280 likes | 599 Views
Fraud in Short Messaging in Mobile Networks. Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen. Contents. Background Scope of the study Different Types of Fraudulent SMS Spoofing Faking 3rd party faking
E N D
Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen
Contents • Background • Scope of the study • Different Types of Fraudulent SMS • Spoofing • Faking • 3rd party faking • Spamming and Flooding • GT scanning and Mobile malware • How Fraudster Connects to the Network • Why Fraudulent Messaging Should be Prevented • How to Prevent Fraudulent Messages • TCAP Handshake • TCAP Sec • SMS Firewall • Conclusion Kari-Matti Puukangas
Background • SMS fraud around the world • Asia • SMS spamming is very common, cheap messages • China 6-10 Spam messages per day per user • India 20% of the short messages is Spam • USA • E-mail to SMS is the biggest source to Spam • Not a problem yet • Europe • Quite expensive messages • Operators control all connected links • Phishing and “call to premium number” type of attacks • Not a problem yet Kari-Matti Puukangas
Background Kari-Matti Puukangas
Background Kari-Matti Puukangas
Scope of the study • Describe the different fraud scenarios • How the fraud can be identified and prevented • Describe the fraud prevention methods • Give a recommendation of the most suitable method based on a SWOT analysis Kari-Matti Puukangas
Different Types of Fraudulent SMS • Spoofing • Faking • 3rd party faking • Spamming • Flooding • GT scanning • Mobile malware Kari-Matti Puukangas
Spoofing • Illegal use of the home SMSC • Mobile Originated SMS with a manipulated A-MSISDN (real or wrong) is coming from a roaming subscriber. Kari-Matti Puukangas
Faking • Originated from the international SS7 Network and is terminated to home mobile network. • SMSC number or A-MSISDN are manipulated (can be existing numbers). Kari-Matti Puukangas
3rd Party Faking • A special case of Faking • Happens in third party’s network • Termination fees to home network Kari-Matti Puukangas
Spamming and Flooding • Spamming • Unsolicited SMS • The spam SMS content can include: • Commercial information • Bogus contest • Messages intended to invite a response from the receiver (e.g. to call a premium number) • Flooding • A large number of messages sent to one or more destinations • Messages may be either valid or invalid. • Purpose to slow down the operator network or jam one ore more mobile terminals • Usually combined with spoofing or faking Kari-Matti Puukangas
GT Scanning and Mobile Malware • GT Scanning • A lot of MO_Forward_SM or SRI messages with SMSC or MSC address incremented by one in each message • Fraudster tries to find unprotected SMSC or MSC • Mobile malware • All kinds of binary messages, e.g. viruses or service settings Kari-Matti Puukangas
How Fraudster Connects to the Network • Increased number of parties connected to SS7 network • Interfaces to SS7 and Internet • Potential thread by hackers • Bulk connections from small operators • Do not care how the connection is used • Hacking a short messaging entity • May be noticed quite soon • Pribe the operator employees • May be possible in some less developed countries Kari-Matti Puukangas
Why Fraudulent Messaging Should be Prevented • Subscriber’s point of view • Receiving spam is very annoying • Spoofed number may cause charges to innocent user • Spoofed subscriber may get angry calls and messages from message receivers (blocking the handset) • Operator’s point of view • Loss of messaging income • Wrongly charged customers • Increased customer care contacts • Increased churn • Loss of termination fees • Termination of roaming agreements • Increased signaling network load Kari-Matti Puukangas
How to Prevent Fraudulent Messages • GSMA has created a criteria to detect the fraud and basic actions for stopping it • Means to prevent fraudulent messages • TCAP Handshake • TCAP Sec • SMS Firewall Kari-Matti Puukangas
TCAP Handshake • 3GPP specification 33.200 • Based on the TCAP segmentation used in the long messages • First two messages used for the authentication • Requires MAP version 2 or 3 • Protection against faking Kari-Matti Puukangas
TCAP Handshake • SWOT analysis for TCAP Handshake Kari-Matti Puukangas
TCAP sec • 3GPP specifications 33.204 and 29.204. • Requires new component to the network • SS7 Security Gateway (SEG) with databases for security policy (SPD) and security association (SAD) • SEG secures the TCAP transactions with the help of the Policy Database • Protected or unprotected mode Kari-Matti Puukangas
TCAP sec • SWOT analysis for TCAPsec Kari-Matti Puukangas
SMS Firewall • GSMA document IR.82 gives the guidelines to prevent SMS threats with a firewall • SMS Firewall can stop all known threats • Spoofing and faking prevention by comparing messages or location • Spamming and flooding prevention by checking the content • Virus check • Can be implemented without the actions of the other operators Kari-Matti Puukangas
SMS Firewall • Preventing SMS Spoofing with Firewall Kari-Matti Puukangas
SMS Firewall • Preventing SMS faking with Firewall Kari-Matti Puukangas
SMS Firewall • SWOT analysis for SMS Firewall Kari-Matti Puukangas
Conclusion • Requirements • The system must be able to protect against all known fraud cases • The system needs to have an ability to collect the reports of the incidents • The system must to be able to work regardless of the actions of other operators. • Conclusion • The only available solution that fulfils all of the requirements is the SMS Firewall. With the firewall solution the operator can implement a solid line of defence against all known fraudulent SMS threats. Kari-Matti Puukangas
Thank You • Questions? Kari-Matti Puukangas