FIG. 1 illustrates an example of a network system in which the Session Initiation Protocol (SIP) is used. A network system 100 includes a carrier switching network 110, a terminal 3, and a subscriber data management server 4. By using the SIP, audio communication may be executed in a network other than networks for audio communication. The SIP is a protocol in which messages that include readable plaintexts are used and details of the messages may be easily altered. Thus, an SIP signal may be used to make an attack against the vulnerability of the carrier switching network 110.
For example, in a 3rd generation (3G) network, the SIP signal passes through a radio network controller (RNC) and an asynchronous transfer mode (ATM) switching unit before arriving at the carrier switching network 110 from a 3G terminal in the example illustrated in FIG. 1. The SIP signal transmitted by the 3G terminal is temporarily terminated by the ATM switching unit and is not directly provided to the carrier switching network. Thus, in the 3G network, the carrier switching network 110 is protected from vulnerability attacks using SIP signals.
In a Long Term Evolution (LTE) network, an SIP signal reaches the carrier switching network from an LTE terminal 3 without being converted by any switching unit or the like. Thus, it is considered that, in the LTE network, an LTE terminal may be operated to easily make an attack against the SIP vulnerability of the carrier switching network 110.
FIG. 2 is a diagram illustrating an example of a system configuration of the carrier switching network 110. The carrier switching network 110 includes a plurality of SIP proxy call control server 1 and a plurality of subscriber management call control servers 2. The SIP proxy call control servers 1 are SIP proxy servers. The subscriber management call control servers 2 are servers that each connect a radio network to an IP network. The subscriber data management server 4 is an SIP location server. In the SIP, if subscriber information of the LTE terminal 3 is not registered in the subscriber data management server 4 that is the SIP location server, the LTE terminal 3 is not permitted to transmit a call request. The subscriber information is information identifying the LTE terminal and includes, for example, a phone number and an IP address. The subscriber data management server 4 is an example of a “management device”.
When receiving an SIP_INVITE message that is a call request signal, a subscriber management call control server 2 confirms whether or not subscriber information of a source terminal that transmitted the message is registered in the subscriber data management server 4. If the subscriber information of the source terminal is not registered in the subscriber data management server 4, the subscriber management call control server 2 transmits, to the source terminal, an SIP_4XX_RESPONSE message indicating a call disconnection. 4XX indicates that a status code of the RESPONSE message is in the 400s. If the status code is in the 400s, the status code indicates a client error or indicates that the source terminal has an abnormality.
If the subscriber information of the source terminal is registered in the subscriber data management server 4, the subscriber management call control server 2 selects, from among the plurality of SIP proxy call control servers 1, a transfer destination of the SIP_INVITE message and transfers the SIP_INVITE message to the selected SIP proxy call control server.
FIG. 3 is a diagram illustrating an example of a sequence of a process to be executed in the carrier switching network 110 when an SIP vulnerability attack signal is received. Hereinafter, each of LTE terminals is also referred to as user equipment (UE). FIG. 3 assumes that subscriber information of UE 3 is registered in the subscriber data management server 4. In FIG. 3, an SIP proxy call control server is indicated by reference symbol P1. In FIG. 3, a server that is among the plurality of subscriber management call control servers 2 and is related to the process to be executed on an SIP vulnerability attack signal, and a server that is among SIP proxy call control servers P1 and is related to the process to be executed on the SIP vulnerability attack signal, are illustrated.
In S1, the UE 3 transmits an SIP_INVITE message that is the SIP vulnerability attack signal. Since subscriber data of the UE 3 is registered in the subscriber data management server 4, the SIP_INVITE message is transmitted through the subscriber management call control server 2 to the SIP proxy call control server P1.
In S2, the SIP proxy call control server P1 receives the SIP_INVITE message and checks the vulnerability of the SIP. The SIP_INVITE message that is the SIP vulnerability attack signal may include undefined invalid information in a field of a header or may store a meaningless character string in a data field. The SIP proxy call control server P1 checks the vulnerability by checking whether or not the SIP message is in an invalid format not conforming to a standard format and is a message transmitted to make an attack against the vulnerability and reported to Information-technology Promotion Agency, Japan (IPA).
Since the SIP_INVITE message received by the SIP proxy call control server P1 is the SIP vulnerability attack signal, the SIP proxy call control server P1 determines that the SIP_INVITE message is invalid and detects an SIP vulnerability attack in S2.
In S3, the SIP proxy call control server P1 generates an SIP_4XX_RESPONSE message and transmits the generated SIP_4XX_RESPONSE message to the source UE 3. When receiving the SIP_4XX_RESPONSE message, the source UE 3 disconnects a corresponding call.
Since the UE 3 receives the SIP_4XX_RESPONSE message, the UE 3 disconnects the call in S4.
Examples of related art are Japanese Laid-open Patent Publications Nos. 2007-267064, 2005-258498, and 2007-188437.