# Whisper for Telecom — give every network function an identity it can prove, across operators

> Mobile networks run on trust that was never authenticated.
> The address **is** the NF — a routable, DNSSEC-anchored /128 in `NFProfile.ipv6Addresses`,
> bound to the `nfInstanceId` already in the NF's cert SAN, derived from the key it already holds.
> Publicly verifiable across operators, revocable at DNS-TTL. Additive to your mTLS, OAuth2, operator PKI and SEPP.

Any function that can reach the **NRF** can pull another's profile and speak as it —
because OAuth2 authorization is *optional by spec*, so reachability is authorization.
A minted or reused **bearer token** impersonates any NF. The legacy interconnect —
**SS7 / Diameter / GTP** — is trust-by-default. And roaming trust is transitive and
opaque: your security is your weakest partner's, and you can't see which partner that is.
**Authenticate it.**

`whisper verify --trustless` — anchored at the IANA DNS root. Our own API is not in the trust path.

- **$38.95B** — telecom fraud a year, ~2.5% of revenue, most of it riding trust-by-default interconnect
- **$6.23B** — International Revenue Share Fraud alone, per year — abuse that lives in the interconnect trust vacuum
- **100%** — of 28 tested operator networks were vulnerable to GTP impersonation, fraud or DoS
- **~90%** — of tested operators leaked subscriber IMSIs through Diameter signalling
- **OPTIONAL** — OAuth2 authorization at the 5G NRF is not required by spec: reachability ≈ authorization
- **~70%** — of operators lack the cloud-native capability the roaming fix (SEPP) needs to deploy

---

## The attack, step by step

**This is how a network you run gets driven by a function you never authorized.**
No zero-day. Just a flat, all-IP, HTTP/2 service mesh and a legacy interconnect, both
used exactly as built — where identity is asserted, never independently proven.

1. **FOOTHOLD** — Onto the trust fabric. Lease SS7/Diameter `GT` or GTP access through a grey-market `IPX`, compromise a low-tier roaming partner and inherit its federated trust, or abuse an over-scoped CAMARA / Open Gateway token.
2. **ENUMERATE** — Query the NRF. Inside the `SBA`, hit the `NRF`. Because OAuth2 authz is optional by spec, reachability is authorization — discover every NF, its type, location and capabilities.
3. **IMPERSONATE** — Speak as any NF. Pull a target's `NFProfile` and present its identity. The cert that names it is a private-CA assertion no roaming peer, IPX or regulator can independently check.
4. **ACT** — Intercept, cut, DoS, drain. Intercept calls/SMS/OTP over SS7/Diameter; track location; `PFCP/N4`-cut or redirect a subscriber's user-plane; deregister an NF profile for a stealth DoS; monetize via IRSF/AIT.
5. **ROTATE** — Every last IP is disposable. Hop across IPX hubs, cloud regions and a residential-proxy swarm every few requests. Your core SOC sees a fresh last IP and correlates nothing.
6. **PERSIST** — Unattributed, cross-operator. Every action binds to no verifiable, revocable identity — no cross-operator proof of who, no fast federated kill-switch. De-peering is slow and manual, and the same trust is reused at the next operator.

Invisible by design: a real peer is *one NF to a network it belongs to*; the abuser is
*one reachable session to a mesh that trusts by default* — and every IP it ever shows
you is disposable. This is not hypothetical: state-linked interconnect intrusions
reported across 80+ countries and 600+ organizations since at least 2019 — some reaching
lawful-intercept systems — persisted for years for exactly this reason. We don't claim an
identity layer alone would have stopped a router implant; we do claim it closes the
attribution-and-eviction vacuum those campaigns exploit to stay.

---

## Strip the incident down and it isn't a hundred bugs. It's two.

Every step in that chain leans on exactly two structural gaps that every mobile network
shares. Close both and the attack has nowhere left to stand.

### Gap 1 · you can't follow them when the egress rotates

Rate-limit an IP and they spin up a fresh one across another IPX hub or cloud region. The
egress is disposable; the last IP *was never the peer*. So you block noise while the
operator behind it keeps working.

**The answer — the graph.** A live internet-infrastructure graph — **7.44B**
nodes and **39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting and
threat intelligence, answering in under 300 ms — fingerprints the *operator*, not the IP.
Two levers, kept honestly separate:

- **IPX and cloud rotation** — the graph clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy.
- **Residential-proxy swarm** — where a subscriber IP gives an infra graph nothing to grab, a `JA4/JA3` client fingerprint travels with the *tooling* regardless of the exit, invisible to the proxy because it lives in the TLS handshake, and collapses the swarm to one operator.

Every answer returns a reproducible **evidence chain** your core SOC, your interconnect
team and a regulator can replay. The verbs: `identify(ip)`, `origins(prefix)` +
`walk(node,depth)`, `history` / `watch`, and arbitrary read-only Cypher ("one source
touching N distinct NF identities in a window").

> **"When a rogue NF or a compromised roaming peer phones home through rotating IPX egress, fresh cloud IPs and residential proxies, can you actually attribute it — or just rate-limit an IP and move on?"**
> Attribute it. Infrastructure genealogy collapses the IPX and cloud rotation; a JA4
> client fingerprint collapses the residential swarm. The egress IP is the one thing we
> don't rely on — and the finding feeds straight into your signalling firewall and SIEM.

### Gap 2 · a reachable NRF and a stolen token look exactly like a real NF

A minted or reused bearer token *is* a valid credential; a function that can reach the
NRF *is* — by the spec's own default — authorized. Behaviorally it's a legitimate NF.
Nothing at the boundary separates it, because the identity that names it is a private-CA
assertion no counterparty can independently verify.

**The answer — identity.** Bind the SBI to the NF's own forge-proof **/128** — an address
derived from the key behind the `nfInstanceId` the NF already carries in its cert SAN. And
because that name resolves through a DNSSEC-signed zone with a DANE-pinned record, it also
closes the DNS-spoofing / rogue-NRF / forged-token-issuer gap that mutual TLS alone never covered.

> **"3GPP already mandates mutual TLS on the SBI and every NF has a certificate. Why isn't that enough?"**
> Because it is rooted in the operator's private CA — and it doesn't protect the DNS. No
> roaming partner, IPX, regulator or peer operator can independently verify a private-CA
> cert, and the SBA name layer that NF/NRF discovery rides on is unsigned: spoof DNS and
> you redirect to a rogue NRF or a forged token-issuer URL that mTLS never sees. Whisper
> keeps the same `urn:uuid:<nfInstanceId>` identity (TS 33.310), DANE-pins the very cert
> the NF already presents, and makes it publicly verifiable and revocable at DNS-TTL.

Gap 1 is detection made durable. Gap 2 is the root cause. Here's the root-cause cure.

---

## The root-cause cure · identity

**Give every network function an identity it can prove — across operators, not just inside
yours.** Stop treating NF impersonation as a detection problem and make it an *identity*
problem — strictly stronger. Whisper has one primitive: **the address is the identity.**

A routable IPv6 **/128** out of `2a04:2a01::/32` (announced by **AS219419**),
deterministically derived from a key, DNSSEC-anchored, **DANE-EE** pinned,
RDAP/WHOIS-registered — re-derivable and verifiable by anyone with `dig`.
`whisper verify --trustless` checks it against the IANA root; *our own API is not in the trust path.*

**Point it at network functions.** Derive each NF's — AMF, SMF, UPF, PCF, UDM, or a SEPP —
/128 from the SBA mTLS key it *already* holds, the one whose certificate SAN already carries
`urn:uuid:<nfInstanceId>` (3GPP **TS 33.310**), with the **nfInstanceId as the domain
separator** (`device_id = nfInstanceId`). The private key never leaves the NF; the address
is a one-way function of its public half and that UUID. Drop the /128 into
`NFProfile.ipv6Addresses` — no NRF API change, no re-keying, no new CA.

```
NF SBA key         ──pubkey + nfInstanceId──▶  /128                 ──DNSSEC+DANE-EE──▶  a name any operator can verify
(urn:uuid in cert SAN,                         2a04:2a01:5e0::a3f                        whisper verify --trustless
 TS 33.310, private key                        → NFProfile.ipv6Addresses                no operator-private CA needed
 never leaves the NF)                                                                    op:revoke → gone across operators at DNS-TTL
```

What becomes true the moment you do this:

- **"One reachable NRF → every NF" becomes impossible.** Every impersonation is a DNSSEC/DANE inconsistency any counterparty catches — inside the core or across the N32 border.
- **Egress rotation becomes irrelevant.** Identity is not the source IP; the "last IP" was never the credential.
- **Stolen bearer tokens fail.** A minted or reused token with no NF key behind it authenticates to nothing.
- **One `revoke` kills a compromised NF everywhere** at DNS-TTL speed — `dig -x` returns nothing, verify returns false — across operators, not one CRL per operator that peers may never fetch.

**Attaches to what you already run — it does not replace it.** Whisper complements the
anchors 3GPP mandates — mutual TLS on the SBI, OAuth2 at the NRF, the operator PKI (CMPv2
enrolment), SEPP topology-hiding and N32/PRINS. It is the publicly verifiable,
DNSSEC/DANE-anchored layer *on top*, at the DNS / IP / transport boundary: no bespoke
trust store to cross-certify with every roaming partner, and revocation at DNS-TTL instead
of a per-operator CRL/OCSP. You can even DANE-pin the NF/NRF certificate the SBA already
speaks and cut single-CA and rogue-issuer risk. It never sits inside the intra-SBI path
where mTLS and the NRF already bind tightly.

**The nfInstanceId is the public UUID — the /128 is its cryptographic counterpart.** The
nfInstanceId is a known, structured identifier flowing through every NRF registration and
discovery; useful for interoperability, but it isn't a secret. The /128 is bound to the
NF's key *and* the nfInstanceId — so the UUID alone yields nothing: you cannot go
nfInstanceId → /128 without the key, there is no enumerable directory, and RDAP/reverse-DNS
return the registry object, never the NF's internal whereabouts. Because the derivation is
**tenant-bound**, the same NF instance under two operators yields two unrelated /128s — no
one can link an instance across the PLMN boundary.

**Lifecycle, end to end.** CMPv2 enrolment → in-life SBI → incident `revoke`. An NF
scale-out re-derives a /128 per instance; a scale-in or decommission is one `revoke`; a
compromised roaming identity is cut at the N32 border in one call — the home network (HPMN)
revokes a visited-network (VPMN) peer without waiting on an IPX. Compromise one NF and
you've compromised *that NF*, not the mesh — the impersonate-any-NF failure mode is
structurally removed. And nothing is issued in the dark: every mint and every revoke lands
in a public, Bitcoin-anchored [transparency log](/docs/telecom-compliance) you and your
regulator can audit.

Maps to **NIS2** Art.21/23 incident handling & reporting, the **EU 5G Toolbox** TM02 (turn
on the optional controls), **NSA/CISA ESF 5G Cloud** Parts II–III micro-segmentation,
**CISA ZTMM** Identity, and **GSMA FS.36** for the N32 boundary — delivered as a network
primitive, not a compliance binder. [See the compliance map →](/for-operators)

---

## The surface no one else has · see & govern

**See who's enumerating your NFs — before the impersonation lands.** An identity you can
prove is also an identity you can *watch*. Because every NF's name resolves through
Whisper's own authoritative DNS and RDAP, the owner sees exactly who looked — a
reconnaissance tripwire the operator-private NRF never gave you — and can govern precisely
what each function may talk to.

Every resolve, PTR and RDAP query against an NF's identity is recorded. A legitimate
consumer NF and a roaming SEPP each look up one record; an unknown enumerator issuing
hundreds of RDAP hits a minute stands out. `op:lookups` returns who looked — surfacing an
enumerating peer *before* the impersonation, not after.

- **Who checked this NF is a query** — `op:lookups` returns who resolved or RDAP-queried an NF's identity, an early warning that someone is enumerating your core or a roaming peer is probing, not a post-mortem after the impersonation.
- **Govern what each NF may reach** — a graph-first resolver and source-bound egress enforce **default-deny** per NF: allow the peer SEPP and the OAM/OTA endpoint, block everything else, by name or subdomain.
- **Per-NF firewall, budget, kill-switch** — `op:firewall` allow/deny by host, cidr or port; `op:budget` caps an NF's traffic; `op:revoke` cuts a compromised function off across operators in one call.
- **Non-repudiable interconnect telemetry** — `sign-outputs` binds each SBI response, CDR or N32 message to the NF's forge-proof /128, so a roaming partner, a regulator and interconnect settlement trust the record came from the real function.

The same *address-is-identity* primitive that governs a compromised NF also governs the AI
agents your NOC, OSS/BSS and CAMARA developer platform are about to run — per-agent /128,
per-agent logs, default-deny egress, one `revoke`. From day one.

---

## Prove it in 60 seconds · no account

Two tiers, by design. **No key:** anyone can verify an NF's identity, resolve it, and
back-trace a suspicious peer — trustless, anchored at the IANA root. **Your key:** bind an
NF to the nfInstanceId it carries, govern its egress, revoke it across operators.

```sh
# keyless — re-derive and verify any NF's identity, trustless
$ whisper verify --trustless 2a04:2a01:5e0::a3f
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the NF's SBA cert
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — no operator-private CA in the trust path

# the address is the NF — reverse DNS names it
$ dig -x 2a04:2a01:5e0::a3f +short
  nf-amf-3f2504e0.sbi.example-plmn.whisper.online.

# who really operates a suspicious IPX host — the real graph API, a CALL whisper.identify()
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"185.60.x.x\")"}'
  operator:  <fingerprinted> · seen across IPX / AWS / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```sh
# bind an NF to the nfInstanceId already in its cert SAN, and govern it
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the NF SBA key>',
       device_id:'3f2504e0-4f89-11d3-9a0c-0305e82c3301'}})"   # device_id = the nfInstanceId
  → identity 2a04:2a01:5e0::a3f   DNSSEC + DANE live · drops into NFProfile.ipv6Addresses
$ whisper policy set --default deny --allow sepp.partner-plmn.example,oam.example-plmn.net
$ whisper kill --revoke 2a04:2a01:5e0::a3f   # across operators, at DNS-TTL
```

Secure your core → <https://console.whisper.security/sign-up> · Read the [docs](/docs).

---

## Where Whisper fits

**Your signalling firewall sees *that* a message is malformed. Whisper proves *who* sent
it — and follows them when the egress rotates.** The signalling-firewall incumbents — Enea,
SecurityGen, P1 Security, Positive Technologies, Mobileum — inspect and score the message
across SS7, Diameter, GTP-C and HTTP/2, and that's necessary. The 5G-core firewalls
(Palo Alto CN-Series, Fortinet, A10, Check Point) protect GTP-U, SCTP and the packet core.
Your operator PKI and SEPP (Ericsson, Nokia, Oracle) issue and lifecycle NF certificates
and hide topology at N32/PRINS. But all of them attribute *within* the signalling plane or
trust a *private* CA — the identity is not publicly verifiable, revocation is a per-operator
CRL/OCSP, and the cert isn't a routable identity that survives NAT, roaming and IPX.
Whisper adds the two layers no one else owns: an internet-infrastructure attribution graph
that fingerprints the operator across rotating IPX, cloud and residential egress, and a
publicly verifiable NF-identity plane that is addressable and revocable at DNS-TTL. Exactly
the two gaps NF impersonation exploits.

| | Signalling / core firewall | Operator PKI + SEPP | Whisper |
|---|---|---|---|
| Signalling & core traffic protection (SS7/Diameter/GTP/SCTP) | ✓ | — | *additive feed* |
| **Publicly verifiable** NF identity (no cross-certification) | — | — | ✓ |
| Cross-operator revocation at DNS-TTL | — | — (per-op CRL/OCSP) | ✓ |
| Operator attribution across rotating IPX / cloud / residential egress | — | — | ✓ |

It's depth on top of the stack you already run — it can DANE-pin the same NF/NRF
certificate your SBA already speaks, and it lands as a machine-readable feed into your
SIEM — the Splunk and Microsoft Sentinel connectors ship today — enrichment
that makes your signalling firewall and threat-intel sharper. It does not do signalling
firewalling, GTP/SCTP inspection or packet-core protection — those stay the incumbents'.
It doesn't replace them, and it doesn't add a console your analysts babysit.
[See the full comparison →](/compare)

---

## Built for the people who have to sign off

**Additive to your stack. Mapped to your standards. Availability-safe by construction.**
Three planes on one primitive — identity, attribution graph, egress governance — and all
three exit into the stack you already run, not a new silo.

- **Closes the gap 33.501 leaves open.** 3GPP mandates mTLS and OAuth2 but *not* DNSSEC/DANE on the SBA name layer. A DNSSEC-signed zone with DANE-pinned NF/NRF records gives a hijack-resistant name→address→expected-cert binding that defeats DNS spoofing, a rogue NRF and a forged token-issuer — the least-contestable claim on this page. [See the map →](/for-operators)
- **Attribution for NIS2 reporting.** Cryptographic who/where forensics that accelerate the NIS2 Art.23 24h / 72h / 1-month timelines, and SCAS TS 33.117 logging anchored to a per-NF /128. A reproducible, replayable JSON evidence chain, plus DANE-pinned peer identity to harden the GSMA FS.36 N32 vector.
- **Nothing issued in the dark.** Every identity mint and every revoke lands in a public, append-only RFC 6962 Merkle transparency log, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable trail for your regulator. *Honest status:* tamper-evident today, independent witnessing is the next step.
- **Additive & availability-safe.** It rides existing DNS/IPv6 and adds no inline SBI chokepoint. If a consumer authorizes against the DANE/verify path, that plane is built to fail open — a Whisper outage never blocks an NF; checks degrade to your existing mTLS+OAuth2 anchors. Anycast on AS219419, no single node in the path.
- **One identity fabric, every vendor & operator.** Derived from the key already in the NF — no second PKI, no cross-certifying every roaming partner's Root CA, no re-registration. Whether it's an AMF, a UPF or a SEPP, it's one verifiable /128 you and a roaming partner can both check without an IPX in the middle.
- **A vendor that will still be here.** Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start. [See pricing →](/pricing)

---

## Give every network function an identity it can prove.

The address is the NF — routable, DNSSEC-anchored, bound to the nfInstanceId it already
carries, publicly verifiable across operators, revocable in one call. Keyless to try, one
call to provision, one more to revoke.

Secure your core → <https://console.whisper.security/sign-up> · [For operators →](/for-operators)

Or run `whisper verify --trustless` right now.

---

*Whisper for Telecom · Identity on the wire for mobile networks · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
