TABLE OF CONTENTS
CHAPTER ONE
1.0 Background of the Study
1.2 Problem Definition
1.3 Project Justification
1.4 Research Question
1.5 Aims and Objectives
1.6 Methodology
1.7 Scope
of Work
1.8 Expected
Contribution to Knowledge
CHAPTER TWO
THEORITICAL BACKGROUND
AND LITERATURE REVIEW
2.1 Global System for
Mobile Telecommunication – An Overview
2.1.1 (1G) First
Generation Networks
2.1.2 (2G) Second Generation
2.1.3 Post 2G Generation –
2.5G
2.1.4 (3G) Third Generation
2.1.4.1 High Speed Packet Access - HSPA
2.1.5 (4G) Fourth Generation
2.2 3G – An Overview
2.2.1 Significance of 3G
in Mobile Evolution
2.2.2 Issues with 4G
Deployment
2.3 3G Architecture
2.3.1. UMTS RAN Network Elements
2.4 Architectural Security
in 3G
2.5 Mobile
Telecom Billing – An Overview
2.6 Billing
– A Process
2.6.1 Significance of Telecom Billing
2.6.1.1 Event
Based Billing
2.6.1.2 Content
Based Billing
2.7 Fraud in Mobile Telecommunications Operations
2.8 3G Billing Process
2.8.1 3G
Business Model Complexity Problems
2.9 Frauds and 3G Billing
2.9.1 3G
Security, Principles and Objectives
2.9.2 Scope of 3G Billing Attacks
2.9.3 The Role of SGSN and GGSN in
Billing
2.10 IP-based
attacks in 3G
2.10.1 Service
and Network Architecture flaws
2.10.2 Inbound
Billing Attacks on 3G
CHAPTER THREE
METHODOLOGY
3.1 Introduction
3.2 UMTS Billing Architecture
3.2.1 Offline Charging
3.2.2 Online Charging
3.3 Attacks and Vulnerability Assessment in 3G
Networks
3.4 IP-in-DNS
Tunnel Attack - Background Overview
3.5 Billing
Architecture Vulnerabilities
3.6 Proposed Logical Billing Solution
CHAPTER
FOUR
SYSTEM
DESIGN AND PROTOTYPING
4.1 Introduction
4.2 Demonstration
I: IP-IN-DNS Protocol Attack
4.2.1 Setting
up an Ad-Hoc Wireless Network
4.2.2 Connecting
To the Wireless Ad-Hoc Network
4.2.3 Configuring
Your-Freedom Windows Application
4.2.4 Configuring Proxy in
Mozilla Firefox Browser
4.2.5 Establishing
a Connection
4.3 Demonstration II: User Agent Obfuscation Billing Attack
4.3.1 Installing User Agent
Switcher Plug-in
4.3.2 Importing
the Obfuscated User Agent
4.3.3 Establishing a
Connection
CHAPTER FIVE
SUMMARY OF FINDING, CONCLUSIONS AND RECOMMENDATIONS
5.0 Summary of Findings
5.1 Conclusions
5.2 Recommendations
REFRENCES
CHAPTER ONE
1.0 BACKGROUND
OF THE STUDY
The Evolution of Mobile Telecom and Billing
Challenges
The Introduction of 2G cellular radios in the
1990s led to a genuine and significant change in human behavior. Technically,
it provided basis for the transition of voice technology from an analog, wired
environment to a digital, wireless environment. Psychologically and socially,
the advent of 2G transformed telecommunications from a communication tool, to
an agent of social change that improved people’s professional lives of enabling
unprecedented communications flexibility.
Deploying a billing system for wireless has
never been simple. However in the early days of 2G, billing was based on voice
minutes. As a result many wireless carriers, familiar with traditional voice
telephony, implemented wireless billing systems using previous models that
billed for voice minutes using call detail records (CDR).
Transition
from 2G to 2.5G Network Services
The need for value-added services such as
two-way messaging unified communications, electronic voicemail, email and a
number of personalized services drove the evolution toward more sophisticated
2.5G network services by the introduction of Enhanced Data Rates for Global
Evolution (EDGE).
The rate of acceptance of 2.5G services varied
around the world, beside the problem of early inclination, a major reason for
this was lack of integration among various cellular network technologies, as
carriers that relied on access technologies such as Code Division Multiple
Access (CDMA), Time Division Multiple Access (TDMA), differed from Global
System for Mobile Communications (GSM). Most Billing systems could not support
all standards required for different types of network
In Europe and Asia, it was notable that the
adoption of a single standard facilitated rapid acceptance and implementation
of value–added 2.5G services.
Owing to lack of uniformity in standards
wireless carriers focused on two leading criteria in the selection of billing
systems:
1.
Speed to Market
2.
The ability to interface with other systems
The
Need for Convergence
These market conditions also gave rise to a new market driver that
would confer an important strategic edge— Convergence—the ability to offer and
bill for multiple services, such as real-time web connectivity, and voice on a
single bill. Convergence prompted wireless carriers to plan the rollout of
enhanced services and products that would extend wireless capabilities well
beyond voice. Hence, this made increasing numbers of carriers globally, to
upgrade their billing systems to support the growing market of wireless
dataofferings.
The rollout of these services presented a critical challenge, to
offer wireless data services, carriers needed a billing system that could
accommodate the new services—particularly if charges were to be calculated
based on the quantity of data transferred
rather than the duration of time on-line.
As a result, convergent services strained legacy billing systems
that were designed to measure and rate usage-sensitive wireless voice. With the
existing billing systems simply were not equipped to rate wireless data, which
typically was charged based on a flat rate.
The
Emergence of 3G
The drawbacks of 2G systems gave rise to the
development of 3G networks with a major highlight on the convergence of new
services and the Internet industries. 3G is a global wireless
communication technology that makes packet-based transmission of digitized
voice, data, and video a possibility.A packet-based network relies on the
Internet protocol (IP) to provide an "always on" capability, which is
not available through circuit based 2G networks, this in turn shall necessitate
the deployment of an efficient pricing mechanisms to apply to service usage. In
2G, billing mechanisms such as, event and content based pricing have been successfully
used in General Packet Radio Service - GPRS mobile networks. They will also
play an important role in pricing decisions in 3GSismanidis (2006).
The initiation of IP technologies into
traditional wireless telecommunication networks opened up a new generation of
IP-based services that must interwork with the 3G wireless telecommunication
networks. These services are called Cross Network Services. Cross Network
Services will use a combination of Internet-based data and data from the wireless
telecommunication network to provide services to the wireless subscriber. They
will be multi-vendor, multi-domain, and will cater to a wide variety of needs.
1.2 PROBLEM DEFINITION
Innumerable security threats are introduced by
providing Internet connectivity to 3G networks, as certain attacks can be
easily enforced on the wireless telecommunication network indirectly from the
IP networks. Kotapati (2005) refers these services as Cross Network Services which
depends on a combination of Internet-based data and data from the wireless
telecommunication network to provide services to the wireless subscriber. They
will be multi-vendor, multi-domain, and will cater to a wide variety of needs.
While the challenge of service complexities,
ineffective staff control and security policies, convoluted billing models,
technological shifts remains a barrier to viable service delivery and business
operations for telecos, the
problem of fraud as a result of sophisticated cyber-attacks on billing systems
vulnerabilities are the issues addressed thoroughly in this research work.
According to Lei (2011) billing attacks causes great
loss to the telecommunication operator and customer. Traditional fraud
detection technologies focus on anomaly analysis on call detail record (CDR)
and fraud detection, which faces much challenge in detecting the billing attack
in the mobile communication network. Issues such as a subscriber, exploiting the weakness of a service providers
information system or value-added service, is a frequent dilemma telecom
carriers are embattled with, either as a result of a malicious insider or a
technology savvy outsider.
1.3 PROJECT JUSTIFICATION
In
the face of declining voice service margins, Communications Service Providers
are investing heavily in deploying and marketing “3G” networks that are capable
of supporting an ever-increasing variety of data services from streaming video,
to gaming, to proprietary business applications, to mobile commerce
transactions for tangible goods and services.
However,
despite the highlight and promise of increased ROI, the problem of information
system security remains a major challenge for telecos to address thoroughly, as
new service schemes are incorporated to normal business processes, as a result
of innovations in the industry, upgrades and assertive competition, the
security requirement to meet such advancements represents the major problem
that hampers both quality service delivery and investments returns.
By
uncovering certain 3G service weakness and sophisticated ways through which
cybercriminals as well as malicious insiders exploits billing vulnerabilities
that exist on 3G mobile networks, The Research work presents solutions for
telecos to consider in addressing the problem of proper billing security and
protecting major 3G revenue streams such as always-online internet services.
1.4 RESEARCH
QUESTION
The
following are the research questions the project seek to answer
1. How do we evaluate the focus of top
management in securing revenue streams from 3G service billing complexities?
2. To what extent does management know about
new methods of exploiting paid services of 3G compliant telecom operators?
3. How do we determine the Cost and Risk of
managing a disaster as a result of technical savvy malicious insiders?
4. How do align the balance between technical
strategic shifts in the mobile industry and the ability for service providers
to securely comply?
1.5 AIMS
AND OBJECTIVES
The
Research work seeks to achieve the following aims and objectives:
1.
To provide a Model
that can be used to evaluate and measure operational and technological risk in
3G networks
2.
To provide
technical and operational ways to address vulnerable 3G network service and
segments that demean telecos revenue.
3.
To enhance the
design of existing automated billing systems for efficient billing of data
services.
4.
To provide
operational policies and procedures to checkmate fraud and billing disasters as
a result of malicious insiders.
1.6 METHODOLOGY
The experimentation methodology constitutes as
the central viewpoint to compel this research. The resulting conceptual model derived
existing 3G billing systems architecture such as the mediation systems, GGSN
and SGSN presents a basis for the subject.
Data gathering and review of peculiar operational
and technical risk faced by telecom service providers was achieved and review
of weaknesses in network security schemes and technologies.
1.7 SCOPE
OF WORK
This
project will be limited to the design of an intelligent system to enhance the
automation process of billing for data services, in order to address the
constraints. However, practical evaluations will be carried out to prove the
claim of existing vulnerabilities.
1.8 EXPECTED
CONTRIBUTION TO KNOWLEDGE
By uncovering several weaknesses in 3G and sophisticated ways
through which cybercriminals as well as malicious insiders exploits
billing vulnerabilities that exist on 3G mobile networks.
The Research work attempts to present solutions for
telecos to consider in addressing the problem of proper billing security
and protecting major 3G revenue streams such as always-online internet
services.
This work will aid research
the design and the development of novel next generation telecom networks. Such
as 3.5G, 4G and Post 4G Networks in advance.
Login To Comment