Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fraud in Short Messaging in Mobile Networks

Similar presentations

Presentation on theme: "Fraud in Short Messaging in Mobile Networks"— Presentation transcript:

1 Fraud in Short Messaging in Mobile Networks
Kari-Matti Puukangas / TeliaSonera Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen

2 Contents Background Scope of the study
Different Types of Fraudulent SMS Spoofing Faking 3rd party faking Spamming and Flooding GT scanning and Mobile malware How Fraudster Connects to the Network Why Fraudulent Messaging Should be Prevented How to Prevent Fraudulent Messages TCAP Handshake TCAP Sec SMS Firewall Conclusion Kari-Matti Puukangas

3 Background SMS fraud around the world Asia USA Europe
SMS spamming is very common, cheap messages China 6-10 Spam messages per day per user India 20% of the short messages is Spam USA to SMS is the biggest source to Spam Not a problem yet Europe Quite expensive messages Operators control all connected links Phishing and “call to premium number” type of attacks Kari-Matti Puukangas

4 Background Kari-Matti Puukangas

5 Background Kari-Matti Puukangas

6 Scope of the study Describe the different fraud scenarios
How the fraud can be identified and prevented Describe the fraud prevention methods Give a recommendation of the most suitable method based on a SWOT analysis Kari-Matti Puukangas

7 Different Types of Fraudulent SMS
Spoofing Faking 3rd party faking Spamming Flooding GT scanning Mobile malware Kari-Matti Puukangas

8 Spoofing Illegal use of the home SMSC
Mobile Originated SMS with a manipulated A-MSISDN (real or wrong) is coming from a roaming subscriber. Kari-Matti Puukangas

9 Faking Originated from the international SS7 Network and is terminated to home mobile network. SMSC number or A-MSISDN are manipulated (can be existing numbers). Kari-Matti Puukangas

10 3rd Party Faking A special case of Faking
Happens in third party’s network Termination fees to home network Kari-Matti Puukangas

11 Spamming and Flooding Spamming Flooding
Unsolicited SMS The spam SMS content can include: Commercial information Bogus contest Messages intended to invite a response from the receiver (e.g. to call a premium number) Flooding A large number of messages sent to one or more destinations Messages may be either valid or invalid. Purpose to slow down the operator network or jam one ore more mobile terminals Usually combined with spoofing or faking Kari-Matti Puukangas

12 GT Scanning and Mobile Malware
A lot of MO_Forward_SM or SRI messages with SMSC or MSC address incremented by one in each message Fraudster tries to find unprotected SMSC or MSC Mobile malware All kinds of binary messages, e.g. viruses or service settings Kari-Matti Puukangas

13 How Fraudster Connects to the Network
Increased number of parties connected to SS7 network Interfaces to SS7 and Internet Potential thread by hackers Bulk connections from small operators Do not care how the connection is used Hacking a short messaging entity May be noticed quite soon Pribe the operator employees May be possible in some less developed countries Kari-Matti Puukangas

14 Why Fraudulent Messaging Should be Prevented
Subscriber’s point of view Receiving spam is very annoying Spoofed number may cause charges to innocent user Spoofed subscriber may get angry calls and messages from message receivers (blocking the handset) Operator’s point of view Loss of messaging income Wrongly charged customers Increased customer care contacts Increased churn Loss of termination fees Termination of roaming agreements Increased signaling network load Kari-Matti Puukangas

15 How to Prevent Fraudulent Messages
GSMA has created a criteria to detect the fraud and basic actions for stopping it Means to prevent fraudulent messages TCAP Handshake TCAP Sec SMS Firewall Kari-Matti Puukangas

16 TCAP Handshake 3GPP specification 33.200
Based on the TCAP segmentation used in the long messages First two messages used for the authentication Requires MAP version 2 or 3 Protection against faking Kari-Matti Puukangas

17 TCAP Handshake SWOT analysis for TCAP Handshake Strengths Weaknesses
No big investments Good protection against faking Standardized by 3GPP Weaknesses Applies only to the Fake cases Requires MAP version 2 or 3 Software of all SMS related elements needs to be upgraded All parties need to use the handshake Maintenance of the policy table Opportunities Fast results if taken widely into use Threats The other operators are not going to implement this solution Spoofing and flooding may increase Kari-Matti Puukangas

18 TCAP sec 3GPP specifications 33.204 and 29.204.
Requires new component to the network SS7 Security Gateway (SEG) with databases for security policy (SPD) and security association (SAD) SEG secures the TCAP transactions with the help of the Policy Database Protected or unprotected mode Kari-Matti Puukangas

19 TCAP sec SWOT analysis for TCAPsec Strengths Weaknesses Opportunities
Good protection against Faking Possibility to secure all SS7 traffic Standardized by 3GPP Weaknesses Needs a lot of interworking between operators Applies only to the Faking cases All operators need to use TCAPsec New network element (SS7-SEG) Currently not many SS7-SEG manufacturers Price may be high Maintenance of the new element need dedicated personnel A lot of work in maintaining the policy tables Opportunities If all operators implement TCAPsec it will give perfect protection against faking Threats If not implemented completely by all operators fraudsters will have possibility to use spoofing and flooding types of messages Kari-Matti Puukangas

20 SMS Firewall GSMA document IR.82 gives the guidelines to prevent SMS threats with a firewall SMS Firewall can stop all known threats Spoofing and faking prevention by comparing messages or location Spamming and flooding prevention by checking the content Virus check Can be implemented without the actions of the other operators Kari-Matti Puukangas

21 SMS Firewall Preventing SMS Spoofing with Firewall
Kari-Matti Puukangas

22 SMS Firewall Preventing SMS faking with Firewall Kari-Matti Puukangas

23 SMS Firewall SWOT analysis for SMS Firewall Strengths Weaknesses
Full fills all fraud cases described by GSMA Not dependent on other operators actions Many Firewall manufacturers Can be integrated to the SMSC system If part of the SMSC system there is no need for new personnel After installation, there is minimal configuration needed The Firewall can also be used for other business purposes Reporting tools available Weaknesses For the complete protection home routing needs to be activated New element needs to be installed Opportunities Easy and fast deployment will give good protection against existing threads Threats New kind of fraud that possibly could bypass the firewall Kari-Matti Puukangas

24 Conclusion Requirements Conclusion
The system must be able to protect against all known fraud cases The system needs to have an ability to collect the reports of the incidents The system must to be able to work regardless of the actions of other operators. Conclusion The only available solution that fulfils all of the requirements is the SMS Firewall. With the firewall solution the operator can implement a solid line of defence against all known fraudulent SMS threats. Kari-Matti Puukangas

25 Thank You Questions? Kari-Matti Puukangas

Download ppt "Fraud in Short Messaging in Mobile Networks"

Similar presentations

Ads by Google