Gabriele Lieser

CUSTOMER SUCCESS MANAGER

Summary

As the dazzling new world of 5G approaches, there is a chance to address the flaws of a long-standing technology: GTP, the GPRS Tunneling Protocol. It is used to transmit user data and control traffic in 2G, 3G and 4G networks, and will also be used as part of 5G. MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first. Thus, attacks over this protocol can be detected quickly and, more crucially, be prevented. Today, our tools already simplify and validate the configuration of every roaming network node to help MNOs block any unwanted or unauthorized traffic.

Ah, 5G, what promising associations it evokes in our brains in these exciting times of change. Ultrafast speeds, lower latency, higher connection density, increased bandwidth: a beautiful new world lays ahead. However, just like any system that has been built on top of another system, certain weaknesses are being dragged from one stage to the other. As with any complex telecoms protocol, it contains some flaws that can make it easier for attackers to gain access to user data, commit fraud and cause denial-of-service incidents. Disastrous effects can be the result for millions of subscribers, resulting in loss of revenue and churn. Additionally, there is the potential for disrupting connected IoT networks, such as hospitals, city infrastructures or critical industries like energy production or agriculture.

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

GTP and 5G stick together

Right now, 5G is mostly deployed in the non-standalone (NSA) model, where the 5G NR (New Radio) is rolled out but over the existing 4G/LTE EPC (Evolved Packet Core). This means that as long as we are dealing with this deployment model for 5G networks, the GTP protocol remains a vulnerability and attack vector. These security vulnerabilities need to be tackled because only MNOs who can steadily deliver high network performance can satisfy the expectations of their data-hungry subscribers.
GSMA Members have expressed concerns regarding these vulnerabilities as the GTP does not feature strong integrated security mechanisms. The results of their research are summarized in the FS.20 document “GTP security” which also serves as a guideline for protecting against attacks over GTP. According to their findings, GTP suffers from similar attacks as SS7 and Diameter, such as subscriber information disclosure, DoS (Denial of Service), network overload and fraud.

pierced fence with a fascinating look on the highway

Major flaws of GTP

Its major flaw, and the main reason for successfully conducted attacks, lies in its inability to check the user’s location. It is not easy for network nodes in the home network to determine whether incoming traffic from a subscriber is legitimate, i. e. if the subscriber really could be roaming on the guest network. The default check of the subscriber identity on S-GW (Serving Gateway) or SGSN (Serving GPRS Support Node) is unsatisfactory.

Cross-protocol location tracking

This problem can be solved by cross-protocol location tracking to check the subscribers’ activity by using SS7 or Diameter. Ultimately, the roamed location is determined first by SS7 or Diameter signaling for registering in the visited network. They send the GTP details down to the visited network and the GTP tunnels are set up then. If a GTP/IP Firewall only looks at GTP traffic to determine if the packets from that visited network are valid and associated with an outbound roamer, then they need to correlate with SS7 or Diameter signaling. In order to detect attacks over this protocol quickly, MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first, so configuration errors must be kept at bay.

Configuration errors – take a hike!

Some of the GTP’s security issues will prevail after the shift to 5G Standalone, though. In order to prevent attacks, transparency in traffic to the highest possible extent is key. Configuration errors must be avoided at any cost, especially considering the complexity of both LTE and 5G roaming networks. This is the first and most important task for the network and security team because attackers discover misconfigurations very quickly and exploit them to their benefit. As roaming partner configurations change over time, the validation and updates of these configurations is key to ensuring the doors and windows to your network are closed.

Room for improvement within the company

But not only technical reasons make fraud detection a challenge: sometimes, the cause of non-transparency and incoherent fraud prevention is embedded within the company. Sometimes, the team dealing with the core network and the team dealing with the equipment such as routers and firewalls is managed separately, and collaboration is unbudgeted.

fascinating view on architecture from the bottom up

Prevention is better than cure

Competition within the industry becomes increasingly vicious. Subscribers are not willing to endure and will swap quickly if network performance is unsatisfactory. Identifying dubious requests, reducing reaction time, building on fast “data trust indicators”, and instantly being able to block incidents can be a big leap forward to save considerable amounts of money and protect your network on a solid and consistent basis. That is why MNOs need to take swift and decisive measures to optimize GTP, both today as well as in view of the forthcoming 5G era. One thing is as sure as eggs is eggs: fraud will not disappear in the future as well as GTP won’t vanish either.

Validate your configurations

Already today, our tools simplify and validate the correct configuration of every roaming relevant network element. This helps MNOs to block any unwanted or unauthorized traffic with very little effort. It certainly is an easy-to-use application to increase efficiency, transparency, and enhance resource management, and we continuously optimize our applications to serve our customers even better. Likewise, we are increasingly keeping an eye on upgrading security aspects. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant and can be most easily implemented and aligned to your specific requirements. Talk to us, we will listen to you.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.