1 / 25

Fraud in Short Messaging in Mobile Networks

Fraud in Short Messaging in Mobile Networks. Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen. Contents. Background Scope of the study Different Types of Fraudulent SMS Spoofing Faking 3rd party faking

zulema
Download Presentation

Fraud in Short Messaging in Mobile Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fraud in Short Messaging in Mobile Networks Kari-Matti Puukangas / TeliaSonera 14.4.2010 Supervisor: Professor Raimo Kantola Instructor: M.Sc Niko Kettunen

  2. Contents • Background • Scope of the study • Different Types of Fraudulent SMS • Spoofing • Faking • 3rd party faking • Spamming and Flooding • GT scanning and Mobile malware • How Fraudster Connects to the Network • Why Fraudulent Messaging Should be Prevented • How to Prevent Fraudulent Messages • TCAP Handshake • TCAP Sec • SMS Firewall • Conclusion Kari-Matti Puukangas

  3. Background • SMS fraud around the world • Asia • SMS spamming is very common, cheap messages • China 6-10 Spam messages per day per user • India 20% of the short messages is Spam • USA • E-mail to SMS is the biggest source to Spam • Not a problem yet • Europe • Quite expensive messages • Operators control all connected links • Phishing and “call to premium number” type of attacks • Not a problem yet Kari-Matti Puukangas

  4. Background Kari-Matti Puukangas

  5. Background Kari-Matti Puukangas

  6. Scope of the study • Describe the different fraud scenarios • How the fraud can be identified and prevented • Describe the fraud prevention methods • Give a recommendation of the most suitable method based on a SWOT analysis Kari-Matti Puukangas

  7. Different Types of Fraudulent SMS • Spoofing • Faking • 3rd party faking • Spamming • Flooding • GT scanning • Mobile malware Kari-Matti Puukangas

  8. Spoofing • Illegal use of the home SMSC • Mobile Originated SMS with a manipulated A-MSISDN (real or wrong) is coming from a roaming subscriber. Kari-Matti Puukangas

  9. Faking • Originated from the international SS7 Network and is terminated to home mobile network. • SMSC number or A-MSISDN are manipulated (can be existing numbers). Kari-Matti Puukangas

  10. 3rd Party Faking • A special case of Faking • Happens in third party’s network • Termination fees to home network Kari-Matti Puukangas

  11. Spamming and Flooding • Spamming • Unsolicited SMS • The spam SMS content can include: • Commercial information • Bogus contest • Messages intended to invite a response from the receiver (e.g. to call a premium number) • Flooding • A large number of messages sent to one or more destinations • Messages may be either valid or invalid. • Purpose to slow down the operator network or jam one ore more mobile terminals • Usually combined with spoofing or faking Kari-Matti Puukangas

  12. GT Scanning and Mobile Malware • GT Scanning • A lot of MO_Forward_SM or SRI messages with SMSC or MSC address incremented by one in each message • Fraudster tries to find unprotected SMSC or MSC • Mobile malware • All kinds of binary messages, e.g. viruses or service settings Kari-Matti Puukangas

  13. How Fraudster Connects to the Network • Increased number of parties connected to SS7 network • Interfaces to SS7 and Internet • Potential thread by hackers • Bulk connections from small operators • Do not care how the connection is used • Hacking a short messaging entity • May be noticed quite soon • Pribe the operator employees • May be possible in some less developed countries Kari-Matti Puukangas

  14. Why Fraudulent Messaging Should be Prevented • Subscriber’s point of view • Receiving spam is very annoying • Spoofed number may cause charges to innocent user • Spoofed subscriber may get angry calls and messages from message receivers (blocking the handset) • Operator’s point of view • Loss of messaging income • Wrongly charged customers • Increased customer care contacts • Increased churn • Loss of termination fees • Termination of roaming agreements • Increased signaling network load Kari-Matti Puukangas

  15. How to Prevent Fraudulent Messages • GSMA has created a criteria to detect the fraud and basic actions for stopping it • Means to prevent fraudulent messages • TCAP Handshake • TCAP Sec • SMS Firewall Kari-Matti Puukangas

  16. TCAP Handshake • 3GPP specification 33.200 • Based on the TCAP segmentation used in the long messages • First two messages used for the authentication • Requires MAP version 2 or 3 • Protection against faking Kari-Matti Puukangas

  17. TCAP Handshake • SWOT analysis for TCAP Handshake Kari-Matti Puukangas

  18. TCAP sec • 3GPP specifications 33.204 and 29.204. • Requires new component to the network • SS7 Security Gateway (SEG) with databases for security policy (SPD) and security association (SAD) • SEG secures the TCAP transactions with the help of the Policy Database • Protected or unprotected mode Kari-Matti Puukangas

  19. TCAP sec • SWOT analysis for TCAPsec Kari-Matti Puukangas

  20. SMS Firewall • GSMA document IR.82 gives the guidelines to prevent SMS threats with a firewall • SMS Firewall can stop all known threats • Spoofing and faking prevention by comparing messages or location • Spamming and flooding prevention by checking the content • Virus check • Can be implemented without the actions of the other operators Kari-Matti Puukangas

  21. SMS Firewall • Preventing SMS Spoofing with Firewall Kari-Matti Puukangas

  22. SMS Firewall • Preventing SMS faking with Firewall Kari-Matti Puukangas

  23. SMS Firewall • SWOT analysis for SMS Firewall Kari-Matti Puukangas

  24. Conclusion • Requirements • The system must be able to protect against all known fraud cases • The system needs to have an ability to collect the reports of the incidents • The system must to be able to work regardless of the actions of other operators. • Conclusion • The only available solution that fulfils all of the requirements is the SMS Firewall. With the firewall solution the operator can implement a solid line of defence against all known fraudulent SMS threats. Kari-Matti Puukangas

  25. Thank You • Questions? Kari-Matti Puukangas

More Related