Let’s begin with a classic textbook definition of “Transaction Capabilities”. Transaction Capabilities (TC) provide functions and protocols to a large variety of applications distributed over switches and specialized centers in telecommunication networks (e.g. databases).
OK, so what does that really mean and what is TCAP? Transaction Capabilities Application Part (TCAP) is the layer of the SS7 protocol that carries application data to be exchanged between nodes. Basically, it means that TCAP offloads the applications from having to concern themselves with mundane structures and dialogues. TCAP defines the overall structure that the application will have to conform to, but TCAP does not concern itself with what information is being passed. That’s the job of the application. This could be a wireline application like Core INAP (CIN) or a mobile telecom application like GSM MAP. So TCAP is a set of communication capabilities that provide an interface between applications and a network layer service. To date, only Signaling System No. 7 (SS7) Message Transfer Part (MTP) plus Signalling Connection Control Part (SCCP) have been considered as network layer service providers. However, any standard OSI Network Layer might be used in place of the MTP plus SCCP, provided that the requirements of the applications supported by TC (e.g. service and performance requirements) can be met. By the way, for historical reasons, the term “TC” and “TCAP” are used interchangeably. For this article, we will stick with “TCAP”.
The main purpose of TCAP then is to provide the upper applications with generalized services to send information (applications) over the network using dialogues and non-circuit related signaling. Before TCAP was developed, each application implemented its own dialogue handling separately. Therefore, a standardized dialogue handling function was created to minimize the need for creating new services and protocols to handle dialogues. TCAP provides the services to transfer information between nodes, independent of applications. It is defined as an end-to-end protocol, which implies that the protocol will not process the message other than in the sending and receiving end nodes.
From SCCP’s point of view, TCAP is merely another variable length parameter. So TCAP sits between SCCP and the application. A typical structure drawing of the SS7 protocol is shown here:
The overall objective then of TCAP is to provide the means for the transfer of information between nodes and to provide generic services to applications while being independent of any of these. Some of the services that TCAP provides to the application include:
- A means to package application parameters
- Allowing the application to convey multiple tasks within a single message (transaction)
- Providing a way to uniquely identify each message using transaction management
- Allowing applications to carry on dialogues
Within TCAP there are up to three parts or portions. They are:
- Transaction Portion – it provides the ability to associate multiple operations with a single logical transaction between nodes.
- Dialogue Portion – used to interpret component information and software versions.
- Component Portion – this allows the application the ability to define different operations and to exchange parameters.
TCAP is defined by the ITU in Q.771 through Q.775.
Is TCAP Safe?
It is fairly well known that there are the more “interesting” layers in the SS7 protocol that carry useful parameters like network identities, status, state and location information. So, since TCAP itself does not carry any of that type of information, is it a relatively “safe” layer? In a word, the answer is “no”. TCAP suffers from the same lack of any built-in security as all of the layers of the SS7 protocol. Though it might not contain user-specific information like GSM MAP, nor originating and terminating information like SCCP, a lot of damage can be done by a nefarious intruder with knowledge of TCAP. Plus, knowing something at this layer provides that intruder with a bigger piece of the overall events and network behavior in order to do damage. Often times injecting a message into the network will produce an error message containing useful information. TCAP carries information about transaction identifiers, which are kept open during the lifetime of a transaction and can be useful for keeping a transaction open. TCAP also carries information about the application context and version numbers. Using information gathered from these types of scans the intruder can perform other types of attacks like denial of service, impersonation of network elements and fraud.
There are defined mechanisms for protecting all TCAP user messages called TCAP Security (TCAPsec). It is a set of enhancements and extensions designed for security protection for the TCAP protocol. It ensures that the original data has not been altered (data integrity) and it provides confirmation that the source of the data is as claimed (data origin authentication). There are other ancillary uses, but those two are the primary ones. Though TCAP as a protocol is defined by the ITU-T (Q.771 through Q.775), TCAPsec is defined by the Third Generation Partnership Project (3GPP) in two specifications. They are:
- 3GPP TS 29.204 – SS7 Security Gateway Architecture & Protocols
- 3GPP TS 33.204 – TCAP User Security
TCAPsec can, of course, be applied to different types of networks as shown here:
The top example is considered an end-to-end architecture. This would be the case where the two PLMNs do not wish to use a third-party provider of signalling services.
The TCAP message is sent as a Unidirectional Message Type without a Dialogue Portion. It uses Operation Code (OpCode) 90 and contains three parameters as shown.
The details can be found in 3GPP TS 29.234. So, basically you are taking an SS7 UDT or XUDT message and packaging it up as a one-way TCAP unidirectional message. The original SCCP and TCAP values are placed, along with a Protected Payload as parameters in a SecureTransport TCAP unidirectional operation using opcode 90.
Though quite a simple scheme, the network details get a bit complex. First of all it requires new components to be augmented to the network. These components are an SS7 Security Gateway (SEG), a Security Policy Database (SPD) and a Security Association Database (SAD). An SEG performs the protection of outbound and inbound messages. It is the duty of the SEG to secure the TCAP transactions with help from the SPD. In addition, before protection can be applied there needs to be a Security Association (SA) established between the two SEGs.
The call flow steps for a TCAPsec in an SMS message flow are:
- An inter-PLMN TCAP signalling message is sent from an SMSC to the Signalling Gateway (SEG)
- The SEG checks the security policy from the Security Policy Database (SPD)
- The SEG also asks for the security parameters from the Security Association Database (SAD)
- Based on the policy and security parameters received, the SEG constructs the TCAPsec message
- The TCAPsec message is sent inter-PLMN to the receiving network’s SEG
- The receiving SEG checks the security policy from its SPD
- The receiving SEG also checks the security parameters from its SAD
- Based on the policy and security parameters received, the SEG checks the authenticity and integrity of the message. If needed, it “decrypts” the message
- The message is then sent to the recipient.
The call flow looks like this:
As you can see, this needs a lot of interworking between operators and all operators need to deploy TCAPsec for it to be truly effective.
The idea behind the TCAP handshake is to force the originator to establish a dialogue before sending any kind of SM information. It acts much like the SCCP connection-oriented Connection Request and Connection Confirm messages. This is done by requiring the originator to first send an empty TC Begin request message to the recipient and having the recipient send a TC Continue back, thus having an open transaction. It is only after this dialogue initiation that the sending of the message can begin. These first two messages in effect are used for authentication.
Establishing this dialogue guarantees that the originator is using the correct address. Therefore, this should counteract the fraud of spoofing the originating address. The TCAP handshake is a fairly simple procedure to implement, since all the required functionalities exist in the current MAP and TCAP implementations.
The call flow for a MTForwardSM is shown here:
Although this appears to be a good solution, there are still a few problems that should be considered. The most obvious is that the TCAP handshake effectively increases the traffic in the network with the initial dialogue setup. Also, the protection the TCAP handshake offers is severely limited as it is designed only to prevent the specific fraud scenario of the MTForwardSM.
Given the simplicity of standardizing this solution, it is a good quick alternative for limited protection. However, with the problems mentioned above, TCAP handshake can only be at best a temporary solution until a better and more comprehensive solution is implemented to replace it like a comprehensive firewall that covers all of the layers of the protocol.
The original version of this article was published in Network Security Magazines August 2019 edition and has been edited for brevity.
The impending IoT revolution poses a number of privacy concerns. The future network will have more connections between devices than between people, linking up everything ranging from the mundane such as refrigerator sensors, to the critical such as emergency response service. Networks have slowly shifted away from voice and towards data. The explosive growth of IoT will test the limits of both bandwidth and security.
Different devices have varying demands in terms of the volume and complexity of data, as well as importance. When systems are congested, a way of prioritizing the urgency of some data (medical devices for example) over others will be paramount, unless efficient service can be guaranteed consistently. The double-edged sword of data privacy is also of concern. While data has great commercial purpose, a breach can provide criminals with a wealth of logistical and personal information, which may be detrimental to businesses as well as individual users. The potential to mine sensitive data is also amplified in a complex IoT network.
Static sensors, many in remote locations, are an easy target to intercept and carry out denial-of-service attacks, which is even more worrisome when the sensors serve critical operations such as controlling reservoir volumes. IoT also has the unique risk that connected SIMs are roaming and despite improved connectivity, therefore experience a delay between the point of activity and point of reporting.
Lifecycle management is often overlooked, allowing many devices to remain stuck with outdated security software. Even a vulnerable smart toaster poses a fire hazard if correctly hacked. Manufacturers may be tempted to cut corners by equipping devices with inexpensive (and therefore vulnerable) sensor and monitor applications, despite a robust software platform. End-of-life management presents a challenge as SIM cards from devices no longer in use should also be recycled to avoid being put into unsuitable applications at great expense. Finally, changing ownership of devices such as used cars, which carry the owner’s history, present a data protection conundrum.
Because sufficient security was not initially built into networks, these problems have been addressed less efficiently only after the problem is demonstrated. As most networks include both old and new systems, IoT devices will likely be deployed on the older and less secure networks. Signalling firewalls are necessary to protect against the vulnerabilities present in current SS7 networks, and enhanced firewalls will be necessary for IoT communications. A firewall can be considered effective if it is able to inhibit denial of service, IoT SIM fraud and misuse, communication interception, and IoT device tracking.
Collective action among networks, manufacturers, industry associations, security experts, and regulating bodies is critical to allow IoT to thrive without becoming a risk. This requires honesty and diligence on the part of manufacturers. Enterprises work closely with security experts to guarantee a minimum level of embedded network security and ensure protection against malicious attack. Specs should be included in IoT communication platforms that include a handshake for every session. Industry associations must demand a gold standard in IoT security to ensure cellular technology’s future. Finally, governments and regulators must be committed to maintaining control and security of telecom networks should the industry in any way fail to effectively regulate itself, or should they leave networks, operators, and users open to risk. This is accomplished instituting and enforcing minimum security requirements.
The looming prospect of this scale of connected devices is exciting, but we must mitigate the inherent risks or the entire industry may suffer significantly. Success will come about by careful and constant vigilance as well as a concerted effort to employ effective security measures at every stage of development.
To say that the next few years will shape the future of the telecoms industry forever is not an exaggeration. The 21st century has seen immense growth and major shifts in the business, but now as the 2020s approach, telcos are increasingly finding themselves under pressure to find new ways to differentiate themselves, keep traditional business models alive while expanding into new ones, and increase their revenue.
Among the most potentially damaging issues facing telcos is being seen as little more than a utility provider. For the vast majority of consumers, data is the primary service demanded, which is now seen as no different to water or electricity: an immutable essential for modern-day life. Since the provision of data is increasingly overshadowing any other service they offer, it has become almost impossible for telcos to distinguish themselves, leading to the vexing perception of them as pseudo-utility companies. A survey of UK customers found that 64% agreed that ‘there is little or no difference between the telcos.’ Worryingly for these companies, in the case of utilities, the consumer will almost always buy from the cheapest provider and consider little else.
At the turn of the millennium, telcos were riding a wave of massive infrastructure investment and enormous growth as the developed world began to connect en masse. Some telcos had their own OS on mobiles, and if you believe insider perspectives – planned for a future where they ruled the content delivery end of the business. Some went as far as preparing for a world where they would simply lease infrastructure capacity from vendors such as Ericsson or Nokia and focus entirely on the end of the business now dominated by multibillion-dollar OTT services such as WhatsApp or Snapchat.
Time and technological advancement marched ever onward, and that future did not come to pass. Only a few years ago, telcos were still considering offering tiered data plans for their customers, as a response to traditional voice and SMS services falling into decline, though negative perception seems to have shuttered this model for now. According to ComReg’s Q42018 report, in Ireland, voice services on fixed networks were down 17% from the year previous – a serious decline. SMS decreased by 15% in the same period. Young mobile users, in particular, are driving this trend, unwilling to pay for what they perceive as unnecessary extras, while consuming massive amounts of data at low prices. Simply look at the plans telcos are currently offering: free calls, free SMS, but variable amounts of data.
As voice and SMS die a slow death and OTTs strangle them in content delivery, telcos find themselves in the business of managing infrastructure and engaging in a race to the bottom with their competitors to deliver data at the lowest price possible. Their revenues have flatlined, despite a small bump provided by A2P, but serious investment is still required to run and upgrade the infrastructure that allows our world to have this unprecedented level of connectivity.
There is also the danger that major OTT enterprises and tech-giants like Google will muscle in on the telecoms business, cutting out what they see as the middleman in their quest to deliver content to billions of users. SpaceX, Amazon, and others are now investing in extensive satellite internet ventures too, further restricting the space within which telcos operate. These companies have little interest in profiting from the provision of data, instead making their fortunes in content delivery, and could easily supplant telcos as the world’s providers of data.
The issue of new technologies with huge disruptive potential should not be discounted either. It is not inconceivable that display-based devices will be replaced by conversational technology, holographic interfaces, augmented reality, and other forms of cognitive computing. Most telcos have little influence in this growing market beyond providing the bandwidth necessary for it to function, an area which they may find themselves increasingly pushed out of.
In short, many of the trends facing telcos today indicate a high level of uncertainty. They could lead to a huge change in the industry or fizzle out entirely. Shifting customer expectations and pressure from competitors (new and old) endanger telcos’ future prospects. Important traditional revenue streams are in decline with the ascension of OTTs and tech-giants, all challenging telcos to seriously reconsider their core business model.
Telcos will soon have to decide what their future is going to look like. Time and money are in short supply, while market pressure mounts with each passing day.
Triumph of the Telco: The least disruptive and most optimistic future for telcos is one where they continue to own and run the infrastructure and network technology ends of the business, while also retaining the customer relationship.
In a future where an entire generation sees connectivity as a basic need, telcos might set themselves apart by offering superior coverage, speeds, and technological innovation over basic connectivity packages (that may end up governmentally guaranteed to customers). They could even partner with OTTs to offer superior access to certain content delivery services, new IoT technologies, and other aspects of the increasingly ever-present cognitive computing. However, the viability of this model is linked to the future of net neutrality, which is currently a major industry debate. As the owners, controllers, and innovators of network technology, telcos could be highly selective with their OTT partners and stand to create a lucrative end-user focused business.
The provision of data and related services will continue to account for the vast majority of telcos’ business in this scenario. From being able to easily embed and interconnect different smart-home systems and IoT devices into their data plans as well as offering superior access to certain OTTs, telcos could yet return to dominate the B2C environment. On the B2B end of things, telcos could leverage their position as the enablers of all IoT solutions to influence an industry that is expected to grow to over 30 billion connected devices in the near future.
For this glowing vision to come to fruition, international telco alliances or consolidations may have to form against tech-giants eager to impinge on their market. Government regulation of tech-giants or even their potential breakup could be the driving force behind this future, buying time and securing markets for the telcos.
Masters of the Network: In a similar scenario, telcos could find themselves still owning and running the infrastructure and network technology business, but lose out on the customer relationship to OTTs. Alliances and partnerships with other telcos to generate new global telecom standards, expand costly infrastructure, and innovate at a faster-than-ever pace will be even more critical here. Cutting costs will also be key to this model – profit margins could be increased even if revenue remained static, by finding cheaper ways to deliver data, such as NFV or other cloud-based technologies, or even shutting down legacy infrastructure.
Despite losing out on the B2C environment, telcos could still leverage their position as infrastructure owners and technological innovators to become an indispensable middleman between the tech-giants and their customers. Retaining superior network competency and out-innovating silicon valley would be key to blocking them out of the telcos’ core business.
Rather than providing data plans to individual customers, telcos could lease capacity to OTTs, offering premium services with better connectivity to their partners. In this future, telcos leverage their position as the masters of network technology, sustaining and upgrading the essential infrastructure that allows the world to connect (possibly with government subsidy as connectivity becomes internationally mandated).
The Virtual Telco: The viability of this third scenario is largely dependent on the development of software-defined networking (SDN) and network functions virtualisation (NFV). Here, vendors use their size and technological competency to become the driving force in network infrastructure and innovation. Telcos would use their relationship with the customer and in-depth understanding of their needs, to create tailor-made services in an IoT-enabled world, and operate primarily in B2C. The knowledge telcos have of their customers, and their recognition as trusted providers of connectivity would be essential to making this model work.
In a future of smart-homes that might have tens of connected devices, customers will need more tailored data plans with a high level of flexibility. To service all the different individual needs of their customers, telcos will need to go beyond simple prepaid or minute-based plans, instead using their ownership of customer data to create accurate, flexible, and functional price plans for every household or user. This could potentially be accomplished through the use of virtual SIMs with tiered speeds, number of allowed devices, and data usage limits, depending on the customer’s plan, which would be as simple to register and log in as a Neftlix account.
Telcos would focus on this end of the business, moving away from a network infrastructure that is now largely owned and run by vendors. Instead, they might lease capacity from the vendor who owns the network in their area of operation, freeing them from the expensive task of infrastructure management and upgrades, becoming a virtual telco that can supply customised connectivity and cloud-based services to the world.
End of an Era: There is also a serious possibility that telcos could find themselves squeezed on every front and unable to sustain their business, with vendors making inroads on infrastructure, tech-giants eager to provide cheap data for their OTT services, and customers unwilling to see connectivity as anything more than a utility.
In this least-desirable outlook, telcos could end up as subsidiaries to vendors or tech-giants, operating purely as sales and service teams under a brand name. In truth, it would be Google, Amazon, Apple, or Microsoft providing our data and using telco brands for their customer knowledge and as fronts for marketing. They would lose their infrastructure ownership and network competency altogether, becoming a shadow of their former selves.
There may be some saving grace to be found for telcos in the lack of trust people and governments have in tech-giants however. Much of Asia, the Middle East, and Eastern Europe would be loathe to allow such companies more control of their networks. Europe and North America, are still the most lucrative markets, accounting for almost half of global telecom revenue, but the rest of the world contains many faster-growing regions. Nevertheless struggling Western telcos may find it difficult to take business from the established local providers in these countries.
Salvation Through Innovation: Unfortunately for telcos, as it stands, the less optimistic scenarios are the ones that seem most likely. There has been a notable dearth of innovation on their end in recent years. Most telcos have been unable to generate major new revenue streams and have not successfully leveraged their network competency. Despite the massive disruption that the future could hold for them, few telcos seem to be doing anything about it. Even Rich Communication Services (RCS), that many telcos laud as a game-changer, has little potential to alter the trends currently facing them. Apple may not even support it, and OTTs like WhatsApp or Line already provide much the same functionality.
The strength of telcos is in their network infrastructure and the technological competencies they hold in that area. If telcos want to stay relevant and grow their business, their focus must be on securing a future for themselves in a world of tech-giants, OTTs, massive data consumption, and the IoT. Being a dumb-pipe for data while voice and SMS slowly disappear holds little to no future.
We are bringing the new 5G module of our roaming platform to add to your arsenal which brings a better roaming experience to your 5G users.
Our Signalling Firewall is now an all-in-one, unified platform covering SMS, SS7, Diameter, SIP and GTP. Easily and seamlessly protect your network, and generate more SMS revenue as well! Our new state of the art A2P analysis module uses an embedded AI engine and machine learning features to cut manual labour, and boost your bottom line.
See you at GSMA WAS #10, Valencia, 28–31 October 2019
Cellusys technology serves more than 600 million subscribers in over 60 countries. Make sure you book a meeting with us in plenty of time so we can share all our secrets about roaming and security with you:
Much myth surrounds St Patrick, his origin, mission and how he evangelised the Unified Signalling Firewall to drive the snakes out of mobile networks.
Saint Patrick used the shamrock to illustrate simply to the unwashed, how the Unified Signalling Firewall was meant to be. SS7, Diameter and GTP.
The real story however is that one day the Chief Security Officer, of a mobile network, was discussing signaling security with Patrick, a Cellusys signalling expert, over a round of golf. The CSO couldn’t understand why all the signalling security vulnerabilities needed to be processed and cross correlated with the other protocols in one Unified Signalling Firewall. Patrick looked down at the tee as he prepared to strike his golf ball with a 9 iron. He then spotted a beautiful Trifolium dubium, the wild-growing, three-leaf clover that botanists consider the official shamrock. Patrick leaned over and gently picked the shamrock.
Patrick then held the shamrock up and used its three leaves of a shamrock to explain to the CSO what the Holy Trinity in Signalling Security was: the SS7, the Diameter, and the Holy GTP. All separate protocols, but in unison, providing best practice signalling security.
Patrick now inspired, proceeded to continue his evangelism and spread the best practice security measures using the shamrock to simplify the Unified Signalling Firewall.
Today, St Patrick’s Day revelers wear a shamrock, signalling protection from denial of service attacks, call interception, SMS interception and location tracking of subscribers in mobile networks.
As they say, the rest is history and the Unified Signalling Firewall is now celebrated in Irish bars and with parades around the world each year on March 17th.
But people in Ireland hoping to wear an authentic shamrock may be out of luck this year.
“We have had a long and hard winters” David O’Reilly, a botanist at Trinity College Dublin, noted. The growing seasons have been affected, he said. For instance, Trifolium dubium, considered the official shamrock, is in short supply, according to media reports. “It’s quite possible that harder winters have hit this species’ abundance, as it’s an annual which germinates in the spring,”
To make up for the shortfall, many sellers are resorting to other three-leaf clovers, such as the perennials Trifolium repens and Medicago lupulina.
According to the Irish Times, these plants are “bogus shamrocks.”
As with bogus shamrocks, be aware of bogus signalling security as its not always obvious to spot. Be sure to be sure and opt for St Patrick’s Unified Signalling Firewall to protect your mobile network.