Daniel Clement @ AWS Hong Kong Community Day 2025
Recent Trends and Challenges
Increase in Online Transactions
* Rising reliance on phones for transactions in regions like West Africa, China, and Hong Kong
* Estimated annual online transactions to reach one trillion by 2027
Rise in Payment Scams
* 1.5 billion dollars lost to fraud as of 2023
* 47% of fraud involves transactions (online, physical, voice)
Industry Responses
* Implementation of anti-fraud systems
* Enhanced two-factor authentications
* Behavioral analytical checks
* Risk engines to track patterns
Limitations of Pattern-Based Protection
* Provides only a certain level of protection
* Need for more comprehensive security measures
Tokenization and Detokenization
* Encrypting requests to secure transactions
* Decrypting upon receipt to ensure secure delivery
* Current practice in many financial companies
Fraud Detection and Prevention Challenges
Security Intelligence Gaps
* Telecom industries struggle to keep up with new fraud attacks
* Constant emergence of new backdoors in security systems
Balancing Security and User Experience
* Challenge of securing systems while ensuring legitimate traffic is not blocked
* Concern about how to maintain security without hindering customer experience
Monitoring and Detection Limitations
* Traditional allow/deny rules are insufficient against modern threats
* New attacks often bypass rule-based systems
AWS Tools for Enhanced Identification
* Utilization of AWS tools to identify and mitigate new threats
Traditional vs. Modern Security Methods
Traditional Methods
* Allow or deny rules
* Two-step authentication
* Network VLANs with set IP addresses
Limitations of Traditional Methods
* Ineffective against advanced AI and machine learning-driven attacks
* Create more loopholes in the system
Evolution of Deceptive Vectors
Modern Attack Techniques
* Focus on voice-based scams
* Social engineering to deceive users into transactions they didn’t initiate
Need for AI and Machine Learning
* Addressing the worry and need for advanced solutions
* Solution to counteract contemporary fraud methods
Historic Flaws with Contemporary Delivery Methods
SS7 Protocol
* Used in 2G, 3G, and 4G networks
* Designed to prevent interception of communication
* Signaling System No. 7 (SS7) is a globally recognized set of telecommunication protocols that provides the signaling and control for most of the world's public switched telephone network (PSTN) calls. It uses a separate, dedicated network to exchange the control information needed to set up, manage, and release voice calls and enable advanced services like SMS and caller ID.
* SS7 was designed in the 1970s and 1980s as a closed
* This lack of security makes it vulnerable to exploits, allowing malicious actors with access to an SS7 network to:
* Track Location: Pinpoint a user's location anywhere in the world by querying location databases.
* Intercept Communications: Eavesdrop on calls and read SMS messages, including sensitive information like two-factor authentication (2FA) codes for online banking and other services.
* Facilitate Fraud: Reroute calls, perform SIM swap attacks, or conduct other fraudulent activities.
* Launch Denial of Service (DoS) Attacks: Overload signaling channels, causing network disruptions.
* 4G and 5G networks primarily use the more secure Diameter protocol for signaling, SS7 is still widely used to support global roaming, interconnect with legacy 2G/3G networks, and deliver SMS messages.
Ongoing Threats
* Despite the buildup of 4G and 5G, 2G and 3G networks are still in use
* Hackers exploit SS7 protocol flaws to intercept communications
* Continuous threat due to the reliance on older network technologies in some regions
Benefits of Using AI in Telecom Security
AI as an Enabler
* Trains machines to detect deceptive conversations
* Identifies "scammy" language in conversations
* Differentiates between legitimate and fraudulent interactions
Continuous Learning
* AI adapts to new attacks with new solutions
* Ensures up-to-date protection against evolving threats
Economic Implications
* Prevents revenue leakage and company bankruptcy
* Maintains customer trust as a valuable asset
* Ensures secure systems to retain customer confidence and investment
Solution Overview
Integration with Existing Systems
* Addresses both cloud-based and on-premises legacy systems
* Minimizes latency for 5G-based technologies
* Ensures compatibility with older network technologies
Flow of the Solution
* \[ 1 \] Call Initiation
* Calls made via radio waves, satellites, or IP addresses
* \[ 2 \] Routing
* Calls routed to towers
* \[ 3 \] Conversion
* Calls converted at a media converter before translation into the secure environment
Suspicious Voice Detection
* Transcriber captures suspicious voices during calls
* Custom Keyword Check:
* Keywords like "give me your pin" or "we need your bank details" are flagged
* Ensures secure handling of sensitive information within conversations
Detailed Solution Workflow
Preloaded Keywords
* System is preloaded with keywords indicative of potential fraud (e.g., "give me your pin")
* These keywords are the first point of call for identifying suspicious conversations
AWS Comprehend
* Analyzes the tone, haste, and sentiment of the conversation
* Identifies scammy language and unusual conversational patterns
AWS SageMaker
* Utilizes custom models for partial, real-time model training
* During a phone call, the system identifies suspicious patterns and sends a fraud alert to the user
* Users can choose to end the call if fraud is detected
Event Bridge and Lambda Functions
* Event Bridge signifies custom fraud logic
* Lambda functions handle different detection scenarios (neutral, non-neutral, fraudulent)
* Triggers user notifications based on detection outcomes
Retraining Bucket
* Conversations not initially checked are saved in an S3 bucket for retraining
* Enables unsupervised learning, allowing the system to learn from past conversations
System Visibility and Compliance
* Artifacts for compliance
* CloudWatch for log monitoring
* GuardDuty for identifying model behavior changes and security injections
* AWS Crawler for static analysis of configurations (automatically scans and discovers data in various sources like Amazon S3, DynamoDB, and relational databases to populate the central AWS Glue Data Catalog)
* AWS Config for key management
* Managing Personally Identifiable Information (PII)
Data Sensitivity and Encryption
* Ensures data remains secure, either on the telecom side or within the cloud
* Full cloud implementation available, with options for telecom users to choose their preferred method
Demo and Implementation Details
* Simple demonstration showing ongoing conversations and identification of suspicious patterns
* Real-time fraud detection and user alerts
Recorded Conversations
* Demonstration includes various voice recordings
* Distinction between non-phishing and phishing voice recordings
Terraform for Deployment
* Utilization of Terraform for infrastructure deployment
* Sample code provided for Lambda function deployment
Lambda Function
* SNS topic triggered by events
* Keywords for detection: "to reset your PIN", "confirm your account", "last four digits", "confirm your account number"
* Suspicious margin set at 0.5; 0.85 indicates fraud
Mitigation Framework
Policy as Code with AI
* Importance of defining policy as code, incorporating AI
* AI assists in understanding and updating complex code beyond human capability
Structured Code Deployment
* Treat code deployment as peer review with a proper structure
* Attach security risk implementations and unit tests
* Ensure protection through continuous model behavioral monitoring with AWS GuardDuty
Natural Language Processing (NLP)
* Addition of NLP to identify patterns and sentiments in telecommunications and radio waves
* Enhance detection of fraudulent, neutral, or safe communications
Global Fraud Prevention
Real-Time Risk Management
* Focus on preventing fraud in real-time on a global scale
* Ensure secure systems through continuous monitoring and adaptation
Conclusion
* Emphasis on proactive fraud prevention rather than reactive measures
Top comments (0)