Introduction of LTE
Specification, Facts & Advantage of LTE
New types of threats and frauds
Requirement for NGN Frauds Management System
LTE stands for Long Term Evolution and it was started as a project
in 2004 by telecommunication body known as the Third Generation
Partnership Project (3GPP). SAE (System Architecture Evolution) is
the corresponding evolution of the GPRS/3G packet core network
evolution. The term LTE is typically used to represent both LTE and
The main goal of LTE is to provide a high data rate, low latency and
packet optimized radio access technology supporting flexible
bandwidth deployments. Same time its network architecture has
been designed with the goal to support packet-switched traffic with
seamless mobility and great quality of service. The LTE wireless
interface is incompatible with 2G and 3G networks, so that it must
be operated on a separate wireless spectrum.
14 Mbps DL 100 Mbps DL
5,7 Mbps UL 50 Mbps UL
LTE has 10X users per cell than HSDPA
LTE is the successor technology not only of UMTS but also of CDMA
LTE is important because it will bring up to 50 times performance
improvement and much better spectral efficiency to cellular networks.
LTE introduced to get higher data rates, 300Mbps peak downlink and
75 Mbps peak uplink. In a 20MHz carrier, data rates beyond 300Mbps
can be achieved under very good signal conditions.
LTE is an ideal technology to support high date rates for the services
such as voice over IP (VOIP), streaming multimedia, video
conferencing or even a high-speed cellular modem.
All LTE devices have to support (MIMO) Multiple Input Multiple Output
transmissions, which allow the base station to transmit several data
streams over the same carrier simultaneously.
High throughput: High data rates can be achieved in both
downlink as well as uplink. This causes high throughput.
Low latency: Time required to connect to the network is in range
of a few hundred milliseconds and power saving states can now be
entered and exited very quickly.
Seamless Connection: LTE will also support seamless
connection to existing networks such as GSM, CDMA and WCDMA.
FDD and TDD in the same platform: Frequency Division
Duplex (FDD) and Time Division Duplex (FDD), both schemes can
be used on same platform.
Fraud management is the process of identifying, stopping or
preventing situations where customers, employees or professional
fraudster set out to make use of telecommunications services with
the intention of avoiding full or partial payment.
Fraud is a major concern for all telecom operators /providers as it
directly linked with revenue fall.
- Subex Nikira Fraud Management System
- MEGS Optel Fraud Management System
- Neural Fraud Management System
Non Authorized Content Broadcast
Distribution of Illegal or Unwanted Content
P2P Content Reselling
Mobile/ Smartphone Malware
Consumption of Network Resources with no revenue or ability to bill
Change of billing model making it impossible to bill
ID Spoofing (Access and Services Identity)
• DDoS The target network is flooded by traffic of multiple sources.
• Ping Flood A large volume of ping packets causes a
network to crash. In a “ Ping of death ” malformed ping requests
• Replay Attack The attacker intercepts legitimate signaling
traffic & retransmits it until the network is over whelmed.
• SQL Injection The attacker sends malicious commands in
statement to SQL database to make unauthorized changes to the
database or to get a copy of the database.
• DNS Hijacking The attacker redirects DNS queries to a rogue DNS
A distributed denial of service (DoS) attack, or DDoS, is
much like the ping flood method, only multiple computers are being
used. In this instance, the computers that are being used may or
may not be aware of the fact that they are attacking a website or
network. Trojans and viruses commonly give the hacker control of a
computer, and thus, the ability to use them for attack. In this case
the victim computers are called zombies.
A DDoS attack is very tough to overcome. The first thing to do is
to contact your hosting provider or internet service provider,
depending on what is under attack. They will usually be able to filter
out the bulk of the traffic based on where it’s coming from. For more
large-scale attacks, you’ll have to become more creative.
If you have access to your router, enter the following command into
your router command prompt : No IP verify unicast reverse-path.
This will ensure that attackers can’t spoof their IP address.
The most basic of attacks is the Ping flood attack. It relies on the
ICMP echo command, more popularly known as ping . In legitimate
situations the ping command is used by network administrators to
test connectivity between two computers. In the ping flood attack, it
is used to flood large amounts of data packets to the victim’s
computer in an attempt to overload it. You can see an example of
the ping flood attack below.
Reconfigure your perimeter router or firewall to disallow ICMP echo
requests (pings) on your internal network. This configuration will
prevent flood attacks that originate from outside your network, but it
will not prevent internal flood attacks.
A replay attack is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is
carried out either by the originator or by an adversary who intercepts the
data and retransmits it, possibly as part of a masquerade attacks by IP
Encapsulating Security Payload (ESP) can protect against replay
attacks by using a mathematically generated sequence number.
When a packet is sent to a recipient, the recipient extracts the
sequence number and records the sequence number in a table.
Now, suppose a hacker captured and replayed a packet. The
recipient would extract the sequence number and compare it
against the table that it has been recording. But the packet's
sequence number will already exist in the table, so the packet is
assumed to be fraudulent and is therefore discarded.
An SQL Injection (also known as "Failure to Preserve SQL Query
Structure") is one of the most common and most dangerous security
issues. SQL injections are dangerous because they are a door wide
open to hackers to enter your system through your Web interface
and to do whatever they please - i.e. delete tables, modify
databases, even get hold of your corporate network. SQL injections
are a programming error and they have nothing to do with your web
site hosting provider.
Prevent an SQL Injection
•Install patches regularly and timely.
•Use automated test tools for SQL injections.
•Remove all functionality you don't use.
DNS hijacking or DNS redirection is the practice of subverting
the resolution of Domain Name System (DNS) queries. This can be
achieved by malware that overrides a computer's TCP/IP
configuration to point at a rogue DNS server under the control of an
attacker, or through modifying the behavior of a trusted DNS server
so that it does not comply with internet standards.
•To change your DNS servers
•To use the HTTPS connection
HTTPS will be harder for ISPs to hijack and redirect your queries.
•Knowledge on NGN network Fraud environment.
•New detection techniques.
Effective fraud detection means identifying fraud accurately, with no
This requires a combination of excellent systems, expert people,
good global intelligence and efficient processes, every hour of the
day and every day of the year.
Flexibility : The FMS must be application independent to detect any type
of fraud for any type of service, regardless of its underlying technology. The
FMS architecture must also be flexible to enable the easy addition, removal
and update of fraud detection algorithms to accommodate changing fraud
Complete network coverage : The FMS needs to analyze all the data
flowing through all the different access points in NGNs. Indeed, due to the
availability of several access mechanisms in NGNs(e.g. wire, wireless,
cable, modem), fraud attacks can be launched from various access points
Scalability : New fraud scenarios will appear, which implies that more
fraud rules will have to be added to the FMS detection engine. The number
of billing records to inspect will also increase with the new service offered.
The FMS architecture must be able to easily scale up or down to
accommodate the dynamic NGN environment.
•Use network intelligence and visibility of real-time traffic patterns to
improve detection of malicious attacks and accidental traffic floods, And
to understand how they impact the mobile network.
•Adopt scalable, distributed, and flexible security solutions to smoothly
manage the transition to more porous IP - based LTE networks, keep
up with the increase in user and signaling traffic volume, and cope with
advanced policy, QoS and charging tools.
•Strengthen protection of corporate networks, which are increasingly
accessed by mobile devices that are often outside the control of IT
We know the rules which we are currently applying to detect the
existing frauds. For NGN fraud we can use the new technique of fraud
detection by using an example given below :
International call scenario –
Call frequency: 229 calls made in 4 minutes; frequency is 57/min,
50/min is used as threshold.
Count of dialed numbers: 100 different numbers were dialed from
the same number, 50 is used as threshold.
Rule : If call type = International
And count dialed number from the same reference X > 50
And call frequency from X > 50
And average call duration from X < 20 s
Then alert on likely for analyst.
As an industry we need to review the structure and design of our
fraud teams in order to ensure maximum effectiveness and delivery
for our organizations.
In order to target success in our fight against frauds we must ensure
Appropriate Structure Develop fraud awareness
Correct focus & strategy Exchange intelligence & best
Appropriate skill sets Assess the fraud exposure of
Appropriate tools Collaborate with other GSMA
working groups and projects