YANG MAN ZHI (CN)
| WO2006124293A2 | 2006-11-23 |
| US20060200855A1 | 2006-09-07 | |||
| EP1746814A2 | 2007-01-24 |
| Claims 1. A method for preventing attacks, comprising the steps of: calculating the Hash value of a designated string as an attack-preventing token of a media gateway control protocol message to be sent by a first device to a second device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message, and wherein said attack-preventing token is to be sent together with said media gateway control protocol message to said second device. 2. The method as claimed in claim 1, wherein it further comprises the steps of: generating a random number and a timestamp based on a current time, wherein said attack-preventing token further comprises said random number and timestamp generated, and said designated string further comprises said random number and timestamp generated . 3. The method as claimed in claim 1 or 2, wherein, said identifier is the network address of said media gateway, or the network address and the port number of said media gateway. 4. A method for preventing attacks, comprising the steps of: calculating the Hash value of a designated string when a second device receives a media gateway control protocol message and an attack-preventing token including a Hash value sent by a first device, wherein, said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message; judging whether said calculated Hash value and the Hash value contained in said attack-preventing token are the same; and when the judgement result is affirmative, determining that said first device is an authorized device. 5. The method as claimed in claim 4, wherein said attack-preventing token further comprises a random number and a timestamp, and said judging step further comprises: judging whether said calculated Hash value and the Hash value contained in said attack-preventing token are the same, whether the random numbers received previously by said second device from said first device do not include the random number as contained in said attack-preventing token, and whether the time of the timestamp representing the latest time received by said second device from said first device is earlier than the time represented by the timestamp contained in said attack-preventing token, and said method further comprises the steps of: storing said random number contained in said attack- preventing token as the random number received by said second device from said first device when said first device is determined as an authorized device, and storing said timestamp contained in said attack-preventing token as the timestamp representing the latest time received by said second device from said first device. 6. The method as claimed in claim 4 or 5, wherein, said identifier is the network address of said media gateway, or the network address and the port number of said media gateway. 7. An apparatus for preventing attacks, comprising: a calculating module for calculating the Hash value of a designated string as an attack-preventing token of a media gateway control protocol message to be sent by a first device to a second device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message, and wherein said attack-preventing token is to be sent together with said media gateway control protocol message to said second device. 8. The apparatus as claimed in claim 7, wherein it further comprises: a generating module for generating a random number and a timestamp based on a current time, wherein, said attack-preventing token further comprises said random number and timestamp generated, and said designated string further comprises said random number and timestamp generated . 9. An apparatus for preventing attacks, comprising: a calculating module for calculating the Hash value of a designated string when a second device receives a media gateway control protocol message and an attack-preventing token comprising a Hash value sent by a first device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message; a judging module for judging whether said calculated Hash value and said Hash value contained in the attack-preventing token are the same; and a determining module for determining said first device as an authorized device when the judgement result is affirmative. 10. The apparatus as claimed in claim 9, wherein said attack-preventing token further comprises a random number and a timestamp, said judging module is further used for: judging whether said calculated Hash value and the Hash value contained in said attack-preventing token are the same, whether all random numbers received previously by said second device from said first device do not include said random number contained in said attack-preventing token, and whether the time of the timestamp representing the latest time received by said second device from said first device is earlier than the time represented by said timestamp contained in said attack- preventing token, and said apparatus further comprises a storage control module so that when said first device is determined as the authorized device, the storage control module is used for storing said random number contained in said attack-preventing token as the random number received by said second device from said first device, and storing said timestamp contained in said attack- preventing token as the timestamp representing the latest time received by said second device from said first device. 11. A first device, comprising: a storage module for storing the cipher key shared between said first device and a second device; an attack-preventing module, comprising: a calculating module for calculating the Hash value of a designated string as an attack-preventing token of a media gateway control protocol message to be sent by said first device to said second device, wherein said designated string is formed by a cipher key stored in said storage module, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message; and a communication module for sending said media gateway control protocol message and said attack-preventing token to said second device. 12. The first device as claimed in claim 11, wherein said attack-preventing module further comprises a generating module for generating a random number and a timestamp based on a current time, and wherein said attack-preventing token further comprises said random number and timestamp generated, and said designated string further comprises said random number and timestamp generated . 13. The first device as claimed in claim 11 or 12, wherein said first device is a media gateway or a media gateway controller . 14. A second device, comprising: a storage module for storing a cipher key shared between said second device and a first device; a communication module for receiving the media gateway control protocol message and an attack-preventing token comprising a Hash value sent by said first device; an attack-preventing module, comprising: a calculating module for calculating the Hash value of a designated string, wherein said designated string is formed by a cipher key stored in said storage module, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message; a judging module for judging whether said calculated Hash value and the Hash value contained in said attack- preventing token are the same; and a determining module for determining that said first device is an authorized device when the judgement result is affirmative; and an executing module for executing an operation corresponding to said received media gateway control protocol message, when said first device is determined as an authorized device . 15. The second device as claimed in claim 14, wherein said attack-preventing token further comprises a random number and a timestamp, said storage module is further used for storing all random numbers received previously by said second device from said first device and the timestamp representing the latest time received by said second device from said first device; said judging module is further used for: judging whether said calculated Hash value and the Hash value contained in said attack-preventing token are the same, whether all random numbers stored in said storage module do not include said random number contained in said attack-preventing token, and whether the time represented by the timestamp stored in said storage module is earlier than the time represented by said timestamp contained in said attack-preventing token, and said second device further comprises a storage control module so that when said first device is determined as an authorized device, the storage control module is used for storing in said storage module said random number contained in said attack-preventing token as the random number received by said second device from said first device, and storing in said storage module said timestamp contained in said attack- preventing token as the timestamp representing the latest time received by said second device from said first device. 16. The second device as claimed in claim 14 or 15, wherein said second device is a media gateway or a media gateway controller. 17. A machine-readable storage medium, comprising thereon machine-readable instructions, so that when said machine- readable instructions are executed, they will cause a machine to execute the steps contained in any one of claims 1 to 6. |
PROTOCOL MESSAGE
Technical field
The present invention relates to a method and an apparatus for preventing attacks.
Background art
Next Generation Network (NGN) is a service convergence network which uses packet-based networks as carriers to provide a multiplicity of services such as fixed and mobile voice, data and video services and so on. Media gateway controllers (MGC) and media gateways (MG) are two types of important devices in packet-based networks, wherein a media gateway is responsible for service carrier functions and is used to convert different access modes into a real-time transport protocol (Real-time Transport Protocol) stream suitable for transporting on an IP (Internet Protocol) network, and a media gateway controller is responsible for call control functions and is used to
accomplish the separation of a call control plane and a service carrier plane.
The media gateway control (MEGACO) protocol is a main protocol for communication between the media gateway controller and the media gateway. According to the media gateway control protocol, the communications between the media gateway
controller and the media gateway are carried out by a variety of media gateway control protocol messages, such as Add,
Modify, Subtract and ServiceChange, etc., so as to accomplish different functions. For example, a media gateway may request a media gateway controller to perform a register or a deregister operation through a ServiceChange message, a media gateway controller can instruct a media gateway to modify the status of a user to call-busy by a Modify message, and a media gateway can request a media gateway controller to subtract a call of call-end by a Subtract message.
Since the communication between a media gateway controller and a media gateway is implemented through a variety of media gateway control protocol messages to accomplish different functions, if the media gateway control (MEGACO) protocol does not have a security mechanism, then when there are unauthorized media gateways or unauthorized media gateway controllers in a network, the media gateway control protocol is highly
vulnerable to attacks by the unauthorized media gateways or the unauthorized media gateway controllers. For example, an
unauthorized media gateway can pretend to be an authorized media gateway to request an authorized media gateway controller to perform a deregister operation to the authorized media gateway by means of a ServiceChange message, so as to
accomplish a deregister attack; an unauthorized media gateway controller can inform an authorized media gateway of call-busy by means of a Modify message to accomplish a call-busy attack, causing a user to be unable to use the authorized media gateway to carry out a telephone call; an unauthorized media gateway can request an authorized media gateway controller to subtract a call to accomplish a call subtract attack by means of a
Subtract message, thus interfering with an authorized call; and an unauthorized media gateway can obtain the messages sent by an authorized media gateway to an authorized media gateway controller, and then send the obtained messages again to the authorized media gateway controller to accomplish a replay
In order to prevent the media gateway control protocol from being attacked by unauthorized media gateways or media gateway controllers utilizing the media gateway control protocol, some corresponding security mechanisms are adopted in the current media gateway control protocol. One of the security mechanisms adopted in the current media gateway control protocol is to use the network address to carry out an identity authentication. Particularly, an
authorized media gateway controller sets up a white list of names in advance for storing the network address of every authorized media gateway; then, when the authorized media gateway controller receives a message sent from a media
gateway, the authorized media gateway controller judges whether the white list of names contains the network address of the media gateway contained in the received message; and next, if the judgement result is affirmative, which indicates that the media gateway is an authorized media gateway, the authorized media gateway controller will carry out the corresponding operation according to the received message, while, if the judgement result is negative, which indicates that the media gateway is an unauthorized media gateway, the authorized media gateway controller will not carry out the operation
corresponding to the received message. However, since the network addresses contained in the messages are highly
vulnerable to fraud ( b V C SG - LI :; se > , s uch a security mechanism cannot protect the media gateway control protocol from suffering the above attacks .
Another security mechanism adopted in the current media gateway control protocol is by using IPsec (IP layer protocol security framework) to protect the communication between the authorized media gateways and the authorized media gateway controllers. However, due to the requirements of the quality of service (QoS) , it is difficult to deploy IPsec in a network adopting the media gateway control protocol.
In view of the above problems in the prior art, the object of the present invention is to provide a method and an
apparatus for preventing attacks, and furthermore by using the method and the apparatus to reduce or to avoid attacks to the media gateway control protocol. A method for preventing attacks according to the present invention comprises the steps of: calculating the Hash value of a designated string as an attack-preventing token of a media gateway control protocol message to be sent by a first device to a second device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message, and wherein said attack-preventing token is to be sent together with said media gateway control protocol message to said second device.
A method for preventing attacks according to the present invention comprises the steps of: calculating the Hash value of a designated string when a second device receives a media gateway control protocol message and an attack-preventing token including a Hash value sent by a first device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message;
judging whether said calculated Hash value and the Hash value contained in said attack-preventing token are the same; and when the judgement result is affirmative, determining that said first device is an authorized device.
An apparatus for preventing attacks according to the present invention comprises: a calculating module for
calculating the Hash value of a designated string as an attack- preventing token of a media gateway control protocol message to be sent by a first device to a second device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message, and wherein said attack-preventing token is to be sent together with said media gateway control protocol message to said second device.
An apparatus for preventing attacks according to the present invention comprises: a calculating module for
calculating the Hash value of a designated string when a second device receives a media gateway control protocol message and an attack-preventing token comprising a Hash value sent by a first device, wherein said designated string is formed by a cipher key shared between said first device and said second device, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message; a judging module for judging whether said calculated Hash value and said Hash value contained in the attack-preventing token are the same; and a determining module for determining said first device as an authorized device when the judgement result is affirmative.
A first device according to the present invention
comprises: a storage module for storing the cipher key shared between said first device and a second device; an attack- preventing module comprising: a calculating module for
calculating the Hash value of a designated string as an attack- preventing token of a media gateway control protocol message to be sent by said first device to said second device, wherein said designated string is formed by a cipher key stored in said storage module, an identifier of said first device and said second device as a media gateway device, and said media gateway control protocol message; and a communication module for sending said media gateway control protocol message and said attack-preventing token to said second device.
A second device according to the present invention
comprises: a storage module for storing a cipher key shared between said second device and a first device; a communication module for receiving the media gateway control protocol message and an attack-preventing token comprising a Hash value sent by said first device; an attack-preventing module comprising: a calculating module for calculating the Hash value of a
designated string, wherein said designated string is formed by a cipher key stored in said storage module, an identifier of said first device and said second device as a media gateway device, and said received media gateway control protocol message; a judging module for judging whether said calculated Hash value and the Hash value contained in said attack- preventing token are the same; and a determining module for determining that said first device is an authorized device when the judgement result is affirmative; and an executing module for executing an operation corresponding to said received media gateway control protocol message, when said first device is determined as an authorized device.
Brief Description of the accompanying drawings
The above-mentioned objects and other objects, features and advantages of the present invention will become more apparent by way of the following detailed description in conjunction with accompanying drawings. In the drawings :
Fig. 1 is a structural diagram of a media gateway
according to an embodiment of the present invention;
Fig. 2 is a structural diagram of a media gateway
controller according to an embodiment of the present invention;
Fig. 3 is a flowchart of a method for preventing attacks according to an embodiment of the present invention in the case that a media gateway serves as a sender and a media gateway controller serves as a receiver; and
Fig. 4 is a flowchart of a method for preventing attacks according to an embodiment of the present invention in the case that a media gateway serves as a receiver and a media gateway controller serves as a sender.
Exemplary embodiments Each of the embodiments of the present invention will be described hereinbelow in detail.
According to an embodiment of the present invention, an attack-preventing (AP) token to be sent together with various media gateway control protocol messages is introduced in the media gateway control protocol, and a device (a media gateway or a media gateway controller) receiving the AP token
determines whether the device (a media gateway controller or a media gateway) sending the AP token and the media gateway control protocol message is an authorized device according to the received AP token.
The AP token comprises a random number R, a timestamp T and a Hash value H, wherein the Hash value H is obtained by using a Hash algorithm such as MD4, MD5 or SHS and so on to perform a Hash computation on the string S formed by a cipher key K, an identifier MGId of the media gateway, the timestamp T, a media gateway control protocol message and the random number R. The cipher key K is one shared between the media gateway and the media gateway controller and the cipher key K has been stored in the media gateway and media gateway
controller in advance, and the identifier MGId of the media gateway is the network address and the port number of the media gateway .
Fig. 1 is a structural diagram of a media gateway
according to an embodiment of the present invention. In Fig. 1, only modules relevant to the embodiment are shown, without those modules irrelevant to the embodiment.
As shown in Fig. 1, a media gateway 10 comprises a
communication module 12, a storage module 14, an attack- preventing module 16 and an executing module 18. In this case, the communication module 12 is used for receiving media gateway control protocol messages and AP tokens sent by a media gateway controller, or for sending media gateway control protocol messages and AP tokens to a media gateway controller.
The storage module 14 is used for storing the cipher key K shared between the media gateway 10 and the media gateway controller, a latest timestamp representing the latest time received by the media gateway 10 from the media gateway
controller, and various random numbers received previously by the media gateway 10 from the media gateway controller.
The attack-preventing module 16 is used, when the media gateway 10 is to send a media gateway control protocol message to the media gateway controller, for generating an AP token sent together with the media gateway control protocol message, and when the media gateway 10 receives the media gateway control protocol message and the AP token from the media gateway controller, for determining whether the media gateway controller is an authorized device by utilizing the received AP token and the cipher key K, the latest timestamp and the random numbers stored in the storage module 14.
The executing module 18 is used for executing an operation corresponding to the received media gateway control protocol message when the media gateway 10 receives the media gateway control protocol message and the AP token from the media gateway controller and the attack-preventing module 16
determines that the media gateway controller is an authorized device .
Fig. 2 is a structural diagram of a media gateway
controller according to an embodiment of the present invention. In Fig. 2, only modules relevant to the embodiment are shown, without those modules irrelevant to the embodiment. As shown in Fig. 2, the media gateway controller 20 comprises a communication module 22, a storage module 24, an attack-preventing module 26 and an executing module 28.
In this case, the communication module 22 is used for receiving media gateway control protocol messages and AP tokens sent by the media gateway 10, or for sending media gateway control protocol messages and AP tokens to the media gateway 10.
The storage module 24 is used for storing the cipher key K shared between the media gateway 10 and the media gateway controller 20, the latest timestamp received by the media gateway controller 20 from the media gateway 10, and various random numbers received previously by the media gateway
controller 20 from the media gateway 10.
The attack-preventing module 26 is used, when the media gateway controller 20 is to send a media gateway control protocol message to the media gateway 10, for generating an AP token to be sent together with the media gateway control protocol message, and when the media gateway controller 20 receives the media gateway control protocol message and the AP token from the media gateway 10, for determining whether the media gateway 10 is an authorized device by utilizing the received AP token and the cipher key K, the latest timestamp and the random numbers stored in the storage module 24.
The executing module 28 is used for executing an operation corresponding to the received media gateway control protocol message when the media gateway controller 20 receives the media gateway control protocol message and the AP token from the media gateway 10 and the attack-preventing module 26 determines that the media gateway 10 is an authorized device. Fig. 3 is a flowchart of a method for preventing attacks according to an embodiment of the present invention in the case that a media gateway serves as a sender and a media gateway controller serves as a receiver. As shown in Fig. 3, when the media gateway 10 is to send a media gateway control protocol message XI to the media gateway controller 20 to request the media gateway controller 20 to execute an operation
corresponding to the media gateway control protocol message XI, the attack-preventing module 16 of the media gateway 10
generates a random number R and generates a timestamp T based on the current time (step S300) .
Next, the attack-preventing module 16 of the media gateway 10 uses the cipher key K stored in the storage module 14 of the media gateway 10, the identifier MGId of the media gateway 10, the generated timestamp T, the media gateway control protocol message XI and the generated random number R to form a string SI (step S310) . Here, the identifier MGId of the media gateway 10 is the network address and the port number of the media gateway 10, and, in the string SI so formed, the positional relationship between the cipher key K, the identifier MGId, the timestamp T, the media gateway control protocol message XI and the random number R can be predetermined between the media gateway 10 and the media gateway controller 20 according to need .
Then / the attack-preventing module 16 of the media gateway 10 uses a pre-specified Hash algorithm SF to perform a Hash calculation on the formed string SI, so as to calculate the Hash value HI (step S320) .
Next, the communication module 12 of the media gateway 10 sends the media gateway control protocol message XI and the AP token to the media gateway controller 20 (step S330) .In which, the AP token comprises the generated random number R, the generated timestamp T and the calculated Hash value HI . After the communication module 22 of the media gateway controller 20 has received the media gateway control protocol message XI and the AP token sent by the media gateway 10, the attack-preventing module 26 of the media gateway controller 20 uses the cipher key K pre-stored in the storage module 24 of the media gateway controller 20, the identifier MGId of the media gateway 10, the timestamp T contained in the received AP token, the media gateway control protocol message XI and the random number R contained in the received AP token to form a string S2 (step S340) . In this case, the identifier MGId of the media gateway 10 is the network address and the port number of the media gateway 10, and the attack-preventing module 26 of the media gateway controller 20 can obtain the network address and the port number of the media gateway 10 from the received carrier of the media gateway control protocol message XI .
The attack-preventing module 26 of the media gateway controller 20 uses the same Hash algorithm SF as the one used by the media gateway 10 to perform the Hash calculation on the formed string S2, so as to calculate a Hash value H2 (step S350) .
The attack-preventing module 26 of the media gateway controller 20 judges whether the calculated Hash value H2 is the same as the Hash value HI contained in the received AP token, whether all random numbers stored in the storage module 24 do not include the random number contained in the received AP token, and whether the time represented by the latest timestamp stored in the storage module 24 is earlier than the time represented by the timestamp contained in the received AP token (step S360) .
If the judgement result of step S360 is negative, i.e. the calculated Hash value H2 is not the same as the Hash value HI contained in the received AP token, the random numbers stored in the storage module 24 include the random number contained in the received AP token, or the time represented by the latest timestamp stored in the storage module 24 is not earlier than the time represented by the timestamp contained in the received AP token, then the attack-preventing module 26 of the media gateway controller 20 determines that the media gateway 10 is not an authorized device, and the process is ended.
If the judgement result of step S360 is affirmative, i.e. the calculated Hash value H2 is the same as the Hash value HI contained in the received AP token, the random numbers stored in the storage module 24 do not include the random number contained in the received AP token, and the time represented by the latest timestamp stored in the storage module 24 is earlier than the time represented by the timestamp contained in the received AP token, then the attack-preventing module 26 of the media gateway controller 20 determines that the media gateway 10 is an authorized device (step S370) .
When the attack-preventing module 26 of the media gateway controller 20 determines that the media gateway 10 is an authorized device, the executing module 28 of the media gateway controller 20 executes an operation corresponding to the received media gateway control protocol message, stores the timestamp contained in the received AP token into the storage module 24 to replace the latest timestamp originally stored, and stores the random number contained in the received AP token into the storage module 24 as the random number received by the media gateway controller 20 from the media gateway 10 (step S380) . Here, executing the operation corresponding to the received media gateway control protocol message can be, for example, executing a registering operation when the received media gateway control protocol message is the ServiceChange message representing the register operation, and executing a deregistering operation when the received media gateway control protocol message is the ServiceChange message representing the deregister operation.
After executing the operation corresponding to the
received media gateway control protocol message, the executing module 28 of the media gateway controller 20 sends via the communication module 22 to the media gateway 10 a response message indicating that the operation has been successfully executed (step S390).
Fig. 4 is a flowchart of a method for preventing the attacks according to an embodiment of the present invention in the case that a media gateway serves as a receiver and a media gateway controller serves as a sender. As shown in Fig. 4, when the media gateway controller 20 is to send a media gateway control protocol message X2 to the media gateway 10 to instruct the media gateway 10 to execute an operation corresponding to the media gateway control protocol message X2, the attack- preventing module 26 of the media gateway controller 20 generates a random number R and generates a timestamp T
according to the current time (step S400) .
Next, the attack-preventing module 26 of the media gateway controller 20 uses the cipher key K stored in the storage module 24, the identifier MGId of the media gateway 10, the generated timestamp T, the media gateway control protocol message X2 and the generated random number R to form a string S3 (step S410) . Here, the identifier MGId of the media gateway 10 is the network address and the port number of the media gateway 10, and in the string S3 so formed, the positional relationship between the cipher key K, the identifier MGId, the timestamp T, the media gateway control protocol message X2 and the random number R can be predetermined between the media gateway 10 and the media gateway controller 20 according to need . Then, the attack-preventing module 26 of the media gateway controller 20 uses a pre-specified Hash algorithm SF to perform a Hash calculation on the formed string S3 to calculate a Hash value H3 (step S420) .
Next, the communication module 22 of the media gateway controller 20 sends the media gateway control protocol message X2 and the AP token to the media gateway 10 (step S430) . In this case, the AP token comprises the generated random number R, the generated timestamp T and the calculated Hash value H3.
After the communication module 12 of the media gateway 100 has received the media gateway control protocol message X2 and the AP token sent by the media gateway controller 20, the attack-preventing module 16 of the media gateway 10 uses the cipher key K pre-stored in the storage module 14, the
identifier MGId of the media gateway 10, the timestamp T contained in the received AP token, the media gateway control protocol message X2 and the random number R contained in the received AP token to form a string S4 (step S440) . In this case, the identifier MGId of the media gateway 10 is the network address and the port number of the media gateway 10.
The attack-preventing module 16 of the media gateway 10 uses the same Hash algorithm SF as the one used by the media gateway controller 20 to perform the Hash calculation on the formed string S4, so as to calculate a Hash value H4 (step S450) .
The attack-preventing module 16 of the media gateway 10 judges whether the calculated Hash value H4 is the same as the Hash value H3 contained in the received AP token, whether the random numbers stored in the storage module 14 do not include the random number contained in the received AP token, and whether the time represented by the latest timestamp stored in the storage module 14 is earlier than the time represented by the timestamp contained in the received AP token (step S460) .
If the judgement result of step S460 is negative, i.e. the calculated Hash value H4 is not the same as the Hash value H3 contained in the received AP token, the random numbers stored in the storage module 14 include the random number contained in the received AP token, or the time represented by the latest timestamp stored in the storage module 14 is not earlier than the time represented by the timestamp contained in the received AP token, then the attack-preventing module 16 of the media gateway 10 determines that the media gateway controller 20 is not an authorized device, and the process is ended.
If the judgement result of step S460 is affirmative, i.e. the calculated Hash value H4 is the same as the Hash value H3 contained in the received AP token, the random numbers stored in the storage module 14 do not include the random number contained in the received AP token, and the time represented by the latest timestamp stored in the storage module 14 is earlier than the time represented by the timestamp contained in the received AP token, then the attack-preventing module 16 of the media gateway 10 determines that the media gateway controller 20 is an authorized device (step S470) .
When the attack-preventing module 16 of the media gateway 10 determines that the media gateway controller 20 is an authorized device, the executing module 18 of the media gateway 10 executes an operation corresponding to the received media gateway control protocol message, and stores the timestamp contained in the received AP token into the storage module 14 to replace the latest timestamp originally stored, and stores the random number contained in the received AP token into the storage module 14 as the random number received by the media gateway 10 from the media gateway controller 20 (step S480) . Here, executing the operation corresponding to the received media gateway control protocol message can be, for example, modifying the call status of a user to call-busy when the received media gateway control protocol message is the Modify message representing the operation for modifying the call status to call-busy.
After executing the operation corresponding to the
received media gateway control protocol message, the executing module 18 of the media gateway 10 sends via the communication module 12 to the media gateway controller 20 a response message indicating that the operation has been successfully executed (step S490) .
It can be seen from the above description that in the above embodiments, since the AP token comprises the timestamp, when the AP token sent together with the media gateway control protocol message is received, the media gateway 10 or the media gateway controller 20 as a receiver can detect whether the received media gateway control protocol message is a replayed message according to the timestamp contained in the AP token and the previously received timestamp representing the latest time, so that a replay attack can be prevented; since the AP token comprises the random number, when the AP token sent together with the media gateway control protocol message is received, by comparing the random number contained in the AP token with each of the previously received random numbers, the media gateway 10 or the media gateway controller 20 as a receiver can avoid a guess attack by guessing it correctly by chance; since the AP token comprises the Hash value, when the AP token sent together with the media gateway control protocol message is received, the media gateway 10 or the media gateway controller 20 as a receiver can prevent an eavesdropping attack according to the Hash value contained in the AP token; and since the Hash value contained in the AP token is calculated based on the media gateway control protocol message, when the AP token sent together with the media gateway control protocol message is received, the media gateway 10 or the media gateway controller 20 as a receiver can check whether the received media gateway control protocol message has been tampered with illegally according to the Hash value contained in the AP token, so that the consistency of the media gateway control protocol message can be protected.
Other modifications
Those skilled in the art will understand that, although in each of the above embodiments, the AP token comprises the random number R and the timestamp T, and the string used when calculating the Hash value H contained in the AP token
comprises the random R and the timestamp T, however, the present invention is not limited to this. In other embodiments of the present invention, it is possible for the AP token not to comprise a random number R and a timestamp T, and the string used when calculating the Hash value H contained in the AP token not to comprise the random number R and the timestamp T, for example when other measures for preventing a replay attack and a guess attack have been adopted in the media gateway control protocol.
Those skilled in the art will understand that, although in each of the above embodiments, the identifier MGId of the media gateway 10 is the network address and the port number of the media gateway 10, the present invention is not limited to this. In other embodiments of the present invention, the identifier MGId of the media gateway 10 can also be the network address of the media gateway 10.
Those skilled in the art will understand that, although in each of the above embodiments, an AP token is generated for each media gateway control protocol message when it is being sent, the present invention is not limited to this. In other embodiments of the present invention, it is also possible for an AP token to be generated only for a part of all the media gateway control protocol messages when they are being sent, while an AP token is not generated when the others are being sent. For example, under relative safe circumstances, an AP token is generated only when a ServiceChange message and a Modify message are to be sent, and an AP token is not generated for the media gateway control protocol messages other than the ServiceChange message and the Modify message when they are being sent.
Those skilled in the art will understand that, each of the modules contained in the media gateway 10 and media gateway controller 20 disclosed in each of the above embodiments can be realized by using software, hardware or a combination of them.
Those skilled in the art will understand that, various modifications and alterations can be made to the embodiments of the present invention without departing from the substance of the present invention, and such modifications and alterations should belong to the protective scope of the present invention, therefore, the protective scope of the present invention is to be defined by the attached claims.