1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 16(09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.800-X.849 series Supplement on architectural systems for security controls for preventing fraudulent ac
2、tivities in public carrier networks ITU-T X-series Recommendations Supplement 16 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTE
3、MS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Securi
4、ty management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X
5、.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANG
6、E Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further det
7、ails, please refer to the list of ITU-T Recommendations. X series Supplement 16 (09/2012) i Supplement 16 to ITU-T X-series Recommendations ITU-T X.800-X.849 series Supplement on architectural systems for security controls for preventing fraudulent activities in public carrier networks Summary Suppl
8、ement 16 to the ITU-T X-series Recommendations describes a methodology for evaluation systems of security controls for preventing fraudulent activities, and criteria for selection of these systems, with regard to architectural characteristics of communications service provider (CSP) networks at thei
9、r present-day level of development. The Supplement includes technical methods for addressing security controls and estimating losses caused by fraudulent activities, and also provides guidelines for the exchange of information related to fraudulent activities. History Edition Recommendation Approval
10、 Study Group 1.0 ITU-T X Suppl. 16 2012-09-07 17 ii X series Supplement 16 (09/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Stan
11、dardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), w
12、hich meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within
13、 ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication i
14、s voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and t
15、he negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this publication may involve the
16、use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, IT
17、U had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.i
18、nt/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 16 (09/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Te
19、rms defined in this Supplement 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview 3 7 Architecture of security systems for the prevention of fraudulent activities in public carrier networks . 5 8 Technical methods to provide guidelines for security features on internal (end-to-end) service
20、provisioning, assurance and billing processes 7 9 Technical methods to address security controls for preventing external fraud attacks affecting public carriers customers and partners . 8 10 Fraud loss estimation 9 11 Guidelines for information exchange related to fraudulent activities 10 Bibliograp
21、hy. 11 X series Supplement 16 (09/2012) 1 Supplement 16 to ITU-T X-series Recommendations ITU-T X.800-X.849 series Supplement on architectural systems for security controls for preventing fraudulent activities in public carrier networks 1 Scope This Supplement describes an architecture of security s
22、ystems for prevention of fraudulent activities in public carrier networks. This Supplement describes an example architectural model that provides technical methods to: provide guidelines for security features on internal (end-to-end) service provisioning, assurance and billing processes; address sec
23、urity controls for preventing external fraud attacks affecting public carriers customers and partners; estimate losses (for example, QoS, service degradation, etc.) caused by fraudulent activities. This Supplement also provides guidelines for information exchange related to fraudulent activities. Wh
24、ile it is clear from the ITU Constitution that all implementations, based on ITU Recommendations, shall comply with national laws, policies and regulations, because this Supplement suggests using something similar to lawful interception techniques to combat fraud, implementers should be especially s
25、ensitive when implementing this Supplement to ensure that the resultant implementation complies with national laws, policies and regulations. 2 References None. 3 Definitions 3.1 Terms defined elsewhere This Supplement uses the following terms defined elsewhere: 3.1.1 database management system (DBM
26、S) b-ISO/IEC TR 10032: Is a set of computer programs of general and specific functions that controls the creation, maintenance, and the use of a database. 3.1.2 operation support system/business support system (OSS/BSS) b-ETSI TR 102 647, b-ETSI TS 188 001, b-ETSI TR 188 004: Computer systems for co
27、mplete or partial automation of activities of communication service providers. 3.2 Terms defined in this Supplement This Supplement defines the following terms: 3.2.1 confidential information: Information to which access is restricted by law or regulation, and which is a commercial, official or pers
28、onal secret guarded by its owner. 3.2.2 counterpart: One of the contracting parties. 3.2.3 customer relationship management system (CRM): Corporate information system, designed for automation, organization and synchronization of a telecom operators business processes, particularly sales, marketing a
29、nd customer relationship improvement, and storing of all relationship history. 2 X series Supplement 16 (09/2012) 3.2.4 documentary information (document): Information recorded on a material object (hereinafter referred to as material medium) with document entries allowing identification of the info
30、rmation or, in legally stipulated cases, its material medium. 3.2.5 fraud attack: A telco fraud committed by a telco fraudster within a particular period of time. 3.2.6 information constituting a trade secret: Information is deemed a trade secret if it is actually or potentially valuable by virtue o
31、f its being unknown to third parties and inaccessible on legal grounds. Its owner takes measures for its protection. 3.2.7 invoicing: Telecom operator billing subsystem for invoice preparation, discount application and invoice aggregation into a single bill. 3.2.8 mediation: A system converting (acc
32、umulating, filtering, modifying and correlating) source data on telecommunication network usage into data that can be interpreted by communication service providers OSS/BSS. 3.2.9 owner of confidential information: An entity that generated confidential information or, by force of law or contract, ob
33、tained the right to allow or deny access to such confidential information. 3.2.10 rating: The calculation of charges for the customer that can be performed without knowledge of the aggregate. Rating enables different payment schemes, and contains databases with tariffs as well as charge-application
34、schemes. 3.2.11 recycle: A system that takes part in traffic processing and stores data that are not included in the telecom operators client bills for certain reasons. Such reasons are: failure to anchor xDRs to a specific subscriber, lack of tariffs for service in question, and xDRs of a format di
35、fferent from that processed by the OSS/BSS. 3.2.12 restricted access mode: Legal, managerial, technical and other measures taken by the owner of confidential information for its protection. 3.2.13 telco fraud (fraud in international telecommunication networks): Damage to telecommunication companies
36、or to the public; it is earning illegal profit through abuse of confidence or deception in international telecommunication networks services, including improper use of numbering resources, addressing and identification. Grounds: illegal operations control in networks related to service companies and
37、 subscribers of different jurisdictions can only be conducted on the authority of an international treaty, such as International Telecommunication Regulations, and only provided that relevant national legislations are harmonized. 3.2.14 telco fraudster: A party (person or organization) in which inte
38、ractions with a service provider can be categorized as telco fraud. 3.2.15 unauthorized disclosure of confidential information: Action or inaction which results in confidential information becoming known to third parties in verbal, written or other forms (including via technical means) without the c
39、onsent of the information owner. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: BSS Business Support System CRM Customer Relationship Management System CSP Communications Server Provider DBMS Database Management System X series Supplement 16 (09/2012) 3 F
40、MS Fraud Management System ICT Information and Communication Technology OSS Operation Support System PIN Personal Identification Number PRS Premium Rate Services SIM Subscriber Identity Module xDR Call/IP Detail Record 5 Conventions The term “communications service provider“ as used here includes al
41、l communications service providers, including telecommunication operators, telecommunication companies and telecom carriers. 6 Overview Fraudulent activities by employees, clients and business partners (e.g., communication service providers) in the telecommunication sector exist on the fixed, cellul
42、ar mobile, cable and satellite communication networks, regardless of the underlying communications technology. The most widespread fraudulent activities are the organization of unapproved public telephone booths, gaining revenue by means of theft of PIN-codes, of telephone cards, or breaking of algo
43、rithms of their generation, cloning of cellular mobile telephone SIM cards and use of false identification to register in a communication network. One of the most serious kinds of fraudulent activities is action taken by communication service providers employees to deliberately activate an unpaid te
44、lecommunication service. Fraudulent activities are classified as follows: internal methods, implemented by employees of a communication service provider (e.g., to change rating systems or undercharge counterparties traffic sale), deliberately take advantage of technical defects in equipment and/or e
45、rrors in OSS/BSS interconnection; external methods, implemented by communication service providers clients or counterparties (illegal access, breaking into an automatic telephone exchange, false authentication). Formal definitions of telco fraud are outlined in clause 3.2.13, telco fraudster in clau
46、se 3.2.14 and fraud attack in clause 3.2.5. There are six main types of fraud. a) Technical fraud consists of any activities undertaken by outside employees, clients or counterparts of communication service providers, to make fraudulent usage of service providers services without proper payment, tak
47、ing advantage of the technical defects of a telecommunication network and/or shortcomings of OSS and BSS interconnection. Types of technical fraud are related to: technical issues in implementation of telecommunication network standards and specifications; telecommunication vendors respect and imple
48、mentation of standards in equipment and software; design features of the service providers telecommunication network during the creation and development of the network. 4 X series Supplement 16 (09/2012) Examples of technical fraud are: call redirection and forwarding fraud are fraudulent usage of s
49、pecific call-forwarding capabilities of the cellular mobile network equipment to make voice calls, or send messages, which are due to be paid by an unaware customer who has those services enabled; voicemail fraud is fraudulent usage of cellular mobile network equipment voicemail capabilities to make voice calls or send messages that are due to be paid by an actual customer with a contract in which those services are allowed. b) Payment fraud is based on a counterfeit contract signed using
