By Mehmet Turunc, Senior Product Manager, 5G, iBASIS
It’s all about the data
There are two different 5G signaling interconnection methods defined by 3GPP:
- End-to-End TLS (Transport Layer Security)
- PRINS (PRotocol for N32 INterconnect Security)
In addition to these methods is a third, outsourced SEPP option for mobile operators.
Each model has advantages and disadvantages. This article will address analytics, answering questions such as, What does analytics refer to? What are the use cases dependent on analytics? Is it just a nice thing to have, or is it a must?
Interconnection Models and Affected Domains
When a mobile subscriber visits a foreign country and wants to use his/her existing sim card, this is the basic definition of roaming. In the roaming environment, the subscriber is using a visited operator’s network resources on their home operator’s mobile subscription. As a result, some critical information has to be shared between home and visited operators such as location, IMSI, MSISDN, account balance information, and subscription type.
Until now, interconnection model choice is not affected by information exchanged by both parties. Even if it is end-to-end encrypted, it is visible after decryption.
However, in today’s roaming ecosystem home and visited operators are not directly connected in most cases. Even if Operator A interconnects to Operator B directly, it cannot be directly connected to Operator C. By the nature of our interconnected world, aggregation points are needed for roaming traffic exchanges, unless each operator is willing to establish, manage, and maintain hundreds of roaming partners separately.
Today, the majority of roaming interconnections are provided by IPX providers.
IPX is a closed & secure network and not accessible from outside (public internet). Signaling (SS7 for 2/3G, Diameter for 4G) and data (GRX) services are the core products that make roaming possible. The 5G equivalent of signaling service is called http/2, and the encryption of these http/2 messages not only impacts the signaling & analytics services but also roaming value added services, roaming signaling security services, and roaming hub services.
This is an interdependent connected environment where IPX Providers, Roaming VAS Providers, Signaling Security Providers, and Roaming Hub Providers play specific roles. All of them need to access “signaling information” which carries subscriber identifiers, location lookups, routing information, coverage areas, and attached network type specifications
Signaling Information Flow in Roaming Environment and Effects on Different Players
Once this signaling information is accessed, they are able to provide:
- Core services: signaling, data analytics
- Roaming VAS: Steering of Roaming, Welcome SMS etc.
- Security: Signaling firewalls, attack detection and prevention systems
- Roaming hub services
Based on the interconnection model choice, 5G roaming interconnection could impact these services.
If end-to-end TLS is in place, intermediators are unable to see the signaling message and analytics, value added services, and security services can only be provided via on-premise deployments. The current trend is finds operators opting for cloud-based, fully managed, “pay as you go” services for faster and more cost effective service deployment. Work arounds such as “hairpinning/signaling loop” exist but are not yet 3GPP standards.
The power of analytics not only provides increased quality and cost reduction, but enables MNOs to create new revenue streams. Without signaling information, offerings such as announcing new package bundles, attractive upgrade options, and ways to trigger its silent roamers who are in the visited operators service area would be impossible.
In regards to security, imagine that a group of hackers is trying to intercept your roaming subscribers sessions, attempting to steal some information, or creating a fraudulent call. We need visibility on analytics in order to prevent these scenarios.
Analytics also supports alignment with obligations defined in legal and regulatory aspects. If there is an international criminal case or court order, we should be able to responsibly provide authorities with who, where, and when information which could be possible with the existence of the signaling messages.
The Right Interconnection Model
All in all, we must choose the right interconnection model for our situation and be aware of the consequences, challenges, and advantages of each model. A balanced distribution between analytics, ease of operations, and full security is an ideal approach
iBASIS is able to support PRINS, Outsourced SEPP, and TLS models in its 5G Sandbox environment. Complemented by its award winning data analytics platform InVision, iBASIS provides comprehensive statistics to its customers via real-time CDRs, pro-active monitoring and alarming, IMSI level troubleshooting, and service quality reports.