Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen.

Similar presentations


Presentation on theme: "Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen."— Presentation transcript:

1 Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen

2 Kari-Matti Puukangas2 Contents  Background  Scope of the study  Different Types of Fraudulent SMS Spoofing Faking 3rd party faking Spamming and Flooding GT scanning and Mobile malware  How Fraudster Connects to the Network  Why Fraudulent Messaging Should be Prevented  How to Prevent Fraudulent Messages TCAP Handshake TCAP Sec SMS Firewall  Conclusion

3 Kari-Matti Puukangas3 Background  SMS fraud around the world Asia  SMS spamming is very common, cheap messages  China 6-10 Spam messages per day per user  India 20% of the short messages is Spam USA  E-mail to SMS is the biggest source to Spam  Not a problem yet Europe  Quite expensive messages  Operators control all connected links  Phishing and “call to premium number” type of attacks  Not a problem yet

4 Kari-Matti Puukangas4 Background

5 Kari-Matti Puukangas5 Background

6 Kari-Matti Puukangas6 Scope of the study  Describe the different fraud scenarios  How the fraud can be identified and prevented  Describe the fraud prevention methods  Give a recommendation of the most suitable method based on a SWOT analysis

7 Kari-Matti Puukangas7 Different Types of Fraudulent SMS  Spoofing  Faking  3rd party faking  Spamming  Flooding  GT scanning  Mobile malware

8 Kari-Matti Puukangas8 Spoofing Illegal use of the home SMSC Mobile Originated SMS with a manipulated A- MSISDN (real or wrong) is coming from a roaming subscriber.

9 Kari-Matti Puukangas9 Faking Originated from the international SS7 Network and is terminated to home mobile network. SMSC number or A-MSISDN are manipulated (can be existing numbers).

10 Kari-Matti Puukangas10 3rd Party Faking A special case of Faking Happens in third party’s network Termination fees to home network

11 Kari-Matti Puukangas11 Spamming and Flooding  Spamming Unsolicited SMS The spam SMS content can include:  Commercial information  Bogus contest  Messages intended to invite a response from the receiver (e.g. to call a premium number)  Flooding A large number of messages sent to one or more destinations Messages may be either valid or invalid. Purpose to slow down the operator network or jam one ore more mobile terminals  Usually combined with spoofing or faking

12 Kari-Matti Puukangas12 GT Scanning and Mobile Malware  GT Scanning A lot of MO_Forward_SM or SRI messages with SMSC or MSC address incremented by one in each message Fraudster tries to find unprotected SMSC or MSC  Mobile malware All kinds of binary messages, e.g. viruses or service settings

13 Kari-Matti Puukangas13 How Fraudster Connects to the Network  Increased number of parties connected to SS7 network Interfaces to SS7 and Internet Potential thread by hackers  Bulk connections from small operators Do not care how the connection is used  Hacking a short messaging entity May be noticed quite soon  Pribe the operator employees May be possible in some less developed countries

14 Kari-Matti Puukangas14 Why Fraudulent Messaging Should be Prevented  Subscriber’s point of view Receiving spam is very annoying Spoofed number may cause charges to innocent user Spoofed subscriber may get angry calls and messages from message receivers (blocking the handset)  Operator’s point of view Loss of messaging income Wrongly charged customers Increased customer care contacts Increased churn Loss of termination fees Termination of roaming agreements Increased signaling network load

15 Kari-Matti Puukangas15 How to Prevent Fraudulent Messages  GSMA has created a criteria to detect the fraud and basic actions for stopping it  Means to prevent fraudulent messages TCAP Handshake TCAP Sec SMS Firewall

16 Kari-Matti Puukangas16 TCAP Handshake  3GPP specification 33.200  Based on the TCAP segmentation used in the long messages  First two messages used for the authentication  Requires MAP version 2 or 3  Protection against faking

17 Kari-Matti Puukangas17 TCAP Handshake  SWOT analysis for TCAP Handshake Strengths - No big investments - Good protection against faking - Standardized by 3GPP Weaknesses - Applies only to the Fake cases - Requires MAP version 2 or 3 - Software of all SMS related elements needs to be upgraded - All parties need to use the handshake - Maintenance of the policy table Opportunities - Fast results if taken widely into use Threats - The other operators are not going to implement this solution - Spoofing and flooding may increase

18 Kari-Matti Puukangas18 TCAP sec  3GPP specifications 33.204 and 29.204.  Requires new component to the network SS7 Security Gateway (SEG) with databases for security policy (SPD) and security association (SAD)  SEG secures the TCAP transactions with the help of the Policy Database Protected or unprotected mode

19 Kari-Matti Puukangas19 TCAP sec  SWOT analysis for TCAPsec Strengths - Good protection against Faking - Possibility to secure all SS7 traffic - Standardized by 3GPP Weaknesses - Needs a lot of interworking between operators - Applies only to the Faking cases - All operators need to use TCAPsec - New network element (SS7-SEG) - Currently not many SS7-SEG manufacturers - Price may be high - Maintenance of the new element need dedicated personnel - A lot of work in maintaining the policy tables Opportunities - If all operators implement TCAPsec it will give perfect protection against faking Threats - If not implemented completely by all operators fraudsters will have possibility to use spoofing and flooding types of messages

20 Kari-Matti Puukangas20 SMS Firewall  GSMA document IR.82 gives the guidelines to prevent SMS threats with a firewall  SMS Firewall can stop all known threats  Spoofing and faking prevention by comparing messages or location  Spamming and flooding prevention by checking the content  Virus check  Can be implemented without the actions of the other operators

21 Kari-Matti Puukangas21 SMS Firewall  Preventing SMS Spoofing with Firewall

22 Kari-Matti Puukangas22 SMS Firewall  Preventing SMS faking with Firewall

23 Kari-Matti Puukangas23 SMS Firewall  SWOT analysis for SMS Firewall Strengths - Full fills all fraud cases described by GSMA - Not dependent on other operators actions - Many Firewall manufacturers - Can be integrated to the SMSC system - If part of the SMSC system there is no need for new personnel - After installation, there is minimal configuration needed - The Firewall can also be used for other business purposes - Reporting tools available Weaknesses - For the complete protection home routing needs to be activated - New element needs to be installed Opportunities - Easy and fast deployment will give good protection against existing threads Threats - New kind of fraud that possibly could bypass the firewall

24 Kari-Matti Puukangas24 Conclusion  Requirements The system must be able to protect against all known fraud cases The system needs to have an ability to collect the reports of the incidents The system must to be able to work regardless of the actions of other operators.  Conclusion The only available solution that fulfils all of the requirements is the SMS Firewall. With the firewall solution the operator can implement a solid line of defence against all known fraudulent SMS threats.

25 Kari-Matti Puukangas25 Thank You  Questions?


Download ppt "Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen."

Similar presentations


Ads by Google