The field of technology of this application is charging in LTE and 5G network and more general LTE/5G network security. Operators take now steps to harden their networks against potential attacks, in particular they look for protection against charging misuse (fraud). This becomes of critical importance for 5G networks, where a large number of devices are expected to be unattended IoT devices, where processes like billing are automated between operator and IoT owners and therefore potential attack discovery may not be immediate.
The 3rd Generation Partnership Project (3GPP) defines the technical framework for 5G.
According to https://en.wikipedia.org/wiki/5G, the Next Generation Mobile Networks Alliance defines the following requirements for 5G networks which are currently under standardization:                Data rates of several tens of megabits per second should be supported for tens of thousands of users        1 gigabit per second to be offered simultaneously to tens of workers on the same office floor        Several hundreds of thousands of simultaneous connections to be supported for massive sensor deployments        Spectral efficiency should be significantly enhanced compared to 4G        Coverage should be improved        Signalling efficiency should be enhanced        Latency should be reduced significantly compared to LTE        
To transfer subscription, mobility and management information between nodes, in 5G, the Diameter protocol will likely be used. Diameter started as a authentication, authorization, and accounting protocol for computer networks. The Diameter base protocol is defined by RFC 6733 and defines the minimum requirements for an AAA protocol. Various Diameter Applications extend the base protocol by adding new commands, attributes, or both. Those Diameter applications are described in different documents e.g. by 3GPP. Diameter security may be provided by deploying IPSec or TLS.
A communication network utilizes several Diameter application protocols. One very common one is the Diameter application for the communication protocol between HSS and MME, called S6a/S6d. The Insert-Subscriber-Data-Request (IDR) command of the Diameter protocol is sent from HSS to MME or SGSN (interfaces S6a/S6d). When receiving an Insert Subscriber Data Request, the MME or SGSN shall check whether the subscriber identity (e.g. identified by IMSI) is known. The HSS may use this procedure to replace or update a specific part of the user data (=subscriber data or subscription data) stored in the MME or SGSN with the data sent, or to add a specific part of user data to the data stored in the MME or SGSN. In particular, the Insert Subscriber Data Procedure may be used between the HSS and the MME and between the HSS and the SGSN for updating certain user data in the MME or SGSN inter alia due to administrative changes of the user data in the HSS, while the user (subscriber) is located in an MME or SGSN (i.e. if the user was given a subscription and the subscription has changed). The user data may comprise an address of an OFCS and/or OCS controlling an account on which the subscriber is charged.
Security Researchers discovered substantial security vulnerabilities last year (see [1] to [3]). Mobile network operators monitored their traffic and noted that those vulnerabilities are really used by attackers and that on a “normal day” thousands of those attacks take place. The fraud and other unauthorized messages even reach millions messages over the months. Operators take now actions against those fraudsters and unauthorized network access and introduce filtering mechanisms. As a reactive measure operators developed together with the applicant material how protection can take place against the known SS7 based attacks. Some security researchers now start looking into LTE and 5G roaming, in particular Diameter security.
The operator association GSMA is developing now fine grained mechanisms to prevent the known attacks. Diameter fraud attacks are not yet visible, but there is a huge potential gain for an attacker. Therefore this invention focuses on protecting users and network against attackers that try to manipulate the user profile information.
Positive Technology Security describes an attack using MAP to avoid charging [4], but no countermeasure is proposed there. There are attacks for the older networks types (SS7/MAP, see references [1], [3], and [4]), but the protection measures there differ from the LTE and 5G networks due to different protocols and messages.