Presentation is loading. Please wait.

Presentation is loading. Please wait.

Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook

Published byAlisha Russell Modified over 8 years ago

Similar presentations

Presentation on theme: "Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook"— Presentation transcript:

1 Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook bcook@qualcomm.com

2 Common User Name/Password Issue July 27, 2005 2 Operator A uses common NAI/passwords NAI = bob@jamobile.combob@jamobile.com Password = bobjam Operator A and Operator B both have a roaming relationships with Operator C Internet Internet Operator A AAA RAN PDSN PCF Operator C AAA RAN PDSN PCF Operator B AAA RAN PDSN PCF NAI = bob@jamobile.combob@jamobile.com Password = bobjam MS from Operator B roams on Operator C network Operator A’s common NAI/password is well-known MS from Operator B uses Operator A’s well-known NAI/password to access Operator C’s network NAI realm = jamobile.com Therefore, Operator C sends Access-Request to Operator A Operator A authenticates the common NAI/password Roaming MS from Operator B can use Operator C’s network (for free!) “ I authenticated some Bozo I don’t know…and I got a bill for it” “My customer got service for free and I didn’t make any $” “This guy fraudulently used my network and I won’t get $ for it” “I received free packet data roaming service!”

3 Thank You bcook@qualcomm.com

4 Common User Name/Password Issue July 27, 2005 4 Backup Slides

5 Common User Name/Password Issue July 27, 2005 5 Authentication, Authorization, Accounting (AAA) –These functions are done by the AAA server using RADIUS –AAA Servers should be allowed to communicate with outside networks for data exchange –AAA servers are to the data world, what HLRs are to the cellular world

6 Common User Name/Password Issue July 27, 2005 6 Simple IP Roaming Pros/Cons Advantages: The roaming MS may directly access the public Internet without tunneling to the home operator’s network. The roaming MS may directly access application servers in the visited network without tunneling to the home operator’s network. Disadvantages: The visited operator must assign the roaming MS its IP address The roaming MS may not be assigned a static IP address If the MS is provisioned with private, hard coded DNS server addresses, it will not be able to access DNS services while roaming If the MS is assigned a private IP address by the visited operator, NAT must be employed for the MS to access applications servers in the home network The IP addresses of application servers must be made visible to the visited network Security is compromised since other inbound roamers in the visited operator’s network will be able to access the home operator’s network. To avoid this, the visited operator may need to maintain separate IP address pools for each roaming partner.

7 Common User Name/Password Issue July 27, 2005 7 Implementing Roaming with Mobile IP –Home operator HA assigns roaming MS its IP address. Visited operator provides COA. Mobile IP tunnel created between visited PDSN/FA and HA. –Must tunnel back to home network to access public Internet –Can directly access application servers in home network without NAT Internet Internet Home Operator AAA RAN PDSN PCF Visited Operator AAA RAN PDSN FA PCF Application Server 10.23.45.13 HA COA

8 Common User Name/Password Issue July 27, 2005 8 Mobile IP Roaming Pros/Con Advantages: The home operator assigns the roaming MS its IP address The home operator may assign a static IP address to the roaming MS The home operator may assign a private IP address to the roaming MS without the need to employing NAT for home network access. The roaming MS may transparently access servers in the home network.. Security is improved since other inbound roamers in the visited operator’s network will not be able to access the home operator’s network. The use of Mobile IP allows for network layer mobility across PDSNs. Disadvantages: There is a performance overhead for Mobile IP When the roaming MS is accessing the public Internet, tunneling back to the home network is not efficient If the roaming MS requires access to an application server in the visited network, it will be required to tunnel back to the home operator and then route back to the visited operator

9 Common User Name/Password Issue July 27, 2005 9 Implementing Roaming with L2TP –Home operator LNS assigns roaming MS its IP address. L2TP tunnel is created between visited PDSN/LAC and LNS. –Must tunnel back to home network to access public Internet –Can directly access application servers in home network without NAT Internet Internet Home Operator AAA RAN PDSN PCF Visited Operator AAA RAN PDSN FA PCF Application Server 10.23.45.13 LNS

Download ppt "Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook"

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
KDDI Confidential Proprietary Slide 1 IP Address Management Issue and Data Survey in Reference Doc#79 2005/03/02 KDDI Masaru Umekawa.

KDDI Confidential Proprietary Slide 1 IP Address Management Issue and Data Survey in Reference Doc# /03/02 KDDI Masaru Umekawa.
Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Source Avi Lior, Bridgewater Jun Wang and George Cherian, Qualcomm Incorporated Dec 07, 2009 Page 1 IPv4 Exhaustion and IPv4-IPv6 Transition in 3GPP2 Notice.

Source Avi Lior, Bridgewater Jun Wang and George Cherian, Qualcomm Incorporated Dec 07, 2009 Page 1 IPv4 Exhaustion and IPv4-IPv6 Transition in 3GPP2 Notice.
User Plane Roaming DNS Solution Page 1 DNS Solution User Plane Roaming LBS Roaming Meeting, San Francisco November 28, 2006 DNS Solution User Plane Roaming.

User Plane Roaming DNS Solution Page 1 DNS Solution User Plane Roaming LBS Roaming Meeting, San Francisco November 28, 2006 DNS Solution User Plane Roaming.
Problem Statement: Packet Data Roaming Architecture Compatibility November 11, 2005.

Problem Statement: Packet Data Roaming Architecture Compatibility November 11, 2005.
IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,

IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Visibility Services CRX & Interstandard Roaming June 15, 2007 Presented By: Linda Pennot Product Manager ®

Visibility Services CRX & Interstandard Roaming June 15, 2007 Presented By: Linda Pennot Product Manager ®
Doc.: IEEE 802.11-04/0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.

What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.

General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Similar presentations

Ads by Google