Signalling protocols play a cornerstone role in providing different ICT services from the simple audio/video sessions to the complex digital financial services widely used over the globe. These protocols and telecommunication networks were designed without consideration for security and privacy. It enables attacks on ICT infrastructure including exploiting signalling protocols used for different ICT services.
While many different domains are using the Internet to build trustable connection among their customers, (for instance, most of the financial institutions are widely using the Internet to give their customers more effective tools to control and manage their finances), the lack of security and privacy in existing ICT infrastructure does not enable such trustable connections. Furthermore, in developing countries, where access to financial services is limited only to legacy ICT infrastructure via over-the-top (OTT) applications, there is an ever growing increase of illegal usage of customers’ applications, thus resulting in the unlawful take-over of their assets.
Additionally, many people all over the globe experience the irritating phone calls or calls from parties pretending to be legitimate business ventures (e.g., representatives of banks, health insurance companies, etc.). Technically, these calling parties use the so-called spoofing number – which in essence is the manner in which the calling party number can be replaced with the number of an official enterprise or anyone of trust. As a result, the spoofing numbers as well as robocalls, along with other similar attacks make lives of the customers uncomfortable and unsecure to say the least.
In summary, the signalling exchange level of security and privacy must match the level provided by the Internet to mitigate attacks on ICT infrastructure, which breaks signalling protocols used for establishing different ICT services. Amongst the well-known attacks are telephone spam, spoofing numbers, location tracking, subscriber fraud, intercept calls and messages, DoS, infiltration attacks, routing attacks, etc. These attacks have become a major priority for different stakeholders, in particular the financial institutions and telecom operators.