Mobile operators vs. Hackers: new security measures for new bypassing techniques
|
|
- Thomasina Roberts
- 5 years ago
- Views:
Transcription
1 Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com
2 SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 Signaling System #7, a set of telephony protocols, which is used to set up and tear down telephone calls, send and receive SMS, provide subscriber mobility, and other service
3 SS7 nowadays SIGTRAN Signaling Transport, an extension of the SS7 protocol family that uses IP as a transport
4 Why SS7 is not secure LTE SIGTRAN SIGTRAN Diameter STP IWF/DEA SS7 SIGTRAN STP STP
5 Mass media highlights the SS7 security problem
6 Governments and global organizations' concern on SS7 security
7 Mobile operators and SS7 security SMS Home Routing Security assessment Security configuration SS7 firewall Security monitoring
8 Research and publications 2014 Signaling System 7 (SS7) security report 2014 Vulnerabilities of mobile Internet (GPRS) 2016 Primary security threats for SS7 cellular networks 2017 Next-generation networks, next-level cybersecurity problems (Diameter vulnerabilities) 2017 Threats to packet core security of 4G network 2018 SS7 vulnerabilities and attack exposure report
9 Network vulnerability statistics: SMS Home Routing Possibility of exploitation of some threats in networks with SMS Home Routing installed is greater than in networks without protection 67% of installed SMS Home Routing systems have been bypassed
10 Network vulnerability statistics: SS7 firewall Penetration level of SS7 firewalls on mobile networks: % % % Filtering system alone cannot protect the network thoroughly
11 Basic nodes and identifiers MSISDN Mobile Subscriber Integrated Services Digital Number HLR Home Location Register GT Global Title, address of a core node element IMSI International Mobile Subscriber Identity MSC/VLR Mobile Switching Center alongside with Visited Location Register STP Signaling Transfer Point SMS-C SMS Center
12 SS7 messages for IMSI retrieving SendRoutingInfo SendIMSI SendRoutingInfoForLCS SendRoutingInfoForSM Should be blocked on the border May be blocked on the HLR SMS Home Routing as a protection tool
13 SMS Home Routing bypass No. 1
14 SMS Delivery with no SMS Home Routing in place SRI4SM SendRoutingInfoForSM HLR SMS-C 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address 2. SRI4SM Response IMSI MSC Address 3. MT-SMS IMSI SMS Text 3. MT-SMS IMSI SMS Text MSC
15 SRI4SM abuse by a malefactor HLR 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address STP 1. SRI4SM Request MSISDN 2. SRI4SM Response IMSI MSC Address MSC
16 SMS Home Routing HLR SMS-C 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN SMS Router 4. SRI4SM Request MSISDN 2. SRI4SM Response Fake IMSI SMS-R Address 2. SRI4SM Response Fake IMSI SMS-R Address 5. SRI4SM Response Real IMSI MSC Address 3. MT-SMS Fake IMSI SMS Text 3. MT-SMS Fake IMSI SMS Text 6. MT-SMS Real IMSI SMS Text MSC
17 SMS Home Routing against malefactors HLR 1. SRI4SM Request MSISDN STP 1. SRI4SM Request MSISDN SMS Router 2. SRI4SM Response Fake IMSI SMS-R Address 2. SRI4SM Response Fake IMSI SMS-R Address MSC
18 Numbering plans E.164 MSISDN and GT Country Code Network Destination Code E.212 IMSI Mobile Country Code Mobile Network Code E.214 Mobile GT Rule of GT Translation Operator HLR
19 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM HLR 2 SMS Router
20 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router
21 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router
22 STP routing table SS7 Message STP Routing Table STP HLR 1 Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx HLR 2 SMS Router
23 SendRoutingInfoForSM message Called Party Address = MSISDN
24 SMS Home Routing bypass attack STP HLR 1 STP Routing Table 1. SRI4SM Request E.214 / Random IMSI MSISDN 3. SRI4SM Response IMSI MSC address Numbering Plan = E.214 OpCode = SRI4SM E.214 Global Title Translation Table MCC + MNC + 00xxxxxxxx MCC + MNC + 20xxxxxxxx 2. SRI4SM Request E.214 / Random IMSI MSISDN HLR 2 SMS Router The malefactor needs to guess any IMSI from a HLR serving the target subscriber SMS Router is aside
25 SMS Home Routing bypass No. 2
26 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR SMS Router
27 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 1. SRI4SM Request: MSISDN SMS Router
28 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 2. SRI4SM Request: MSISDN SMS Router 3. SRI4SM Response: Fake IMSI, SMS-R address
29 SMS Home Routing definition 1. SRI4SM Request: MSISDN STP HLR 2. SRI4SM Request: MSISDN SMS Router 3. SRI4SM Response: Fake IMSI, SMS-R address Different IMSIs mean SMS Home Routing procedure is involved
30 TCAP Protocol TCAP Transaction Capabilities Application Part TCAP Message Type Begin, Continue, End, Abort Transaction IDs Source and/or Designation IDs Dialogue Portion Application Context Name (ACN) ACN Version Component Portion Operation Code Payload Application Context Name corresponds to a respective Operation Code
31 Application Context Name
32 Application Context Name change
33 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR SMS Router Malformed ACN
34 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR 2. SRI4SM Response: IMSI, MSC 2. SRI4SM Response: IMSI, MSC SMS Router SMS Router is aside
35 SMS Home Routing bypass with malformed ACN 1. SRI4SM Request: MSISDN Malformed ACN STP 1. SRI4SM Request: MSISDN Malformed ACN HLR 2. SRI4SM Response: IMSI, MSC 2. SRI4SM Response: IMSI, MSC SMS Router Equal IMSIs means the SMS Home Routing solution is absent or not involved
36 SS7 firewall bypass
37 SS7 firewall typical deployment scheme STP 1. SS7 message 3. SS7 message HLR 2. SS7 message SS7 firewall
38 SS7 firewall typical deployment scheme SRI SendRoutingInfo 1. SRI Request: MSISDN STP HLR 2. SRI Request: MSISDN SS7 firewall The message is blocked
39 Application Context Name change
40 SS7 firewall bypass with malformed ACN 1. SRI Request: MSISDN Malformed ACN STP 2. SRI Request: MSISDN Malformed ACN HLR SS7 firewall Malformed ACN
41 SS7 firewall bypass with malformed ACN 1. SRI Request: MSISDN Malformed ACN STP 2. SRI Request: MSISDN Malformed ACN HLR 3. SRI Response: IMSI, 3. SRI Response: IMSI, SS7 firewall SS7 firewall is aside
42 Positioning enhancement
43 Positioning attack idea
44 Positioning attack idea
45 Positioning attack idea
46 How we discovered
47 How we discovered
48 Recreating the position refinement attack MSC/VLR
49 Recreating the position refinement attack CID 0DFB ProvideSubscriberInfo 1 MSC/VLR CID: 0DFB
50 Recreating the position refinement attack CID 0DFB 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR 2 UnstructuredSS-Notify
51 Recreating the position refinement attack CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2
52 Recreating the position refinement attack CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2
53 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify Paging Response
54 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify Paging Response... returnerror
55 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging UnstructuredSS-Notify 2 returnerror Paging Response... returnerror
56 Recreating the position refinement attack CID 0191 CID 0DFB 3 1 ProvideSubscriberInfo CID: 0DFB MSC/VLR Paging 2 UnstructuredSS-Notify returnerror Paging Response... ProvideSubscriberInfo returnerror 4 CID: 0191
57 On the map
58 Main problems in SS7 security SS7 architecture flaws Configuration mistakes Software bugs
59 Things to remember 1. Deploying security tool does not mean the network is secure. About 67% of SMS Home Routing solutions in tested networks were bypassed. 2. Test the network. Penetration testing is a good practice to discover a lot of vulnerabilities. Discover and close existing vulnerabilities before hackers find and exploit them. 3. Know the perimeter. The continuous security monitoring allows a mobile operator to know which vulnerabilities are exploited and they are able to protect the network.
60 Thank you! Sergey Puzankov ptsecurity.com
Trojans in SS7 - how they bypass all security measures
Sergey Puzankov Trojans in SS7 - how they bypass all security measures ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 (Signaling System #7): a set of telephony protocols
More informationPositive Technologies Telecom Attack Discovery DATA SHEET
Positive Technologies Telecom Attack Discovery DATA SHEET PT TELECOM ATTACK DISCOVERY DATA SHEET CELLULAR NETWORK SECURITY COMPLICATIONS As is shown in the network analysis performed by Positive Technologies
More informationTaking Over Telecom Networks
Taking Over Telecom Networks Hardik Mehta (@hardw00t) Loay Abdelrazek (@sigploit) Taking Over Telecom Networks - Hardik Mehta (@hardw00t) and Loay Abdelrazek (@sigploit) 1 Press Release: some highlights
More informationStealthy SS7 Attacks
Stealthy SS7 Attacks Sergey Puzankov Positive Technologies, Russia E-mail: spuzankov@ptsecurity.com Received 8 September 2017; Accepted 10 October 2017 Abstract As we can see, most mobile operators defend
More informationSignaling System 7 (SS7) By : Ali Mustafa
Signaling System 7 (SS7) By : Ali Mustafa Contents Types of Signaling SS7 Signaling SS7 Protocol Architecture SS7 Network Architecture Basic Call Setup SS7 Applications SS7/IP Inter-working VoIP Network
More informationFractured Backbones Incidents Detection and Forensics in Telco Networks
Dmitry Kurbatov Sergey Puzankov Vladimir Kropotov Fractured Backbones Incidents Detection and Forensics in Telco Networks ptsecurity.com About us Joint research of Incident Response and Telco Security
More informationCyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek
Cyber Security Threats to Telecom s Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Press Release: some highlights Cyber Security Threats to Telecom s - Rosalia D Alessandro, Hardik Mehta and Loay Abdelrazek
More informationPRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS
PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS Contents Introduction...3 1. Research Methodology...4 2. Summary...5 3. Participant Profile...5 4.
More informationTELECOMMUNICATION SYSTEMS
TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 Signaling System 7 Architecture Signaling System 7 Protocol Stacks Overview Level 1: Physical Connection SS7 Level 2:
More informationEffective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016
Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016 Luca Melette SRLabs Template v12 Motivation: Operators and their users still vulnerable to SS7 attacks Agenda 3 attack
More informationHLR Configuration Mode Commands
The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support
More informationOracle Communications Convergent Charging Controller. Messaging Manager Navigator Technical Guide Release 6.0
Oracle Communications Convergent Charging Controller Messaging Manager Navigator Technical Guide Release 6.0 May 2016 Copyright Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software
More informationHLR Configuration Mode Commands
The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support
More informationTHREATS TO PACKET CORE SECURITY OF 4G NETWORK
07 CONTENTS Terms and abbreviations... : main components and protocols...4 Attack scenarios...5 What is necessary for a successful attack...5 Threats to EPC security...7. Fraud...7. Connection hijacking...8.
More informationExpress Monitoring 2019
Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities
More informationMAP - Mobile Application Part
- Mobile Application Part Mobility Management in GSM GSM services Short Message Service CAMEL = IN+GSM integration Raimo Kantola/ k2001 Telecommunications Switching Technology I 17-1 Course scope - lecture
More informationThree kinds of number portability
Number Portability Three kinds of number portability Location portability: a subscriber may move from one location to another location without changing his or her telephone number Service portability:
More informationTELECOMMUNICATION SYSTEMS
TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 SS7 Network Architecture SS7 can employ different types of signaling network structures. The worldwide signaling network
More information10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.
10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS
More informationCommunication Networks 2 Signaling 2 (Mobile)
Communication Networks 2 Signaling 2 (Mobile) Gusztáv Adamis BME TMIT 2017 GSM signaling Signaling of GSM is based on the ISDN signaling systems SS7/DSS1 But, because of mobility, roaming, radio access
More informationCellular Mobile Systems and Services (TCOM1010) GSM Architecture
GSM Architecture 1 GSM NETWORK INFRASTRUCTURE...2 2 NETWORK SWITCHING SUBSYSTEM (NSS)...3 2.1 Home Location Register...4 2.2 Mobile Switching Center and Visitor Location Register...4 2.3 Authentication
More informationPrototyping and evaluation of TCAPsec
Department of Computer Science Kang Chung Prototyping and evaluation of TCAPsec Degree Project of 20 credit points Master s in Computer Science and Engineering Date: 2006-02-01 Supervisor: Katarina Asplund
More informationTelecommunication Services Engineering Lab
Logistics Instructor Office: EV007-647, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Tuesday: 3 pm 5 pm Time: Usually: Tuesday, 17h45-20h15
More informationAnalysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort Madrid, March 2018. By: Alejandro Corletti Estrada (acorletti@darfe.es - acorletti@hotmail.com) INDEX 1.
More informationINSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1. Roch H. Glitho- Ericsson/Concordia University
INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #1 1 Outline 1. Essentials of circuit switched telephony 2. Introduction to value added services 3. IN fundamental
More informationOracle Communications Network Charging and Control. Messaging Manager Navigator Technical Guide Release: 4.4
Oracle Communications Network Charging and Control Messaging Manager Navigator Release: 4.4 June 2011 Commercial In Confidence Copyright Copyright 2011, Oracle and/or its affiliates. All rights reserved.
More informationDialogic DSI SS7G41 Signaling Server
Dialogic DSI SS7G41 Signaling Server SWS Developers Manual www.dialogic.com Copyright and Legal Notice Copyright 2011-2013 Dialogic Inc. All Rights Reserved. You may not reproduce this document in whole
More informationTelecommunication Services Engineering Lab
Logistics Instructor Office: EV006-227, Tel: 1-514-8482424 ext 5846, Email: Glitho@ciiseconcordiaca URL: http://wwwececoncordiaca/~glitho/ Office hours: Friday: 3 pm 5 pm Time: Friday, 17h45-20h15 Room
More informationIntegrating Non Call-Related User Interactions in SIP Environment
BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 8, No 3 Sofia 2008 Integrating Non Call-Related User Interactions in Environment Ivaylo Atanasov, Evelina Pencheva Department
More informationSS7. Mercantec H2 2009
SS7 Mercantec H2 2009 Common Channel Signaling System No. 7 basic call setup, management, and tear down wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber
More informationHLR Lookup Service (Release 1.1.0)
1. Introduction 1.1. Summary This document will illustrate the HLR Lookup Service (or Network Query) 1.2. Scope The information contained in this document may be used by all third parties that need to
More information3GPP TR V7.0.0 ( )
TR 23.840 V7.0.0 (2006-12) Technical Report 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Study into routeing of MT-SMs via the HPLMN (Release 7) The present
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationApplying Lucent s CDMA Full International Mobile Station Identity (IMSI) Feature for Enhanced Preferred Roaming List (PRL)
Applying Lucent s CDMA Full International Mobile Station Identity (IMSI) Feature for Enhanced Preferred Roaming List (PRL) Mike Chambers Mobility Solutions Systems Engineering February 2004 Slide 1 Lucent
More informationCOPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission
1 Global System for Mobile Communications (GSM) At the beginning of the 1990s, GSM, the Global System for Mobile Communications triggered an unprecedented change in the way people communicate with each
More informationMavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales
Mavenir Keynote Think Smarter Secure communication Innovate Services By Mohamed Issa Regional Head of Africa Sales The New Mavenir: Combining Market Leaders Combing three industry-leading companies to
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationOracle Communications Convergent Charging Controller. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 6.
Oracle Communications Convergent Charging Controller Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 6.0 May 2016 Copyright Copyright 2016, Oracle and/or its affiliates.
More informationOracle Communications Network Charging and Control. Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 5.0.
Oracle Communications Network Charging and Control Mobile Application Part (MAP) Protocol Implementation Conformance Statement Release 5.0.1 June 2013 Copyright Copyright 2013, Oracle and/or its affiliates.
More informationMAP Service Configuration Mode Commands
Mobile Application Part (MAP) is a protocol which provides an application layer for the various nodes in the core mobile network and GPRS and UMTS core network to communicate with each other in order to
More informationOutstanding Communications Solutions. Root Canal. A new class of SS7 vulnerabilities
Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid
More informationClient Server Programming and GSM Networking Protocols (SS7 Signaling)
Client Server Programming and GSM Networking Protocols (SS7 Signaling) Synopsis Getting the Right Knowledge to the Right People at the Right Time Our interactive, accelerated learning experience teaches
More informationOracle Communications Network Charging and Control
Oracle Communications Network Charging and Control Product: OCNCC 4.3 Component: S ware version: Release 3.1.1 Guide version: 02.00 Mobile Application Part (MAP) Protocol Implementation Conformance Statement
More informationPROACTIVE APPROACH. INTELLIGENT CYBERSECURITY. ptsecurity.com
PROACTIVE APPROACH. INTELLIGENT CYBERSECURITY ptsecurity.com WHO WE ARE Positive Technologies is a leading global provider of enter prise security solutions for vulnerability and compliance management,
More informationUnderstand iwag Solution for 3G Mobile Data
Understand iwag Solution for 3G Mobile Data Contents Introduction Prerequisites Requirements Components Used Background Information Acronyms Explanation of Terminology Used Understand Mobility Services
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationCSFB and SMS over SGs Interface
Circuit Switched Fallback (CSFB) provides an interim solution for enabling telephony and short message service (SMS) for LTE operators that do not plan to deploy IMS packet switched services at initial
More informationCourse 5 The SS7 signaling systems.
Course 5 The SS7 signaling systems. Zsolt Polgar Communications Department Faculty of Electronics and Telecommunications, Technical University of Cluj-Napoca General aspects; The SS7 architecture; Node
More informationGSM and IN Architecture
GSM and IN Architecture a common component: TCAP Raimo.Kantola@aalto.fi Rka S-2015 Signaling Protocols 8-1 GSM system consists of sub-systems MS = ME+SIM Radio or Air i/f Base Station Sub-system (BSS)
More informationAdvanced Mobile Technology Certification
Advanced Mobile Technology Certification ETSI GSM today is the most widely deployed wireless network worldwide. This second generation mobile standard has revolutionized wireless industry since its inception.
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationSignaling System No. 7 (Zeichengabesystem Nr. 7)
Signaling System No. 7 (Zeichengabesystem Nr. 7) SS#7, SS7,... Common Channel Signaling System No. 7, C7, CCS7,... (ZGS-Nr. 7) www.comnets.uni-bremen.de SS7-10 - 1 Terms (Begriffe) Communication Networks
More informationGSM V8.0.0 ( )
Technical Report Digital cellular telecommunications system (Phase 2+); Lawful Interception requirements for GSM (GSM 01.33 version 8.0.0) (formally known as GSM 10.20) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS
More informationGPRS security. Helsinki University of Technology S Security of Communication Protocols
GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting
More informationInterworking Internet Telephony and Wireless
Interworking Internet Telephony and Wireless Telecommunications Networks Bell Laboratories & Columbia University lennox@{bell-labs.com,cs.columbia.edu} Kazutaka Murakami, Mehmet Karaul, Thomas F. La Porta
More informationSUA. Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety
SUA Kalpana Uppalapati Swathi Paladugu Atmaram Palakodety Contents Introduction Features of SUA SUA Architecture Applications Signalling Transport Architecture Message Format in SUA Services provided by
More informationOUR PRODUCTS. PT Application Firewall. PT Application Inspector. MaxPatrol
ptsecurity.com WHO WE ARE Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application
More informationSS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers lives much harder on mobile networks
SS7 Attacker Heaven turns into Riot: How to make Nation-State and Intelligence Attackers lives much harder on mobile networks SigFW Open Source SS7/Diameter firewall for Antisniff, Antispoof & Threat Hunt
More informationISDN. Integrated Services Digital Network
ISDN Integrated Services Digital Network definition of ISDN evolution to ISDN and beyond ISDN services basic BRA / PRA architecture protocols & signalling What is ISDN? 1. End-to-end digital connectivity
More informationISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
More informationWe Know Where You Are!
2016 8th International Conference on Cyber Conflict Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 NATO CCD COE Publications, Tallinn Permission to make digital or hard copies of this publication
More informationAdvanced Intelligent Network for Wireless Communications
www..org Advanced Intelligent Network for Wireless Communications 6 Pooja Sharma 1 Pawan Bhadana 2 1 B.S.Anangpuria Institute of Technology and Management, Faridabad, Haryana, India Poojasharma161@gmail.com
More informationChapter 3 GSM and Similar Architectures
CSF645 Mobile Computing 行動計算 Chapter 3 GSM and Similar Architectures 吳俊興 國立高雄大學資訊工程學系 Chapter 3 GSM and Similar Architectures 3.1 GSM Services and System Architecture 3.2 Radio Interfaces 3.3 Protocols
More informationThe Next Generation Signaling Transfer Point
The Next Generation Signaling Transfer Point Overview As the Global network is undergoing immense changes and the Next-Generation IP networks become a reality, it signals an evolution towards using Internet
More informationLecture 9 Mobility Management and Mobile Application Part (MAP)
S38.3115 Signaling Protocols Lecture Notes Lecture 9 Mobility Management and Mobile Application Part (MAP) Introduction... 2 Mobility problem analysis... 2 Location of users... 2 GSM solution of mobility
More informationInformation Technology Mobile Computing Module: GSM Handovers
Information Technology Mobile Computing Module: GSM Handovers Learning Objectives Recap of previous modules Basic functions of Network Sub System Entities that form NSS namely MSC,GMSC,HLR and VLR Functions
More informationGSM security country report: Estonia
GSM security country report: Estonia GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin September 2014 Abstract. GSM networks differ widely in their protection capabilities against common
More informationAgenda. Networking Intro MPLS Tech MPBN WAN MPBN Functionality Security Monitoring
Agenda Networking Intro MPLS Tech MPBN WAN MPBN Functionality Security Monitoring Where MPBN Functions : 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Hub NIC Card
More informationTransport of (Legacy) Signaling over IP. Summary of course scope
Transport of (Legacy) Signaling over SIGTRAN architecture (http://www.ietf.org/html.charters/sigtran-charter.html) Raimo Kantola S- 2004 Signaling Protocols 15-1 Summary of course scope PABX H.323 or S
More informationCommon Channel Signaling Nr 7 (CCS7)
Common Channel Signaling Nr 7 (CCS7) CCS7 is a message based, multi-layer network to network signaling system designed for fully digital exchanges. Limitation of analogue signaling systems Basic definitions
More informationETSI TR V1.1.1 ( )
TR 102 314-3 V1.1.1 (2005-03) Technical Report Fixed network Multimedia Messaging Service (F-MMS); PSTN/ISDN; Part 3: Network architecture and interconnection 2 TR 102 314-3 V1.1.1 (2005-03) Reference
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationETSI TS V1.1.1 ( )
TS 103 418 V1.1.1 (2017-02) TECHNICAL SPECIFICATION Railway Telecommunications (RT); SMS to Railway numbering plan in roaming environment 2 TS 103 418 V1.1.1 (2017-02) Reference DTS/RT-0042 Keywords GSM-R,
More informationMobile network security report: Ukraine
Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common
More informationSGSN Service Configuration Procedures
, page 2 2.5G SGSN Service Configuration, page 2 3G SGSN Service Configuration, page 4 Dual Access SGSN Service Configuration, page 5 Configuring the S4-SGSN, page 6 Configuring an SS7 Routing Domain,
More informationVeriSign Communications Services. IP Network Solutions. Outsourcing the Softswitch Functionality. Where it all comes together.
IP Network Solutions Outsourcing the Softswitch Functionality Where it all comes together. Contents + Introduction 3 + IP Infrastructure Service Provider Issues 3 Access to the and Network 3 Ownership
More information3GPP TS V6.0.0 ( )
TS 23.066 V6.0.0 (2004-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Support of Mobile Number Portability (MNP); Technical realization; Stage
More informationMARCH Secure Software Development WHAT TO CONSIDER
MARCH 2017 Secure Software Development WHAT TO CONSIDER Table of Content Introduction... 2 Background... 3 Problem Statement... 3 Considerations... 4 Planning... 4 Start with security in requirements (Abuse
More informationTSGS#27(05)0138. Technical Specification Group Services and System Aspects Meeting #27, March 2005, Tokyo, Japan
Technical Specification Group Services and System Aspects Meeting #27, 14-17 March 2005, Tokyo, Japan TSGS#27(05)0138 Source: SA WG3 Title: Three CRs to TS 33.200 (Rel-6) Document for: Approval Agenda
More informationJP-3GA (R99) Support of GSM Mobile Number Portability (MNP) stage 2
JP-3GA-23.066(R99) Support of GSM Mobile Number Portability (MNP) stage 2 Version 2 Nov 30, 2000 THE TELECOMMUNICATION TECHNOLOGY COMMITTEE JP-3GA-23.066(R99) Support of Mobile Number Portability (MNP);
More informationFemtocell: Femtostep to the Holy Grail
.... Femtocell: Femtostep to the Holy Grail Ravishankar Borgaonkar, Kévin Redon Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells
More information3GPP TS V ( )
TS 23.204 V12.4.0 (2013-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Support of Short Message Service (SMS) over generic Internet
More informationWIRELESS INTELLIGENT NETWORKING (WIN) FATİH ERTÜRK
WIRELESS INTELLIGENT NETWORKING (WIN) FATİH ERTÜRK 2010514027 Today's wireless subscribers are much more sophisticated telecommunications users than they were five years ago. No longer satisfied with just
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationIntel NetStructure SS7 Protocols MAP Programmer s Manual. Document Reference: U14SSS
Intel NetStructure SS7 Protocols MAP Programmer s Manual Document Reference: U14SSS Disclaimer The product may contain design defects or errors known as errata, which may cause the product to deviate from
More information2000 Performance Technologies, Inc.
Table of Contents SS7 Tutorial...1 SS7 Tutorial...3 Overview...3 SS7 Protocol Stack...6 Message Transfer Part...7 ISDN User Part...13 Signaling Connection Control Part...20 Transaction Capabilities Application
More informationETSI TS V7.1.0 ( )
TS 100 522 V7.1.0 (2000-02) Technical Specification Digital cellular telecommunications system (Phase 2+); Network architecture (GSM 03.02 version 7.1.0 Release 1998) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS
More informationConvergence of IP and Mobile Communications. Albert Coronel RedLink Communications Co., Ltd. MMNOG, November 21, 2015
Convergence of IP and Mobile Communications Albert Coronel RedLink Communications Co., Ltd. MMNOG, November 21, 2015 Mobile terminals Netgear Skype phone first released 2007 Makes and receives Skype calls
More informationTrends and Developments in Telecommunication Security
Trends and Developments in Telecommunication Security Duminda Wijesekera Department of Information and Software Engineering George Mason University, Fairfax VA 22030. 703-993-1578 dwijesek@gmu.edu Abstract
More informationA Prototype for SCCP-X A New Lightweight Protocol for Emulation of SCCP in Post-SIGTRAN
Department of Computer Science Malin Abrahamsson, Aleksandra Gadji A Prototype for SCCP-X A New Lightweight Protocol for Emulation of SCCP in Post-SIGTRAN D Dissertation 30 ECTS 2005:06 A Prototype for
More information3GPP TS V7.6.0 ( )
TS 23.204 V7.6.0 (2009-03) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Support of Short Message Service (SMS) over generic Internet
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationETSI TS V ( )
TS 123 066 V14.0.0 (2017-04) TECHNICAL SPECIFICATION Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Support of Mobile Number Portability
More informationISDN. Integrated Services Digital Network. definition of ISDN ISDN services basic BRA / PRA architecture protocols & signalling
ISDN Integrated Services Digital Network definition of ISDN ISDN services basic BRA / PRA architecture protocols & signalling What is ISDN? 1. End-to-end digital connectivity 2. Enhanced subscriber signaling
More informationCybersecurity for Service Providers
Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:
More informationContents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014
VULNERABILITIES OF MOBILE INTERNET (GPRS) Dmitry Kurbatov Sergey Puzankov Pavel Novikov 2014 Contents 1. Introduction 2. Summary 3. Mobile network scheme 4. GTP protocol 5. Searching for mobile operator
More informationInternal. GSM Fundamentals.
Internal GSM Fundamentals www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Chapter 1 GSM System Overview Chapter 2 GSM Network Structure Chapter 3 Service Area and Number Planning Chapter
More information[1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing
Signaling System 1 Reference (1/2) [1] Wireless and Mobile Network Architectures,Y-Bing Lin and Imrich Chlamtac,Wiley Computer Publishing Chapters 2 and 5. [2] 第七號共通信號系統概論, 湯鴻沼, 全華科技圖書股份有限公司 [3] Telephone
More information