1 / 9

MIN based routing of Radius records

MIN based routing of Radius records. Neal Richardson Telecom New Zealand. An opportunity exists for fraud to occur during CDMA Data Roaming if "MIN based routing of Radius records" is not implemented.

xena-cabrera
Télécharger la présentation

MIN based routing of Radius records

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIN based routing of Radius records Neal Richardson Telecom New Zealand

  2. An opportunity exists for fraud to occur during CDMA Data Roaming if "MIN based routing of Radius records" is not implemented. • Without "MIN Based Routing" the Accounting records (Data Call Detail Records) for a customers data call could be forwarded to the wrong carrier due to the use of common usernames by some carriers. • This problem is easily mitigated by forwarding the Data Call Detail Records (Radius) to the appropriate home network by using the MIN (Mobile identification Number) as the routing key rather than something the customer can enter.

  3. What is Radius • Radius is the format used for Accounting records generated by the data network. • Radius – also known as AAA (triple A) • Radius is the international standard for data call detail records as defined by the IETF (Internet Engineering Task Force) • Adopted by 3GPP2 and CDG as standard for data Call Detail Records (CDRs) • Remote Access Dial In User Security

  4. The Problem Explained • A number of CDMA Operators use a common username for all their customers wanting access to the Internet. • E.g. TNZ use mobile@jamamobile • These common usernames are published on the Internet sites relevant to these CDMA operators. • If a roaming agreement for data exists between ANY two CDMA carriers then the common username of another roaming partner can be used by a roaming customer.

  5. Worst Case Scenario • Pre-requisite • CarrierA and CarrierB have data roaming agreements with CarrierC • Roaming customers from CarrierB uses the CarrierA common username while they are on CarrierC network. • Existing routing of Data CDRs will mean all CarrierB usage is sent to CarrierA. CarrierA billing systems will reject CDRs as there is no Mobile Identification Number match in CarrierA billing systems. • Result • CarrierB cannot bill their customer • CarrierC does not get paid for network usage by CarrierB • Net Settlement between CarrierB and CarrierC is inaccurate • CarrierA has invald CDRs to process+-

  6. Recommendation • The recommended field for correct routing of Data CDRs is the calling-station-id field. (IETF Attribute 31, 3GPP2 Attribute A1). • This field is common within the Radius Authentication requests and Accounting records. • The exception to this recommendation is EVDO AN-AAA A12 authentication requests. These requests can only be routed based on the realm used. It is obviously important that CDMA carriers do not duplicate realms for their A12 NAI's.

  7. Calling Station ID Formats • The format of the calling-station-id field varies from CDMA Operator to CDMA Operator. • Examples: • Telecom NZ: 15 Digit IMSI format, made up of 10 digit MIN prepended with 5 leading 1's. 111111736543200 • Telstra: 15 Digit IMSI format, made up of 3 digit country code, 2 digit network code and 10 digit MIN. 530021736543200 • And I know that other carriers use a 10 digit IRM or MIN format.

  8. More detailed Explanation. • I would like to highlight a scenario that needs to be dealt with to ensure the routing Radius Accounting records and Authentication requests are sent to the correct CDMA Operator. • A number of CDMA Operators use a common username for all customers wanting access to the Internet. • Examples. • Telecom NZ: mobile@jamamobile • http://www.telecom.co.nz/content/0,3900,202143-202780,00.html • Telstra: user@telstra.internet , user@telstra.pcpack , user@telstra.datapack • http://www.telstra.com.au/mobile/products/wireless/mobileinternet.htm • SKTelecom: have a couple as well. • These common usernames are published on the Internet sites relevant to these CDMA operators. Therefore they are available for anyone to see. • A problems arises when one of these usernames is used by customers of other network providers. Current Radius Authentication and Accounting records routing is based on realm. I think that routing based on realm is at best annoying and at worst an opportunity for fraud. • I believe that it is important that Radius records are forwarded to the CDMA Operator associated with the customer using the service. • We know it is possible for a customer of one carrier to use the username of a second carrier on the network of a third carrier. With Realm based routing the Radius Authentication and Accounting will be forwarded to Carrier 2 rather than the correct Carrier1. • The recommended field for correct routing of Radius records is the calling-station-id field. (IETF Attribute 31, 3GPP2 Attribute A1). This is common within the Radius Authentication requests and Accounting records. • The format of the calling-station-id field varies from CDMA Operator to CDMA Operator. • Examples: • Telecom NZ: 15 Digit IMSI format, made up of 10 digit MIN prepended with 5 leading 1's. 111111736543200 • Telstra: 15 Digit IMSI format, made up of 3 digit country code, 2 digit network code and 10 digit MIN. 530021736543200 • And I know that other carriers use a 10 digit IRM or MIN format. • The variation of this field is because the relevant standard have allowed for this flexibility. • Calling_station_id - MSID • REF 1. PN-3-4732-RV2 (published as TIA/EIA/IS-835-B) • International Mobile Subscriber Identity (IMSI) [E.212] • Mobile Identification Number (MIN) [TIA/EIA-553] • International Roaming MIN (IRM) [TIA/EIA/TSB29] • REF 2. cdma2000 Wireless IP Network Standard: Accounting Services and 3GPP2 RADIUS VSAs • X.S0011-005-C v1.0 • REF 3. CDMA Packet Data Roaming eXchange Guidelines (August 10, 2004) • The Proxy AAA server should be allowed to rely on the network identifier portion of the MSID (e.g., MIN, IMSI) to route RADIUS messages. This requires the home operator to notify its MSID’s network identifiers to the CRX provider. • I think it is important that carriers considering CDMA Data roaming are aware of this issue and develop the appropriate checks and measures. • The exception to this recommendation is EVDO AN-AAA A12 authentication requests. These requests can only be routed based on the realm used. It is obviously important that CDMA carriers do not duplicate realms for their A12 NAI's.

More Related