Gsma Fs.38 (2025)

approach, recognizing that SBCs alone cannot protect against sophisticated modern attacks. 🔑 Key Pillars of the FS.38 Framework

It is within this context that the GSMA’s Fraud and Security Group (FASG) created the SIP Security (SIPSEC) group, chaired by Tony Friar of Velona Systems, who also served as the editor and lead author of the FS.38. The goal was ambitious: to provide an overarching, end-to-end document covering real-world SIP attacks and practical countermeasures—a resource that had been conspicuously absent in the fragmented landscape of existing IETF, 3GPP, and ETSI standards.

This technical framework reshapes how Communication Service Providers (CSPs) and Mobile Network Operators (MNOs) secure their core signaling layers against fraud, denial-of-service (DoS) attacks, and privacy breaches. Why SIP Security Needs a Paradigm Shift

GSMA FS.38 is a technical specification developed by the GSM Association (GSMA) that defines a remote SIM provisioning (RSP) solution for M2M and IoT devices. The standard enables the remote management of multiple embedded SIMs (eSIMs) in devices, allowing for efficient and secure deployment of IoT solutions. gsma fs.38

SIP is the "waiter" of the telecommunications world. When you place a VoLTE call, SIP is the protocol that takes your order, finds the person you're calling, and sets up the "table" (the connection) so you can talk.

| Feature | | ETSI MEC (Multi-access Edge Compute) | LF Edge (OpenHorizon) | | :--- | :--- | :--- | :--- | | Primary Focus | Federated trust & roaming | Network integration (UPF, RAN) | Device & software management | | Inter-Provider | Excellent (Built for roaming) | Poor (Single operator only) | Moderate (Requires custom adapters) | | Maturity | Spec v1.0 (2023) | Commercial deployments (v2.x) | Mature (IBM origin) | | Best Use Case | Cross-operator edge roaming | Single operator / on-prem edge | Large-scale device fleets |

: The guidelines provide a means for operators to verify the security claims made by equipment vendors during tender processes. approach, recognizing that SBCs alone cannot protect against

: Because SIP is an open, text-based protocol similar to HTTP, it is highly accessible to hackers. Traditional internet-borne attacks can now easily target telecom infrastructures.

, where the risk of subscriber data leakage and fraud is significantly higher. It is often used by service providers to evaluate vendor equipment during tender processes. specific countermeasures for SIP-based fraud or see how FS.38 integrates with other GSMA documents like FS.21?

The creation of FS.38 was driven by a fundamental shift in how the telecommunications industry views security. For too long, security was an afterthought, a problem to be solved after a network was built and launched. The industry operated on a foundation of implicit trust, not "zero trust," and often believed that a firewall at the network's edge was sufficient protection for any protocol. This approach is dangerously obsolete. The digital age has democratised access to technical knowledge, making it easier than ever for criminals to find and exploit vulnerabilities in protocols like SIP. With the rise of services like VoLTE, Vo5G, and RCS, the attack surface has grown exponentially, and a more robust, multi-layered security framework has become a necessity. SIP is the "waiter" of the telecommunications world

At the network layer, the guidelines mandate the use of private network overlays such as APNs (Access Point Names) and IPsec tunnels. However, the most cited recommendation from FS.38 is the prohibition of permanent, always-on "SMS triggers" for high-value assets, favoring instead UDP/TCP initiated connections or asynchronous messaging (e.g., MQTT) to reduce the attack surface.

The GSMA FS.38 PRD is a critical resource for mobile network operators and their partners. Like many detailed security standards, the full document is classified as "Members Only" content and is available for download exclusively to GSMA member organizations through the official member gateway. This controlled access ensures that detailed network defense information is shared within the trusted telecom community.

: Stopping port scans and SIP fingerprinting used to map network vulnerabilities. Routing Attack Mitigation

FS.38 strongly recommends the use of encryption for SIP traffic. However, the document takes a nuanced view, acknowledging that encryption does not solve all security problems—insider attacks or attacks via compromised tunnels can still occur, and encryption can sometimes hinder legitimate traffic monitoring, necessitating a balanced security strategy. 4. Securing Interconnects