 |
|
|
Authentication has been described as a “nuclear weapon” against cloners, by Roseanna DeMaria of AT&T Wireless. While authentication does not leave any radioactive fallout behind after eliminating a cloner, it does have a couple of things in common – it is highly effective, but comes with a substantial price tag. In fact, any wireless technology that requires an update to every switch and every base station, as authentication appears to do, must be fairly expensive ... but does authentication really require this?
It is actually one of the many myths of authentication that every HLR (Home Location Register), every MSC (Mobile Switching Center) and every base station needs to be updated to support authentication. This appears to put an unfair burden on carriers who have little fraud physically occurring in their markets, but are victimized when their MIN/ESN combinations are stolen and used in high fraud markets like New York, Los Angeles or Miami. There is no question that carriers in these markets need authentication everywhere, because they are victims of fraud occurring with their MIN/ESN combinations both in their own markets and in other markets.
Carriers in low fraud markets can take advantage of the asymmetry in fraud that occurs because their MIN/ESN combinations are stolen and used elsewhere much more often than people try to perpetrate fraud within their markets. With an understanding of how the IS-41 network supports authentication, it is easy to see how their investment in authentication can be minimized, yet still be effective. Total support for authentication can come later.
A confusing aspect of the IS-41 protocol is that a cellular system can take on one role in one call and the opposite role in a subsequent call. For example, if a Peoria customer makes a call in New York City, the Peoria system acts as an HLR (and, if authentication is active, as an Authentication Center (AC)) while the New York City system acts as an MSC to process the call. On the other hand, if a New York City customer makes a call in Peoria, the Peoria system acts as an MSC and the New York City system as an HLR/AC. Note that the probability of cloning fraud is much greater in the first example than in the second. Consequently, it is much more important for Peoria to be able to act as an authenticating HLR/AC than as an authenticating MSC.
Remarkably, it is possible for low fraud markets to upgrade their HLR to support authentication (either through an integrated AC functionality, or through support of an interface to an external AC) without upgrading any MSCs or base stations. While I would not recommend this as a long term solution, it is perfectly feasible in the short to mid term. At the very least, it allows these carriers to spread out their capital expenditures on authentication over a longer period of time, while obtaining most of the benefits in the short term.
Carriers that choose to pursue this strategy will obviously also have to upgrade their customer service systems, both manual and automated, to ensure that “A-Keys” are entered into all authentication-capable phones. This can be done through keypad entry, through automatic programming or through access to a manufacturer ESN/A-Key database. As long as the phone is used in the home market, it will not attempt to authenticate, because the base stations will not be broadcasting the flag that indicates that authentication is active. In fact, nothing much will happen until the phone is taken to another market ... or until its MIN/ESN combination is stolen and presented as valid in another market.
If the legitimate phone is taken from Peoria to New York City it will see that authentication is active and will transmit authentication information to the NYC base station. Although the phone has an A-key, it does not have a valid secondary key (known as SSD), so correct authentication responses will not be received. The HLR/AC will have to initiate an automatic “SSD Update” which causes the phone to calculate the SSD in a secure fashion (i.e. neither the A-Key nor the SSD is ever transmitted over the radio interface). After the phone verifies that the base station is legitimate (to prevent “spoofing”), the base station will verify that the phone has calculated the same SSD as the network (again without transmitting the SSD). The SSD can only be calculated by the phone because it has the same A-Key as the AC. At this point, the phone is available for roaming service without fear of cloning. Additional fraud prevention mechanisms should only be required for calls from this mobile to detect subscription fraud or other anomalies.
Two different processes may occur if the legitimate subscriber stays at home, and only their MIN/ESN combination of electronic identifiers are stolen and used in the Big Apple. If the legitimate phone has never before entered a fully authenticating market, an SSD Update will be attempted, but will fail, because the wannabe cloner does not have the A-key that is required for the SSD Update. Alternatively, if the legitimate subscriber has already been assigned a valid SSD from a previous trip, the cloner will not be able to respond to challenges from the New York system because it does not have the valid SSD. Two different processes, but one common result – denial of service to a cloner.
This strategy still requires HLR/AC upgrades for systems that do not experience fraud within their markets. It is possible to go even further and obtain the benefits of authentication for subscribers without any modifications to a home system at all. With the support of the SS7 network provider (e.g. GTE, Illuminet or NACN) it is possible for IS-41 authentication messages to be intercepted and handled by a shared authentication center. Thus, authentication could be provided on a “pay as you go” basis, without any direct capital investment. This possibility has been discussed within the industry, but I am not aware of it being offered at this time. On the other hand, it never hurts to ask!
Carriers in areas without extensive home fraud may feel unfairly victimized by people who steal their numbers to perpetrate fraud in other markets. Since these carriers validate these MIN/ESN combinations, they get stuck with much of the cost of this type of fraud. Luckily, they can take advantage of their position, through a staged strategy for the implementation of authentication capabilities in their networks – something that carriers in high fraud markets cannot even consider.
© – Copyright