Phoenix Rising BBS

home *** CD-ROM | disk | FTP | other *** search

/ Phoenix Rising BBS / phoenixrising.zip / phoenixrising / cellular / newpin.txt < prev next >

Wrap

Text File | 1994-12-26 | 11KB | 225 lines

NOTE: -------------------------------------- These articles are from the December, 1994 issue of Cellular Networking Perspectives. Phone 1-800-633-5514 or e-mail (71574.3157@compuserve.com) for more information, or to have a sample issue ("IS-41 Explained") faxed or mailed to you. ===================== The Emperor's New PIN ===================== The latest anti-fraud technique being employed by carriers requires subscribers to enter a Personal Identification Number (PIN) at the start of every call. Reported NYNEX, for example, as claiming that "even if the thieves are able to capture a PIN number off the air, they won't be able to pair it with the proper ESN-MIN number to program a cloned phone." Well, Virginia, life just ain't that simple. This technique does not rely on the system protecting cloners capturing the PIN as it is transmitted. Indeed, that is not possible with current phones. It relies on the difficulty of associating the PIN, transmitted on whichever voice channel is assigned to the call, with the MIN and ESN that are transmitted on the control channel. Because of this, the PIN technique will inconvenience cloners, but only for a short while. Anyone with a basic knowledge of the EIA/TIA-553 analog air interface standard, a cellular phone, a PC, easily available software (about $100), a special cable (about $25) and some "C" programming skill can overcome this technique. The reason that it is so easy to overcome is the same reason the legitimate cellular phone has no trouble finding the correct voice channel and transmitting the PIN digits. Following similar logic to the legitimate phone, the forger will have no trouble finding the same voice channel and receiving and storing the digits. Another way around the system is for cloners to emulate roamers, for which no PIN will be recorded in the local switch. This will work until IS-41 Revision C is generally available, which supports the PIN concept. It is quite possible that, as the PIN technique is implemented, subscribers and carriers will see a large drop in cloning traffic for a short time ... followed by a resurgence. Trouble is brewing for carriers when they try to defend continued use of PINs when their subscribers start seeing large clone-attack bills again. If a PIN is not the answer, what is the counterweight to counterfeiting? In one word; Digital. In the short term digital is just a much more complex and inaccessible technology for cloners to monitor than analog. In the long term digital will provide authentication, which is virtually immune to cloning (if used correctly). Digital phones also provide voice encryption which is important for preventing fraud, because it may make stolen service unusable, even if the authentication barrier can be overcome. Analog and NAMPS phones with authentication (TIA IS-91) will also be important, but only in the long term, because the current cellular network does not generally support authentication even for home subscribers, let alone for roamers. Also, analog phones do not support voice encryption, making them less secure even when authentication is fully available. ------------------------------------------------------ WHY MINs ARE PHONE NUMBERS AND WHY THEY SHOULDN"T BE Everyone knows that a cellular phone's MIN is its phone number. What few know is that it doesn't have to be that way, and that some problems of the cellular industry are caused because today it usually is that way. First it is important to distinguish between the terms Directory Number (DN) and MIN (Mobile Identification Number). The directory number is the phone number that can be used to dial a cellular phone from anywhere in the world while the MIN is designed for use across the radio interface to identify a cellular phone, and by the network to identify the home system that the phone belongs to. Figure 1 illustrates where the MIN is used, where the directory number is used, and the gateways between the world of directory numbers and the arena of MINs. Directory Numbers Directory numbers are phone numbers that can be dialed from any phone to access any other phone in the world, conforming to the ITU-T E.164 standard. When dialing internationally, the full directory number must be used including the Country Code, some regional digits (the area code in North America) and the local number. Directory numbers have several uses for reaching cellular phones: 1.To make a call to a cellular phone. 2.To allow an originating MSC to request a routing number from the HLR (which will perform the Directory Number to MIN translation) to allow use #1 to work even when the cellular phone is roaming. 3.To enable the SS7 data network to route the IS-41 LocationRequest message to the correct HLR (to support use #2 above). MIN --- The MIN is used only within the cellular network (the oval area in Figure 1). Within its domain, the MIN is used for several purposes: 1.To identify the mobile sending a message across the air interface to a base station (e.g. registration, origination or page response). 2.To direct a radio interface message to a specific mobile (e.g. page). 3.To route IS-41 messages (e.g. using SS7 global title translation) to the HLR (Home Location Register) of a cellular phone when its presence is detected by an MSC (e.g. by autonomous registration). 4.To make a roamer port call from outside the cellular network when the location of the mobile is known by the caller. DN/MIN Segregation ------------------ Figure 1 illustrates the two interface points between the domain of DN's and MINs: 1.The HLR is the point where a dialed DN is translated to a MIN for a call incoming to a mobile. 2.The Roamer Port is accessed by dialing a DN (often NXX-ROAM) in the system the mobile is believed to be in. It provides second dialtone and then accepts the MIN, before using it to page the mobile. Advantages When MIN = DN ------------------------ There are advantages to keeping the MIN and directory number the same: 1.Carriers do not need to enter, and HLR's do not need to store, a separate MIN and directory number for every cellular phone. 2.Subscribers need only know one number. 3.The same phone number can be used to dial a cellular phone using call delivery (DN required) and via the roamer port (MIN required). 4.MINs do not need to be allocated and managed. Problems When MIN = DN ====================== Life is never simple and there are, as you may have guessed, several problems that occur because the MIN and DN are required to be the same: 1.Services, such as extension phone, that allow several mobiles to share a single directory number do not work well if the mobiles share the same MIN, due to restrictions in the analog and digital air interface standards, and some fraud management systems, that assume that MINs are assigned to one, and only one, phone. Therefore, full implementation of these features requires all but one member of the extension phone group to have a MIN that is not the same as the group's directory number. 2.MINs are only 10 digits long and therefore cannot encode all international directory numbers. Even when international numbers fit in 10 digits, they will match a potential North American directory number. On the other hand, if MINs were allocated separately from directory numbers there would be no ambiguity. 3.Directory numbers are allocated by the North American Numbering Plan Administrator. With a shortage of numbers, many constraints are placed on the allocation of MINs. If MINs were allocated separately, 10 billion numbers would be available exclusively to cellular phones. 4.Due to the shortage of directory numbers, services that could be built upon multiple MINs within a single phone are not, in order to conserve directory numbers. An example of this would be having a separate MIN for Voice, Fax, Data and Short Message services in one phone. Separate MIN's would make it easier to identify the terminating service and also to route outgoing calls using SS7 networking Global Title Translation. 5.If a MIN has to be changed, the directory number must also be changed, causing unnecessary inconvenience to the subscriber, who may have to reprint business cards etc. An example is when a MIN is reused and the discontinued phone with the same MIN is still turned on, although not in use. This phone will intercept calls to the legitimate subscriber, whose phone number will have to be changed to keep it the same as the MIN. 6.If a directory number has to be changed, the MIN has to be reprogrammed. Changing the directory number is simple for the carrier, but forcing a parallel change to the MIN requires reprogramming all affected cellular phones. This situation occurs when an area code is split or overlayed, and some or all mobiles are moved into the new area code. 7.Preprogrammed, mass distribution, phones are not possible (e.g. shrink-wrapped) as the MIN must be programmed in the phone. If the MIN is the same as the directory number, it is not be possible to ensure that it is a local number to the purchaser. If the Directory Number is separate, it could be allocated after service is established or, if terminating service is not required, not allocated at all. When a MIN does not match a DN ------------------------------ There are phones in use today which have a different MIN and DN. This can be accomplished in two ways: by wasting a DN or by allocating a non-dialable MIN. An example of the first method is to configure an extension phone service with a separate MIN and DN for each phone in the group. One, or any, DN could be used to reach a phone with any MIN in the group. Assuming that such services are used by a small fraction of subscribers, the waste of directory numbers will not be significant. A more exotic alternative, is to take advantage of the 2 billion MINs that cannot be directory numbers. These are all the MIN's starting with the digit 0 or 1. Some of these numbers are already in use for special services (such as shrink wrapped phones). The problem with these numbers at present, is that there is no agency authorized to allocate them to carriers. Currently the CTIA subsidiary, Cibernet, is compiling a list of the blocks that have been allocated. This, however, is a voluntary effort and could easily allow conflicts or inefficient allocation to result. Summary --------- There are advantages and disadvantages to both keeping the MIN and Directory Number the same, and in separating them. The trend appears to be slowly toward separation of MIN and DN, but possibly so slowly that the majority of phones will always have the same MIN and DN. Luckily, the transition can be gradual, assuming that the available non-dialable MIN resource is not exhausted wastefully before carriers realize its full value and potential. ---------------------------------------------------------------------------- Downloaded from Phoenix Rising Communications. This text file is copyright as indicated at the beginning of the text. It was publically available without charge on CompuServe and forwarded via mail to Phoenix Rising Communications for additional distribution without charge.