Mobile operators vs. Hackers: new security measures for new bypassing techniques
Size: px
Start display at page:

Download "Mobile operators vs. Hackers: new security measures for new bypassing techniques"

Transcription

1 Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

2 SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 Signaling System #7, a set of telephony protocols, which is used to set up and tear down telephone calls, send and receive SMS, provide subscriber mobility, and other service

3 SS7 nowadays SIGTRAN Signaling Transport, an extension of the SS7 protocol family that uses IP as a transport

4 Why SS7 is not secure LTE SIGTRAN SIGTRAN Diameter STP IWF/DEA SS7 SIGTRAN STP STP

5 Mass media highlights the SS7 security problem

6 Governments and global organizations' concern on SS7 security

7 Mobile operators and SS7 security SMS Home Routing Security assessment Security configuration SS7 firewall Security monitoring

8 Research and publications 2014 Signaling System 7 (SS7) security report 2014 Vulnerabilities of mobile Internet (GPRS) 2016 Primary security threats for SS7 cellular networks 2017 Next-generation networks, next-level cybersecurity problems (Diameter vulnerabilities) 2017 Threats to packet core security of 4G network 2018 SS7 vulnerabilities and attack exposure report

9 Network vulnerability statistics: SMS Home Routing Possibility of exploitation of some threats in networks with SMS Home Routing installed is greater than in networks without protection 67% of installed SMS Home Routing systems have been bypassed

10 Network vulnerability statistics: SS7 firewall Penetration level of SS7 firewalls on mobile networks: % % % Filtering system alone cannot protect the network thoroughly

11 Basic nodes and identifiers MSISDN Mobile Subscriber Integrated Services Digital Number HLR Home Location Register GT Global Title, address of a core node element IMSI International Mobile Subscriber Identity MSC/VLR Mobile Switching Center alongside with Visited Location Register STP Signaling Transfer Point SMS-C SMS Center

12 SS7 messages for IMSI retrieving SendRoutingInfo SendIMSI SendRoutingInfoForLCS SendRoutingInfoForSM Should be blocked on the border May be blocked on the HLR SMS Home Routing as a protection tool

13 SMS Home Routing bypass No. 1

14 SMS Delivery with no SMS Home Routing in place SRI4SM SendRoutingInfoForSM HLR SMS-C 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address 2. SRI4SM Response IMSI MSC Address 3. MT-SMS IMSI SMS Text 3. MT-SMS IMSI SMS Text MSC

15 SRI4SM abuse by a malefactor HLR 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address STP 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address MSC

16 SMS Home Routing HLR SMS-C 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN SMS Router 4. SRI4SM Request MSISDN 2. SRI4SM Response Fake IMSI SMS-R Address 2. SRI4SM Response Fake IMSI SMS-R Address 5. SRI4SM Response Real IMSI MSC Address 3. MT-SMS Fake IMSI SMS Text 3. MT-SMS Fake IMSI SMS Text 6. MT-SMS Real IMSI SMS Text MSC

17 SMS Home Routing against malefactors HLR 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN SMS Router 2. SRI4SM Response Fake IMSI SMS-R Address 2. SRI4SM Response Fake IMSI SMS-R Address MSC

18 Numbering plans E.164 MSISDN and GT Country Code Network Destination Code E.212 IMSI Mobile Country Code Mobile Network Code E.214 Mobile GT Rule of GT Translation Operator HLR

19 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM HLR 2 SMS Router

20 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router

21 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router

22 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router

23 SendRoutingInfoForSM message Called Party Address = MSISDN

24 SMS Home Routing bypass attack STP HLR 1 STP Routing Table 1. SRI4SM Request E.214 / Random IMSI MSISDN 3. SRI4SM Response IMSI MSC address Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx 2. SRI4SM Request E.214 / Random IMSI MSISDN HLR 2 SMS Router The malefactor needs to guess any IMSI from a HLR serving the target subscriber SMS Router is aside

25 SMS Home Routing bypass No. 2

26 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR SMS Router

27 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 1. SRI4SM Request: MSISDN SMS Router

28 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 2. SRI4SM Request: MSISDN SMS Router 3. SRI4SM Response: Fake IMSI, SMS-R address

29 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 2. SRI4SM Request: MSISDN SMS Router 3. SRI4SM Response: Fake IMSI, SMS-R address Different IMSIs mean SMS Home Routing procedure is involved

30 TCAP Protocol TCAP Transaction Capabilities Application Part TCAP Message Type Begin, Continue, End, Abort Transaction IDs Source and/or Designation IDs Dialogue Portion Application Context Name (ACN) ACN Version Component Portion Operation Code Payload Application Context Name corresponds to a respective Operation Code

31 Application Context Name

32 Application Context Name change

33 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR SMS Router Malformed ACN

34 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR 2. SRI4SM Response: IMSI, MSC 2. SRI4SM Response: IMSI, MSC SMS Router SMS Router is aside

35 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR 2. SRI4SM Response: IMSI, MSC 2. SRI4SM Response: IMSI, MSC SMS Router Equal IMSIs means the SMS Home Routing solution is absent or not involved

36 SS7 firewall bypass

37 SS7 firewall typical deployment scheme STP 1. SS7 message 3. SS7 message HLR 2. SS7 message SS7 firewall

38 SS7 firewall typical deployment scheme SRI SendRoutingInfo 1. SRI Request: MSISDN STP HLR 2. SRI Request: MSISDN SS7 firewall The message is blocked

39 Application Context Name change

40 SS7 firewall bypass with malformed ACN 1. SRI Request: MSISDN Malformed ACN STP 2. SRI Request: MSISDN Malformed ACN HLR SS7 firewall Malformed ACN

41 SS7 firewall bypass with malformed ACN 1. SRI Request: MSISDN Malformed ACN STP 2. SRI Request: MSISDN Malformed ACN HLR 3. SRI Response: IMSI, 3. SRI Response: IMSI, SS7 firewall SS7 firewall is aside

42 Positioning enhancement

43 Positioning attack idea

44 Positioning attack idea

45 Positioning attack idea

46 How we discovered

47 How we discovered

48 Recreating the position refinement attack MSC/VLR

49 Recreating the position refinement attack CID 0DFB ProvideSubscriberInfo 1 MSC/VLR CID: 0DFB

50 Recreating the position refinement attack CID 0DFB 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR 2 UnstructuredSS-Notify

51 Recreating the position refinement attack CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2

52 Recreating the position refinement attack CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2

53 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify Paging Response

54 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify Paging Response... returnerror

55 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2 returnerror Paging Response... returnerror

56 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify returnerror Paging Response... ProvideSubscriberInfo returnerror 4 CID: 0191

57 On the map

58 Main problems in SS7 security SS7 architecture flaws Configuration mistakes Software bugs

59 Things to remember 1. Deploying security tool does not mean the network is secure. About 67% of SMS Home Routing solutions in tested networks were bypassed. 2. Test the network. Penetration testing is a good practice to discover a lot of vulnerabilities. Discover and close existing vulnerabilities before hackers find and exploit them. 3. Know the perimeter. The continuous security monitoring allows a mobile operator to know which vulnerabilities are exploited and they are able to protect the network.

60 Thank you! Sergey Puzankov ptsecurity.com

Similar documents

Trojans in SS7 - how they bypass all security measures

Trojans in SS7 - how they bypass all security measures Sergey Puzankov Trojans in SS7 - how they bypass all security measures ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 (Signaling System #7): a set of telephony protocols

More information

Positive Technologies Telecom Attack Discovery DATA SHEET

Positive Technologies Telecom Attack Discovery DATA SHEET Positive Technologies Telecom Attack Discovery DATA SHEET PT TELECOM ATTACK DISCOVERY DATA SHEET CELLULAR NETWORK SECURITY COMPLICATIONS As is shown in the network analysis performed by Positive Technologies

More information

Taking Over Telecom Networks

Taking Over Telecom Networks Taking Over Telecom Networks Hardik Mehta (@hardw00t) Loay Abdelrazek (@sigploit) Taking Over Telecom Networks - Hardik Mehta (@hardw00t) and Loay Abdelrazek (@sigploit) 1 Press Release: some highlights

More information

Stealthy SS7 Attacks

Stealthy SS7 Attacks Stealthy SS7 Attacks Sergey Puzankov Positive Technologies, Russia E-mail: spuzankov@ptsecurity.com Received 8 September 2017; Accepted 10 October 2017 Abstract As we can see, most mobile operators defend

More information

Signaling System 7 (SS7) By : Ali Mustafa

Signaling System 7 (SS7) By : Ali Mustafa Signaling System 7 (SS7) By : Ali Mustafa Contents Types of Signaling SS7 Signaling SS7 Protocol Architecture SS7 Network Architecture Basic Call Setup SS7 Applications SS7/IP Inter-working VoIP Network

More information

Fractured Backbones Incidents Detection and Forensics in Telco Networks

Fractured Backbones Incidents Detection and Forensics in Telco Networks Dmitry Kurbatov Sergey Puzankov Vladimir Kropotov Fractured Backbones Incidents Detection and Forensics in Telco Networks ptsecurity.com About us Joint research of Incident Response and Telco Security

More information

Cyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek

Cyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Cyber Security Threats to Telecom s Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Press Release: some highlights Cyber Security Threats to Telecom s - Rosalia D Alessandro, Hardik Mehta and Loay Abdelrazek

More information

PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS

PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS Contents Introduction...3 1. Research Methodology...4 2. Summary...5 3. Participant Profile...5 4.

More information

TELECOMMUNICATION SYSTEMS

TELECOMMUNICATION SYSTEMS TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 Signaling System 7 Architecture Signaling System 7 Protocol Stacks Overview Level 1: Physical Connection SS7 Level 2:

More information

Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016

Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016 Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016 Luca Melette SRLabs Template v12 Motivation: Operators and their users still vulnerable to SS7 attacks Agenda 3 attack

More information

HLR Configuration Mode Commands

HLR Configuration Mode Commands The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support

More information

Oracle Communications Convergent Charging Controller. Messaging Manager Navigator Technical Guide Release 6.0

Oracle Communications Convergent Charging Controller. Messaging Manager Navigator Technical Guide Release 6.0 Oracle Communications Convergent Charging Controller Messaging Manager Navigator Technical Guide Release 6.0 May 2016 Copyright Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software

More information

HLR Configuration Mode Commands

HLR Configuration Mode Commands The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support

More information

THREATS TO PACKET CORE SECURITY OF 4G NETWORK

THREATS TO PACKET CORE SECURITY OF 4G NETWORK 07 CONTENTS Terms and abbreviations... : main components and protocols...4 Attack scenarios...5 What is necessary for a successful attack...5 Threats to EPC security...7. Fraud...7. Connection hijacking...8.

More information

Express Monitoring 2019

Express Monitoring 2019 Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities

More information

MAP - Mobile Application Part

MAP - Mobile Application Part - Mobile Application Part Mobility Management in GSM GSM services Short Message Service CAMEL = IN+GSM integration Raimo Kantola/ k2001 Telecommunications Switching Technology I 17-1 Course scope - lecture

More information

Three kinds of number portability

Three kinds of number portability Number Portability Three kinds of number portability Location portability: a subscriber may move from one location to another location without changing his or her telephone number Service portability:

More information

TELECOMMUNICATION SYSTEMS

TELECOMMUNICATION SYSTEMS TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 SS7 Network Architecture SS7 can employ different types of signaling network structures. The worldwide signaling network

More information

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS

More information

Communication Networks 2 Signaling 2 (Mobile)

Communication Networks 2 Signaling 2 (Mobile) Communication Networks 2 Signaling 2 (Mobile) Gusztáv Adamis BME TMIT 2017 GSM signaling Signaling of GSM is based on the ISDN signaling systems SS7/DSS1 But, because of mobility, roaming, radio access

More information

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture GSM Architecture 1 GSM NETWORK INFRASTRUCTURE...2 2 NETWORK SWITCHING SUBSYSTEM (NSS)...3 2.1 Home Location Register...4 2.2 Mobile Switching Center and Visitor Location Register...4 2.3 Authentication

More information

Prototyping and evaluation of TCAPsec

Prototyping and evaluation of TCAPsec Department of Computer Science Kang Chung Prototyping and evaluation of TCAPsec Degree Project of 20 credit points Master s in Computer Science and Engineering Date: 2006-02-01 Supervisor: Katarina Asplund

More information

Telecommunication Services Engineering Lab

Telecommunication Services Engineering Lab Logistics Instructor Office: EV007-647, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Tuesday: 3 pm 5 pm Time: Usually: Tuesday, 17h45-20h15

More information

Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort

Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort Madrid, March 2018. By: Alejandro Corletti Estrada (acorletti@darfe.es - acorletti@hotmail.com) INDEX 1.

More information

INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1. Roch H. Glitho- Ericsson/Concordia University

INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1. Roch H. Glitho- Ericsson/Concordia University INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1 1 Outline 1. Essentials of circuit switched telephony 2. Introduction to value added services 3. IN fundamental

More information

Oracle Communications Network Charging and Control. Messaging Manager Navigator Technical Guide Release: 4.4

Oracle Communications Network Charging and Control. Messaging Manager Navigator Technical Guide Release: 4.4 Oracle Communications Network Charging and Control Messaging Manager Navigator Release: 4.4 June 2011 Commercial In Confidence Copyright Copyright 2011, Oracle and/or its affiliates. All rights reserved.

More information

Dialogic DSI SS7G41 Signaling Server

Dialogic DSI SS7G41 Signaling Server Dialogic DSI SS7G41 Signaling Server SWS Developers Manual www.dialogic.com Copyright and Legal Notice Copyright 2011-2013 Dialogic Inc. All Rights Reserved. You may not reproduce this document in whole

More information

Telecommunication Services Engineering Lab

Telecommunication Services Engineering Lab Logistics Instructor Office: EV006-227, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Friday: 3 pm 5 pm Time: Friday, 17h45-20h15 Room

More information

Integrating Non Call-Related User Interactions in SIP Environment

Integrating Non Call-Related User Interactions in SIP Environment BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 8, No 3 Sofia 2008 Integrating Non Call-Related User Interactions in Environment Ivaylo Atanasov, Evelina Pencheva Department

More information

SS7. Mercantec H2 2009

SS7. Mercantec H2 2009 SS7 Mercantec H2 2009 Common Channel Signaling System No. 7 basic call setup, management, and tear down wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber

More information

HLR Lookup Service (Release 1.1.0)

HLR Lookup Service (Release 1.1.0) 1. Introduction 1.1. Summary This document will illustrate the HLR Lookup Service (or Network Query) 1.2. Scope The information contained in this document may be used by all third parties that need to

More information

3GPP TR V7.0.0 ( )

3GPP TR V7.0.0 ( ) TR 23.840 V7.0.0 (2006-12) Technical Report 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Study into routeing of MT-SMs via the HPLMN (Release 7) The present

More information

5. Execute the attack and obtain unauthorized access to the system.

5. Execute the attack and obtain unauthorized access to the system. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and

More information

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration

More information

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been

More information

Applying Lucent s CDMA Full International Mobile Station Identity (IMSI) Feature for Enhanced Preferred Roaming List (PRL)

Applying Lucent s CDMA Full International Mobile Station Identity (IMSI) Feature for Enhanced Preferred Roaming List (PRL) Applying Lucent s CDMA Full International Mobile Station Identity (IMSI) Feature for Enhanced Preferred Roaming List (PRL) Mike Chambers Mobility Solutions Systems Engineering February 2004 Slide 1 Lucent

More information

COPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission

COPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission 1 Global System for Mobile Communications (GSM) At the beginning of the 1990s, GSM, the Global System for Mobile Communications triggered an unprecedented change in the way people communicate with each

More information

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales Mavenir Keynote Think Smarter Secure communication Innovate Services By Mohamed Issa Regional Head of Africa Sales The New Mavenir: Combining Market Leaders Combing three industry-leading companies to

More information

Chapter 9. Firewalls

Chapter 9. Firewalls Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however

More information

Oracle Communications Convergent Charging Controller. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 6.

Oracle Communications Convergent Charging Controller. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 6. Oracle Communications Convergent Charging Controller Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 6.0 May 2016 Copyright Copyright 2016, Oracle and/or its affiliates.

More information

Oracle Communications Network Charging and Control. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 5.0.

Oracle Communications Network Charging and Control. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 5.0. Oracle Communications Network Charging and Control Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 5.0.1 June 2013 Copyright Copyright 2013, Oracle and/or its affiliates.

More information

MAP Service Configuration Mode Commands

MAP Service Configuration Mode Commands Mobile Application Part (MAP) is a protocol which provides an application layer for the various nodes in the core mobile network and GPRS and UMTS core network to communicate with each other in order to

More information

Outstanding Communications Solutions. Root Canal. A new class of SS7 vulnerabilities

Outstanding Communications Solutions. Root Canal. A new class of SS7 vulnerabilities Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid

More information

Client Server Programming and GSM Networking Protocols (SS7 Signaling)

Client Server Programming and GSM Networking Protocols (SS7 Signaling) Client Server Programming and GSM Networking Protocols (SS7 Signaling) Synopsis Getting the Right Knowledge to the Right People at the Right Time Our interactive, accelerated learning experience teaches

More information

Oracle Communications Network Charging and Control

Oracle Communications Network Charging and Control Oracle Communications Network Charging and Control Product: OCNCC 4.3 Component: S ware version: Release 3.1.1 Guide version: 02.00 Mobile Application Part (MAP) Protocol Implementation Conformance Statement

More information

PROACTIVE APPROACH. INTELLIGENT CYBERSECURITY. ptsecurity.com

PROACTIVE APPROACH. INTELLIGENT CYBERSECURITY. ptsecurity.com PROACTIVE APPROACH. INTELLIGENT CYBERSECURITY ptsecurity.com WHO WE ARE Positive Technologies is a leading global provider of enter prise security solutions for vulnerability and compliance management,

More information

Understand iwag Solution for 3G Mobile Data

Understand iwag Solution for 3G Mobile Data Understand iwag Solution for 3G Mobile Data Contents Introduction Prerequisites Requirements Components Used Background Information Acronyms Explanation of Terminology Used Understand Mobility Services

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls

More information

CSFB and SMS over SGs Interface

CSFB and SMS over SGs Interface Circuit Switched Fallback (CSFB) provides an interim solution for enabling telephony and short message service (SMS) for LTE operators that do not plan to deploy IMS packet switched services at initial

More information

Course 5 The SS7 signaling systems.

Course 5 The SS7 signaling systems. Course 5 The SS7 signaling systems. Zsolt Polgar Communications Department Faculty of Electronics and Telecommunications, Technical University of Cluj-Napoca General aspects; The SS7 architecture; Node

More information

GSM and IN Architecture

GSM and IN Architecture GSM and IN Architecture a common component: TCAP Raimo.Kantola@aalto.fi Rka S-2015 Signaling Protocols 8-1 GSM system consists of sub-systems MS = ME+SIM Radio or Air i/f Base Station Sub-system (BSS)

More information

Advanced Mobile Technology Certification

Advanced Mobile Technology Certification Advanced Mobile Technology Certification ETSI GSM today is the most widely deployed wireless network worldwide. This second generation mobile standard has revolutionized wireless industry since its inception.

More information

Vulnerabilities in online banking applications

Vulnerabilities in online banking applications Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison

More information

Signaling System No. 7 (Zeichengabesystem Nr. 7)

Signaling System No. 7 (Zeichengabesystem Nr. 7) Signaling System No. 7 (Zeichengabesystem Nr. 7) SS#7, SS7,... Common Channel Signaling System No. 7, C7, CCS7,... (ZGS-Nr. 7) www.comnets.uni-bremen.de SS7-10 - 1 Terms (Begriffe) Communication Networks

More information

GSM V8.0.0 ( )

GSM V8.0.0 ( ) Technical Report Digital cellular telecommunications system (Phase 2+); Lawful Interception requirements for GSM (GSM 01.33 version 8.0.0) (formally known as GSM 10.20) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS

More information

GPRS security. Helsinki University of Technology S Security of Communication Protocols

GPRS security. Helsinki University of Technology S Security of Communication Protocols GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting

More information

Interworking Internet Telephony and Wireless

Interworking Internet Telephony and Wireless Interworking Internet Telephony and Wireless Telecommunications Networks Bell Laboratories & Columbia University lennox@{bell-labs.com,cs.columbia.edu} Kazutaka Murakami, Mehmet Karaul, Thomas F. La Porta

More information

SUA. Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety

SUA. Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety SUA Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety Contents Introduction Features of SUA SUA Architecture Applications Signalling Transport Architecture Message Format in SUA Services provided by

More information

OUR PRODUCTS. PT Application Firewall. PT Application Inspector. MaxPatrol

OUR PRODUCTS. PT Application Firewall. PT Application Inspector. MaxPatrol ptsecurity.com WHO WE ARE Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application

More information

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers lives much harder on mobile networks

SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers lives much harder on mobile networks SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers lives much harder on mobile networks SigFW Open Source SS7/Diameter firewall for Antisniff, Antispoof & Threat Hunt

More information

ISDN. Integrated Services Digital Network

ISDN. Integrated Services Digital Network ISDN Integrated Services Digital Network definition of ISDN evolution to ISDN and beyond ISDN services basic BRA / PRA architecture protocols & signalling What is ISDN? 1. End-to-end digital connectivity

More information

ISDP 2018 Industry Skill Development Program In association with

ISDP 2018 Industry Skill Development Program In association with ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the

More information

We Know Where You Are!

We Know Where You Are! 2016 8th International Conference on Cyber Conflict Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 NATO CCD COE Publications, Tallinn Permission to make digital or hard copies of this publication

More information

Advanced Intelligent Network for Wireless Communications

Advanced Intelligent Network for Wireless Communications www..org Advanced Intelligent Network for Wireless Communications 6 Pooja Sharma 1 Pawan Bhadana 2 1 B.S.Anangpuria Institute of Technology and Management, Faridabad, Haryana, India Poojasharma161@gmail.com

More information

Chapter 3 GSM and Similar Architectures

Chapter 3 GSM and Similar Architectures CSF645 Mobile Computing 行動計算 Chapter 3 GSM and Similar Architectures 吳俊興 國立高雄大學資訊工程學系 Chapter 3 GSM and Similar Architectures 3.1 GSM Services and System Architecture 3.2 Radio Interfaces 3.3 Protocols

More information

The Next Generation Signaling Transfer Point

The Next Generation Signaling Transfer Point The Next Generation Signaling Transfer Point Overview As the Global network is undergoing immense changes and the Next-Generation IP networks become a reality, it signals an evolution towards using Internet

More information

Lecture 9 Mobility Management and Mobile Application Part (MAP)

Lecture 9 Mobility Management and Mobile Application Part (MAP) S38.3115 Signaling Protocols Lecture Notes Lecture 9 Mobility Management and Mobile Application Part (MAP) Introduction... 2 Mobility problem analysis... 2 Location of users... 2 GSM solution of mobility

More information

Information Technology Mobile Computing Module: GSM Handovers

Information Technology Mobile Computing Module: GSM Handovers Information Technology Mobile Computing Module: GSM Handovers Learning Objectives Recap of previous modules Basic functions of Network Sub System Entities that form NSS namely MSC,GMSC,HLR and VLR Functions

More information

GSM security country report: Estonia

GSM security country report: Estonia GSM security country report: Estonia GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin September 2014 Abstract. GSM networks differ widely in their protection capabilities against common

More information

Agenda. Networking Intro MPLS Tech MPBN WAN MPBN Functionality Security Monitoring

Agenda. Networking Intro MPLS Tech MPBN WAN MPBN Functionality Security Monitoring Agenda Networking Intro MPLS Tech MPBN WAN MPBN Functionality Security Monitoring Where MPBN Functions : 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Hub NIC Card

More information

Transport of (Legacy) Signaling over IP. Summary of course scope

Transport of (Legacy) Signaling over IP. Summary of course scope Transport of (Legacy) Signaling over SIGTRAN architecture (http://www.ietf.org/html.charters/sigtran-charter.html) Raimo Kantola S- 2004 Signaling Protocols 15-1 Summary of course scope PABX H.323 or S

More information

Common Channel Signaling Nr 7 (CCS7)

Common Channel Signaling Nr 7 (CCS7) Common Channel Signaling Nr 7 (CCS7) CCS7 is a message based, multi-layer network to network signaling system designed for fully digital exchanges. Limitation of analogue signaling systems Basic definitions

More information

ETSI TR V1.1.1 ( )

ETSI TR V1.1.1 ( ) TR 102 314-3 V1.1.1 (2005-03) Technical Report Fixed network Multimedia Messaging Service (F-MMS); PSTN/ISDN; Part 3: Network architecture and interconnection 2 TR 102 314-3 V1.1.1 (2005-03) Reference

More information

PT Unified Application Security Enforcement. ptsecurity.com

PT Unified Application Security Enforcement. ptsecurity.com PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over

More information

ETSI TS V1.1.1 ( )

ETSI TS V1.1.1 ( ) TS 103 418 V1.1.1 (2017-02) TECHNICAL SPECIFICATION Railway Telecommunications (RT); SMS to Railway numbering plan in roaming environment 2 TS 103 418 V1.1.1 (2017-02) Reference DTS/RT-0042 Keywords GSM-R,

More information

Mobile network security report: Ukraine

Mobile network security report: Ukraine Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common

More information

SGSN Service Configuration Procedures

SGSN Service Configuration Procedures , page 2 2.5G SGSN Service Configuration, page 2 3G SGSN Service Configuration, page 4 Dual Access SGSN Service Configuration, page 5 Configuring the S4-SGSN, page 6 Configuring an SS7 Routing Domain,

More information

VeriSign Communications Services. IP Network Solutions. Outsourcing the Softswitch Functionality. Where it all comes together.

VeriSign Communications Services. IP Network Solutions. Outsourcing the Softswitch Functionality. Where it all comes together. IP Network Solutions Outsourcing the Softswitch Functionality Where it all comes together. Contents + Introduction 3 + IP Infrastructure Service Provider Issues 3 Access to the and Network 3 Ownership

More information

3GPP TS V6.0.0 ( )

3GPP TS V6.0.0 ( ) TS 23.066 V6.0.0 (2004-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Support of Mobile Number Portability (MNP); Technical realization; Stage

More information

MARCH Secure Software Development WHAT TO CONSIDER

MARCH Secure Software Development WHAT TO CONSIDER MARCH 2017 Secure Software Development WHAT TO CONSIDER Table of Content Introduction... 2 Background... 3 Problem Statement... 3 Considerations... 4 Planning... 4 Start with security in requirements (Abuse

More information

TSGS#27(05)0138. Technical Specification Group Services and System Aspects Meeting #27, March 2005, Tokyo, Japan

TSGS#27(05)0138. Technical Specification Group Services and System Aspects Meeting #27, March 2005, Tokyo, Japan Technical Specification Group Services and System Aspects Meeting #27, 14-17 March 2005, Tokyo, Japan TSGS#27(05)0138 Source: SA WG3 Title: Three CRs to TS 33.200 (Rel-6) Document for: Approval Agenda

More information

JP-3GA (R99) Support of GSM Mobile Number Portability (MNP) stage 2

JP-3GA (R99) Support of GSM Mobile Number Portability (MNP) stage 2 JP-3GA-23.066(R99) Support of GSM Mobile Number Portability (MNP) stage 2 Version 2 Nov 30, 2000 THE TELECOMMUNICATION TECHNOLOGY COMMITTEE JP-3GA-23.066(R99) Support of Mobile Number Portability (MNP);

More information

Femtocell: Femtostep to the Holy Grail

Femtocell: Femtostep to the Holy Grail .... Femtocell: Femtostep to the Holy Grail Ravishankar Borgaonkar, Kévin Redon Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells

More information

3GPP TS V ( )

3GPP TS V ( ) TS 23.204 V12.4.0 (2013-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Support of Short Message Service (SMS) over generic Internet

More information

WIRELESS INTELLIGENT NETWORKING (WIN) FATİH ERTÜRK

WIRELESS INTELLIGENT NETWORKING (WIN) FATİH ERTÜRK WIRELESS INTELLIGENT NETWORKING (WIN) FATİH ERTÜRK 2010514027 Today's wireless subscribers are much more sophisticated telecommunications users than they were five years ago. No longer satisfied with just

More information

IC32E - Pre-Instructional Survey

IC32E - Pre-Instructional Survey Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into

More information

Intel NetStructure SS7 Protocols MAP Programmer s Manual. Document Reference: U14SSS

Intel NetStructure SS7 Protocols MAP Programmer s Manual. Document Reference: U14SSS Intel NetStructure SS7 Protocols MAP Programmer s Manual Document Reference: U14SSS Disclaimer The product may contain design defects or errors known as errata, which may cause the product to deviate from

More information

2000 Performance Technologies, Inc.

2000 Performance Technologies, Inc. Table of Contents SS7 Tutorial...1 SS7 Tutorial...3 Overview...3 SS7 Protocol Stack...6 Message Transfer Part...7 ISDN User Part...13 Signaling Connection Control Part...20 Transaction Capabilities Application

More information

ETSI TS V7.1.0 ( )

ETSI TS V7.1.0 ( ) TS 100 522 V7.1.0 (2000-02) Technical Specification Digital cellular telecommunications system (Phase 2+); Network architecture (GSM 03.02 version 7.1.0 Release 1998) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS

More information

Convergence of IP and Mobile Communications. Albert Coronel RedLink Communications Co., Ltd. MMNOG, November 21, 2015

Convergence of IP and Mobile Communications. Albert Coronel RedLink Communications Co., Ltd. MMNOG, November 21, 2015 Convergence of IP and Mobile Communications Albert Coronel RedLink Communications Co., Ltd. MMNOG, November 21, 2015 Mobile terminals Netgear Skype phone first released 2007 Makes and receives Skype calls

More information

Trends and Developments in Telecommunication Security

Trends and Developments in Telecommunication Security Trends and Developments in Telecommunication Security Duminda Wijesekera Department of Information and Software Engineering George Mason University, Fairfax VA 22030. 703-993-1578 dwijesek@gmu.edu Abstract

More information

A Prototype for SCCP-X A New Lightweight Protocol for Emulation of SCCP in Post-SIGTRAN

A Prototype for SCCP-X A New Lightweight Protocol for Emulation of SCCP in Post-SIGTRAN Department of Computer Science Malin Abrahamsson, Aleksandra Gadji A Prototype for SCCP-X A New Lightweight Protocol for Emulation of SCCP in Post-SIGTRAN D Dissertation 30 ECTS 2005:06 A Prototype for

More information

3GPP TS V7.6.0 ( )

3GPP TS V7.6.0 ( ) TS 23.204 V7.6.0 (2009-03) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Support of Short Message Service (SMS) over generic Internet

More information

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting

More information

ETSI TS V ( )

ETSI TS V ( ) TS 123 066 V14.0.0 (2017-04) TECHNICAL SPECIFICATION Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Support of Mobile Number Portability

More information

ISDN. Integrated Services Digital Network. definition of ISDN ISDN services basic BRA / PRA architecture protocols & signalling

ISDN. Integrated Services Digital Network. definition of ISDN ISDN services basic BRA / PRA architecture protocols & signalling ISDN Integrated Services Digital Network definition of ISDN ISDN services basic BRA / PRA architecture protocols & signalling What is ISDN? 1. End-to-end digital connectivity 2. Enhanced subscriber signaling

More information

Cybersecurity for Service Providers

Cybersecurity for Service Providers Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:

More information

Contents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014

Contents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014 VULNERABILITIES OF MOBILE INTERNET (GPRS) Dmitry Kurbatov Sergey Puzankov Pavel Novikov 2014 Contents 1. Introduction 2. Summary 3. Mobile network scheme 4. GTP protocol 5. Searching for mobile operator

More information

Internal. GSM Fundamentals.

Internal. GSM Fundamentals. Internal GSM Fundamentals www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Chapter 1 GSM System Overview Chapter 2 GSM Network Structure Chapter 3 Service Area and Number Planning Chapter

More information

[1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing

[1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing Signaling System 1 Reference (1/2) [1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing Chapters 2 and 5. [2] 第七號共通信號系統概論, 湯鴻沼, 全華科技圖書股份有限公司 [3] Telephone

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback