WO2016148685A1 - Procédé et système pour protéger un réseau mobile contre une fraude - Google Patents

Procédé et système pour protéger un réseau mobile contre une fraude Download PDF

Info

Publication number
WO2016148685A1
WO2016148685A1 PCT/US2015/020755 US2015020755W WO2016148685A1 WO 2016148685 A1 WO2016148685 A1 WO 2016148685A1 US 2015020755 W US2015020755 W US 2015020755W WO 2016148685 A1 WO2016148685 A1 WO 2016148685A1
Authority
WO
WIPO (PCT)
Prior art keywords
gtp
node
request
fraudulent
mobile network
Prior art date
Application number
PCT/US2015/020755
Other languages
English (en)
Inventor
Rajesh PURI
Michael P. Hammer
David GROOTWASSINK
Original Assignee
Yaana Technologies, LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yaana Technologies, LLC filed Critical Yaana Technologies, LLC
Priority to PCT/US2015/020755 priority Critical patent/WO2016148685A1/fr
Publication of WO2016148685A1 publication Critical patent/WO2016148685A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q3/00Selecting arrangements
    • H04Q3/0016Arrangements providing connection between exchanges
    • H04Q3/0025Provisions for signalling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity

Definitions

  • the present disclosure generally relates to mobile networks and, more particularly, to a method and system for defending a mobile network from a fraud committed via general packet radio service (GPRS) tunneling protocol (GTP).
  • GPRS general packet radio service
  • GTP general packet radio service tunneling protocol
  • a modern mobile cellular telephony/data network includes several cooperating nodes and/or gateways to authenticate a user device's attachment to the network, authorize services, and establish data and voice paths for the user device through the network to other mobile users, other mobile networks, and the Internet.
  • a data path for a user device is provided by specialized routers, such as serving GPRS support nodes (SGSNs) for the radio edge and gateway GPRS support nodes (GGSNs) for the Internet edge.
  • SGSNs serving GPRS support nodes
  • GGSNs gateway GPRS support nodes
  • EPS evolved packet system
  • LTE long-term evolution
  • SGWs serving gateways
  • PGWs packet data network gateways
  • IMS Internet and international mobile subscriber
  • the authentication and subscription information of a subscriber is maintained by a home location register (HLR) for a 3G network or a home subscriber server (HSS) for a 4G network.
  • HLR home location register
  • HSS home subscriber server
  • Alternate network paths e.g., signaling system no. 7 (SS7) for 3G, diameter signaling for 4G
  • SS7 signaling system no. 7
  • a GTP tunnel is established between a serving node (e.g., SGSN, SGW) and a gateway node (e.g. , GGSN, PGW) to allow a user device to move from one location to another location within a home network while continuing to connect to an external packet switched network such as the Internet.
  • GTP-U is used to carry user-data traffic, i.e., the network traffic generated from a user device when accessing the Internet (e.g., email, web surfing, gaming).
  • GTP-C is used to carry signals within a GPRS-based core network for signaling between GGSN and SGSN.
  • the SGSN or SGW detects the move of the user device and sends appropriate connect/disconnect signals to the GGSN or PGW that serves the user device.
  • the GGSN or PGW provides a public IP address for the user device in response to requests from the user device through various SGSN or SGWs that connect the user device.
  • GTP-C messages may further include a phone number, a cell that the user device is connected to (or the user device's physical location), the access point name (APNs), and the manufacture and model of the user device.
  • GTP-C messages are used to negotiate the IDs of the GTP tunnel that carries the user traffic.
  • GTP tunnels exist in a GTP because the GTP tunnel established between the serving node and the gateway node has no authentication or authorization facilities.
  • a GGSN receives connection requests from a user device and accepts all Create Session Request messages regardless of international mobile subscriber identity (IMSI) of the user device.
  • IMSI international mobile subscriber identity
  • a GTP tunnel is established to a requesting subscriber based on the Create Session Request messages. Attackers may exploit these GTP security holes.
  • a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network.
  • the information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request.
  • the information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.
  • a GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.
  • FIG. 1 illustrates a standard architecture of a mobile network, according to one embodiment
  • FIG. 2 illustrates a roaming architecture of a mobile network, according to one embodiment
  • FIG. 3 illustrates a combined architecture of an exemplary mobile networks including home, visited, and attacked networks, according to one embodiment
  • FIG. 4 illustrates a schematic diagram of an exemplary mobile network protected from attack, according to a first embodiment
  • FIG. 5 illustrates a schematic diagram of an exemplary mobile network protected from attack according to a second embodiment
  • FIG. 6 illustrates a schematic diagram of an exemplary mobile network protected from attack according to a third embodiment
  • FIG. 7 illustrates an exemplary computer architecture that may be used for the present system, according to one embodiment.
  • a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network.
  • the information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request.
  • the information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.
  • a GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.
  • FIG. 1 illustrates a standard architecture of a mobile network, according to one embodiment.
  • the user equipment (UE) 101 may be a mobile phone, a handset, a tablet computer, a wireless device, or the like.
  • the radio access network (RAN) 111 connects the UE
  • the UE 101 to a core network (CN) including the SGSN 105 and GGSN 110.
  • CN core network
  • the UE 101 may also be referred to as terminal equipment or a mobile station (MS).
  • MS mobile station
  • a subscriber of the UE 101 sends an access request to a radio access network 111 and gains access to the radio access network 111 for receiving services.
  • the radio access network 111 assigns a radio traffic channel to the UE 101 following standard radio control procedures.
  • the radio network 1 1 1 is a universal terrestrial radio access network (UTRAN).
  • the radio access network 1 1 1 connects the radio link to the SGSN node 105.
  • the SGSN node 105 signals to the HLR (or HSS) 130 via an SS7 path 165a-165b through a signal transfer point (STP) 120 and updates the HLR 130 with a new location of the UE 101.
  • HLR HSS
  • STP signal transfer point
  • the HLR 130 returns to the SGSN 105 via the SS7 path 165a- 165b with authentication parameters and subscription information of the UE 101 , including a list of allowable access point names (APNs) to the UE 101.
  • APNs allowable access point names
  • the UE 101 is authenticated and authorized to attach to the radio access network 1 1 1.
  • the authentication and authorization process may involve the Radio Network Controller (RNC), a Mobile Switch Center (MSC), or a Mobility Management Entity (MME) that compares a response by the UE 101 with the correct response provided by the HLR 103.
  • RNC Radio Network Controller
  • MSC Mobile Switch Center
  • MME Mobility Management Entity
  • the SGSN (or SGW), on behalf of the UE 101 , makes a request to establish a packet data protocol (PDP) session to the GGSN (or PGW) 1 10. If the APN of the GGSN 1 10 is listed in the allowed list of APNs received from the HLR 130, the SGSN 105 establishes a GTP tunnel 175a to the GGSN 1 10. After the GTP tunnel 175a is established, the UE 101 can connect to the Internet 150 via the GTP tunnel 175a and the path 175b between the GGSN 1 10 and the Internet 150.
  • PDP packet data protocol
  • FIG. 2 illustrates a roaming architecture of a mobile network, according to one embodiment.
  • the roaming architecture includes a GPRS roaming exchange (GRX) and/or IP exchange (IPX) 440 established on the path 275a-275b between the SGSN 105 and the GGSN 1 10.
  • the GRX/IPX 440 routes IP-based roaming traffic between visited networks and home networks or other types of service providers (e.g., Internet service provider (ISP)).
  • ISP Internet service provider
  • the SS7 path 265b-265c between the STP 120 and the HLR 130 may be established over the international SS7 network 445.
  • Security holes may exist because the GTP established between the SGSN 105 and GGSN 1 10 has no authentication or authorization facilities.
  • the GGSN 1 10 receives connection requests from SGSN 105 for subscribers (e.g., UE 101) and accepts all Create Session Request messages regardless of international mobile subscriber identity (IMSI) of the UE 101.
  • IMSI international mobile subscriber identity
  • a home subscriber is authenticated to the home network through the SS7 path 265b-265c; however, the home subscriber may submit the requests through a SGSN to a GGSN that does not belong to the visited network or the home network.
  • the GGSN that receives the request from the GRX/IPX 440 via 275b may belong to an attacked network, and the attacked GGSN may provide the IP address for the UE 101.
  • a GTP tunnel is established to the requesting subscribers based on the Create Session Request messages. Therefore, the resulting connection of the subscribers onto the Internet 150 uses a source IP address of the attacked operator.
  • FIG. 3 illustrates a combined architecture of an exemplary mobile networks including home, visited, and attacked networks.
  • the combined architecture shows components and vectors of a home network, a visited network, an attacked network, and neutral networks.
  • the network nodes and communication paths designated in 100' s e.g., SGSN 105, GGSN 1 10, STP 120, and HLR 130
  • the network nodes and communication paths designated in 200 's e.g., SGSN 205, GGSN 210, and STP 220
  • the network nodes and communication paths designated in 300's e.g., GGSN 310) belong to the attacked network.
  • the GRX/IPX 440, Internet 450 and the international SS7 network 445 belong to the neutral networks.
  • the path 175a- 175b between the SGSN 105 and the GGSN 1 10, and the GGSN 1 10 and the Internet 450 is a normal path within the home network as shown in FIG. 1.
  • the path 275a- 275b between the SGSN 205 and the GRX/IPX 440, and the GRX/IPX 440 and the GGSN 1 10 is a normal path from the visited network as shown in FIG. 2.
  • the path 375a-375b-375c from the SGSN 205 to the Internet 450 via the GRX/IPX 440 and the GGSN 310 indicates an attack vector that can originate from either the home network or the visited network.
  • the path 375 a- 385b-385c from the SGSN 205 to the Internet 450 via the GRX/IPX 440 and the GGSN 210 indicates another attack vector that can originate from the home network on the visited network.
  • the path 385a-385c from the SGSN 205 to the Internet 450 via the GGSN 210 indicates another attack vector that can originate from the visited network on the visited network if it is not authorized as a Local Break Out (LBO), where the home network allows the user to reach the Internet via the visited network.
  • LBO Local Break Out
  • An attacker may exploit these security holes with the cooperation of someone or a node that has access to HLR 130 and/or the operation and support system (OSS) of the attacked network, or access to an SS7 network (e.g., 165a-165b of FIG. 1, 265b-265c of FIG. 2) with an ability to generate an SS7/GSM mobile application part (MAP) message.
  • SS7 network e.g., 165a-165b of FIG. 1, 265b-265c of FIG. 2
  • MAP SS7/GSM mobile application part
  • the first type of fraud exploits a victim APN inserted at the HLR 130.
  • the HLR 130 is updated to add victim GGSN/ APN to the attacker's list of allowed APNs.
  • the attacker can attach normally to the network, initiate a PDP session to the victim GGSN, and can roam the Internet 450 as effectively cloaked.
  • the second type of fraud exploits a victim APN inserted in the SS7 network.
  • the attacker can attach normally to the network and invokes an SS7/GSM MAP message "InsertSubscriberData" toward the current SGSN.
  • the victim APN is added to the list of allowed APNs.
  • the attacker initiates a PDP session to the victim GGSN, and can roam the Internet effectively cloaked.
  • the present disclosure relates to discovering third generation partnership project (3 GPP) GTP fraudulent tunnel requests and providing both passive and active responses to GTP fraudulent attacks.
  • 3 GPP third generation partnership project
  • the following examples describe mobile network system architecture and a method for providing a fraud defense against a GTP security hole.
  • the below examples are directed to 3G networks, it is apparent that the present disclosure can be applied to other generation/types of network including 4G or any other generation networks without deviating from the scope of the present disclosure.
  • the SGSN 105 and the GGSN 110 may be replaced with an S-GW and a P-GW of a 4G network.
  • FIG. 4 illustrates a schematic diagram of an exemplary mobile network protected from attack, according to a first embodiment.
  • a GTP tunnel is established between the SGSN 105 and the GGSN 110 via GRX/IPX 440.
  • the GGSN 110 generates call detail records (CDR) and normally sends those to an OSS/BSS system.
  • CDR call detail records
  • the GGSN 110 also sends those CDRs to a monitoring node 460, and the analysis function 461 of the monitoring node 460 examines IMSI parameters looking for identities that do not belong to a subscriber of the home network operator.
  • the CDR examination can identify a GTP fraud after the fraudulent attack starts and a GTP tunnel is established.
  • the automatic decision function 462 sends a Delete Session Request message to the GGSN 110 to take action to delete the PDP session, thus tearing down the established fraudulent GTP tunnel.
  • the automatic decision function 462 alerts the OSS/BSS of the fraudulent GTP tunnel. Operations personnel staffing the OSS/BSS may then manually instruct the GGSN 1 10 to tear down the GTP tunnel via the OSS/BSS manual decision function 463.
  • the automated functions e.g., analysis function 461 , automatic decision 462, and OSS/BSS manual decision 463 may reside within the GGSN 1 10 to detect a fraudulent GTP tunnel when the CDR is created.
  • FIG. 5 illustrates a schematic diagram of an exemplary mobile network protected from attack, according to a second embodiment.
  • An intercept node 520 is implemented on a link from the GRX/IPX 440 into a GGSN 1 10 of the attacked network.
  • the intercept node 520 replicates the GTP traffic to/from the GGSN 1 10 and sends the replicated traffic to a monitoring node 560.
  • the monitoring node 560 examines GTP tunnel requests to identify fraudulent GTP requests.
  • the analysis function 561 examines the GTP tunnel requests, inspects IMSI parameters contained in GTP-C messages, and identifies a fraudulent GTP tunnel that does not belong to the attacked network. The analysis function 561 then informs the automatic decision function 562 that can then send a Delete Session Request to the GGSN 1 10. The analysis of
  • GTP tunnels can identify GTP fraud in real-time in parallel with the GGSN 1 10 normal tunnel handling, such that the GGSN 1 10 can be notified immediately to tear down an established fraudulent GTP tunnel between the SGSN 105 and the GGSN 1 10.
  • the monitoring node 560 detects a fraudulent GTP tunnel in parallel with the GGSN 1 10 normal tunnel handling.
  • the monitoring node 560 monitors a duplicate GTP stream, detects a fraud, and informs the GGSN of the fraud. If the GGSN 1 10 is notified to reject the request while in a process of setting up the GTP tunnel, the GGSN 1 10 may simply reject the Create Session
  • the GGSN 1 10 uses a Delete Session Request to tear down the established GTP tunnel.
  • the analysis function 561 alerts an OSS/BSS of the fraudulent GTP tunnel. Operations personnel staffing the OSS/BSS may then manually instruct the GGSN 110 to tear down the GTP tunnel via the OSS/BSS manual decision function 563.
  • the automated functions may reside within the GGSN 110 to detect a fraudulent GTP tunnel when that is created.
  • FIG. 6 illustrates a schematic diagram of an exemplary mobile network protected from attack, according to a third embodiment.
  • an intercept node 620 is implemented on a link from the GRX/IPX 440 into a GGSN 110 of the attacked network.
  • Intercept node 620 replicates the GTP traffic to/from the GGSN 110 and sends that traffic to a monitoring node 660.
  • the monitoring node 660 intercepts and inspects GTP-C messages for a Create Session Request in real-time.
  • the analysis function 664 detects a fraudulent GTP request, the analysis function 664 informs the automatic decision function 665.
  • the automatic decision function 665 may then inform the intercept node 620 to block any further responses by the GGSN 110 to the SGSN 105.
  • the automatic decision function 665 may also then inform the GGSN 110 to reject the Create Session request, removing the GGSN 110 from further involvement.
  • the automatic decision function 665 may then inform an alternate GGSN 610 to respond and setup the GTP tunnel with the SGSN 105.
  • the alternate GGSN 610 then responds through the router 621 and the GRX/IPX 440 to SGSN 105 to setup the GTP tunnel.
  • GGSN 610 may store all desired GTP-C and GTP-U traffic in data store 611 for forensic analysis.
  • the OSS/BSS 663 which is also alerted of the fraudulent GTP tunnel to GGSN 610, may then monitor traffic and terminate the GTP tunnel manually when desired. In this sense, the monitoring node 660 actively defends the network from fraudulent GTP attacks.
  • the intercept node 620 diverts GTP-C traffic to the real-time analysis module 664 of the monitoring node 660 performs real-time analysis on incoming GTP requests.
  • the automatic decision module 665 decides whether to allow or tear down the
  • the GTP request is forwarded to the GGSN 110. If not allowed, a reject message is sent toward the SGSN 105. Consequently, the monitoring node 660 is capable of responding in-line with a GTP tunnel request to block the GGSN 110 from receiving a fraudulent
  • the monitoring node 660 can filter out denial-of-service (DoS) attacks exploiting the GTP tunnel security holes.
  • DoS denial-of-service
  • a DoS attack may flood the path between the GGSN 110 with bogus GTP-C Create Session Requests.
  • other commands such as Update or Delete of GTP tunnel connections may be used as a DoS attack.
  • Non-GTP or traffic suitable to S5/S8 interface may also be compromised by a DoS attack.
  • the intercept node 620 listens for a response to an Initiate
  • the Update PDP Session Request updates the GGSN address for user traffic, and the SGSN 105 begins to route GTP-U plane traffic to the pseudo GGSN 610.
  • An operator may command the pseudo GGSN 610 to tear down the connection by issuing a tear down request toward the SGSN 105 to disconnect the SGSN 105 and the pseudo GGSN 610.
  • GGSN 610 is implemented in addition to the GGSN
  • FIG. 7 illustrates an exemplary computer architecture that may be used for the present system, according to one embodiment.
  • the exemplary computer architecture may be used for implementing one or more components described in the present disclosure including, but not limited to, the present content curation system.
  • One embodiment of architecture 700 includes a system bus 701 for communicating information, and a processor 702 coupled to bus 701 for processing information.
  • Architecture 700 further includes a random access memory (RAM) or other dynamic storage device 703 (referred to herein as main memory), coupled to bus 701 for storing information and instructions to be executed by processor 702.
  • Main memory 703 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 702.
  • Architecture 700 may also include a read only memory (ROM) and/or other static storage device 704 coupled to bus 701 for storing static information and instructions used by processor 702.
  • ROM read only memory
  • a data storage device 705 such as a magnetic disk or optical disc and its corresponding drive may also be coupled to architecture 700 for storing information and instructions.
  • Architecture 700 can also be coupled to a second I/O bus 706 via an I/O interface 707.
  • a plurality of I/O devices may be coupled to I/O bus 706, including a display device 708, an input device (e.g., an alphanumeric input device 709 and/or a cursor control device 610).
  • the communication device 71 1 allows for access to other computers (e.g., servers or clients) via a network.
  • the communication device 71 1 may include one or more modems, network interface cards, wireless network interfaces or other interface devices, such as those used for coupling to Ethernet, token ring, or other types of networks.

Abstract

L'invention concerne un système et un procédé pour protéger un réseau mobile contre une fraude commise par l'intermédiaire d'un GTP. Selon un mode de réalisation, un procédé implémenté par ordinateur consiste à recevoir des informations associées à une demande GTP d'un nœud de desserte à un nœud de passerelle dans un réseau mobile. Les informations associées à la demande GTP constituent une demande de plan de commande GTP ou un CDR associé à la demande GTP. Les informations associées à une demande GTP sont examinées, et des paramètres contenus dans les informations associées à la demande GTP sont analysés. Il est déterminé que la demande GTP est une demande GTP frauduleuse si les paramètres n'appartiennent pas à un abonné autorisé du réseau mobile. Un tunnel GTP associé à la requête GTP frauduleuse est refusé, un tunnel GTP frauduleux établi est éliminé, ou le trafic de réseau établi par un tunnel GTP frauduleux est redirigé vers un nœud de surveillance.
PCT/US2015/020755 2015-03-16 2015-03-16 Procédé et système pour protéger un réseau mobile contre une fraude WO2016148685A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2015/020755 WO2016148685A1 (fr) 2015-03-16 2015-03-16 Procédé et système pour protéger un réseau mobile contre une fraude

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2015/020755 WO2016148685A1 (fr) 2015-03-16 2015-03-16 Procédé et système pour protéger un réseau mobile contre une fraude

Publications (1)

Publication Number Publication Date
WO2016148685A1 true WO2016148685A1 (fr) 2016-09-22

Family

ID=56920298

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/020755 WO2016148685A1 (fr) 2015-03-16 2015-03-16 Procédé et système pour protéger un réseau mobile contre une fraude

Country Status (1)

Country Link
WO (1) WO2016148685A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3917189A1 (fr) * 2020-05-29 2021-12-01 iBasis, Inc. Sécurité d'accès de données
WO2023059230A1 (fr) * 2021-10-04 2023-04-13 Telefonaktiebolaget Lm Ericsson (Publ) Procédés et systèmes de contrôle de fraude interne basés sur des contraintes de volume et de temps d'enregistrements d'appels rejetés

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030081607A1 (en) * 2001-10-30 2003-05-01 Alan Kavanagh General packet radio service tunneling protocol (GTP) packet filter
US20090088147A1 (en) * 2007-09-28 2009-04-02 Lucent Technologies Inc. Method and system for correlating IP layer traffic and wirless layer elements in a UMTS/GSM network
US20100246500A1 (en) * 2006-08-16 2010-09-30 Gunnar Rydnell Ggsn proxy for one tunnel solution
US20110069663A1 (en) * 2004-09-10 2011-03-24 Juniper Networks, Inc. Intercepting gprs data
WO2014018425A2 (fr) * 2012-07-21 2014-01-30 Headwater Partners I Llc Système de facturation et de politique virtualisé
US20140040975A1 (en) * 2009-01-28 2014-02-06 Headwater Partners I Llc Virtualized Policy & Charging System

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030081607A1 (en) * 2001-10-30 2003-05-01 Alan Kavanagh General packet radio service tunneling protocol (GTP) packet filter
US20110069663A1 (en) * 2004-09-10 2011-03-24 Juniper Networks, Inc. Intercepting gprs data
US20100246500A1 (en) * 2006-08-16 2010-09-30 Gunnar Rydnell Ggsn proxy for one tunnel solution
US20090088147A1 (en) * 2007-09-28 2009-04-02 Lucent Technologies Inc. Method and system for correlating IP layer traffic and wirless layer elements in a UMTS/GSM network
US20140040975A1 (en) * 2009-01-28 2014-02-06 Headwater Partners I Llc Virtualized Policy & Charging System
WO2014018425A2 (fr) * 2012-07-21 2014-01-30 Headwater Partners I Llc Système de facturation et de politique virtualisé

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3917189A1 (fr) * 2020-05-29 2021-12-01 iBasis, Inc. Sécurité d'accès de données
US11284459B2 (en) 2020-05-29 2022-03-22 Ibasis, Inc. Data access security
WO2023059230A1 (fr) * 2021-10-04 2023-04-13 Telefonaktiebolaget Lm Ericsson (Publ) Procédés et systèmes de contrôle de fraude interne basés sur des contraintes de volume et de temps d'enregistrements d'appels rejetés

Similar Documents

Publication Publication Date Title
US9572037B2 (en) Method and system for defending a mobile network from a fraud
US11089479B2 (en) Signaling attack prevention method and apparatus
EP4085676B1 (fr) Procédés, systèmes et supports lisibles par ordinateur pour mettre en oeuvre un filtrage par pare-feu de protocole de tunnellisation du service général de radiocommunication par paquets (gprs) (gtp) indirect à l'aide d'un agent diameter et d'un point de transfert de signal (stp)
US11122435B2 (en) Radio access technology based security in service provider networks
US20210250381A1 (en) Location based security in service provider networks
US8479290B2 (en) Treatment of malicious devices in a mobile-communications network
US11838326B2 (en) Mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks
EP2521414B1 (fr) Procédé de délestage de trafic, entité fonctionnelle de délestage de trafic et système de délestage de trafic
EP3070903B1 (fr) Système et procédé pour détecter des attaques malveillantes dans un réseau de télécommunication
US11558427B2 (en) Access point name and application identity based security enforcement in service provider networks
US20200280589A1 (en) Mobile user identity and/or sim-based iot identity and application identity based security enforcement in service provider networks
Holtmanns et al. User location tracking attacks for LTE networks using the interworking functionality
US11240729B1 (en) Network path routing for wireless traffic
US20220256396A1 (en) Congestion control method and apparatus
CN102724769B (zh) 一种本地访问连接的处理方法和装置
Xenakis et al. An advanced persistent threat in 3G networks: Attacking the home network from roaming networks
WO2016148685A1 (fr) Procédé et système pour protéger un réseau mobile contre une fraude
CN106304056A (zh) 一种设备标识的检查方法及系统、设备
WO2018231855A1 (fr) Sécurité basée sur l'emplacement dans des réseaux de fournisseurs de services
Mashukov Diameter Security: An Auditor's Viewpoint
EP2479951A1 (fr) Procédé et système permettant d accomplir une fermeture de session d un équipement utilisateur
Singh Signaling security in LTE roaming
US20240147238A1 (en) Diameter spoofing detection and post-spoofing attack prevention
US20240163315A1 (en) Mobile user identity and/or sim-based iot identity and application identity based security enforcement in service provider networks
Ernsberger et al. Security study and monitoring of LTE networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15885714

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15885714

Country of ref document: EP

Kind code of ref document: A1