Today, the most frequently used signaling system for telecommunication is called Signaling
System No. 7 (SS7). The growing usage of mobile telephones and mobile data communication,
and the development of new services mean that the risk of intrusion and exploitation of
the SS7 signaling networks increases. The increasing problem with unauthorized access to
sensitive information and the operators’ growing demand for security is the origin of our
work. This thesis presents a prototype design and implementation of a Security Gateway
(SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec
is a security concept for introducing security mechanisms to the signaling system. The prototype
includes three different protection modes that provide security services, ranging from
almost no protection to full protection with the use of encryption algorithms. The thesis also
contains an evaluation study of the delay penalties caused by the use of these security services.
With regards to the restrictions on the prototype, the conclusion drawn from the evaluation
results was that the protection mechanisms in the different protection modes did not inflict
any significant time penalties. Instead, the results of the study indicate that the routing process
of messages in the network is a more significant delaying part in the communication between
different nodes. This result implies that the routing process takes longer time than the security
services. The thesis also presents a number of discovered features that will require further
investigation and development before the TCAPsec concept can be realized.