CUSTOMER SUCCESS MANAGER
As the dazzling new world of 5G approaches, there is a chance to address the flaws of a long-standing technology: GTP, the GPRS Tunneling Protocol. It is used to transmit user data and control traffic in 2G, 3G and 4G networks, and will also be used as part of 5G. MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first. Thus, attacks over this protocol can be detected quickly and, more crucially, be prevented. Today, our tools already simplify and validate the configuration of every roaming network node to help MNOs block any unwanted or unauthorized traffic.
Ah, 5G, what promising associations it evokes in our brains in these exciting times of change. Ultrafast speeds, lower latency, higher connection density, increased bandwidth: a beautiful new world lays ahead. However, just like any system that has been built on top of another system, certain weaknesses are being dragged from one stage to the other. As with any complex telecoms protocol, it contains some flaws that can make it easier for attackers to gain access to user data, commit fraud and cause denial-of-service incidents. Disastrous effects can be the result for millions of subscribers, resulting in loss of revenue and churn. Additionally, there is the potential for disrupting connected IoT networks, such as hospitals, city infrastructures or critical industries like energy production or agriculture.
In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.
GTP and 5G stick together
Right now, 5G is mostly deployed in the non-standalone (NSA) model, where the 5G NR (New Radio) is rolled out but over the existing 4G/LTE EPC (Evolved Packet Core). This means that as long as we are dealing with this deployment model for 5G networks, the GTP protocol remains a vulnerability and attack vector. These security vulnerabilities need to be tackled because only MNOs who can steadily deliver high network performance can satisfy the expectations of their data-hungry subscribers.
GSMA Members have expressed concerns regarding these vulnerabilities as the GTP does not feature strong integrated security mechanisms. The results of their research are summarized in the FS.20 document “GTP security” which also serves as a guideline for protecting against attacks over GTP. According to their findings, GTP suffers from similar attacks as SS7 and Diameter, such as subscriber information disclosure, DoS (Denial of Service), network overload and fraud.
Major flaws of GTP
Its major flaw, and the main reason for successfully conducted attacks, lies in its inability to check the user’s location. It is not easy for network nodes in the home network to determine whether incoming traffic from a subscriber is legitimate, i. e. if the subscriber really could be roaming on the guest network. The default check of the subscriber identity on S-GW (Serving Gateway) or SGSN (Serving GPRS Support Node) is unsatisfactory.
Cross-protocol location tracking
This problem can be solved by cross-protocol location tracking to check the subscribers’ activity by using SS7 or Diameter. Ultimately, the roamed location is determined first by SS7 or Diameter signaling for registering in the visited network. They send the GTP details down to the visited network and the GTP tunnels are set up then. If a GTP/IP Firewall only looks at GTP traffic to determine if the packets from that visited network are valid and associated with an outbound roamer, then they need to correlate with SS7 or Diameter signaling. In order to detect attacks over this protocol quickly, MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first, so configuration errors must be kept at bay.
Configuration errors – take a hike!
Some of the GTP’s security issues will prevail after the shift to 5G Standalone, though. In order to prevent attacks, transparency in traffic to the highest possible extent is key. Configuration errors must be avoided at any cost, especially considering the complexity of both LTE and 5G roaming networks. This is the first and most important task for the network and security team because attackers discover misconfigurations very quickly and exploit them to their benefit. As roaming partner configurations change over time, the validation and updates of these configurations is key to ensuring the doors and windows to your network are closed.
Room for improvement within the company
But not only technical reasons make fraud detection a challenge: sometimes, the cause of non-transparency and incoherent fraud prevention is embedded within the company. Sometimes, the team dealing with the core network and the team dealing with the equipment such as routers and firewalls is managed separately, and collaboration is unbudgeted.
Prevention is better than cure
Competition within the industry becomes increasingly vicious. Subscribers are not willing to endure and will swap quickly if network performance is unsatisfactory. Identifying dubious requests, reducing reaction time, building on fast “data trust indicators”, and instantly being able to block incidents can be a big leap forward to save considerable amounts of money and protect your network on a solid and consistent basis. That is why MNOs need to take swift and decisive measures to optimize GTP, both today as well as in view of the forthcoming 5G era. One thing is as sure as eggs is eggs: fraud will not disappear in the future as well as GTP won’t vanish either.
Validate your configurations
Already today, our tools simplify and validate the correct configuration of every roaming relevant network element. This helps MNOs to block any unwanted or unauthorized traffic with very little effort. It certainly is an easy-to-use application to increase efficiency, transparency, and enhance resource management, and we continuously optimize our applications to serve our customers even better. Likewise, we are increasingly keeping an eye on upgrading security aspects. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant and can be most easily implemented and aligned to your specific requirements. Talk to us, we will listen to you.
Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.
How does the GSMA approach cyber security, fraud detection and prevention? Look at the incredible useful tools and informations they provide with the Fraud and Security Group (FASG) and documents on best practice countermeasures.
GTP will still have an impact on 5G. Our tools can help to identify dubious requests faster, reduce reaction times and block incidents in a fraction of time.
This blog is about how correct data is key to ensuring that mobile communication is of trustworthy origin, especially in case of signaling attacks. Notably, the roaming industry has to take action for data verification.
SMS enjoys the reputation of being a safe channel for communication. But as any system, it is prone to abuse. We show you what needs to be done.
Voice fraud is known as one of the top inter-carrier fraud cases, and in order to expose them, time and reliable data is crucial. This article shows that prevention is key to make sure that legitimate traffic is not obstructed.
This issue shines a light on the variety of security breaches and fraud incidents: A cabinet of horrors.
Fraud and security issues cause considerable problems within mobile network operators. But we are here to help.