Page 27 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 27
SCTP ensures the sequenced delivery of data with • Gy: this interface is used by the P-GW to commu-
multiple unidirectional streams, without blocking nicate with the Online Charging System (OCS). The
the chunks of data in other direction. P-GW informs the charging system about pre-paid
users payload in real time. Diameter protocol is used
• S1AP (S1 Application Part) is the signalling service in the Gy interface.
between E-UTRAN and the Evolved Packet Core
(EPC) that fulfills the S1 Interface functions such as • Gx: this interface is used by the P-GW to commu-
SAE Bearer management functions, Initial context nicate with the Policy and Charging Rules Function
transfer function, Mobility functions for UE, Paging, (PCRF) in order to handle Policy and Charging Rules
Reset functionality, NAS signalling transport func- (PCC) rules. These rules contain charging related
tion, Error reporting, UE context release function, information as well as Quality of Service (QoS)
Status transfer. parameters that will be used in the bearer establish-
ment. Diameter protocol is used in the Gx interface.
MME supports S11 interface with Serving Gateway.
The integrated S11 interface stack consists of IP, UDP, • SGi: this interface is defined between the P-GW and
eGTP-C. external networks, for example, Internet access, cor-
porate access, etc.
A.3.2 SGW (Serving Gateway) protocols • Sxb: since 3GPP Rel.14, the Sx interface and the asso-
The SGW consists of:
ciated PFCP protocol was added to the PGW, allow-
• S11 control plane stack to support S11 interface with ing for the Control User Plane Separation between
MME PGW-C and PGW-U.
• S5/S8 control and data plane stacks to support S5/
S8 interface with PGW A.4 SUPPORT OF VOICE SERVICES AND SMS
• S1 data plane stack to support S1 user plane interface
with eNodeB The EPC is a packet-only core network. It does not have
a circuit-switched domain, which is traditionally used
• S4 data plane stack to support S4 user plane inter- for phone calls and SMS.
face between RNC of UMTS and SGW of eNodeB
A.4.1 3GPP specified solutions for voice
• Sxa: since 3GPP Rel.14, the Sx interface and the asso-
ciated PFCP protocol was added to the PGW, allow- • IMS: A solution for IMS Voice over IP was specified in
ing for the Control User Plane Separation between Rel-7.
PGW-C and PGW-U.
• Circuit-Switched fallback (CSFB): in order to make or
• SGW supports S11 interface with MME and S5/S8 receive calls, the UE changes its radio access technol-
interface with PGW. The integrated control plane ogy from LTE to a 2G/3G technology that supports
stack for these interfaces consists of IP, UDP, eGTP-C. circuit-switched services. This feature requires 2G/3G
coverage. A new interface (called SGs) between the
SGW supports the S1-U interface with eNodeB and S5/ MME and the MSC is required. This feature was devel-
S8 data plane interface with PGW. The integrated data oped in Rel-8.
plane stack for these interfaces consists of IP, UDP,
eGTP-U. A.4.2 3GPP specified solutions for SMS
• IMS: A solution for SMS over IP was specified in Rel-7.
A.3.3 PGW (Packet Data Network Gateway) protocols
Main interfaces supported by the P-GW are: • SMS over SGs: this solution requires the SGs interface
introduced during the work on CSFB. SMS are deliv-
• S5/S8: this interface is defined between S-GW and ered in the Non-Access Stratum over LTE. There is
P-GW. It is named S5 when the S-GW and the P-GW no inter-system change for sending or receiving SMS.
are located in the same network (non-roaming sce- This feature was specified in Rel-8.
nario) and S8 when the S-GW is located in the visited
network and the P-GW in the home network (roam- • SMS over SGd: this solution requires the SGd Diam-
ing scenario). eGTP-C and GTP-U protocols are used eter interface at the MME and delivers SMS in the
in the S5/S8 interface. Non-Access Stratum over LTE, without requiring the
fully signalling neither the legacy MSC doing CSFB,
• Gz: this interface is used by the P-GW to commu- nor the overhead associated with the IMS signalling
nicate with the Offline Charging System (OFCS), and the associated EPC bearer management.
mainly to send the Charging Data Records (CDRs) of
the post-paid users via FTP.
CSFB and SMS over SGs are seen as interim solutions,
the long term being IMS.
Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 25
