mahindracomviva sms firewall v1.0
DESCRIPTION
SMS Filtering, anti SPAM, Anti Spoof,Telecom Security, SMSC Security feature.VAS SecurityTRANSCRIPT
1
SMS Firewall
2
SMS Firewall
Foreign
Network
(Optional)
Content
Provider/Apps
(Optional)
Comviva
SMS Firewall
Home
Network
SS7/IP
IP
SS7/IP
Mobile Subscriber
Rules Database
CDR GUI OAM Reports NMS
3
SMS Firewall – Message Flow (MO)
MSC/STP
Comviva
SIG
Filter
Partner
Content
Filter
MSC/STP SMSC
Mobile A
Mobile B
MSC
Mobile B
1 2
4
3
5
5
8
6
6
7
HLR
7
5
5
5
6
5
Redirection method
FDA (Optional)
Routing
DIAMETER
4
Value Proposition- SMS Firewall
5
Signaling/Content Filter controls
• STP connectivity via SIGTRAN
• GSM and CDMA support
• MNP compatibility
• Spam/Spoof/Flood/Fake controls
• Routing/Load balancing towards SMSCs
• Multiple STP connections
• Filter MO/MT for P2P, P2A, A2P
• Volume filters – X SMS per day/hour/month
• Pattern and signature filters
• Keyword based filters
• Subscriber notifications
• Black/White list based on GT/PC/SC/MDN/MSISDN/IMSI/SCCP..etc
• Out-roamer controls
• Configurable black-out days
• Provisioning & Reporting
Signaling/
Routing
Filtering
6
SMS Firewall
FDA
Floating License
USSD Filter
Rich SMS
1
2
3
4
5
• On-net and Off-net filtering capabilities
• Signaling and Content Filtering
• Licensed to use SMSR/FDA/SMSF
/USSD Filter for licensed capacity
• Filter USSD on-net and off-net messages
• Conditional blocking of USSD from other
operators
• Rich SMS for MO/MT traffic inbuilt
• Revenue generating services
NIL
Additional H/W
& License
NIL
Additional H/W
& License
Additional H/W
& License
Solution Benefits Dependency
• Cater to future requirements of
SMSR/FDA
• Offload MO FDA traffic from existing
SMSR
• Perfect place to do FDA than redirect to
SMSR
Comviva value proposition
7
SMS Firewall – Solution Overview
8
Signaling Filter
Policy Manager
OAM
Core SMS Firewall
Signaling Control Card
Content Filter (Partner Solution)
SS7/ SIGTRAN
Stack
MSC HLR
SRI Request-
Response
SMSC
GMSC/STP
Apps
Business Analytics
Application Interface
SMS Firewall System Architecture
DB
SMPP/UCP/HTTP
SIGTRAN/SMPP/UCP
9
SMS Firewall Mode of Operation (MT)
10
Subscriber A (Foreign network) sends an SMS to subscriber B (Home
network).
Foreign network SMSC sends an SRI for SM to the destination network. This
SRI reaches the GMSC/STP of B’s HPLMN (Home Network).
Gateway MSC forwards the SRI to the SMS Firewall.
SMS Firewall forwards the SRI for SM to the HLR.
As the HLR responds, the response to the received SRI query is sent back to
the originating SMSC.
This foreign SMSC now sends the MT-FSM to the SMS Firewall.
Comviva SMS Firewall checks the messages based on the configured rules.
Accordingly, it forwards the message to the subscriber B, either directly or
through the Home SMSC.
The messages that do not adhere to the rules are rejected
Explanation
11
SMS Firewall Mode of Operation (MT)
12
Subscriber A (Foreign network) sends an SMS to subscriber B (Home
network)
Foreign network SMSC sends an SRI for SM to the destination network. This
SRI reaches the GMSC/STP of B’s HPLMN (Home Network).
Gateway MSC forwards the SRI to HLR. Seeing that the SRI request has
originated from Foreign network, HLR forwards the SRI to SMS Firewall
In order to get the SRI about the destination VMSC, the SMS Firewall
forwards the SRI for SM to the HLR.
As the HLR responds, the response to the received SRI query is sent back to
the originating SMSC.
This foreign SMSC now sends the MT-FSM to the SMS Firewall.
Comviva SMS Firewall checks the messages based on the configured rules.
Accordingly, it forwards the message to the subscriber B, either directly or
through the Home SMSC.
The messages that do not adhere to the rules are rejected
Explanation
13
SMS Firewall – Features
14
SMS attacks in a
network
Network
A Network B
SMS SPAM
Spoofed SMS
SMS Flood
Subscriber location/info query
Protected by Comviva SMS
Firewall
Network
A Network B
SMS SPAM
Spoofed SMS
SMS Flood
Subscriber location/info
query
Com
viv
a
SM
SF
Network A is under attack !!!
Network B is protected by Comviva
Firewall
Comviva SMS Firewall
15
Unprotected roaming (Subscriber B sending SMS to ‘roaming
subscriber A’)
Network
B SMSC
B
Network A
HLR
A
Network C
MSC
C
Subscriber
A Subscribe
r B
Subscriber A roaming at Network C
Network -A not able to control SMS towards its out-roamers
!!!
Subscriber A can be affected by SPAM, SPOOF, leaked
location info.. Comviva out-roamer
protection
Network
B SMSC
B
Network A
HLR
A
Network C
MSC
C
Subscriber
A Subscribe
r B
Masked Subscriber A
info
All SMS towards Network-A’s out-roamers controlled by Comviva
SMSF
Com
viv
a S
MS
F
SMS Firewall – Roamer Protection
16
Firewall Architecture:- Message Flow (MT)
17
SMS Firewall – Signaling Filter
18
Anti Spam(MT)
19
Spam(MT) Control
• Blocking unsolicited messages towards mobile subscriber
• No content filtering
Rules
• Maximum messages per day/hour/minute/sec from a foreign network
• Maximum messages per day/hour/minute/sec from a foreign SMSC
• Maximum messages per day/hour/minute/sec from MSISDN X
• Action can be defined in SMSF to alert/block if crossing threshold
• Threshold can be defined based on observed/expected traffic pattern
• MSISDN/MDN barring
• IMSI barring
• Global Title (GT) barring
• SCCP parameters based barring
• Spam control applicable for MO/AO also
20
Spoof(MO) Control • Fraudster simulates SMS from foreign network
• Pretending as a mobile subscriber roaming in foreign network.
• In spoofing an SMS MO with a manipulated A.MSISDN (real or wrong) is coming
into the network from a foreign VLR (real or wrong SCCP Address). A spoofer
can manipulate either IMSI, VMSC or both.
21
Flooding detection & prevention
• Detects sudden increase of traffic from same originator(s)
• Monitor short term and long term traffic average from originator(s)
• Flooding = short term traffic average > long term traffic average
22
Roamer home routing
• Out-roamers are protected by SMSF
• All out-roamer destined messages will be routed through SMSF
• Configurable protection for out-roamers
• Saves revenue if originator interworking charges high
• QoS irrespective of subscriber location
23
SMS Firewall – Content Filter
24
© Copyright 2012. All rights Reserved. 24
Diameter SMS Architecture
AdaptiveMobile NPP Filtering Solution
Diameter
Interface
PMCSACTSM
RM
NPP NPPNPP
NPP
NPP Cluster
Management
……
STPMSC SS7/Sigtran
Traffic Network
OLO/Foreign NetworksSS7/Sigtran
International
STP
PEP
SMSC
25
MO SMS, SMSC=PEP using Diameter
This example
utilizes the DCP
Protocol between
SMSC and NPP
Filtering Engine
Filtering
EngineSMSC
MO-FSM (Cd=SMSC, Cg=MSC)
DPC-CCA
MSC
DPC-CCR
MO-FSM-ACK (Cd=MSC, Cg=SMSC)
SM Submission
Submission ACK
Subscriber in
Home Network
Filtering
Decision
MO-FSM-NACK (Cd=MSC, Cg=SMSC)
Submission NACK
09:54am
NPP for SMS
26
Advance filtering capability
Differential Sending Rate Traffic Analysis Filter
A Differential Sending Rate Traffic Analysis filter analyses and detects changes or surges in sending
rate where the sender is a MSISDN, SMSC (for SMS-MT and SMS-SRI messages), or MSC (for SMS-
MO messages).
Destination Address Analysis Filter
Analyse the recipient list patterns of a message sender during a configurable period. If the ratio of
one-time recipients compared to the total number of recipients exceeds a configurable threshold, the
message can be optionally blocked.
Sender Address Analysis
A Sender Addresses Analysis filter analyses the sender address patterns of a message sender during
a configurable period. If the ratio of one-time sender addresses used compared to the total number of
messages sent exceeds a configurable threshold
• Usage Control:-
A Usage Control filter restricts the number of messages that a subscriber may send or receive, on a
daily, weekly, or monthly basis
User Traffic Analysis Filter
Analyse the send and receive patterns of a particular user to see if these suggest spamming
behaviour. t works by monitoring the number of messages sent or received by a single user during a
configurable period
27
Advance filtering capability
Regular expression:-
Regular expressions provide an efficient and flexible way to identify strings of text want to filter.
For example, particular characters, words, or patterns of characters. Can choose to block
messages whose text content either matches or does not match any regular expression
Content Matching :-
Platform support capability to Analyses message text and compares it to a configurable
dictionary of banned words and phrases. Tokenisation analyses words and phrases with
deceptively similar spellings.
Premium service restriction
Platform has capability to block message from alphanumeric sender irrespective of TON and
NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any
position in source CLI .
Shortened URL Analysis:
Shortened URLs in Messages are expanded before analysis.
28
Advance filtering capability
Regular expression:-
Regular expressions provide an efficient and flexible way to identify strings of text want to filter.
For example, particular characters, words, or patterns of characters. Can choose to block
messages whose text content either matches or does not match any regular expression
Content Matching :-
Platform support capability to Analyses message text and compares it to a configurable
dictionary of banned words and phrases. Tokenisation analyses words and phrases with
deceptively similar spellings.
Premium service restriction
Platform has capability to block message from alphanumeric sender irrespective of TON and
NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any
position in source CLI .
Shortened URL Analysis:
Shortened URLs in Messages are expanded before analysis.
30
Content Traffic analysis
Platform has capability to identify on the fly similar messages by analysing and detecting similar
messages in a series. Capability to detect spam variants that might advertise in the same essential
content but with variations in message spelling, vocabulary, abbreviation, character aliasing etc.
Platform provide option for configuring number of similar attachment in configurable time period
and configurable percentage match for similarity. For example 200 message/signature in one hour
with 80 % match.
31
Content Traffic analysis
Describe how “Similar” is complex, but solved by NPP –tokenisation / N-Gram text analysis
n-grams are used for efficient approximate matching. Sequences of characters are converted into a set of four-
grams. By embedding in a vector space, the sequence can be compared to other sequences in an efficient
manner
Word substitution
The effect of a substituting words to evade matching is negated by comparing the matching four-grams. A
match is detected when the number of four-grams exceed a threshold.
Example: “Please give me a call urgently when you get this message” “Please give me a shout urgently when
you get this message”. Results in 38 matching four-grams resulting in a similarity match of 88%. Setting a
threshold at 85% results in messages identified as a match
Word sequence change
The effect of word sequence change is diminished as the vector space comparison used by the similarity
algorithm examines the n-grams irrespective of location.
Example “Call me please” “Please call me”.
Tokenisation: Swapping Characters for Numbers (O to 0 etc.)
Swapping Characters for Numbers (O to 0 etc.)
Example “CALL ME”vs.“C4LL ME” & “PING ME”vs.“P1NG ME”
32
Content Traffic analysis
Spam fingerprint .
Match of the message to a known Spam fingerprint
This mechanism detects spam messages where the spammer has modified the
message to avoid Checksum or keyword / phrase based blocking
It enables detection of spam messages where modification has occurred (e.g
personalisation, word substitution, sequence changing, modifying calls to action such as
phone numbers or web links etc.)
Capability to update signature database with global security centre
Platform compare SMS with database of restricted signature
System support configurable parameter of percentage match and length of the message
for which text pattern to be checked.
System allow to configure phrases or download Phrases/signature in encrypted
file format from global security centre .
34
SMS Firewall – Routing & FDA
35
SMS delivery platform
• SMS MT delivery – Messages originated in foreign network and destined to SMSF network
• SMS direct delivery (FDA) – Messages originated in the local network
• SMS routing - Messages originated in the local network
• Error based redirection
Absent subscriber
Call barred
SS incompatibility
Subscriber busy for MTSMS
Facility not supported
SM-Delivery failure
System failure
Data missing
Message waiting list full
Unexpected data value
Absent subscriber for SRI
Busy subscriber
No subscriber reply
• Source VMSC based redirection
• Source / Destination TON & NPI based redirection
• A-party and B-party based redirection
36
SMS delivery platform - Routing
37
SMS Firewall – Deployment Details
38
Deployment architecture - DIAMETER
39
Deployment architecture - Signaling
40
SMS Firewall – Report & MIS
41
Reporting Module Overview
Live Traffic-based Operational and Business reports:
Subscriber Reports:
– The top senders of messages with spam or viruses
Filter Reports:
– Top security threats - requests blocked per filter
Traffic Reports:
– Which countries, networks, SMSCs, and MSCs messages originated from and were destined
for.
– Peak rates, busy hours
Routing and FDA reports
Flexible Reporting View:
Dashboard: several reports in one view.
Individual Reports: single reports per view.
Administration and Auditing
42
Subscriber Reports Available
Blocked per Recipient MSISDN: Top number of recipients of blocked messages.
Blocked per Sender MSISDN: Top number of senders that have sent the most blocked
messages, or initiated the most blocked voice calls or web content requests
Delivery Reports per Recipient MSISDN: Top number of recipients of delivery reports
Viruses per Sender MSISDN: Top/total number of MSISDNs sending viruses.
Spam per Sender MSISDN: Top/total number of MSISDNs sending spam.
Unique Subscribers Protected: Total number of individual subscribers that have been the
intended recipients of blocked content.
MSISDNs Exceeding Sender Thresholds: Top number of subscribers that have crossed
any traffic analysis sender thresholds.
Submitted per MSISDN: The top number of MSISDNs sending messages, requesting URLs,
or making voice calls.
43
Filter Reports Available
Blocked per Filter: The total number of blocked messages by filter category.
Blocked Messages as a Percentage of Total Spam: The number of blocked
messages per filter category as a percentage of total spam. .
Blocked Messages per Category : The total number of blocked messages per
category, sorted by category with the most blocked messages
44
Traffic Reports Available
Blocked and Sent by National Operator: Number of messages sent and blocked/modified per national
operator
Blocked and Sent by National: Number of messages sent and blocked/modified from the operator’s country.
Blocked per Country: Top number of countries sending blocked messages, sorted by country sending the
most blocked messages.
Blocked per Operator: Top number of operators sending blocked messages
Blocked per Recipient SMSC/MSC/MSISDN(HLR): Top number of intended recipients (SMSCs, MSCs, or
HLRs) of blocked messages data.
Blocked per Sender SMSC/MSC: Top number of senders (SMSCs or MSCs) of blocked msg’s
Delivery Failure Messages per Reason: Top number of SMSC or MSC message failure reasons.
Delivery Failures per MSISDN: Number of delivery failures per MSISDN for a specified range of MSISDNs.
45
Traffic Reports continued
Delivery Failures per SMSC/MSC/HLR: Top number of SMSCs, MSCs, or HLRs where messages are
being rejected
License Crossing Count: A list of each occurrence (per second) that traffic crossed the volume license for
messages, voice calls, or web content requests.
Peak Messages per Second in Busy Hour: A list of the peak message-per-second rates during the busy
hour in the day or week.
Peak Rate per Hour: A list of the peak message or request rates per hour.
Percentage of Messages Blocked and Failed: The percentage of submitted messages blocked per SMS
message type.
Sent per Country: The top number of countries sending messages, sorted by country sending the most
messages.
Sent per Operator: The top number of operators sending messages, sorted by operator sending the most
messages.
Sent per Sender MSC/SMSC : The top number of senders (SMSCs or MSCs) of allowed and blocked
messages
46
Traffic Reports continued
Spam per Recipient SMSC/MSC/HLR: The top number of intended recipients (SMSCs, MSCs, or
HLRs) of spam and suspected spam messages
Spam per Sender SMSC/MSC: The top number of senders (SMSCs or MSCs) of spam and
suspected spam messages.
Spam Sent per Country: The top number of countries sending spam and suspected spam
messages
Spam Sent per Operator: The top number of operators sending spam and suspected messages,
sorted by operator sending the most spam or suspected spam.
47
SMS Firewall – References
48
Major references (Comviva & Partner)
Protecting over 800 million subscribers worldwide
49
Partner References for SMS Content
Filtering
OpCo Network Size (Subs) Traffic Covered
Bharti Airtel 180 Million MT (International & National)
Etisalat 7 Million MO & MT (National & Intl)
ME OpCo 27 Million MO (National) MT (International)
African OpCo 9 Million MT (International & National)
MTN NIgeria 31 Million MT (International & National)
ME OpCo 5 Million MT (International & National)
ViVa Kuwait 2 Million MO & MT (National & International)
APAC OpCo 50 Million MO, AO & MT (International & National)
US OpCo 2 Million MO & MT (National & International)
US OpCo 33 Million MO /MT/AO/AT(National & International)
European OpCo 7 Million SMS Filtering
ME OpCo SMS Filtering
50
Disclaimer Copyright © 2013: Comviva Technologies Ltd, Registered Office at A-26, Info City, Sector 34, Gurgaon-122001, Haryana, India.
All rights about this document are reserved and shall not be , in whole or in part, copied, photocopied, reproduced, translated, or reduced to any
manner including but not limited to electronic, mechanical, machine readable ,photographic, optic recording or otherwise without prior consent, in
writing, of Comviva Technologies Ltd (the Company).
The information in this document is subject to changes without notice. This describes only the product defined in the introduction of this
documentation. This document is intended for the use of prospective customers of the Company Products Solutions and or Services for the sole
purpose of the transaction for which the document is submitted. No part of it may be reproduced or transmitted in any form or manner whatsoever
without the prior written permission of the company. The Customer, who/which assumes full responsibility for using the document appropriately. The
Company welcomes customer comments as part of the process of continuous development and improvement.
The Company, has made all reasonable efforts to ensure that the information contained in the document are adequate, sufficient and free of material
errors and omissions. The Company will, if necessary, explain issues, which may not be covered by the document. However, the Company does not
assume any liability of whatsoever nature , for any errors in the document except the responsibility to provide correct information when any such error
is brought to company’s knowledge. The Company will not be responsible, in any event, for errors in this document or for any damages, incidental or
consequential, including monetary losses that might arise from the use of this document or of the information contained in it.
This document and the Products, Solutions and Services it describes are intellectual property of the Company and/or of the respective owners
thereof, whether such IPR is registered, registrable, pending for registration, applied for registration or not.
The only warranties for the Company Products, Solutions and Services are set forth in the express warranty statements accompanying its products
and services. Nothing herein should be construed as constituting an additional warranty. The Company shall not be liable for technical or editorial
errors or omissions contained herein.
The Company logo is a trademark of the Company. Other products, names, logos mentioned in this document , if any , may be trademarks of their
respective owners.
Copyright © 2013 Comviva Technologies Limited. All rights reserved.
Thank you Visit us at www.mahindracomviva.com