Вы находитесь на странице: 1из 48

SMS Firewall

SMS Firewall
Home Network
Foreign Network (Optional) Content Provider/Apps (Optional)
SS7/IP

SS7/IP

Comviva SMS Firewall


Mobile Subscriber

IP

Rules Database

GUI

Reports

CDR

OAM

NMS

SMS Firewall Message Flow (MO)

5 3
DIAMETER

1
MSC/STP
Mobile A

Comviva SIG Filter

Partner Content Filter

6
MSC/STP

SMSC

7 6 Mobile B

6 8 HLR 5 5 5 Redirection method FDA (Optional) Routing


3

MSC
Mobile B

Value Proposition- SMS Firewall

Signaling/Content Filter controls


STP connectivity via SIGTRAN GSM and CDMA support MNP compatibility Spam/Spoof/Flood/Fake controls Routing/Load balancing towards SMSCs Multiple STP connections

Signaling/ Routing

Filter MO/MT for P2P, P2A, A2P Volume filters X SMS per day/hour/month Pattern and signature filters Keyword based filters Subscriber notifications Black/White list based on GT/PC/SC/MDN/MSISDN/IMSI/SCCP..etc Out-roamer controls Configurable black-out days Provisioning & Reporting

Filtering

Comviva value proposition


Solution
5

Benefits
Licensed to use SMSR/FDA/SMSF /USSD Filter for licensed capacity Filter USSD on-net and off-net messages Conditional blocking of USSD from other operators Rich SMS for MO/MT traffic inbuilt Revenue generating services Cater to future requirements of SMSR/FDA Offload MO FDA traffic from existing SMSR Perfect place to do FDA than redirect to SMSR On-net and Off-net filtering capabilities Signaling and Content Filtering

Dependency
NIL

Floating License

USSD Filter

Additional H/W & License

Rich SMS

Additional H/W & License

FDA

Additional H/W & License

SMS Firewall

NIL

SMS Firewall Solution Overview

SMS Firewall System Architecture


GMSC/STP HLR MSC

SRI RequestResponse

Signaling Filter

SS7/ SIGTRAN Stack

Signaling Control Card

SIGTRAN/SMPP/UCP

Content Filter (Partner Solution) Core SMS Firewall

SMSC

Policy Manager

Application Interface
OAM

Apps
SMPP/UCP/HTTP

Business Analytics
DB

SMS Firewall Mode of Operation (MT)

Explanation
Subscriber A (Foreign network) sends an SMS to subscriber B (Home
network).

Foreign network SMSC sends an SRI for SM to the destination network. This
SRI reaches the GMSC/STP of Bs HPLMN (Home Network).

Gateway MSC forwards the SRI to the SMS Firewall. SMS Firewall forwards the SRI for SM to the HLR. As the HLR responds, the response to the received SRI query is sent back to
the originating SMSC.

This foreign SMSC now sends the MT-FSM to the SMS Firewall. Comviva SMS Firewall checks the messages based on the configured rules.
Accordingly, it forwards the message to the subscriber B, either directly or through the Home SMSC.

The messages that do not adhere to the rules are rejected


10

SMS Firewall Mode of Operation (MT)

11

Explanation
Subscriber A (Foreign network) sends an SMS to subscriber B (Home
network)

Foreign network SMSC sends an SRI for SM to the destination network. This
SRI reaches the GMSC/STP of Bs HPLMN (Home Network).

Gateway MSC forwards the SRI to HLR. Seeing that the SRI request has
originated from Foreign network, HLR forwards the SRI to SMS Firewall In order to get the SRI about the destination VMSC, the SMS Firewall forwards the SRI for SM to the HLR.

As the HLR responds, the response to the received SRI query is sent back to
the originating SMSC.

This foreign SMSC now sends the MT-FSM to the SMS Firewall. Comviva SMS Firewall checks the messages based on the configured rules.
Accordingly, it forwards the message to the subscriber B, either directly or through the Home SMSC.

The messages that do not adhere to the rules are rejected


12

SMS Firewall Features

13

Comviva SMS Firewall


SMS attacks in a network SMS SPAM Network A Spoofed SMS SMS Flood Network B

Subscriber location/info query


Network A is under attack !!!

Protected by Comviva SMS Firewall


SMS SPAM Network A Spoofed SMS SMS Flood
Subscriber location/info query

Comviva SMSF

Network B

Network B is protected by Comviva Firewall

14

SMS Firewall Roamer Protection


Unprotected roaming (Subscriber B sending SMS to roaming subscriber A) Network B
SMSC B
Subscribe rB Subscriber A roaming at Network C

Network A
HLR A
Subscriber A

Network C

MSC C

Network -A not able to control SMS towards its out-roamers !!! Subscriber A can be affected by SPAM, SPOOF, leaked location info.. Comviva out-roamer protection

Comviva SMSF

Network B
SMSC B
Subscribe rB Masked Subscriber A info

Network A
HLR A
Subscriber A

Network C

MSC C

All SMS towards Network-As out-roamers controlled by Comviva SMSF

15

Firewall Architecture:- Message Flow (MT)

16

SMS Firewall Signaling Filter

17

Anti Spam(MT)

18

Spam(MT) Control
Blocking unsolicited messages towards mobile subscriber No content filtering

Rules
Maximum messages per day/hour/minute/sec from a foreign network Maximum messages per day/hour/minute/sec from a foreign SMSC Maximum messages per day/hour/minute/sec from MSISDN X

Action can be defined in SMSF to alert/block if crossing threshold


Threshold can be defined based on observed/expected traffic pattern MSISDN/MDN barring IMSI barring Global Title (GT) barring

SCCP parameters based barring


Spam control applicable for MO/AO also
19

Spoof(MO) Control
Fraudster simulates SMS from foreign network Pretending as a mobile subscriber roaming in foreign network. In spoofing an SMS MO with a manipulated A.MSISDN (real or wrong) is coming into the network from a foreign VLR (real or wrong SCCP Address). A spoofer can manipulate either IMSI, VMSC or both.

20

Flooding detection & prevention


Detects sudden increase of traffic from same originator(s) Monitor short term and long term traffic average from originator(s) Flooding = short term traffic average > long term traffic average

21

Roamer home routing


Out-roamers are protected by SMSF All out-roamer destined messages will be routed through SMSF Configurable protection for out-roamers Saves revenue if originator interworking charges high

QoS irrespective of subscriber location

22

SMS Firewall Content Filter

23

Diameter SMS Architecture


AdaptiveMobile NPP Filtering Solution
C SA M TS RM PM C

Management

NP

NP

NP

NP

NPP Cluster

Diameter Interface

International MSC STP


SS7/Sigtran

SMSC

SS7/Sigtran

STP

OLO/Foreign Networks

Traffic Network

PEP

Copyright 2012. All rights Reserved.

24
24

MO SMS, SMSC=PEP using Diameter


Subscriber in Home Network
09:54am

NPP for SMS MSC SMSC Filtering Engine

SM Submission
MO-FSM (Cd=SMSC, Cg=MSC)

This example utilizes the DCP Protocol between SMSC and NPP Filtering Engine

Filtering Decision DPC-CCR

DPC-CCA

MO-FSM-ACK (Cd=MSC, Cg=SMSC)

Submission ACK
MO-FSM-NACK (Cd=MSC, Cg=SMSC)

Submission NACK

25

Advance filtering capability


Differential Sending Rate Traffic Analysis Filter
A Differential Sending Rate Traffic Analysis filter analyses and detects changes or surges in sending rate where the sender is a MSISDN, SMSC (for SMS-MT and SMS-SRI messages), or MSC (for SMSMO messages).

Destination Address Analysis Filter


Analyse the recipient list patterns of a message sender during a configurable period. If the ratio of one-time recipients compared to the total number of recipients exceeds a configurable threshold, the message can be optionally blocked.

Sender Address Analysis


A Sender Addresses Analysis filter analyses the sender address patterns of a message sender during a configurable period. If the ratio of one-time sender addresses used compared to the total number of messages sent exceeds a configurable threshold

Usage Control: A Usage Control filter restricts the number of messages that a subscriber may send or receive, on a daily, weekly, or monthly basis

User Traffic Analysis Filter


Analyse the send and receive patterns of a particular user to see if these suggest spamming behaviour. t works by monitoring the number of messages sent or received by a single user during a configurable period

26

Advance filtering capability


Regular expression: Regular expressions provide an efficient and flexible way to identify strings of text want to filter. For example, particular characters, words, or patterns of characters. Can choose to block messages whose text content either matches or does not match any regular expression

Content Matching : Platform support capability to Analyses message text and compares it to a configurable dictionary of banned words and phrases. Tokenisation analyses words and phrases with deceptively similar spellings.

Premium service restriction


Platform has capability to block message from alphanumeric sender irrespective of TON and NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any position in source CLI .

Shortened URL Analysis:


Shortened URLs in Messages are expanded before analysis.

27

Advance filtering capability


Regular expression: Regular expressions provide an efficient and flexible way to identify strings of text want to filter. For example, particular characters, words, or patterns of characters. Can choose to block messages whose text content either matches or does not match any regular expression

Content Matching : Platform support capability to Analyses message text and compares it to a configurable dictionary of banned words and phrases. Tokenisation analyses words and phrases with deceptively similar spellings.

Premium service restriction


Platform has capability to block message from alphanumeric sender irrespective of TON and NPI value. Alphanumeric CLI .Identified based on any alphabetic /special character at any position in source CLI .

Shortened URL Analysis:


Shortened URLs in Messages are expanded before analysis.

28

Content Traffic analysis


Platform has capability to identify on the fly similar messages by analysing and detecting similar
messages in a series. Capability to detect spam variants that might advertise in the same essential content but with variations in message spelling, vocabulary, abbreviation, character aliasing etc. Platform provide option for configuring number of similar attachment in configurable time period and configurable percentage match for similarity. For example 200 message/signature in one hour with 80 % match.

30

Content Traffic analysis


Describe how Similar is complex, but solved by NPP tokenisation / N-Gram text analysis
n-grams are used for efficient approximate matching. Sequences of characters are converted into a set of fourgrams. By embedding in a vector space, the sequence can be compared to other sequences in an efficient manner

Word substitution
The effect of a substituting words to evade matching is negated by comparing the matching four-grams. A match is detected when the number of four-grams exceed a threshold. Example: Please give me a call urgently when you get this message Please give me a shout urgently when you get this message. Results in 38 matching four-grams resulting in a similarity match of 88%. Setting a threshold at 85% results in messages identified as a match

Word sequence change


The effect of word sequence change is diminished as the vector space comparison used by the similarity algorithm examines the n-grams irrespective of location. Example Call me please Please call me.

Tokenisation: Swapping Characters for Numbers (O to 0 etc.)


Swapping Characters for Numbers (O to 0 etc.) Example CALL MEvs.C4LL ME & PING MEvs.P1NG ME

31

Content Traffic analysis


Spam fingerprint .
Match of the message to a known Spam fingerprint This mechanism detects spam messages where the spammer has modified the message to avoid Checksum or keyword / phrase based blocking It enables detection of spam messages where modification has occurred (e.g personalisation, word substitution, sequence changing, modifying calls to action such as phone numbers or web links etc.) Capability to update signature database with global security centre Platform compare SMS with database of restricted signature System support configurable parameter of percentage match and length of the message for which text pattern to be checked. System allow to configure phrases or download Phrases/signature in encrypted

file format from global security centre .

32

SMS Firewall Routing & FDA

34

SMS delivery platform


SMS MT delivery Messages originated in foreign network and destined to SMSF network SMS direct delivery (FDA) Messages originated in the local network SMS routing - Messages originated in the local network Error based redirection Absent subscriber Call barred SS incompatibility Subscriber busy for MTSMS Facility not supported SM-Delivery failure System failure Data missing Message waiting list full Unexpected data value Absent subscriber for SRI Busy subscriber No subscriber reply Source VMSC based redirection

Source / Destination TON & NPI based redirection


A-party and B-party based redirection
35

SMS delivery platform - Routing

36

SMS Firewall Deployment Details

37

Deployment architecture - DIAMETER

38

Deployment architecture - Signaling

39

SMS Firewall Report & MIS

40

Reporting Module Overview


Live Traffic-based Operational and Business reports:
Subscriber Reports:
The top senders of messages with spam or viruses

Filter Reports:
Top security threats - requests blocked per filter

Traffic Reports:
Which countries, networks, SMSCs, and MSCs messages originated from and were destined

for.
Peak rates, busy hours

Routing and FDA reports

Flexible Reporting View:


Dashboard: several reports in one view. Individual Reports: single reports per view.

Administration and Auditing

41

Subscriber Reports Available


Blocked per Recipient MSISDN: Top number of recipients of blocked messages. Blocked per Sender MSISDN: Top number of senders that have sent the most blocked
messages, or initiated the most blocked voice calls or web content requests

Delivery Reports per Recipient MSISDN: Top number of recipients of delivery reports Viruses per Sender MSISDN: Top/total number of MSISDNs sending viruses. Spam per Sender MSISDN: Top/total number of MSISDNs sending spam.

Unique Subscribers Protected: Total number of individual subscribers that have been the
intended recipients of blocked content.

MSISDNs Exceeding Sender Thresholds: Top number of subscribers that have crossed
any traffic analysis sender thresholds.

Submitted per MSISDN: The top number of MSISDNs sending messages, requesting URLs,
or making voice calls.
42

Filter Reports Available


Blocked per Filter: The total number of blocked messages by filter category.

Blocked Messages as a Percentage of Total Spam: The number of blocked


messages per filter category as a percentage of total spam. .

Blocked Messages per Category : The total number of blocked messages per
category, sorted by category with the most blocked messages

43

Traffic Reports Available


Blocked and Sent by National Operator: Number of messages sent and blocked/modified per national
operator

Blocked and Sent by National: Number of messages sent and blocked/modified from the operators country. Blocked per Country: Top number of countries sending blocked messages, sorted by country sending the
most blocked messages.

Blocked per Operator: Top number of operators sending blocked messages Blocked per Recipient SMSC/MSC/MSISDN(HLR): Top number of intended recipients (SMSCs, MSCs, or
HLRs) of blocked messages data.

Blocked per Sender SMSC/MSC: Top number of senders (SMSCs or MSCs) of blocked msgs Delivery Failure Messages per Reason: Top number of SMSC or MSC message failure reasons. Delivery Failures per MSISDN: Number of delivery failures per MSISDN for a specified range of MSISDNs.

44

Traffic Reports continued


Delivery Failures per SMSC/MSC/HLR: Top number of SMSCs, MSCs, or HLRs where messages are
being rejected

License Crossing Count: A list of each occurrence (per second) that traffic crossed the volume license for
messages, voice calls, or web content requests.

Peak Messages per Second in Busy Hour: A list of the peak message-per-second rates during the busy
hour in the day or week.

Peak Rate per Hour: A list of the peak message or request rates per hour.

Percentage of Messages Blocked and Failed: The percentage of submitted messages blocked per SMS
message type.

Sent per Country: The top number of countries sending messages, sorted by country sending the most
messages.

Sent per Operator: The top number of operators sending messages, sorted by operator sending the most
messages.

Sent per Sender MSC/SMSC : The top number of senders (SMSCs or MSCs) of allowed and blocked
messages
45

Traffic Reports continued


Spam per Recipient SMSC/MSC/HLR: The top number of intended recipients (SMSCs, MSCs, or
HLRs) of spam and suspected spam messages

Spam per Sender SMSC/MSC: The top number of senders (SMSCs or MSCs) of spam and
suspected spam messages.

Spam Sent per Country: The top number of countries sending spam and suspected spam
messages

Spam Sent per Operator: The top number of operators sending spam and suspected messages,
sorted by operator sending the most spam or suspected spam.

46

SMS Firewall References

47

Major references (Comviva & Partner)

Protecting over 800 million subscribers worldwide

48

Partner References for SMS Content Filtering


OpCo
Bharti Airtel Etisalat ME OpCo

Network Size (Subs)


180 Million 7 Million 27 Million

Traffic Covered
MT (International & National) MO & MT (National & Intl) MO (National) MT (International)

African OpCo
MTN NIgeria ME OpCo ViVa Kuwait APAC OpCo US OpCo US OpCo European OpCo ME OpCo

9 Million
31 Million 5 Million 2 Million 50 Million 2 Million 33 Million 7 Million

MT (International & National)


MT (International & National) MT (International & National) MO & MT (National & International) MO, AO & MT (International & National) MO & MT (National & International) MO /MT/AO/AT(National & International) SMS Filtering SMS Filtering

49

Thank you
Visit us at www.mahindracomviva.com

Disclaimer
Copyright 2013: Comviva Technologies Ltd, Registered Office at A-26, Info City, Sector 34, Gurgaon-122001, Haryana, India. All rights about this document are reserved and shall not be , in whole or in part, copied, photocopied, reproduced, translated, or reduced to any manner including but not limited to electronic, mechanical, machine readable ,photographic, optic recording or otherwise without prior consent, in writing, of Comviva Technologies Ltd (the Company). The information in this document is subject to changes without notice. This describes only the product defined in the introduction of this documentation. This document is intended for the use of prospective customers of the Company Products Solutions and or Services for the sole purpose of the transaction for which the document is submitted. No part of it may be reproduced or transmitted in any form or manner whatsoever without the prior written permission of the company. The Customer, who/which assumes full responsibility for using the document appropriately. The Company welcomes customer comments as part of the process of continuous development and improvement. The Company, has made all reasonable efforts to ensure that the information contained in the document are adequate, sufficient and free of material errors and omissions. The Company will, if necessary, explain issues, which may not be covered by the document. However, the Company does not assume any liability of whatsoever nature , for any errors in the document except the responsibility to provide correct information when any such error is brought to companys knowledge. The Company will not be responsible, in any event, for errors in this document or for any damages, incidental or consequential, including monetary losses that might arise from the use of this document or of the information contained in it. This document and the Products, Solutions and Services it describes are intellectual property of the Company and/or of the respective owners thereof, whether such IPR is registered, registrable, pending for registration, applied for registration or not. The only warranties for the Company Products, Solutions and Services are set forth in the express warranty statements accompanying its products and services. Nothing herein should be construed as constituting an additional warranty. The Company shall not be liable for technical or editorial errors or omissions contained herein. The Company logo is a trademark of the Company. Other products, names, logos mentioned in this document , if any , may be trademarks of their respective owners.

Copyright 2013 Comviva Technologies Limited. All rights reserved.

50