mahindracomviva sms firewall v1.0

1

SMS Firewall

2

SMS Firewall

Foreign

Network

(Optional)

Content

Provider/Apps

(Optional)

Comviva

SMS Firewall

Home

Network

SS7/IP

IP

SS7/IP

Mobile Subscriber

Rules Database

CDR GUI OAM Reports NMS

3

SMS Firewall – Message Flow (MO)

MSC/STP

Comviva

SIG

Filter

Partner

Content

Filter

MSC/STP SMSC

Mobile A

Mobile B

MSC

Mobile B

1 2

4

3

5

5

8

6

6

7

HLR

7

5

5

5

6

5

Redirection method

FDA (Optional)

Routing

DIAMETER

4

Value Proposition- SMS Firewall

5

Signaling/Content Filter controls

• STP connectivity via SIGTRAN

• GSM and CDMA support

• MNP compatibility

• Spam/Spoof/Flood/Fake controls

• Routing/Load balancing towards SMSCs

• Multiple STP connections

• Filter MO/MT for P2P, P2A, A2P

• Volume filters – X SMS per day/hour/month

• Pattern and signature filters

• Keyword based filters

• Subscriber notifications

• Black/White list based on GT/PC/SC/MDN/MSISDN/IMSI/SCCP..etc

• Out-roamer controls

• Configurable black-out days

• Provisioning & Reporting

Signaling/

Routing

Filtering

6

SMS Firewall

FDA

Floating License

USSD Filter

Rich SMS

1

2

3

4

5

• On-net and Off-net filtering capabilities

• Signaling and Content Filtering

• Licensed to use SMSR/FDA/SMSF

/USSD Filter for licensed capacity

• Filter USSD on-net and off-net messages

• Conditional blocking of USSD from other

operators

• Rich SMS for MO/MT traffic inbuilt

• Revenue generating services

NIL

Additional H/W

& License

NIL

Additional H/W

& License

Additional H/W

& License

Solution Benefits Dependency

• Cater to future requirements of

SMSR/FDA

• Offload MO FDA traffic from existing

SMSR

• Perfect place to do FDA than redirect to

SMSR

Comviva value proposition

7

SMS Firewall – Solution Overview

8

Signaling Filter

Policy Manager

OAM

Core SMS Firewall

Signaling Control Card

Content Filter (Partner Solution)

SS7/ SIGTRAN

Stack

MSC HLR

SRI Request-

Response

SMSC

GMSC/STP

Apps

Business Analytics

Application Interface

SMS Firewall System Architecture

DB

SMPP/UCP/HTTP

SIGTRAN/SMPP/UCP

9

SMS Firewall Mode of Operation (MT)

10

Subscriber A (Foreign network) sends an SMS to subscriber B (Home

network).

Foreign network SMSC sends an SRI for SM to the destination network. This

SRI reaches the GMSC/STP of B’s HPLMN (Home Network).

Gateway MSC forwards the SRI to the SMS Firewall.

SMS Firewall forwards the SRI for SM to the HLR.

As the HLR responds, the response to the received SRI query is sent back to

the originating SMSC.

This foreign SMSC now sends the MT-FSM to the SMS Firewall.

Comviva SMS Firewall checks the messages based on the configured rules.

Accordingly, it forwards the message to the subscriber B, either directly or

through the Home SMSC.

The messages that do not adhere to the rules are rejected

Explanation

11

SMS Firewall Mode of Operation (MT)

12

Subscriber A (Foreign network) sends an SMS to subscriber B (Home

network)

Foreign network SMSC sends an SRI for SM to the destination network. This

SRI reaches the GMSC/STP of B’s HPLMN (Home Network).

Gateway MSC forwards the SRI to HLR. Seeing that the SRI request has

originated from Foreign network, HLR forwards the SRI to SMS Firewall

In order to get the SRI about the destination VMSC, the SMS Firewall

forwards the SRI for SM to the HLR.

As the HLR responds, the response to the received SRI query is sent back to

the originating SMSC.

This foreign SMSC now sends the MT-FSM to the SMS Firewall.

Comviva SMS Firewall checks the messages based on the configured rules.

Accordingly, it forwards the message to the subscriber B, either directly or

through the Home SMSC.

The messages that do not adhere to the rules are rejected

Explanation

13

SMS Firewall – Features

14

SMS attacks in a

network

Network

A Network B

SMS SPAM

Spoofed SMS

SMS Flood

Subscriber location/info query

Protected by Comviva SMS

Firewall

Network

A Network B

SMS SPAM

Spoofed SMS

SMS Flood

Subscriber location/info

query

Com

viv

a

SM

SF

Network A is under attack !!!

Network B is protected by Comviva

Firewall

Comviva SMS Firewall

15

Unprotected roaming (Subscriber B sending SMS to ‘roaming

subscriber A’)

Network

B SMSC

B

Network A

HLR

A

Network C

MSC

C

Subscriber

A Subscribe

r B

Subscriber A roaming at Network C

Network -A not able to control SMS towards its out-roamers

!!!

Subscriber A can be affected by SPAM, SPOOF, leaked

location info.. Comviva out-roamer

protection

Network

B SMSC

B

Network A

HLR

A

Network C

MSC

C

Subscriber

A Subscribe

r B

Masked Subscriber A

info

All SMS towards Network-A’s out-roamers controlled by Comviva

SMSF

Com

viv

a S

MS

F

SMS Firewall – Roamer Protection

16

Firewall Architecture:- Message Flow (MT)

17

SMS Firewall – Signaling Filter

18

Anti Spam(MT)

19

Spam(MT) Control

• Blocking unsolicited messages towards mobile subscriber

• No content filtering

Rules

• Maximum messages per day/hour/minute/sec from a foreign network

• Maximum messages per day/hour/minute/sec from a foreign SMSC

• Maximum messages per day/hour/minute/sec from MSISDN X

• Action can be defined in SMSF to alert/block if crossing threshold

• Threshold can be defined based on observed/expected traffic pattern

• MSISDN/MDN barring

• IMSI barring

• Global Title (GT) barring

• SCCP parameters based barring

• Spam control applicable for MO/AO also

20

Spoof(MO) Control • Fraudster simulates SMS from foreign network

• Pretending as a mobile subscriber roaming in foreign network.

• In spoofing an SMS MO with a manipulated A.MSISDN (real or wrong) is coming

into the network from a foreign VLR (real or wrong SCCP Address). A spoofer

can manipulate either IMSI, VMSC or both.

21

Flooding detection & prevention

• Detects sudden increase of traffic from same originator(s)

• Monitor short term and long term traffic average from originator(s)

• Flooding = short term traffic average > long term traffic average

22

Roamer home routing

• Out-roamers are protected by SMSF

• All out-roamer destined messages will be routed through SMSF

• Configurable protection for out-roamers

• Saves revenue if originator interworking charges high

• QoS irrespective of subscriber location

23

SMS Firewall – Content Filter

24

© Copyright 2012. All rights Reserved. 24

Diameter SMS Architecture

AdaptiveMobile NPP Filtering Solution

Diameter

Interface

PMCSACTSM

RM

NPP NPPNPP

NPP

NPP Cluster

Management

……

STPMSC SS7/Sigtran

Traffic Network

OLO/Foreign NetworksSS7/Sigtran

International

STP

PEP

SMSC

25

MO SMS, SMSC=PEP using Diameter

This example

utilizes the DCP

Protocol between

SMSC and NPP

Filtering Engine

Filtering

EngineSMSC

MO-FSM (Cd=SMSC, Cg=MSC)

DPC-CCA

MSC

DPC-CCR

MO-FSM-ACK (Cd=MSC, Cg=SMSC)

SM Submission

Submission ACK

Subscriber in

Home Network

Filtering

Decision

MO-FSM-NACK (Cd=MSC, Cg=SMSC)

Submission NACK

09:54am

NPP for SMS

26

Advance filtering capability

Differential Sending Rate Traffic Analysis Filter

A Differential Sending Rate Traffic Analysis filter analyses and detects changes or surges in sending

rate where the sender is a MSISDN, SMSC (for SMS-MT and SMS-SRI messages), or MSC (for SMS-

MO messages).

Destination Address Analysis Filter

Analyse the recipient list patterns of a message sender during a configurable period. If the ratio of

one-time recipients compared to the total number of recipients exceeds a configurable threshold, the

message can be optionally blocked.

Sender Address Analysis

A Sender Addresses Analysis filter analyses the sender address patterns of a message sender during

a configurable period. If the ratio of one-time sender addresses used compared to the total number of

messages sent exceeds a configurable threshold

• Usage Control:-

A Usage Control filter restricts the number of messages that a subscriber may send or receive, on a

daily, weekly, or monthly basis

User Traffic Analysis Filter

Analyse the send and receive patterns of a particular user to see if these suggest spamming

behaviour. t works by monitoring the number of messages sent or received by a single user during a

configurable period

27

Advance filtering capability

Regular expression:-

Regular expressions provide an efficient and flexible way to identify strings of text want to filter.

For example, particular characters, words, or patterns of characters. Can choose to block

messages whose text content either matches or does not match any regular expression

Content Matching :-

Platform support capability to Analyses message text and compares it to a configurable

dictionary of banned words and phrases. Tokenisation analyses words and phrases with

deceptively similar spellings.

Premium service restriction

Platform has capability to block message from alphanumeric sender irrespective of TON and

NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any

position in source CLI .

Shortened URL Analysis:

Shortened URLs in Messages are expanded before analysis.

28

Advance filtering capability

Regular expression:-

Regular expressions provide an efficient and flexible way to identify strings of text want to filter.

For example, particular characters, words, or patterns of characters. Can choose to block

messages whose text content either matches or does not match any regular expression

Content Matching :-

Platform support capability to Analyses message text and compares it to a configurable

dictionary of banned words and phrases. Tokenisation analyses words and phrases with

deceptively similar spellings.

Premium service restriction

Platform has capability to block message from alphanumeric sender irrespective of TON and

NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any

position in source CLI .

Shortened URL Analysis:

Shortened URLs in Messages are expanded before analysis.

30

Content Traffic analysis

Platform has capability to identify on the fly similar messages by analysing and detecting similar

messages in a series. Capability to detect spam variants that might advertise in the same essential

content but with variations in message spelling, vocabulary, abbreviation, character aliasing etc.

Platform provide option for configuring number of similar attachment in configurable time period

and configurable percentage match for similarity. For example 200 message/signature in one hour

with 80 % match.

31

Content Traffic analysis

Describe how “Similar” is complex, but solved by NPP –tokenisation / N-Gram text analysis

n-grams are used for efficient approximate matching. Sequences of characters are converted into a set of four-

grams. By embedding in a vector space, the sequence can be compared to other sequences in an efficient

manner

Word substitution

The effect of a substituting words to evade matching is negated by comparing the matching four-grams. A

match is detected when the number of four-grams exceed a threshold.

Example: “Please give me a call urgently when you get this message” “Please give me a shout urgently when

you get this message”. Results in 38 matching four-grams resulting in a similarity match of 88%. Setting a

threshold at 85% results in messages identified as a match

Word sequence change

The effect of word sequence change is diminished as the vector space comparison used by the similarity

algorithm examines the n-grams irrespective of location.

Example “Call me please” “Please call me”.

Tokenisation: Swapping Characters for Numbers (O to 0 etc.)

Swapping Characters for Numbers (O to 0 etc.)

Example “CALL ME”vs.“C4LL ME” & “PING ME”vs.“P1NG ME”

32

Content Traffic analysis

Spam fingerprint .

Match of the message to a known Spam fingerprint

This mechanism detects spam messages where the spammer has modified the

message to avoid Checksum or keyword / phrase based blocking

It enables detection of spam messages where modification has occurred (e.g

personalisation, word substitution, sequence changing, modifying calls to action such as

phone numbers or web links etc.)

Capability to update signature database with global security centre

Platform compare SMS with database of restricted signature

System support configurable parameter of percentage match and length of the message

for which text pattern to be checked.

System allow to configure phrases or download Phrases/signature in encrypted

file format from global security centre .

34

SMS Firewall – Routing & FDA

35

SMS delivery platform

• SMS MT delivery – Messages originated in foreign network and destined to SMSF network

• SMS direct delivery (FDA) – Messages originated in the local network

• SMS routing - Messages originated in the local network

• Error based redirection

Absent subscriber

Call barred

SS incompatibility

Subscriber busy for MTSMS

Facility not supported

SM-Delivery failure

System failure

Data missing

Message waiting list full

Unexpected data value

Absent subscriber for SRI

Busy subscriber

No subscriber reply

• Source VMSC based redirection

• Source / Destination TON & NPI based redirection

• A-party and B-party based redirection

36

SMS delivery platform - Routing

37

SMS Firewall – Deployment Details

38

Deployment architecture - DIAMETER

39

Deployment architecture - Signaling

40

SMS Firewall – Report & MIS

41

Reporting Module Overview

Live Traffic-based Operational and Business reports:

Subscriber Reports:

– The top senders of messages with spam or viruses

Filter Reports:

– Top security threats - requests blocked per filter

Traffic Reports:

– Which countries, networks, SMSCs, and MSCs messages originated from and were destined

for.

– Peak rates, busy hours

Routing and FDA reports

Flexible Reporting View:

Dashboard: several reports in one view.

Individual Reports: single reports per view.

Administration and Auditing

42

Subscriber Reports Available

Blocked per Recipient MSISDN: Top number of recipients of blocked messages.

Blocked per Sender MSISDN: Top number of senders that have sent the most blocked

messages, or initiated the most blocked voice calls or web content requests

Delivery Reports per Recipient MSISDN: Top number of recipients of delivery reports

Viruses per Sender MSISDN: Top/total number of MSISDNs sending viruses.

Spam per Sender MSISDN: Top/total number of MSISDNs sending spam.

Unique Subscribers Protected: Total number of individual subscribers that have been the

intended recipients of blocked content.

MSISDNs Exceeding Sender Thresholds: Top number of subscribers that have crossed

any traffic analysis sender thresholds.

Submitted per MSISDN: The top number of MSISDNs sending messages, requesting URLs,

or making voice calls.

43

Filter Reports Available

Blocked per Filter: The total number of blocked messages by filter category.

Blocked Messages as a Percentage of Total Spam: The number of blocked

messages per filter category as a percentage of total spam. .

Blocked Messages per Category : The total number of blocked messages per

category, sorted by category with the most blocked messages

44

Traffic Reports Available

Blocked and Sent by National Operator: Number of messages sent and blocked/modified per national

operator

Blocked and Sent by National: Number of messages sent and blocked/modified from the operator’s country.

Blocked per Country: Top number of countries sending blocked messages, sorted by country sending the

most blocked messages.

Blocked per Operator: Top number of operators sending blocked messages

Blocked per Recipient SMSC/MSC/MSISDN(HLR): Top number of intended recipients (SMSCs, MSCs, or

HLRs) of blocked messages data.

Blocked per Sender SMSC/MSC: Top number of senders (SMSCs or MSCs) of blocked msg’s

Delivery Failure Messages per Reason: Top number of SMSC or MSC message failure reasons.

Delivery Failures per MSISDN: Number of delivery failures per MSISDN for a specified range of MSISDNs.

45

Traffic Reports continued

Delivery Failures per SMSC/MSC/HLR: Top number of SMSCs, MSCs, or HLRs where messages are

being rejected

License Crossing Count: A list of each occurrence (per second) that traffic crossed the volume license for

messages, voice calls, or web content requests.

Peak Messages per Second in Busy Hour: A list of the peak message-per-second rates during the busy

hour in the day or week.

Peak Rate per Hour: A list of the peak message or request rates per hour.

Percentage of Messages Blocked and Failed: The percentage of submitted messages blocked per SMS

message type.

Sent per Country: The top number of countries sending messages, sorted by country sending the most

messages.

Sent per Operator: The top number of operators sending messages, sorted by operator sending the most

messages.

Sent per Sender MSC/SMSC : The top number of senders (SMSCs or MSCs) of allowed and blocked

messages

46

Traffic Reports continued

Spam per Recipient SMSC/MSC/HLR: The top number of intended recipients (SMSCs, MSCs, or

HLRs) of spam and suspected spam messages

Spam per Sender SMSC/MSC: The top number of senders (SMSCs or MSCs) of spam and

suspected spam messages.

Spam Sent per Country: The top number of countries sending spam and suspected spam

messages

Spam Sent per Operator: The top number of operators sending spam and suspected messages,

sorted by operator sending the most spam or suspected spam.

47

SMS Firewall – References

48

Major references (Comviva & Partner)

Protecting over 800 million subscribers worldwide

49

Partner References for SMS Content

Filtering

OpCo Network Size (Subs) Traffic Covered

Bharti Airtel 180 Million MT (International & National)

Etisalat 7 Million MO & MT (National & Intl)

ME OpCo 27 Million MO (National) MT (International)

African OpCo 9 Million MT (International & National)

MTN NIgeria 31 Million MT (International & National)

ME OpCo 5 Million MT (International & National)

ViVa Kuwait 2 Million MO & MT (National & International)

APAC OpCo 50 Million MO, AO & MT (International & National)

US OpCo 2 Million MO & MT (National & International)

US OpCo 33 Million MO /MT/AO/AT(National & International)

European OpCo 7 Million SMS Filtering

ME OpCo SMS Filtering

50

Disclaimer Copyright © 2013: Comviva Technologies Ltd, Registered Office at A-26, Info City, Sector 34, Gurgaon-122001, Haryana, India.

All rights about this document are reserved and shall not be , in whole or in part, copied, photocopied, reproduced, translated, or reduced to any

manner including but not limited to electronic, mechanical, machine readable ,photographic, optic recording or otherwise without prior consent, in

writing, of Comviva Technologies Ltd (the Company).

The information in this document is subject to changes without notice. This describes only the product defined in the introduction of this

documentation. This document is intended for the use of prospective customers of the Company Products Solutions and or Services for the sole

purpose of the transaction for which the document is submitted. No part of it may be reproduced or transmitted in any form or manner whatsoever

without the prior written permission of the company. The Customer, who/which assumes full responsibility for using the document appropriately. The

Company welcomes customer comments as part of the process of continuous development and improvement.

The Company, has made all reasonable efforts to ensure that the information contained in the document are adequate, sufficient and free of material

errors and omissions. The Company will, if necessary, explain issues, which may not be covered by the document. However, the Company does not

assume any liability of whatsoever nature , for any errors in the document except the responsibility to provide correct information when any such error

is brought to company’s knowledge. The Company will not be responsible, in any event, for errors in this document or for any damages, incidental or

consequential, including monetary losses that might arise from the use of this document or of the information contained in it.

This document and the Products, Solutions and Services it describes are intellectual property of the Company and/or of the respective owners

thereof, whether such IPR is registered, registrable, pending for registration, applied for registration or not.

The only warranties for the Company Products, Solutions and Services are set forth in the express warranty statements accompanying its products

and services. Nothing herein should be construed as constituting an additional warranty. The Company shall not be liable for technical or editorial

errors or omissions contained herein.

The Company logo is a trademark of the Company. Other products, names, logos mentioned in this document , if any , may be trademarks of their

respective owners.

Copyright © 2013 Comviva Technologies Limited. All rights reserved.

Thank you Visit us at www.mahindracomviva.com