Gsma Fs.38
The FS.38 document provides a comprehensive framework for securing SIP environments across fixed, mobile, and converged networks. It specifically targets: 1. Core Network Hardening
: Fraudsters alter originating caller identities to bypass security checks, execute social engineering scams, or artificially inflate terminal traffic rates.
FS.38 expands the focus beyond just the SIP signalling, encompassing related areas such as , customer portals , and back-end databases that store credentials. Key Recommendations in GSMA FS.38
: Advocates for comparing fields across different protocols (e.g., SIP, SS7, and Diameter) to identify discrepancies that signal fraud or security breaches. SIP Firewall Implementation gsma fs.38
A central target of this philosophy is the over-reliance on the SBC. While the SBC is undeniably a fundamental part of a core SIP network's defense—acting as a specialized firewall for SIP signaling and media—the FS.38 cautions that it should not be the only defense. Relying solely on an SBC is like locking the front door of a house while leaving every window wide open.
| GSMA PRD | Title / Focus Area | What It Covers | | :--- | :--- | :--- | | | SS7 and SIGTRAN Network Security | Threat analysis, attack methods, and countermeasures for SS7 signaling | | FS.19 | Diameter Interconnect Security | Potential diameter-based attacks and mitigation strategies | | FS.20 | GPRS Tunnelling Protocol (GTP) Security | Security analysis for the GTP control plane | | FS.22 | VoLTE Security | Security analysis and recommendations specifically for VoLTE | | FS.36 | 5G Interconnect Security | Security considerations for 5G network interconnections | | FS.37 | GTP-U Security | Security recommendations for the GTP user plane | | FS.38 | SIP Network Security | Comprehensive guide to SIP-based attacks and countermeasures | | FS.39 | 5G Fraud Risks Guide | Describes potential attacks against 5G networks and their services |
The following table outlines some of the most important GSMA security documents: The FS
: Recommends using a SIP Firewall as a defense layer against specific attacks: DDoS Protection
FS.38 goes beyond simple fraud prevention, adopting a "defence in depth" approach to secure the entire signaling ecosystem.
While this transition delivers vast open-standard capabilities, it exposes core infrastructure to vulnerabilities historically native to standard IT networks. The GSMA Fraud and Security Group (FASG) introduced FS.38 to shift the industry from a perimeter-only defense model to a comprehensive, multi-layered "defense in depth" architecture. The Core Mandate: Rethinking SIP Security While the SBC is undeniably a fundamental part
GSMA FS.38 is a critical standard for the 5G era, providing a comprehensive framework for network slicing and enabling the creation of multiple, independent networks on top of a shared physical infrastructure. As the industry continues to evolve, FS.38 will play a vital role in unlocking the full potential of 5G technology, delivering improved customer experiences, and driving innovation across multiple industries and use cases.
To appreciate FS.38, one must distinguish it from adjacent standards. Unlike the ETSI EN 303 645 (Consumer IoT security), which focuses on the home device, FS.38 is specifically tuned for wide-area cellular networks. Unlike the NIST IR 8259 series, which is general-purpose, FS.38 explicitly references GSM-specific elements (IMSI catching, false base stations, SMS vulnerabilities).
The potential applications of FS.38 are vast and diverse:
Operators aiming to secure their infrastructure can find additional technical materials and strategic implementations through the GSMA Cybersecurity Knowledge Base .