A CRITICAL ANALYSIS ON VULNERABILITIES IN THIRD GENERATION TELECOM NETWORKS BILLING SYSTEM


Content

TABLE OF CONTENTS

CHAPTER ONE

1.0     Background of the Study

1.2    Problem Definition

1.3     Project Justification

1.4     Research Question

1.5     Aims and Objectives

1.6    Methodology

1.7    Scope of Work

1.8    Expected Contribution to Knowledge

 

CHAPTER TWO

THEORITICAL BACKGROUND AND LITERATURE REVIEW

2.1        Global System for Mobile Telecommunication – An Overview

2.1.1     (1G) First Generation Networks

2.1.2     (2G) Second Generation

2.1.3     Post 2G Generation – 2.5G

2.1.4     (3G) Third Generation

2.1.4.1  High Speed Packet Access - HSPA

2.1.5     (4G) Fourth Generation

2.2        3G – An Overview

2.2.1     Significance of 3G in Mobile Evolution

2.2.2     Issues with 4G Deployment

2.3        3G Architecture

2.3.1.    UMTS RAN Network Elements

2.4        Architectural Security in 3G

2.5        Mobile Telecom Billing – An Overview

2.6        Billing – A Process

2.6.1     Significance of Telecom Billing

2.6.1.1  Event Based Billing

2.6.1.2  Content Based Billing

2.7        Fraud in Mobile Telecommunications Operations

2.8        3G Billing Process

2.8.1     3G Business Model Complexity Problems

2.9        Frauds and 3G Billing

2.9.1     3G Security, Principles and Objectives

2.9.2     Scope of 3G Billing Attacks

2.9.3     The Role of SGSN and GGSN in Billing

2.10      IP-based attacks in 3G

2.10.1   Service and Network Architecture flaws

2.10.2   Inbound Billing Attacks on 3G

 

CHAPTER THREE

METHODOLOGY

3.1     Introduction

3.2     UMTS Billing Architecture

3.2.1  Offline Charging

3.2.2  Online Charging

3.3    Attacks and Vulnerability Assessment in 3G Networks

3.4    IP-in-DNS Tunnel Attack - Background Overview

3.5     Billing Architecture Vulnerabilities

3.6     Proposed Logical Billing Solution

 

CHAPTER FOUR

SYSTEM DESIGN AND PROTOTYPING

4.1     Introduction

4.2     Demonstration I: IP-IN-DNS Protocol Attack

4.2.1  Setting up an Ad-Hoc Wireless Network

4.2.2  Connecting To the Wireless Ad-Hoc Network

4.2.3  Configuring Your-Freedom Windows Application

4.2.4  Configuring Proxy in Mozilla Firefox Browser

4.2.5  Establishing a Connection

4.3     Demonstration II: User Agent Obfuscation Billing Attack

4.3.1  Installing User Agent Switcher Plug-in

4.3.2  Importing the Obfuscated User Agent

4.3.3  Establishing a Connection

 

CHAPTER FIVE

SUMMARY OF FINDING, CONCLUSIONS AND RECOMMENDATIONS

5.0     Summary of Findings

5.1     Conclusions

5.2     Recommendations

REFRENCES

 

 

 

CHAPTER ONE

 

1.0     BACKGROUND OF THE STUDY

The Evolution of Mobile Telecom and Billing Challenges

The Introduction of 2G cellular radios in the 1990s led to a genuine and significant change in human behavior. Technically, it provided basis for the transition of voice technology from an analog, wired environment to a digital, wireless environment. Psychologically and socially, the advent of 2G transformed telecommunications from a communication tool, to an agent of social change that improved people’s professional lives of enabling unprecedented communications flexibility.

 

Deploying a billing system for wireless has never been simple. However in the early days of 2G, billing was based on voice minutes. As a result many wireless carriers, familiar with traditional voice telephony, implemented wireless billing systems using previous models that billed for voice minutes using call detail records (CDR).

 

Transition from 2G to 2.5G Network Services

The need for value-added services such as two-way messaging unified communications, electronic voicemail, email and a number of personalized services drove the evolution toward more sophisticated 2.5G network services by the introduction of Enhanced Data Rates for Global Evolution (EDGE).

 

The rate of acceptance of 2.5G services varied around the world, beside the problem of early inclination, a major reason for this was lack of integration among various cellular network technologies, as carriers that relied on access technologies such as Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), differed from Global System for Mobile Communications (GSM). Most Billing systems could not support all standards required for different types of network

 

In Europe and Asia, it was notable that the adoption of a single standard facilitated rapid acceptance and implementation of value–added 2.5G services.

 

Owing to lack of uniformity in standards wireless carriers focused on two leading criteria in the selection of billing systems:

1.           Speed to Market

2.           The ability to interface with other systems

 

The Need for Convergence

These market conditions also gave rise to a new market driver that would confer an important strategic edge— Convergence—the ability to offer and bill for multiple services, such as real-time web connectivity, and voice on a single bill. Convergence prompted wireless carriers to plan the rollout of enhanced services and products that would extend wireless capabilities well beyond voice. Hence, this made increasing numbers of carriers globally, to upgrade their billing systems to support the growing market of wireless dataofferings.

 

The rollout of these services presented a critical challenge, to offer wireless data services, carriers needed a billing system that could accommodate the new services—particularly if charges were to be calculated based on the quantity of data transferred rather than the duration of time on-line.

 

As a result, convergent services strained legacy billing systems that were designed to measure and rate usage-sensitive wireless voice. With the existing billing systems simply were not equipped to rate wireless data, which typically was charged based on a flat rate.

 

 

The Emergence of 3G

The drawbacks of 2G systems gave rise to the development of 3G networks with a major highlight on the convergence of new services and the Internet industries. 3G is a global wireless communication technology that makes packet-based transmission of digitized voice, data, and video a possibility.A packet-based network relies on the Internet protocol (IP) to provide an "always on" capability, which is not available through circuit based 2G networks, this in turn shall necessitate the deployment of an efficient pricing mechanisms to apply to service usage. In 2G, billing mechanisms such as, event and content based pricing have been successfully used in General Packet Radio Service - GPRS mobile networks. They will also play an important role in pricing decisions in 3GSismanidis (2006).

 

The initiation of IP technologies into traditional wireless telecommunication networks opened up a new generation of IP-based services that must interwork with the 3G wireless telecommunication networks. These services are called Cross Network Services. Cross Network Services will use a combination of Internet-based data and data from the wireless telecommunication network to provide services to the wireless subscriber. They will be multi-vendor, multi-domain, and will cater to a wide variety of needs.

 

1.2  PROBLEM DEFINITION

Innumerable security threats are introduced by providing Internet connectivity to 3G networks, as certain attacks can be easily enforced on the wireless telecommunication network indirectly from the IP networks. Kotapati (2005) refers these services as Cross Network Services which depends on a combination of Internet-based data and data from the wireless telecommunication network to provide services to the wireless subscriber. They will be multi-vendor, multi-domain, and will cater to a wide variety of needs.

 

While the challenge of service complexities, ineffective staff control and security policies, convoluted billing models, technological shifts remains a barrier to viable service delivery and business operations for telecos, the problem of fraud as a result of sophisticated cyber-attacks on billing systems vulnerabilities are the issues addressed thoroughly in this research work.

 

According to Lei (2011) billing attacks causes great loss to the telecommunication operator and customer. Traditional fraud detection technologies focus on anomaly analysis on call detail record (CDR) and fraud detection, which faces much challenge in detecting the billing attack in the mobile communication network. Issues such as a subscriber, exploiting the weakness of a service providers information system or value-added service, is a frequent dilemma telecom carriers are embattled with, either as a result of a malicious insider or a technology savvy outsider.

 

 

 

1.3     PROJECT JUSTIFICATION

In the face of declining voice service margins, Communications Service Providers are investing heavily in deploying and marketing “3G” networks that are capable of supporting an ever-increasing variety of data services from streaming video, to gaming, to proprietary business applications, to mobile commerce transactions for tangible goods and services.

 

However, despite the highlight and promise of increased ROI, the problem of information system security remains a major challenge for telecos to address thoroughly, as new service schemes are incorporated to normal business processes, as a result of innovations in the industry, upgrades and assertive competition, the security requirement to meet such advancements represents the major problem that hampers both quality service delivery and investments returns.

 

By uncovering certain 3G service weakness and sophisticated ways through which cybercriminals as well as malicious insiders exploits billing vulnerabilities that exist on 3G mobile networks, The Research work presents solutions for telecos to consider in addressing the problem of proper billing security and protecting major 3G revenue streams such as always-online internet services.

 

 

 

 

 

 

 

1.4  RESEARCH QUESTION

The following are the research questions the project seek to answer

1.    How do we evaluate the focus of top management in securing revenue streams from 3G service billing complexities?

2.    To what extent does management know about new methods of exploiting paid services of 3G compliant telecom operators?

3.    How do we determine the Cost and Risk of managing a disaster as a result of technical savvy malicious insiders?

4.    How do align the balance between technical strategic shifts in the mobile industry and the ability for service providers to securely comply?

 

1.5  AIMS AND OBJECTIVES

The Research work seeks to achieve the following aims and objectives:

1.     To provide a Model that can be used to evaluate and measure operational and technological risk in 3G networks

2.     To provide technical and operational ways to address vulnerable 3G network service and segments that demean telecos revenue.

3.     To enhance the design of existing automated billing systems for efficient billing of data services.

4.     To provide operational policies and procedures to checkmate fraud and billing disasters as a result of malicious insiders.

 

 

 

 

 

 

 

1.6  METHODOLOGY

The experimentation methodology constitutes as the central viewpoint to compel this research. The resulting conceptual model derived existing 3G billing systems architecture such as the mediation systems, GGSN and SGSN presents a basis for the subject.

 

Data gathering and review of peculiar operational and technical risk faced by telecom service providers was achieved and review of weaknesses in network security schemes and technologies.

 

1.7  SCOPE OF WORK

This project will be limited to the design of an intelligent system to enhance the automation process of billing for data services, in order to address the constraints. However, practical evaluations will be carried out to prove the claim of existing vulnerabilities.

 

1.8  EXPECTED CONTRIBUTION TO KNOWLEDGE

By uncovering several weaknesses in 3G and sophisticated ways through which cybercriminals as well as malicious insiders exploits billing vulnerabilities that exist on 3G mobile networks.

 

The Research work attempts to present solutions for telecos to consider in addressing the problem of proper billing security and protecting major 3G revenue streams such as always-online internet services.

 

This work will aid research the design and the development of novel next generation telecom networks. Such as 3.5G, 4G and Post 4G Networks in advance.

Order Complete Project