Powerful system for detecting and analyzing intruders in signaling networks, protect the Achilles heel of your signaling network!

Although the technical basis of the SS7 protocol dates back to the 1970s, the increasing complexity of networks and the transition to new signaling technologies such as diameter still require strict guidelines and new tools to prevent fraud, hijacking or denial of service and espionage. Monitoring is an essential part of your state-of-the-art signaling network management, providing powerful live analysis and threat management of interconnect traffic across signaling points, diameter agents, carriers and signaling technologies. The inherent vulnerabilities of the systems, both SS/ and Diameter, have recently been made public, opening the door for systematic violations on a global scale. Basic filtering or firewalling of SS7 and Diameter connection messages to counter intruders is not sufficient to protect operators from the financial implications, nor can the integrity of the network be guaranteed in terms of data security or GDPR compliance.

Subsciber privacy violations and data theft
Subscribers can be located down to street level and the location can be tracked continuously. IMEI and IMSI can be read, including call status and hardware information.

Illegal interception of calls and messages
Messages can be read and calls forwarded to unauthorized third parties using a number of alternative methods, including the manipulation of subscriber data and the exfiltration of crypto keys.

Billing fraud
The financial impact on invoice fraud is very important. Potential manipulations of subscriber data include the unauthorized conversion of prepaid to postpaid cards and USSD-based attacks on bank transfers.

Denial of service (DoS)
Targeted attacks via ISD/DSD or a general congestion of signal links have recently gained popularity and have affected critical data links (critical infrastructure) as well as voice services.

The Solution
As a renowned industry leader in strong encryption and network security, PKI has developed a system to provide comprehensive detection of signal network anomalies and continuous monitoring and alerting. The architecture of the system offers seamless integration into existing structures and meets the requirements for redundancy within load-balanced setups.

The system design
The security system of the surveillance network, based on a modular and scalable approch, consists of the surveillance manager, which forms the central back end, and a number of surveillance detector nodes correspondending to the number of STP or DEA nodes to be secured, which are connected to each other.

Software
The Erlang/OTP-based software and runtime environment enable a highly parallel, fault-tolerant real-time non-stop system with maximum availability and scalability for reliable attack detection and parameterization.

Analysis and Visualization
An important step on the way to a modern analysis is the correct graphical representation of the raw data. Only then can data become information and complex systems can be handled without time-consuming training. The backend system offers a state-of-the-art HTML5-based user interface that allows intuitive and centralized system management. Visualizations enable different levels of operation, e.g. filter configuration, filter grouping, graphics, logs, reports, alerting and system administration.

Lab version
Laboratory versions are available for test and maintenance purposes.

All-round protection for mobile networks
With this novel system, PKI enables network operators and authorities to non-stop prevent the illegal use of IMSI catchers, network disruption activities and GNSS interference and spoofing attacks. The network security system developed by PKI over many years is the first system capable of detecting, locating, reporting and neutralizing active attacks on communication over the air interface. By using a baseband firewall technology, powerful stationary sensors can be combined with mobile sensors. Comprehensive and powerful base station detection of intruders, including fake mobile masts and individual attacks over the air interface are thwarted. The system integrates and synthesizes data from both types of sensors into a local situation report for cellular communication. For the first time, it allows network operators, government agencies and information-critical industries to detect and combat rogue base stations used by infiltrators for eavesdropping and fraudulent activities in real time.

IMSI interceptors are used extensively by governmental and non-governmental organizations, as the limits of size, cost and deployment are constantly decreasing. The air interface(s) of today’s smartphones, tablet computers and M2M devices can be used for serious attacks. Baseband processors are very vulnerable and often not under the control of the manufacturers. Depending on the device architecture, the baseband controller can act as a memory master and springboard attacks on the application processor are possible and actively used. In addition, baseband processors often directly control the audio path (room error) or would allow DoS attacks (phone unreachable).

Cellular Jamming
Mobile frequency interference (DoS) is used either to disable mobile connectivity or to selectively enforce airband communications down to the secure 2G network in the slipstream.

GNSS Interference and Spoofing
Jamming and spoofing is used to manipulate or disable global satellite-based navigation systems. It is also used to interfere with location-based services (aviation, tracking, precision timing).

Hostile network scenarios have rarely been considered in risk modelling, although they are an essential backbone for mission-critical ad-hoc communication, messaging and a growing number of M2M applications in critical infrastructures. PKI has developed a system that enables the generation of a continuously updated situation report through distributed detection and localization of rouge base stations, mobile phone jamming activities and GPS jamming and spoofing attacks. Based on a modular and scalable approach, the mobile network security system consists of the base station, which forms the central backend and provides data processing, data visualization, data storage and the map server for georeferencing as well as sensors for encrypted data collection.

Monitoring sensors
Two types of sensors are available for modular state and nationwide deployment:

The latest generation of sensors (2G, 3G, 4G) is based on special high performance wireless hardware, waterproof (IP67) and a robust housing for outdoor and indoor installations and continuous monitoring tasks. Its design perfectly meets the requirements for fixed installations (on the roof, in the attic) even under harsh environmental conditions.

Mobile sensor arrays for mobile on-demand monitoring of temporary indoor or outdoor hotspots. The mobile sensor arrays allow the monitoring of 3 carriers in parallel and send measurements via 3G, LTE or LAN to the backend. All PKI sensors work together with the Remote SIM Appliance, which allows up to 1152 SIM cards per system to be dynamically assigned to individual measurement tasks remotely. Both types of sensors are protected against over-the-air attacks with the advanced technology of PKI. Real-time reports are protected by strong encryption on the way from the sensors to the central analysis unit.

Analysis and visualization
Since the sensors continuously provide raw data from the network down to a very low layer (up to 150 criteria), the system heuristic allows a comprehensive view of the consistency of the air interface over time and with full georeferencing. The browser-based visualization interface translates the results into different levels of detail: general network status and alerts, suspicious trends/events/correlations, up to real-time cell data and historical data for further deviation analysis and threat level alerts (email, SNMP or custom interfaces).