Graduate School and Research Center in Digital Sciences

SoK: Fraud in telephony networks

Sahin, Merve; Francillon, Aurélien; Gupta, Payas; Ahamad, Mustaque

EUROS&P 2017, 2nd IEEE European Symposium on Security and Privacy, April 26-28, 2017, Paris, France

Telephone networks first appeared more than a hundred years ago, long before transistors were invented. They, therefore, form the oldest large scale network that has grown to touch over 7 billion people. Telephony is now merging many complex technologies and because numerous services enabled by these technologies can be monetized, telephony attracts a lot of fraud. In 2015, a telecom fraud association study estimated that the loss of revenue due to global telecom fraud was worth 38 billion US dollars per year. Because of the convergence of telephony with the Internet, fraud in telephony networks can also have a negative impact on security of online services. However, there is little academic work on this topic, in part because of the complexity of such networks and their closed nature. This paper aims to systematically explore fraud in telephony networks. Our taxonomy differentiates the root causes, the vulnerabilities, the exploitation techniques, the fraud types and finally the way fraud benefits fraudsters. We present an overview of each of these and use CAller NAMe (CNAM) revenue share fraud as a concrete example to illustrate how our taxonomy helps in better understanding this fraud and to mitigate it.

Document Doi Bibtex

Title:SoK: Fraud in telephony networks
Department:Digital Security
Eurecom ref:5055
Copyright: © 2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+5055, doi = {}, year = {2017}, title = {{S}o{K}: {F}raud in telephony networks}, author = {{S}ahin, {M}erve and {F}rancillon, {A}ur{\'e}lien and {G}upta, {P}ayas and {A}hamad, {M}ustaque}, booktitle = {{EUROS}\&{P} 2017, 2nd {IEEE} {E}uropean {S}ymposium on {S}ecurity and {P}rivacy, {A}pril 26-28, 2017, {P}aris, {F}rance }, address = {{P}aris, {FRANCE}}, month = {04}, url = {} }
See also: