CN106550346A (en) * | 2015-09-21 | 2017-03-29 | 中兴通讯股份有限公司 | Roamer's recognition methodss and device |
| CN104506539B (en) * | 2014-12-26 | 2017-12-15 | 珠海迈越信息技术有限公司 | A kind of server identification method and device based on firmware renewal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100683507B1 (en) * | 2005-12-02 | 2007-02-15 | 한국전자통신연구원 | Method and apparatus for paging in heterogeneous wireless networks for low power consumption of mobile terminals |
| US8571564B2 (en) * | 2011-11-14 | 2013-10-29 | Movirtu Limited | Method and system for enabling usage of mobile telephone services on a donor device |
-
2018
- 2018-01-20 CN CN201810056136.2A patent/CN108391271B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101198154A (en) * | 2006-12-05 | 2008-06-11 | 中兴通讯股份有限公司 | Method for protecting positional information of mobile subscriber |
| CN101106818B (en) * | 2007-06-18 | 2010-08-04 | 中兴通讯股份有限公司 | A system and method for summarizing user roaming status in GSM network service area |
| CN104506539B (en) * | 2014-12-26 | 2017-12-15 | 珠海迈越信息技术有限公司 | A kind of server identification method and device based on firmware renewal |
| CN106550346A (en) * | 2015-09-21 | 2017-03-29 | 中兴通讯股份有限公司 | Roamer's recognition methodss and device |
Non-Patent Citations (2)
| Title |
|---|
| "Pseudo-—Location Updating System for Privacy--Preserving Location·Based Services";NIU BEN ect.;《中国通信》;20150918 * |
| "数字签名在伪基站诈骗识别与防范中的应用";陈欣,刘朔;《武汉轻工大学学报》;20170915 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108391271A (en) | 2018-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7234342B2 (en) | Method, system, and computer-readable medium for time-distance security measures for downstream roaming subscribers utilizing Diameter edge agents | |
| US11770694B2 (en) | Methods, systems, and computer readable media for validating location update messages | |
| US8238901B2 (en) | Provision of position information in telecommunications networks | |
| JP3981118B2 (en) | Method for notifying a legitimate intercept system of a service system that services an intercepted goal | |
| WO2007051223A1 (en) | Profile based communications service | |
| CN110419248A (en) | Method and apparatus for the secret protection in paging user equipment | |
| Rao et al. | We know where you are! | |
| WO2001065884A1 (en) | Optimised routing of mobile calls | |
| CN101489214B (en) | Method, apparatus and system for detecting user side equipment | |
| CN108391271B (en) | False position updating and identifying method | |
| US6226511B1 (en) | Method and apparatus for configuration of authentication center operations in a mobile telephone system | |
| CN104768157A (en) | Method for preventing counterfeit mobile communication network base station from fraud | |
| CN100574214C (en) | The implementation method of protection mobile network resource | |
| CN111163033B (en) | Message forwarding method and device, communication network element and computer readable storage medium | |
| WO2011080638A1 (en) | Illegal carrier detection platform and method | |
| CN101715176A (en) | Short message router, short message monitoring system and short message monitoring method | |
| CN107911813B (en) | Transparent mode mobile user identity management method and system | |
| JP3845308B2 (en) | Detection of unauthorized mobile stations in mobile communication systems using location information of mobile stations | |
| CN108200007B (en) | Dynamic identity management method and system for mobile network | |
| CN102724649A (en) | Method for monitoring position change of low mobility terminal and system thereof | |
| US8761767B2 (en) | Method, system, terminal and network side for triggering terminal response | |
| KR100964246B1 (en) | Lost mobile management system for out bound roaming and method thereof | |
| KR100668388B1 (en) | System for tracking illegal mobile communication terminal about international roaming user | |
| EP2871875B1 (en) | Security method for the verification of an information retrieval request | |
| CN107911814B (en) | HSS (home subscriber server) -enhanced user identity information protection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |