Upload
edward-galarza
View
216
Download
0
Embed Size (px)
Citation preview
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
1/18
Blocking of SMSSpam and Fraud
White Paper
Document: WPSMSWBV2.1
Issue date: 31MAY2004
Author: Walter Buehler
Senior Product Manager
Issued by: Nexus Telecom AG, Switzerland
We work to improve your network
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
2/18
Blocking of SMS Spam and Fraud
White Paper
Abstract
The problem of SMS Spam and fraud is growing fast and is starting to jeopardize mobile
messaging, a very lucrative market for wireless network operators. This fact is emphasized
by different publications; some state SMS Spam is one of the biggest threats to the revenue
potential of messaging services.
This White Paper describes several fraud and spamming cases and what can be done
against them.
Nexus Telecom, Switzerland May 2004 Page 2 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
3/18
Blocking of SMS Spam and Fraud
White Paper
Table of Contents
ABSTRACT ..............................................................................................................................2TABLE OF CONTENTS ...........................................................................................................3INTRODUCTION......................................................................................................................4
Motivation........................................................................................................................4 The Technology behind SMS..........................................................................................5
THE THREE CASES................................................................................................................6SMS Spamming/Flooding Case......................................................................................6
Impact on the network operator .......................................................................................... 6How to avoid it..................................................................................................................... 7
The Faked SMS Case.....................................................................................................8Impact on the network operator .......................................................................................... 8How to avoid it..................................................................................................................... 9
SMS Spoofing Case......................................................................................................10Impact on the network operator ........................................................................................ 10How to avoid it................................................................................................................... 11
SOLUTION DESCRIPTION ...................................................................................................12SMS Spam and Fraud Detection Application................................................................12
For the SMS Spamming/Flooding Case ........................................................................... 13For the Faked SMS Case ................................................................................................. 13SMS Spoofing Case.......................................................................................................... 13
About NexusNETVIEW Signaling Surveillance System................................................14ABBREVIATIONS ..................................................................................................................16ABOUT NEXUS TELECOM ...................................................................................................17
Nexus Telecom, Switzerland May 2004 Page 3 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
4/18
Blocking of SMS Spam and Fraud
White Paper
Introduction
Motivation
Network operators have a high interest in avoiding SMS Spam. Not only does SMS Spam by
nature generate high traffic, potential flooding network elements or the whole network, but
end-users are rather helpless in controlling the SMS Spam problem. Unlike e-mail,
"spammed" end-users cannot take any counter-measures against the increasing number of
unwanted SMS. Thus it is up to the network operator to help block unsolicited SMS. And if
the operator cannot do so he has to expect churn.
Another closely related issue to SMS Spam is SMS fraud, which has a direct impact on the
revenue stream of the network operator.
Nexus Telecom, Switzerland May 2004 Page 4 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
5/18
Blocking of SMS Spam and Fraud
White Paper
The Technology behind SMSFigure 1 shows two GSM networks and the components relevant for delivering an SMS from
end-user A to end-user B. In general, the following message flow exists:
1. SMS is sent via MSC/VLR to SMS-C in PLMN A. This is a MAP "Forward SM"
message, including the source MSISDN A and the destination MSISDN B.
2. Since the end-user B is in the PLMN B, the SMS-C has to get the routing information
from the HLR of the PLMN B. To do so, it sends a MAP "Send Routing Info for SM"
with the MSISDN B number.
3. The HLR then sends back the IMSI of end-user B and its VLR.
4. The SMS-C delivers the SMS as a MAP message via the MSC/VLR to the end-user
B.
Figure 1: Network Layout and SMS-related Message Flow
Nexus Telecom, Switzerland May 2004 Page 5 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
6/18
Blocking of SMS Spam and Fraud
White Paper
The Three Cases
SMS Spamming/Flooding Case
From the viewpoint of an end-user any single SMS could be an unwanted and annoying SMS
Spam. In single instances, no system can protect itself. But normally SMS Spamming is not
just a single event message to one subscriber, but a large amount of SMS to multiple
subscribers.
In the extreme these multiple SMS pose the danger of overloading the network. This is called
SMS Flooding and is defined as a massive load of SMS to one or several destinations,
independent of whether these SMS are valid or invalid.
Figure 2: SMS Spam/Flooding Case
Impact on the network operator
SMS Spamming is one reason for churn. Hence why for an operator blocking SMS Spam
becomes more and more a competitive advantage.
Nexus Telecom, Switzerland May 2004 Page 6 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
7/18
Blocking of SMS Spam and Fraud
White Paper
SMS Flooding can temporarily overload parts of the wireless network and hinder delivery of
other SMS. In rare cases, it can block other network components and cause outages.
How to avoid it
SMS Flooding can be detected by supervising SMS traffic and checking by source, and in
rarer cases by destination, to determine it is above an expected level. If this is so, then the
source address should be blocked.
Another clear identification of SMS Spam and Flooding is the fact that the high load of traffic
is generated by SMS with the same content. Therefore it is recommended to check not only
for abnormal traffic profiles from a certain source or destination, but also for repetitive
content.
Nexus Telecom, Switzerland May 2004 Page 7 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
8/18
Blocking of SMS Spam and Fraud
White Paper
The Faked SMS CaseThe Faked SMS have manipulated SCCP or MAP addresses. The source address of the
SMS pretends that these are sent from another network (in Figure 3 from PLMN A). To do
so, it has to know the end-users' IMSI, otherwise an HLR interaction has to take place. In this
case the Fake SMS Source has to use his own real SCCP and MAP SMS-C address.
If the VLR is unknown, the source has to send the SMS to every VLR in the network, which
together with the false IMSI addresses can generate a heavy load in the network equal to
SMS Flooding.
Figure 3: Faked SMS Case
Impact on the network operator
Faked SMS lead to wrong interconnection billing. For example, if the SCCP and MAP
addresses are wrong, PLMN B will not be paid for the delivery of these SMS.
And, of course, Faked SMS may be the reason for SMS Flooding with overload in the
network.
Nexus Telecom, Switzerland May 2004 Page 8 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
9/18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
10/18
Blocking of SMS Spam and Fraud
White Paper
SMS Spoofing CaseThe SMS sent to the SMS-C have a manipulated originating MSISDN A number. One
example is shown in Figure 4, where the "SMS Spoofing Source" simulates a roaming end-
user from PLMN A, sending an SMS to a foreign end-user in PLMN B. The "Spoofing SMS
Source" is a specific system with an SS7 application. It uses real or wrong MSISDN A
numbers, originating VLR and / or SCCP addresses.
Figure 4: SMS Spoofing Case
Impact on the network operator
The main issue for the operator of PLMN A is the revenue loss due to the fact that the
roaming end-user can not be billed when a wrong MSISDN number is used and has to pay
the operator of the PLMN B for the delivery of the SMS.
SMS Flooding could be another problem the network operator faces.
Nexus Telecom, Switzerland May 2004 Page 10 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
11/18
Blocking of SMS Spam and Fraud
White Paper
How to avoid it
The MSISDN number should be checked to determine that it is a real one and the VLRlocation should be checked with entry in the HLR. If one or both are identified as wrong, the
message should not be sent.
For an independent monitoring system, SMS Spoofing is a typical fraud case. It checks for
high usage MSISDN and creates an alarm if the usage is above a certain limit.
Nexus Telecom, Switzerland May 2004 Page 11 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
12/18
Blocking of SMS Spam and Fraud
White Paper
Solution Description
SMS Spam and Fraud Detection Application
The NexusNETVIEW Signaling Surveillance System meets all major technical and
operational requirements in PSTN and GSM networks. Its Fraud Detection application is
used to detect fraudulent behavior of end-users. It is designed for a very high numbers of
calls. This is a solid base for the SMS Spam and Fraud Detection application, because this
type of fraud requires the highest performance.
Figure 5: NexusNETVIEW Configuration
For Blocking SMS Spam & Fraud, the NexusNETVIEW monitors two points in the wireless
network:
International MAP gateway
MAP interface
Nexus Telecom, Switzerland May 2004 Page 12 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
13/18
Blocking of SMS Spam and Fraud
White Paper
NexusNETVIEW detects different SMS SPAM and Fraud patterns and generates an on-line
alarm to let the network act accordingly.
For the SMS Spamming/Flooding Case
NexusNETVIEW detects SMS Spamming/Flooding by supervising the SMS traffic and
checking for a high number of SMS from or to foreign SMS-C in short time intervals.
NexusNETVIEW holds profiles per source/destination and creates an alarm event in case a
user-defined threshold level is reached. In addition, the system can check SMS on repetitive
content from the same source and feed it to the threshold alarm manager.
If anyone threshold is met NexusNETVIEW generates an alarm with information about the
SMS source address that has to be blocked.
For the Faked SMS Case
First, NexusNETVIEW can be used by an SS7 carrier. The system screens all SS7 links to
determine that the SCCP addresses match with the connected operators. If the SCCP
address in a message does not match, it is faked and has to be deleted. NexusNETVIEW is
able to generate an alarm according to SCCP address mismatch.
NexusNETVIEW monitors MAP and TCAP messages at the border of the network of a
wireless network operator. Therefore it can detect:
Transaction address mismatch is an indication for wrong SCCP addresses;
"Unusual" originating SCCP addresses using the profiling mechanism;
Unknown IMSI messages ("unknown subscriber"); and,
An unexpected high number of messages from an often unknown source, possibly with
the same content.
If detected, NexusNETVIEW generates an alarm with the information about the source
address that should be blocked.
SMS Spoofing Case
NexusNETVIEW will check for high usage of MSISDN numbers in SMS. This is an indication
so a SMS Spam or spoofing. It creates an alarm if the usage is above a certain limit.
Nexus Telecom, Switzerland May 2004 Page 13 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
14/18
Blocking of SMS Spam and Fraud
White Paper
About NexusNETVIEW Signaling Surveillance System
NexusNETVIEW is the most powerful signaling surveillance system for GSM, GPRS, UMTSand VoIP available today. On-site data acquisition devices collect the raw signaling and user
data. The acquired and pre-processed information is transferred to the central application
server located in the NMC. Local and remote users can access and make use of the various
applications according to their specific tasks.
The following applications are at the user's disposal:
Network and call status supervision for help desk and NMC
o Pro-active overview (Network Health Monitoring)
o Real-time call traces
o Off-line call traces on historical data
Performance and QoS Reporting according to ITU-T Q.752/E.422 for NMC and the
quality department:
o Performance measurements for network planning and quality reporting
o On-line network health and status surveillance
o Threshold alarm management
o Alarm management via Q3 or SNMP interface (optional)
NMC network operation and trouble-shooting
o Call tracing
o Protocol analysis
Destination and origin-oriented on-line traffic management
Fraud detection
Inter-carrier accounting
Welcome SMS
Major strengths of the NexusNETVIEW Signaling Surveillance System:
Highly scaleable, modular system architecture built up with standard system hardware
and software components, standard networking interfaces and protocols.
Ready for extended applications such as performance and QoS reporting according to
the recommendations of the Telecommunication Management Forum.
Compact high-performance probes with mass storage for up to 30 days full rollback on
all raw data of the entire SS7 signaling traffic and call detail records (up to 60 days
CDR storage optional).
Nexus Telecom, Switzerland May 2004 Page 14 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
15/18
Blocking of SMS Spam and Fraud
White Paper
X.700 Manager/Agent model for maximum performance over LAN/WAN and for X.733
alarm management via the optional Q3 alarm interface. SNMP integrations are alsosupported.
Ready for future applications such as VoIP QoS testing, connectionless traffic
accounting and billing, UMTS support and configuration management.
To learn more about NexusNETVIEW, please visit: http://www.NexusNETVIEW.com
Nexus Telecom, Switzerland May 2004 Page 15 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
16/18
Blocking of SMS Spam and Fraud
White Paper
Abbreviations
BSS Base Station Subsystem
CDR Call Data Record
GERAN GSM EDGE Radio Access Network
GPRS General Packet Radio Service
GSM Global System for Mobile Communication
HLR Home Location Register
IGP Interior Gateway Protocol
IMSI International Mobile Subscriber IdentityIP Internet Protocol
LAN Local Area Network
MAP Mobile Application Part
MSC/VLR Mobile Switching Center / Visitor Location Register
MSIDN Mobile Subscriber ISDN Number
MSU Message Signaling Unit
NMC Network Management Center
OSS Operations Support System
PLMN Public Land Mobile NetworkPSTN Public Switched Telecom Network
QoS Quality of Service
SCCP Signaling Connection Control Part
SMS Short Message Service
SMS-C SMS Center
SNMP Simple Network Management Protocol
SS7 Signaling System Number 7
STP Signaling Transfer Point
TCAP Transaction Capability Application PartTCP/IP Transmission Control Protocol / Internet Protocol
UMTS Universal Mobile Telecommunications System
VoIP Voice over IP
WAN Wide Area Network
Nexus Telecom, Switzerland May 2004 Page 16 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
17/18
Blocking of SMS Spam and Fraud
White Paper
About Nexus Telecom
Founded in 1994, Nexus Telecom (www.nexustelecom.com) is a privately-held company with
headquarters in Zurich, Switzerland and a North American subsidiary in Ottawa, Canada.
With over 200 employees, Nexus Telecom is a major OSS/BSS vendor delivering
sophisticated state-of-the-art telecom management solutions to 2G, 3G, NGN and VoIP
service providers and network operators worldwide.
Nexus Telecom specializes in Service Assurance, Revenue Assurance and Network/Service
Testing solutions, supporting the most recently developed technologies and standards.Nexus Telecom's fast time-to-market strategy is to gain early in-depth know-how about
upcoming network technologies through strong development partnerships with leading
network manufacturers such as Siemens, Lucent, Nortel, Nokia, and Ericsson, to name a
few.
With solutions deployed in over 100 countries, Nexus Telecom's
installed customer base spans the globe, assuring service quality
and revenue streams for many of the world's best-known telecom
operators. For small and large service providers alike, including theworld's largest GSM/UMTS network operated by T-Mobile, the
highly scalable and modular E2E solutions from Nexus Telecom
maximize the service provider's competitive edge through excellent
ROI, quick and smooth launch of new services, and greatly increased end-customer
satisfaction.
Nexus TelecomZurich Headquarters
Nexus Telecom is certified according to the ISO 9001 Quality and Management Standards.
Nexus Telecom, Switzerland May 2004 Page 17 of 18
8/3/2019 White Paper SMS Spam Nexus Net View Ed 2.1
18/18
Nexus Telecom AG, CH-8048 Zurich, Switzerland
This document and all the information contained herein is subject to change without notice
and should not be construed as a commitment by Nexus Telecom. Although we believe the
contents of this document to be accurate, Nexus Telecom assumes no responsibility for any
errors that may occur in this document.
Nexus Telecom, and all Nexus Logos are trademarks of Nexus Telecom AG.
All other trademarks are acknowledged and are the property of their respective owners.
Visit our website at www.nexustelecom.com
Nexus Telecom AGSystem Solutions
Nexus Telecom AGWireless Network Systems
Nexus Telecom (Americas) Inc.(NA and CALA)
Feldbachstrasse 80
P.O. Box 215
CH-8634 Hombrechtikon
Switzerland
Tel. +41 55 254 5111
Fax +41 55 254 5112
Muertschenstrasse 27
P.O. Box 1413
CH-8048 Zurich
Switzerland
Tel. +41 44 355 6611
Fax +41 44 355 6612
Suite 100
1101 Prince of Wales Drive
Ottawa, Ontario
Canada K2C 3W7
Tel. +1 613 224 2637
Fax +1 613 224 2761
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]