SMS Filtering

openSMSF – SMS filtering platform
What is openSMSF?

openSMSF is a high performance system for mobile operators used for network security enforcement. Using a plethora of SMS filtering features, it accomplishes ultimate flexibility and system security. The most powerful feature at the very core of the system is a unique scripting language used for system configuration and customization. By using this unique approach, any threat or ghost traffic can be detected and instantly neutralized.

The current trend in majority of other filtering solutions is to have a limited set of unchangeable filtering rules already included. openSMSF does not follow this trend, it accomplishes ultimate flexibility and powerful network protection by introducing a completely different paradigm. This paradigm shift enables our users to design their own rules and filters based on the current needs and requirements

openSMSF system covers SS7 and SMPP protocols, both Legacy and Sigtran enabled networks. SMS MO, SMS MT, SMPP MO, SMPP MT and HLR requests are all being filtered, rendering any potential ghost traffic completely harmless.

There are two openSMSF modes of operation:
  • Monitoring mode – openSMSF acts as a passive data collection probe, collecting network traffic information and preparing the mobile network overview
  • Gatekeeper mode – openSMSF actively protects your network in real time, rendering all unsolicited SMS messages or any other threats harmless
Mobile operators concern

For many years now, mobile operators have been making a fortune on voice and SMS traffic. Most of them have also expanded their reach to new rapidly growing markets. This rapid growth has also brought the need for various software and hardware vendors to take the wheel and manage the business. With many different vendors selling their black box solutions, compatibly and flexibility are probably two major issues that mobile operators are confronted with.

With all these issues combined together with GSMA rules and regulations, mobile operators are left with their core networks unprotected against malicious usage by various growing number of exploiters. By utilizing gray routes to terminate both voice and SMS traffic, operators are allowing free of charge data flow in their networks. The amount and frequency of unauthorized voice calls and messages is growing rapidly. 3rd party companies generate profit for themselves by infiltrating mobile networks and sending “ghost” traffic to end users without compliance or knowledge of the actual mobile operators. The majority of mobile operators are unequipped to tackle this issue.

Millions if not billions of “ghost” messages are being delivered to end users on monthly basis. Mobile operators are taking a huge hit revenue-wise, potentially losing millions of Euros each year. These calculations are based only on commercial messages(A2P), not regular (P2P) traffic.

Ghost traffic – how it works?

How to block it?

Messaging market overview

Revenue leakage in mobile operators



SMS key trends
  • SMS will remain a significant source of revenues and traffic for mobile operators on a global basis until at least 2015, and very likely beyond
  • The four crucial factors for the success of SMS as a communication channel will continue to promote adoption and
    use: universal access and interoperability, ease of use, reliability and low cost
  • SMS is rapidly becoming the go-to tool for reliable, cheap and ubiquitous communication between corporate and government sectors, mobile subscribers as their customers, clients and employees
  • Enterprise growth markets for SMS include among others: banks and financial institutions, social networking, marketing and advertising, retail, health, education and transport
  • In emerging markets, mobile phone is the only communication tool which most people have access to. This mobile device is typically low-end, rendering SMS as a default channel for mobile data communication and delivery of information and services
  • SMS will also continue to flourish as a carrier for other messaging services for mobile devices not only in emerging markets but also in developed markets. These services include: e-mail, instant messaging and social networking
openSMSF modes

As mentioned earlier, there are two MINK modes of operation:

MONITORING MODE

This mode acts as a passive data collection probe, receiving all the data via port mirror connection. Depending on mobile operator’s needs and requirements, the following can be included in the targeted data: MO SMS, MT SMS, HLR, MO SMPP or MT SMPP. In this phase, the system passively collects targeted data in order to create a basic network overview and analyze the amount of ghost traffic encountered on the network. Soon after the conclusion of phase one, data analysis report is constructed and presented to the mobile operator. Every weak spot, intrusion attempt or networking issue will be detected in this phase, making it possible to prepare countermeasures and filtering rules for the next logical step, the gatekeeper mode.

GATEKEEPER MODE

In this mode, openSMSF acts as an active real time mobile network protection system. Data continues to flow as usual but with one exception. Every single SMS or HLR message is analyzed by openSMSF filtering platform. In order to prevent unauthorized traffic, the system has to authenticate all incoming traffic and block out potential threats and ghost traffic. At the same time, the system provides full control and detailed overview of what is happening on the network.

openSMSF and SS7

In terms of SS7 protection, openSMSF supports the following implemented types:

  • HOME PLMN Router node – In this mode, the system acts as SMS Router/Firewall/Filter.
  • STP MODE – In this mode, openSMSF can be perceived as a network element accepting and routing MTP3 connections. Apart from this, the system also inspects all required parameters from MTP3 to SMS TPDU layer, making it possible to define message validation rules using the scripting language
  • SS7 PROXY MODE – In this mode openSMSF acts as a proxy server for all incoming/outgoing SS7 connections. Both SIGTRAN and Legacy networks are supported. In terms of IP Network firewalls, this feature could be called “bump in the wire”, though in the case of SIGTRAN, it is not done on layer 2
openSMSF and SMPP

In terms of SMPP protection, openSMSF supports the following implementation plans:

  • SMPP PROXY MODE – openSMSF acts as SMPP proxy between clients and SMSC. This is usually the fastest and easiest method of implementation. In proxy mode, every client connection is transferred to the operator network through MINK, keeping the standard AAA procedures available to the operator
  • SMPP SERVER MODE – In SMPP server mode, every client connection and AAA data is managed by openSMSF. This differs greatly from the previous mode; clients establish their connections directly with openSMSF, while openSMSF takes care of all other SMSC and SS7 network connections on operator’s side. The main difference between the two modes is a principle in which openSMSF is connected to end customers and mobile network
openSMSF’s main weapon

As mentioned earlier, the main difference between openSMSF and other similar products on the market is the principle which it was built on. To achieve the ultimate flexibility and customization freedom, the decision has been made to create a simple but powerful scripting language as a basic building block of openSMSF system. With our competitors constantly including new features in their products, we have decided to take on a different
approach. Our system has no features at all, you may call it a featureless system. How is that any good you may ask yourself? The idea of ultimate flexibility was introduced with the inclusion of our scripting language at the very core of openSMSF system. With the absence of any hard-coded rules comes great freedom and opportunity for the users to invent their own features and rules, making it possible to redesign the system at will to compensate for any unexpected threats or intrusions. openSMSF is all about flexibility! All SS7 rules like M3UA point codes, SCCP fields,
GSM, MAP and SMS TPDU fields are available for use in any desired combination to meet operator’s needs and expectations.

Another very powerful tool in openSMSF’s arsenal is a powerful pattern detection engine. Every incoming message gets evaluated against a list of 100.000.000 previously received messages.

One other powerful openSMSF’s weapon is its high performance:
Filtering rules: more then 2.000.000 messages per second
Pattern Detection Engine: more then 20.000 messages per second

openSMSF’s filtering flexibility
Combinable SS7 filtering rules

MINK can filter messages based on any combination of the following filter rules

  • OPC
  • DPC
  • GT Called(with any combination of NAI, TT, NP, GTI)
  • GT Calling (with any combination of NAI, TT, NP, GTI)
  • SCOA
  • SCDA
  • IMSI
  • MSISDN
  • SMS TPDU PARAMETERS (Originating, Destination, Encoding Type)
  • HLR (IMSI, MSISDN, NNN, ANNN, SCA)
  • TYPE OF NUMBER
  • Message type (Single, Concatenated)
  • USER DEFNIED LISTS
  • SMS text itself/li>
  • Number of messages (per second, minute, hour, day, month etc.)
Combinable SMPP filtering rules

openSMSF can filter messages based on any combination of the following parameters:

  • operation
  • type of number
  • numbering plan indicator
  • originator address
  • recipient address
  • messaging mode
  • message type
  • protocol-id
  • priority
  • scheduled delivery time
  • validity period
  • SMPP data coding scheme
  • GSM features
  • SMS data coding scheme (DCS Group, Text Compression, Class, Character set)
  • message length
  • SMS text itself
Some other advantages of openSMSF
  • SMS routing – openSMSF will allow the operator to decide how to route SMS messages based on any available parameters.
  • Quality of Service – Configure SMS routing Quality of Service based on any parameter
  • HLR firewall and routing – openSMSF allows different entities in the operator’s network to do HLR lookups, while protecting the HLR database at the same time.
  • Network performance improvement – openSMSF filtering solutions prevent network overloads caused by large amount of ghost traffic. With it, it also reduces upgrade costs of network elements
  • System redundancy – openSMSF filtering system has no single point of failure. The system is fully redundant with N+1 redundancy.
Conclusion

Mobile operators face day to day confrontation with ever growing amount of ghost traffic. Well known solutions are becoming obsolete and limited as new threats begin to unfold on daily basis, making it difficult to maintain complete control of the network.

openSMSF takes on a new approach to network security and offers unique and powerful filtering solution to help the operators fight everyday frauds, prevent revenue loss, network issues and increase customer satisfaction.

With openSMSF solution, the only limit is your imagination.