Search

CN-117295060-B - Harmful encryption OTT voice application risk treatment method and device in 5G environment

CN117295060BCN 117295060 BCN117295060 BCN 117295060BCN-117295060-B

Abstract

The invention discloses a risk handling method and device for harmful encryption OTT voice application in a 5G environment, wherein a flow risk assessment function carries out risk assessment based on an abnormal OTT service flow detection result generated by a user plane function to generate a harmful OTT voice service emergency handling suggestion, a 5G strategy control system PCF respectively generates an OTT service flow control strategy and an OTT service user network connection control strategy according to the harmful OTT voice service emergency handling suggestion, a 5G network operator security risk strategy and subscription information, position and mobile network access behavior information of corresponding users, and utilizes the OTT service flow control strategy and the OTT service user network connection control strategy to control harmful OTT service flow and harmful OTT service user network connection respectively by a 5G user plane function and a control plane function to acquire a handling result. The invention can more accurately control the harmful OTT service flow by constructing a new interface and introducing the flow label into the strategy.

Inventors

  • ZHANG SHUNLIANG
  • LI PENG
  • HUANG YUAN
  • LIU FAQIANG
  • WAN XIN
  • QIAO ZHUANG

Assignees

  • 中国科学院信息工程研究所
  • 国家计算机网络与信息安全管理中心

Dates

Publication Date
20260512
Application Date
20220616

Claims (10)

  1. 1. A harmful encryption OTT voice application risk disposal method in a 5G environment comprises the following steps: 1) The flow risk assessment function carries out risk assessment based on an abnormal OTT service flow detection result generated by the user plane function, and generates a harmful OTT voice service emergency treatment suggestion; 2) The method comprises the steps that through an interface protocol between a flow risk assessment function and a 5G policy control system PCF, the 5G policy control system PCF obtains harmful OTT voice service emergency treatment suggestions; 3) The PCF of the 5G policy control system generates an OTT service flow control policy and an OTT service user network connection control policy respectively according to the harmful OTT voice service emergency treatment suggestion, the 5G network operator security risk policy and the subscription information, the position and the mobile network access behavior information of the corresponding user; 4) The user plane function and the access and mobility management function are respectively used for performing risk control on corresponding harmful OTT service flow and the network connection of the harmful OTT service user based on the OTT service flow control strategy and the OTT service user network connection control strategy, and obtaining a treatment result.
  2. 2. The method of claim 1, wherein the harmful OTT voice traffic emergency treatment advice includes OTT traffic or user hazard class, user ID, OTT traffic flow label, and OTT traffic emergency measures.
  3. 3. The method of claim 2, wherein the OTT service emergency actions include one or more of dropping relevant OTT upstream traffic, dropping relevant OTT downstream traffic, limiting relevant OTT upstream traffic, limiting relevant OTT downstream traffic, disabling users from accessing OTT services, disabling users from accessing mobile networks and disabling users from accessing locations of mobile networks, disabling users from accessing specific types of mobile access networks.
  4. 4. The method of claim 1, wherein the user plane function and the access and mobility management function obtain the OTT traffic flow control policy and the OTT traffic user network connection control policy, respectively, by: 1) Enhancing an interface protocol between the existing strategy control system and the session management function, and sending the OTT service flow control strategy and the OTT service user network connection control strategy to the session management function; 2) The session management function sends the OTT service flow control strategy and the OTT service user network connection control strategy to the user plane function and the access and mobility management function respectively.
  5. 5. The method of claim 1, wherein the OTT traffic flow control policy comprises user ID information/IP address, corresponding OTT traffic flow label information, OTT traffic flow risk measures, and OTT traffic flow measure usage conditions.
  6. 6. The method of claim 5 wherein the OTT traffic flow control actions include discarding label-to-OTT traffic, rate limiting label-to-traffic and prohibiting user access to the OTT traffic name list.
  7. 7. The method of claim 1, wherein the OTT service subscriber network connection control policy includes a subscriber ID, OTT service subscriber network connection control actions, and OTT service subscriber network connection control action usage conditions.
  8. 8. The method of claim 7 wherein the OTT service subscriber network connection control actions include restricting/terminating network connections of unwanted OTT service related subscribers and prohibiting subscriber terminals from accessing OTT services using a particular type of access network.
  9. 9. A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the method of any of claims 1-8 when run.
  10. 10. An electronic device comprising a memory, in which a computer program is stored, and a processor arranged to run the computer program to perform the method of any of claims 1-8.

Description

Harmful encryption OTT voice application risk treatment method and device in 5G environment Technical Field The invention relates to the technical field of 5G network communication security, in particular to a method and a device for handling harmful encryption OTT voice application risks in a 5G environment. Background Mobile communication network services have been widely used in daily life of people due to their mobility and convenience. With The large-scale deployment of 5G mobile communication networks, more and more people start using 5G network services, in particular mobile internet applications (i.e., providing various application services (OTT) to users through The 5G internet). The security risk of mobile internet voice applications is becoming an increasingly serious problem while enjoying the convenience of mobile communication networks. A large number of OTT voice service users exist in a 5G network environment, and the hostile users can perform illegal activities through OTT voice application. In order to cope with possible national network security reviews, many OTT voice service providers have applied layer encryption or provided services through virtual private network (Virtual Private Network, VPN) agents, so the security risk of how to effectively and harmfully encrypt OTT voice services in a 5G network environment is a problem. The policy control system (Policy Control Function, PCF) introduced in the 5G network mainly performs priority or flow rate control on the flow information of the user plane based on the subscription information (priority), the quality of service requirement of OTT service, charging information, and the like, and does not consider the risk/hazard based on OTT service at present to perform flow control. Moreover, the existing policy control system cannot perform network connection control on related OTT service users according to OTT service risks, because the existing policy control system itself does not know whether OTT service traffic has risks or not. Therefore, how to effectively control the security risk of such traffic in situations where the characteristics of the unwanted traffic are difficult to describe accurately becomes a new problem. In addition, the PCF of the existing 5G policy control system cannot determine what is harmful OTT voice service and the hazard degree thereof, so as to take a corresponding policy, and thus a comprehensive solution is needed. Disclosure of Invention Aiming at the problems, the invention provides a method and a device for handling the risk of harmful encryption OTT voice application in a 5G environment. The method enhances the existing 5G strategy control system, introduces an external open interface on the 5G strategy control function PCF, and can input OTT voice service abnormal risk emergency treatment suggestions to the 5G strategy control function PCF through the interface. Based on the abnormal risk emergency treatment suggestion input from the outside, PCF generates OTT service flow strategy and harmful OTT user network connection strategy in 5G network, and performs function enhancement to the existing 5G control plane and user plane strategy to realize harmful OTT service. The technical content of the invention comprises: A harmful encryption OTT voice application risk disposal method in a 5G environment comprises the following steps: 1) The flow risk assessment function carries out risk assessment based on an abnormal OTT service flow detection result generated by the user plane function, and generates a harmful OTT voice service emergency treatment suggestion; 2) The method comprises the steps that through an interface protocol between a flow risk assessment function and a 5G policy control system PCF, the 5G policy control system PCF obtains harmful OTT voice service emergency treatment suggestions; 3) The PCF of the 5G policy control system generates an OTT service flow policy and an OTT service user network connection policy respectively according to the harmful OTT voice service emergency treatment suggestion, the 5G network operator security risk policy and the subscription information, the position and the mobile network access behavior information of the corresponding user; 4) The user plane function and the access and mobility management function respectively utilize the OTT service flow strategy and the OTT service user network connection strategy to carry out risk control on corresponding OTT abnormal service flow and harmful OTT service user network connection, and obtain a treatment result. Further, the interface protocol between the flow risk assessment function and the PCF of the 5G policy control system adopts the DIAMETER protocol or the SIP protocol. Further, the harmful OTT voice service emergency treatment advice includes OTT service or user hazard class, user ID, OTT service traffic label and OTT service emergency measures. Further, the OTT service emergency measures include one or more of