2.5.6 Session Integrity Validation Check (SesIntValChk)
Session Integrity Validation Check [SesIntValChk] facilitates in GTP-C signaling fraud detection based on subscriber location information for an outbound roaming subscriber. This countermeasure screens 3GPP-Gx-CCR-I message of Outbound Roaming Subscribers to check that if a ULR message corresponding to this CCR-I message is already present in UDR DB or not.
This CM consider that ULR message are validated with other countermeasure run and store key/value pair into UDR DB. SIVC validate the CCR-I message against ULR message received, validated and found key/value into UDR DB.
To enable Session Integrity Validation Check Countermeasure, User has to enable below two stateful countermeasures first for ULR message validation followed by SIVC CM to validate CCR_I message:
- Time Distance Check Countermeasure
- Source Host Validation MME Countermeasure
This countermeasure considers the ingress GX CCR-I message as vulnerable if any of these conditions are true:
- The IMSI value of Gx-CCR-I message is not found in UDR DB. That means we have not received any ULR message corresponding to this CCR-I message.
- The MCCMNC value from the Gx-CCR-I message is not matching with the MCCMNC value of ULR message stored in UDR DB with same IMSI.
Appropriate ART configuration needs to be done for routing the Gx-CCR-I messages generated from outbound roamers towards DSA Application so that it can be processed by this countermeasure. For more information, refer to the ART Configuration for DSA.