Presentation on theme: "Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen."— Presentation transcript:
Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen
Kari-Matti Puukangas2 Contents Background Scope of the study Different Types of Fraudulent SMS Spoofing Faking 3rd party faking Spamming and Flooding GT scanning and Mobile malware How Fraudster Connects to the Network Why Fraudulent Messaging Should be Prevented How to Prevent Fraudulent Messages TCAP Handshake TCAP Sec SMS Firewall Conclusion
Kari-Matti Puukangas3 Background SMS fraud around the world Asia SMS spamming is very common, cheap messages China 6-10 Spam messages per day per user India 20% of the short messages is Spam USA E-mail to SMS is the biggest source to Spam Not a problem yet Europe Quite expensive messages Operators control all connected links Phishing and “call to premium number” type of attacks Not a problem yet
Kari-Matti Puukangas6 Scope of the study Describe the different fraud scenarios How the fraud can be identified and prevented Describe the fraud prevention methods Give a recommendation of the most suitable method based on a SWOT analysis
Kari-Matti Puukangas7 Different Types of Fraudulent SMS Spoofing Faking 3rd party faking Spamming Flooding GT scanning Mobile malware
Kari-Matti Puukangas8 Spoofing Illegal use of the home SMSC Mobile Originated SMS with a manipulated A- MSISDN (real or wrong) is coming from a roaming subscriber.
Kari-Matti Puukangas9 Faking Originated from the international SS7 Network and is terminated to home mobile network. SMSC number or A-MSISDN are manipulated (can be existing numbers).
Kari-Matti Puukangas10 3rd Party Faking A special case of Faking Happens in third party’s network Termination fees to home network
Kari-Matti Puukangas11 Spamming and Flooding Spamming Unsolicited SMS The spam SMS content can include: Commercial information Bogus contest Messages intended to invite a response from the receiver (e.g. to call a premium number) Flooding A large number of messages sent to one or more destinations Messages may be either valid or invalid. Purpose to slow down the operator network or jam one ore more mobile terminals Usually combined with spoofing or faking
Kari-Matti Puukangas12 GT Scanning and Mobile Malware GT Scanning A lot of MO_Forward_SM or SRI messages with SMSC or MSC address incremented by one in each message Fraudster tries to find unprotected SMSC or MSC Mobile malware All kinds of binary messages, e.g. viruses or service settings
Kari-Matti Puukangas13 How Fraudster Connects to the Network Increased number of parties connected to SS7 network Interfaces to SS7 and Internet Potential thread by hackers Bulk connections from small operators Do not care how the connection is used Hacking a short messaging entity May be noticed quite soon Pribe the operator employees May be possible in some less developed countries
Kari-Matti Puukangas14 Why Fraudulent Messaging Should be Prevented Subscriber’s point of view Receiving spam is very annoying Spoofed number may cause charges to innocent user Spoofed subscriber may get angry calls and messages from message receivers (blocking the handset) Operator’s point of view Loss of messaging income Wrongly charged customers Increased customer care contacts Increased churn Loss of termination fees Termination of roaming agreements Increased signaling network load
Kari-Matti Puukangas15 How to Prevent Fraudulent Messages GSMA has created a criteria to detect the fraud and basic actions for stopping it Means to prevent fraudulent messages TCAP Handshake TCAP Sec SMS Firewall
Kari-Matti Puukangas16 TCAP Handshake 3GPP specification 33.200 Based on the TCAP segmentation used in the long messages First two messages used for the authentication Requires MAP version 2 or 3 Protection against faking
Kari-Matti Puukangas17 TCAP Handshake SWOT analysis for TCAP Handshake Strengths - No big investments - Good protection against faking - Standardized by 3GPP Weaknesses - Applies only to the Fake cases - Requires MAP version 2 or 3 - Software of all SMS related elements needs to be upgraded - All parties need to use the handshake - Maintenance of the policy table Opportunities - Fast results if taken widely into use Threats - The other operators are not going to implement this solution - Spoofing and flooding may increase
Kari-Matti Puukangas18 TCAP sec 3GPP specifications 33.204 and 29.204. Requires new component to the network SS7 Security Gateway (SEG) with databases for security policy (SPD) and security association (SAD) SEG secures the TCAP transactions with the help of the Policy Database Protected or unprotected mode
Kari-Matti Puukangas19 TCAP sec SWOT analysis for TCAPsec Strengths - Good protection against Faking - Possibility to secure all SS7 traffic - Standardized by 3GPP Weaknesses - Needs a lot of interworking between operators - Applies only to the Faking cases - All operators need to use TCAPsec - New network element (SS7-SEG) - Currently not many SS7-SEG manufacturers - Price may be high - Maintenance of the new element need dedicated personnel - A lot of work in maintaining the policy tables Opportunities - If all operators implement TCAPsec it will give perfect protection against faking Threats - If not implemented completely by all operators fraudsters will have possibility to use spoofing and flooding types of messages
Kari-Matti Puukangas20 SMS Firewall GSMA document IR.82 gives the guidelines to prevent SMS threats with a firewall SMS Firewall can stop all known threats Spoofing and faking prevention by comparing messages or location Spamming and flooding prevention by checking the content Virus check Can be implemented without the actions of the other operators
Kari-Matti Puukangas23 SMS Firewall SWOT analysis for SMS Firewall Strengths - Full fills all fraud cases described by GSMA - Not dependent on other operators actions - Many Firewall manufacturers - Can be integrated to the SMSC system - If part of the SMSC system there is no need for new personnel - After installation, there is minimal configuration needed - The Firewall can also be used for other business purposes - Reporting tools available Weaknesses - For the complete protection home routing needs to be activated - New element needs to be installed Opportunities - Easy and fast deployment will give good protection against existing threads Threats - New kind of fraud that possibly could bypass the firewall
Kari-Matti Puukangas24 Conclusion Requirements The system must be able to protect against all known fraud cases The system needs to have an ability to collect the reports of the incidents The system must to be able to work regardless of the actions of other operators. Conclusion The only available solution that fulfils all of the requirements is the SMS Firewall. With the firewall solution the operator can implement a solid line of defence against all known fraudulent SMS threats.