The unstoppable LTE and its impact on CSPs operations

Transcription

1 The unstoppable LTE and its impact on CSPs operations A WeDo Technologies White Paper MARCH 2012

2 A WeDo Technologies White Paper 2 Table of contents Introduction 3 1. Changes 4 2. Threats, risks and authentication 7 3. Risk management: the role of expert consultancy 8 4. About WeDo Technologies and RAID 9

3 A WeDo Technologies White Paper 3 Introduction How will Long Term Evolution (LTE) change mobile networks? What will be the data security impact of LTE deployments? And what changes will LTE bring to revenue assurance, fraud and security control? These questions have no simple answer. However, there is a simple reason why responses are urgently needed. LTE is the fastest developing mobile system technology ever. LTE had its first commercial launch in August 2011 and by January 2012 there were nearly 300 communication service providers (CSPs) investing in LTE across approximately 85 countries. This pace is bound to quicken. For consumers, at a time of unparalleled smartphone and multiple connected devices growth, the appeal of LTE or as they perceive it, 4G is clear: data transfer speeds of at least 100Mbps downlink and 50Mbps uplink, low latency and generally improved end user experience of wireless broadband. For CSPs, it means an all-ip network model to replace the GPRS core network (see diagram on page 5) with the lower costs that implies greater integration with different access networks, and seamless transfer. These advantages will translate into 300 million users by 2015.

4 A WeDo Technologies White Paper 4 1. Changes For CSPs in particular, LTE will obviously mean major changes to the access network, to the evolved core network and to services, which will probably be based on IMS architecture. We have already mentioned all-ip networks. Other changes include: separation of the services and bearers; the introduction of IPv6; changes in the network core components; the migration of applications from the network core to the mobile device; the integration of services between different access technologies; changes in billing models; and changes in customer authentication. Voice, inevitably, will also be affected by the all-ip environment. Work towards a standard for voice over LTE (VoLTE) is under way. All of these changes will affect network operations in general and from a business risk perspective: revenue assurance, fraud and security control in particular. CSPs moving to LTE will need to embrace these changes and will no doubt benefit from them. But they will also face new challenges. For example there will be a shift from classic security, fraud and revenue assurance activity to a greater focus on IP security issues and abuse. Risk focus will move away from the core of the network to the extremities: devices, for example. There are two types of general risks faced by IP-based telco systems: the threats that come from the Internet itself, of course, but also telecoms-specific risks. Networks will also need to improve the control of different traffic types and test IP routing and control by performing even more penetration testing. Business assurance activities and monitoring systems deployed for fraud, credit control and revenue assurance will have to adapt to compliment, simpler fee structures for IP and services. RA systems will also have to collect log files containing IP security syslog format data alarms. Data feeds from S- GW log files will also contain useful information for fraud and abuse management. There will be an increased requirement to control customer spending and to regularly check a customer s ability to pay. These new and innovate services, or apps, will often reside on the terminal rather than the network. However, they will also need to accommodate variable billing for some value added services. Tools will also need to adapt; the introduction of new IP services affects data volumes, data collection nodes, data analysis and filtering of information and therefore the overall position will become more complex. We have already indicated that all-ip will mean flatter billing structures. But what in reality does this mean for fraud and revenue assurance exposure? Firstly that the cost to actually process a data event may be too high compared to the actual value of the event. At the same time events in the network nodes may not be correlated. These events will need to be built into billable records by some form of mediation system. In view of all these changes, the evolution process for risk professionals requires new strategies to be determined

5 A WeDo Technologies White Paper How will an RA or FM solution be impacted by LTE networks? System changes Taking into consideration the network architecture changes that LTE networks are bringing about, the data requirements to feed systems for both revenue assurance and fraud will certainly be affected. There will remain the basic requirement to collect and process certain information to feed fraud and revenue assurance systems with data, but some of the data will come from systems that generate log files instead of a classic event file system. Revenue assurance systems will need to handle non-correlated information to build this into a data record. This will demand a revenue assurance tool that can provide all the flexibility that an RA Analyst needs to keep autonomous, without requiring to pay an RA system vendor for every change in data set linking. This capability should be in the revenue assurance application and not in the front end data treatment. However, legacy access systems will certainly complicate matters from a revenue assurance perspective and we can expect both the Policy and Charging Rules Function (PCRF) and network mediation device to have a risk array of other information related to such areas as: sessions and their use quality parameters top-up and payment transaction for prepaid-type services authentication and access information dialogues from the HSS session actions like CF and CC commands roaming network location changes. Diagram 1: LTE and GPRS networks - a comparison between equivalent functionalities Image Glossary HLR - Home Location Register SGSN - Service GPRS Support Node GGSN - Gateway GPRS Support Node MME - Mobility Management Entity HSS - Home Subscriber Server SGW - Serving Gateway PGW - Public Gateway PCRF - Control & Routing Functions

6 A WeDo Technologies White Paper 6 Analytical tools and techniques Due to the volume of low financial value records and the increased volume of information generated in the networks, there will be a need to be selective in the records chosen for processing when identifying and detecting issues, revenue loss, fraud or security abuse. This selection process will be required as the cost and hardware size to process all events may exceed the effective cost of processing. Today s systems used for fraud management or revenue assurance are already larger than for some billing and customer care systems and this growth rate may not be economically sustainable. Therefore, systems will need to be able to take a sample of relevant and sufficiently sized data to be statistically meaningful. The sampling approach proposed must be able to detect issues, but be dynamically sized so that the optimum trade-off in data collected can be made dependent on the issues detected. In the case of fraud, detection of issues should be able to trigger a full detection and processing of relevant records from initial fraud indicators identified to ensure all relevant subscriber accounts can be covered. Due to the envisaged change in the needs of CSPs there will be an increased requirement to control customer spending and to continually check a customer s ability to pay as opposed to having incremental billing control. This will require a business assurance tool to include credit management controls based on ensuring initially (at the point of service) and on an on-going basis the ability to pay for the services. This capability will need to be developed in line with existing commercially available products. Identity management Identity management of the customers used in revenue assurance and fraud management systems will be required as there will be an ever-increasing number of access systems and services used by a single customer that will need to be linked in order to enable effective fraud and revenue management of a customer. While there may be a single master key used in one system, such as the MSISDN or IMSI (In GSM) the master key field will need to be linked in many access bearer and service platforms. While in a fully integrated network the HSS will act as both an HLR and AAA and manage all DIAMETER signalling related to authentication, it is unlikely that all authentication and subscriber details will be held by these individual platforms. Therefore, there will be a requirement for the ability in both revenue assurance and fraud systems to flexibly link identities used. This should be configurable by the customer in the system and not in data importation and management in the system. The change in interfaces between networks and the move to an all-ip interconnection where the home network is in control has other implications. There will be a number of CSPs to handle the interconnections and accounting between operators as well as the traffic. Certain established approaches to, say, roaming using clearing houses or TAP/NRTRDE records for example may become unnecessary.

7 A WeDo Technologies White Paper 7 2. Threats, risks and authentication All of the business assurance changes mentioned are to some extent driven by factors linked to greater bandwidth and fully IP networks. But device security management is also changing as manufacturers want to take control of both the device and subscriber authentication. The rise of the apps store means that a lot of services will now be driven by the terminal device application rather than core platforms icloud-based messaging from Apple is an example of this. The future dominance of all-ip networks and new more powerful access technologies means there will be considerably fewer network elements than we see in traditional 2G/3G networks. However, the number of technical connections and interfaces will increase. In short, previously closed communications networks are now more open to the risks associated with the Internet. The move from the established addressing scheme IPv4 to IPv6 may increase the level of risk. The arrival of OTT services like IPTV and VoIP certainly will. However, as CSPs migrate from 2G/3G networks to an all -IP network, some legacy vulnerabilities could be exploited by hackers or affect the operation of the network. of IP connection for the access points means that these are open and exposed to illegal connections or manipulation of traffic and setting back in the core network if there is not adequate security control and monitoring. In a similar way, the exploitation of items like home routers that form part of the 4G network may allow the user to manipulate the device to some extent for, say, man in the middle -type attacks. However, the most critical interfaces in an all-ip network are the interfaces between the differing traffic domains user access planes, signalling planes, control domain, operational domain, provisioning and so forth. A notable case will be offsite connections from the core network either connected to a session border controller (SBC) or signalling gateway (S(P)GW). Here there are issues on the supported secure signalling or media transfer and potential vulnerabilities in the higher level protocols in particular IPv4 and IPv6. Why? Essentially because they can directly access components in the CSPs core network as an entry point to the IP layer, which is visible to most users. It is also the easiest one to attack, due to the large number of readily available tools used for Internet hacking. The radio network will also be under threat. More of the control and monitoring of transmission will be part of the access point base station. This means access points are exposed to more risk than in 2G/ 3G. Also the provision

8 A WeDo Technologies White Paper 8 3. Risk management: the role of expert consultancy Network operational risk management must provide business process mapping and deliver clearly defined process vulnerability and downtime valuation, alongside risk mitigation options and prioritisation. To summarise, the areas of work affected by the changes associated with LTE and NGN services are in many ways considerable. The design of LTE, its all-ip nature and the services it carries imply a number of risk areas. There could also be a carry-over of risk from 2G and 3G networks, cable and fixed areas. Yes, a lot of today s technical security and risk reviews will not differ but the network technology components, configuration and settings definitely will. And working with all-ip (or legacy) networks will also carry risks depending on the player involved. In addition telecommunication signalling protocols and the dedicated telco signalling and media connection will be more open, not just to new players but also to attack. So if we could list the key risk areas derived from LTE access and evolved core networks, what should we consider? The list will not be a short one but a sample would include: Separation of bearers and services and the associated risk caused by the separation Interworking issues of authentication & cyphering protection New configuration of SIMs and interworking with Wi-Fi Configuration of the evolved core network, in particular the S-GW, MME and HSS, and (from a fraud, RA and billing perspective) the PCRF IP network architecture design and differing security domain requirements IP platform management and control Increasing need to define and use Minimum Baseline Security Standards (MBSS), but also to add in elements of business activity needs and security management Weaknesses in the applications or terminal devices both of the OS and applications Terminal device security and application with the key issues of identity management and control Policy, processes and procedure failures relating to the network and handling of the security parameters, security architecture and security policy Implementation issues with IPv6 and cross-working with IPv4 Changes to interconnect and how this will affect transfer of billing records and control of transactions The above envisaged risks means that CSPs must consider what strategy and defence mechanisms will be required from a risk management perspective. For many they will not have the required skill sets in house to assess the levels of LTE risk technical, process and organisational. Therefore, the risk management knowledge and expertise may well need to initially come from external consultancy who have the breadth of skills and expertise to guide and mentor the CSP via performing technical risk assessments, product and service evaluations and risk management training encompassing security, fraud and revenue assurance.

9 A WeDo Technologies White Paper 9 4. About WeDo Technologies and RAID As value shifts from minutes of usage to volumes of data, CSPs need to review the way they address the market with target offers, meet customer expectations and, at the same time, adapt to new charging models capable of monetising these services and increasing their revenues. Billing and rating features capable of processing vast amounts of data related to various transaction types and in various (rule-based) pricing models are mandatory for CSPs that want to capitalise new forms of connectivity. As an innovator in the area of business risk - revenue assurance and fraud management for the telecom market, WeDo Technologies is defining the future of risk management tools for the global telecom market. RAID: Business Assurance software is now a market-leading solution due to its pioneering approach during the release and implementation of risk management controls to GSM, CDMA, 3G CDMA and 3.5G HSDPA, among other network technologies and is now leading the way in 4G and beyond. Using the fundamentals of R&D, at WeDo Technologies we search for ideas and turn them into innovative products and solutions, with the ultimate goal of creating RAID enhancements and new solutions that benefit our internationally based customers. Beginning in 2011, one of the core projects that was led by our vision of business assurance was a patent technology that enables CSPs to manage risk, fraud, security, content control and legal interception. Called Communication System with Distributed Risk Management Solution (DRMS), this solution aims to change the way risk management can be undertaken in networks as risk control begins to migrate to the terminal device with the changing nature of the industry. The WeDo Technologies Worldwide User Group (WUG) further underlines the principle of cooperative-innovation by bringing customers, researchers, developers, and further stakeholders together to show, discuss and demonstrate technological innovation together with the CSPs that rely on WeDo Technologies. RAID is a unique revenue assurance and fraud management solution to tackle CSPs revenue, margin and P&L challenges. Whether we talk about traditional fixed line, mobile, CATV, virtual networks or carriers carriers operators, or the LTE, the RAID: Business Assurance Solution is continually being designed to assist CSPs in assuring customer provisioning, data management, service usage control, account balance validation, billing validation and fraud management, - with RAID already protecting revenues that come from more than 800 million subscribers and growing. Business consulting Besides delivering business assurance software, WeDo Technologies also delivers industry leading risk management consulting services under the Praesidium brand. Praesidium is a global business assurance consultancy. It is an autonomous company focused on managing risk and improving operational performance. Praesidium's consultancy portfolio covers revenue assurance, fraud management, network security, business continuity, margin assurance and operations assurance.

10 A WeDo Technologies White Paper 10 About Præsidium About WeDo Technologies Præsidium is a Global Business Assurance consultancy. Founded in 1997, the company has successfully provided risk management consultancy to more than 100 Communication Service Providers in over 80 countries on 6 continents. Præsidium has gained solid recognition in the market amongst its substantial customer base and among global standards agencies. These include the GSMA Security Group & Fraud Forum, the Telemanagement Forum and ETSI. Offices: United Kingdom Davidson House, Forbury Square, Reading, RG1 3EU, Tel: Fax: Portugal Edifício Picoas Plaza Rua do Viriato, 13E núcleo 6-4º andar Lisbon Tel: Fax: Brazil Torre Rio Sul, Rua Lauro Muller 116; 27º Andar Sala 2701 CEP: Botafogo Rio de Janeiro Tel: Fax: Spain Edifício Cuzco IV Paseo de la Castellana, 141 8ª planta Madrid Tel: Fax: Ireland Maple House,Temple Road, Blackrock, Co. Dublin Tel: (0) Fax: (0) WeDo Technologies is the number one preferred supplier for revenue andbusiness assurance software and services. Present in 15 countries on 5 continents, with more than 100 innovative bluechip customers in 80 countries, the company has a solid and envious project management track record of being on-time and within budget while achieving superior customer satisfaction. Business Assurance RAID, WeDo Technologies flagship software suite covering Revenue Assurance, Fraud Management and Business Processes Control has been implemented in a number of different industries where it has delivered significant business results and powerful return on investment. WeDo Technologies pioneered the telecom revenue assurance space in 2002 and is now breaking new ground in the enlarged business assurance arena in Telecom, while also servicing the Retail, Energy and Finance industries. Offices: Portugal _ Lisbon Portugal _ Braga Australia _ Sydney Brazil _ Rio Janeiro Brazil _ Florianopolis Chile _ Santiago Egypt _ Cairo France _ Paris Ireland _ Dublin Malaysia _ Kuala Lumpur Mexico _ Mexico City Panama _ Panama City Poland _ Poznan Poland _ Warsaw On the Web General Information info@praesidium.com Singapore _ Singapore Spain _ Madrid Spain _ Barcelona UK _ Reading USA _ Chicago