• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Lte and future frauds

Lte and future frauds






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Lte and future frauds Lte and future frauds Presentation Transcript

    • Introduction of LTE Specification, Facts & Advantage of LTE New types of threats and frauds Requirement for NGN Frauds Management System Key Takeaways Thank You
    • LTE stands for Long Term Evolution and it was started as a project in 2004 by telecommunication body known as the Third Generation Partnership Project (3GPP). SAE (System Architecture Evolution) is the corresponding evolution of the GPRS/3G packet core network evolution. The term LTE is typically used to represent both LTE and SAE. The main goal of LTE is to provide a high data rate, low latency and packet optimized radio access technology supporting flexible bandwidth deployments. Same time its network architecture has been designed with the goal to support packet-switched traffic with seamless mobility and great quality of service. The LTE wireless interface is incompatible with 2G and 3G networks, so that it must be operated on a separate wireless spectrum.
    • HSDPA LTE 14 Mbps DL 100 Mbps DL 5,7 Mbps UL 50 Mbps UL LTE has 10X users per cell than HSDPA
    • LTE is the successor technology not only of UMTS but also of CDMA 2000. LTE is important because it will bring up to 50 times performance improvement and much better spectral efficiency to cellular networks. LTE introduced to get higher data rates, 300Mbps peak downlink and 75 Mbps peak uplink. In a 20MHz carrier, data rates beyond 300Mbps can be achieved under very good signal conditions. LTE is an ideal technology to support high date rates for the services such as voice over IP (VOIP), streaming multimedia, video conferencing or even a high-speed cellular modem. All LTE devices have to support (MIMO) Multiple Input Multiple Output transmissions, which allow the base station to transmit several data streams over the same carrier simultaneously.
    • High throughput: High data rates can be achieved in both downlink as well as uplink. This causes high throughput. Low latency: Time required to connect to the network is in range of a few hundred milliseconds and power saving states can now be entered and exited very quickly. Seamless Connection: LTE will also support seamless connection to existing networks such as GSM, CDMA and WCDMA. FDD and TDD in the same platform: Frequency Division Duplex (FDD) and Time Division Duplex (FDD), both schemes can be used on same platform.
    • Fraud management is the process of identifying, stopping or preventing situations where customers, employees or professional fraudster set out to make use of telecommunications services with the intention of avoiding full or partial payment. Fraud is a major concern for all telecom operators /providers as it directly linked with revenue fall. Avialable Products: - Subex Nikira Fraud Management System - MEGS Optel Fraud Management System - Neural Fraud Management System
    • Bill Spreading Fraud Call Sell Fraud Roaming Fraud Prepaid Fraud Cloning Fraud SIM Box/Bypass Fraud PRS Fraud Wangiri Fraud
    • Non Authorized Content Broadcast Distribution of Illegal or Unwanted Content P2P Content Reselling Video Share Mobile/ Smartphone Malware Consumption of Network Resources with no revenue or ability to bill Change of billing model making it impossible to bill ID Spoofing (Access and Services Identity)
    • • DDoS  The target network is flooded by traffic of multiple sources. • Ping Flood  A large volume of ping packets causes a network to crash. In a “ Ping of death ” malformed ping requests are used. • Replay Attack  The attacker intercepts legitimate signaling traffic & retransmits it until the network is over whelmed. • SQL Injection  The attacker sends malicious commands in statement to SQL database to make unauthorized changes to the database or to get a copy of the database. • DNS Hijacking  The attacker redirects DNS queries to a rogue DNS server.
    • A distributed denial of service (DoS) attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.
    • A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative. If you have access to your router, enter the following command into your router command prompt : No IP verify unicast reverse-path. This will ensure that attackers can’t spoof their IP address.
    • The most basic of attacks is the Ping flood attack. It relies on the ICMP echo command, more popularly known as ping . In legitimate situations the ping command is used by network administrators to test connectivity between two computers. In the ping flood attack, it is used to flood large amounts of data packets to the victim’s computer in an attempt to overload it. You can see an example of the ping flood attack below.
    • Reconfigure your perimeter router or firewall to disallow ICMP echo requests (pings) on your internal network. This configuration will prevent flood attacks that originate from outside your network, but it will not prevent internal flood attacks.
    • A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attacks by IP packet substitution.
    • Encapsulating Security Payload (ESP) can protect against replay attacks by using a mathematically generated sequence number. When a packet is sent to a recipient, the recipient extracts the sequence number and records the sequence number in a table. Now, suppose a hacker captured and replayed a packet. The recipient would extract the sequence number and compare it against the table that it has been recording. But the packet's sequence number will already exist in the table, so the packet is assumed to be fraudulent and is therefore discarded.
    • An SQL Injection (also known as "Failure to Preserve SQL Query Structure") is one of the most common and most dangerous security issues. SQL injections are dangerous because they are a door wide open to hackers to enter your system through your Web interface and to do whatever they please - i.e. delete tables, modify databases, even get hold of your corporate network. SQL injections are a programming error and they have nothing to do with your web site hosting provider. Prevent an SQL Injection •Install patches regularly and timely. •Use automated test tools for SQL injections. •Remove all functionality you don't use.
    • DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behavior of a trusted DNS server so that it does not comply with internet standards. •To change your DNS servers •To use the HTTPS connection HTTPS will be harder for ISPs to hijack and redirect your queries.
    • •Knowledge on NGN network Fraud environment. •New detection techniques. Effective fraud detection means identifying fraud accurately, with no false alarms. This requires a combination of excellent systems, expert people, good global intelligence and efficient processes, every hour of the day and every day of the year.
    • Flexibility : The FMS must be application independent to detect any type of fraud for any type of service, regardless of its underlying technology. The FMS architecture must also be flexible to enable the easy addition, removal and update of fraud detection algorithms to accommodate changing fraud scenarios. Complete network coverage : The FMS needs to analyze all the data flowing through all the different access points in NGNs. Indeed, due to the availability of several access mechanisms in NGNs(e.g. wire, wireless, cable, modem), fraud attacks can be launched from various access points simultaneously. Scalability : New fraud scenarios will appear, which implies that more fraud rules will have to be added to the FMS detection engine. The number of billing records to inspect will also increase with the new service offered. The FMS architecture must be able to easily scale up or down to accommodate the dynamic NGN environment.
    • •Use network intelligence and visibility of real-time traffic patterns to improve detection of malicious attacks and accidental traffic floods, And to understand how they impact the mobile network. •Adopt scalable, distributed, and flexible security solutions to smoothly manage the transition to more porous IP - based LTE networks, keep up with the increase in user and signaling traffic volume, and cope with advanced policy, QoS and charging tools. •Strengthen protection of corporate networks, which are increasingly accessed by mobile devices that are often outside the control of IT managers.
    • We know the rules which we are currently applying to detect the existing frauds. For NGN fraud we can use the new technique of fraud detection by using an example given below : International call scenario – Call frequency: 229 calls made in 4 minutes; frequency is 57/min, 50/min is used as threshold. Count of dialed numbers: 100 different numbers were dialed from the same number, 50 is used as threshold. Rule : If call type = International And count dialed number from the same reference X > 50 And call frequency from X > 50 And average call duration from X < 20 s Then alert on likely for analyst.
    • As an industry we need to review the structure and design of our fraud teams in order to ensure maximum effectiveness and delivery for our organizations. In order to target success in our fight against frauds we must ensure we have: Appropriate Structure Develop fraud awareness Correct focus & strategy Exchange intelligence & best practice Appropriate skill sets Assess the fraud exposure of new services Appropriate tools Collaborate with other GSMA working groups and projects
    • Thank YouThank You