Page 27 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 27

SCTP ensures the sequenced delivery of data with   •  Gy: this interface is used by the P-GW to commu-
               multiple unidirectional streams, without blocking   nicate with the Online Charging System (OCS). The
               the chunks of data in other direction.           P-GW informs the charging system about pre-paid
                                                                users payload in real time. Diameter protocol is used
           •  S1AP (S1 Application Part) is the signalling service   in the Gy interface.
             between E-UTRAN and the Evolved Packet Core
             (EPC) that fulfills the S1 Interface functions such as   •  Gx:  this  interface  is  used  by  the  P-GW  to  commu-
             SAE Bearer management functions, Initial context   nicate with the Policy and Charging Rules Function
             transfer function, Mobility functions for UE, Paging,   (PCRF) in order to handle Policy and Charging Rules
             Reset functionality, NAS signalling transport func-  (PCC) rules.  These  rules  contain charging  related
             tion, Error reporting, UE context release function,   information as well as Quality of Service (QoS)
             Status transfer.                                   parameters that will be used in the bearer establish-
                                                                ment. Diameter protocol is used in the Gx interface.
           MME supports S11 interface with Serving Gateway.
           The integrated S11 interface stack consists of IP, UDP,   •  SGi: this interface is defined between the P-GW and
           eGTP-C.                                              external networks, for example, Internet access, cor-
                                                                porate access, etc.
           A.3.2 SGW (Serving Gateway) protocols              •  Sxb: since 3GPP Rel.14, the Sx interface and the asso-
           The SGW consists of:
                                                                ciated PFCP protocol was added to the PGW, allow-
           •  S11 control plane stack to support S11 interface with   ing for the Control User Plane Separation between
             MME                                                PGW-C and PGW-U.

           •  S5/S8 control and data plane stacks to support S5/
             S8 interface with PGW                            A.4 SUPPORT OF VOICE SERVICES AND SMS
           •  S1 data plane stack to support S1 user plane interface
             with eNodeB                                      The EPC is a packet-only core network. It does not have
                                                              a circuit-switched domain, which is  traditionally used
           •  S4 data plane stack to support S4 user plane inter-  for phone calls and SMS.
             face between RNC of UMTS and SGW of eNodeB
                                                              A.4.1 3GPP specified solutions for voice
           •  Sxa: since 3GPP Rel.14, the Sx interface and the asso-
             ciated PFCP protocol was added to the PGW, allow-  •  IMS: A solution for IMS Voice over IP was specified in
             ing for the Control User Plane Separation between   Rel-7.
             PGW-C and PGW-U.
                                                              •  Circuit-Switched fallback (CSFB): in order to make or
           •  SGW supports S11 interface with MME and S5/S8     receive calls, the UE changes its radio access technol-
             interface with PGW. The integrated control plane   ogy from LTE to a 2G/3G technology that supports
             stack for these interfaces consists of IP, UDP, eGTP-C.  circuit-switched services. This feature requires 2G/3G
                                                                coverage. A new interface (called SGs) between the
           SGW supports the S1-U interface with eNodeB and S5/  MME and the MSC is required. This feature was devel-
           S8 data plane interface with PGW. The integrated data   oped in Rel-8.
           plane stack for these interfaces consists of IP, UDP,
           eGTP-U.                                            A.4.2 3GPP specified solutions for SMS
                                                              •  IMS: A solution for SMS over IP was specified in Rel-7.
           A.3.3 PGW (Packet Data Network Gateway) protocols
           Main interfaces supported by the P-GW are:         •  SMS over SGs: this solution requires the SGs interface
                                                                introduced during the work on CSFB. SMS are deliv-
           •  S5/S8: this interface is defined between S-GW and   ered in the Non-Access Stratum over LTE. There is
             P-GW. It is named S5 when the S-GW and the P-GW    no inter-system change for sending or receiving SMS.
             are located in the same network (non-roaming sce-  This feature was specified in Rel-8.
             nario) and S8 when the S-GW is located in the visited
             network and the P-GW in the home network (roam-  •  SMS over SGd: this solution requires the SGd Diam-
             ing scenario). eGTP-C and GTP-U protocols are used   eter interface at the MME and delivers SMS in the
             in the S5/S8 interface.                            Non-Access Stratum over LTE, without requiring the
                                                                fully signalling neither the legacy MSC doing CSFB,
           •  Gz:  this  interface  is  used  by  the  P-GW  to  commu-  nor the overhead associated with the IMS signalling
             nicate with the Offline Charging System (OFCS),    and the associated EPC bearer management.
             mainly to send the Charging Data Records (CDRs) of
             the post-paid users via FTP.
                                                              CSFB and SMS over SGs are seen as interim solutions,
                                                              the long term being IMS.




                                           Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 25
   22   23   24   25   26   27   28   29   30   31   32