Download to read offline
Toward Authenticated Caller ID Transmission
- 1. Toward Authenticated Caller IDTransmission Raymond Tu Arizona State University ITU SG11, Feb 7 2017
- 3. 0 1,000,000 2,000,000 3,000,000 4,000,000 5,000,000 6,000,000 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 National Do-Not-Call RegistryComplaints Data Source: US National Do-Not-Call Registry
- 4. 0% 10% 20% 30% 40% 50% 60% 70% 80% 0 100,000 200,000 300,000 400,000 500,000 600,000 2013 2014 2015 PhoneFraud Complaints % Fraud by Phone Data Source: US FTC Consumer Sentinel Network
- 5.
- 6.
- 12.
- 13.
- 14.
- 15.
- 19.
- 24. Key Benefits Immediate cueof a verified source Provides a foundation for spam defenses Promotes vigilance for identity verification Provides assurance for doing business over the phone
- 25.
- 26. • Authentication • Integrity •Deployability Design Principles
- 29. 1. Caller IDVerification 2. Authenticated Call Request Scheme Overview
- 30. • Provide proofof E.164 ownership to a CA • Obtain a Caller ID Certificate • Use Caller ID Certificate to generate Authenticated Call Requests Caller ID Verification
- 31. • Generate anextended IAM with a digital signature using the Caller ID Certificate • Validate the IAM signature Authenticated Call Request
- 32. • UTC Timestamp(UNIX time) • X.509 certificate format • International E.164 format • Parameter Compatibility Information parameter (Q.764.2.9.5.3.2) Other Details Parameter Type Length (octets) UTC Timestamp Optional Part 4-? Signature Algorithm Optional Part 1-? Signature Optional Part 16-? Caller Identity Certificate Optional Part 32-?
- 33. • Certificate Revocationto guard against stolen identity – E.g. stolen certificate, cell phone theft, etc. • Recommend: Certificate Revocation List with short-term certificates – No stalling, OCSP can cause stalling – Reduce list size – Risk containment Security Considerations
- 34. Local Deployment Considerations • Presentingthe security indicator to the called party • Use a flag indicator, only if – Local exchange network connection is secured – Identity of the local exchange carrier is authenticated – Call request header is integrity protected • Recommend: Forwarding of the extended IAM parameters
- 35. Future Work 1. Standardization 2.Implementation 3. Commercialization
- 36.
- 37. Thank you tu@asu.edu +1 480420 8250 huahongtu.me
Editor's Notes
- #11 Today spam distribution technology has become more advanced and more accessible than ever. With the rise of cloud computing, there are now hundreds of autodialer services that are accessed over the internet, with advance features such as simultaneous calling, interactive voice response and customizable caller ID. In order to better understand telephone spam from the spammer’s perspective, we also asked, how does a spammer operate?
- #13 This is what the PSTN used to look like.
- #14 However, With introduction of IP access to the PSTN, the spammer is now further insulated from law enforcement.
- #15 And with IP access, the spammer could now further evade law enforcement by hiding behind VPNs and Tors.
- #16 To make matters worse, the spammer could reside anywhere in the world beyond the jurisdiction of the law enforcement.
- #17 Another way is to defeat call blockers and make the call seem more legitimate is to use a fake caller ID number. With most autodialers, The caller ID number can be easily spoofed because current call protocols do not have a built-in authentication mechanism. The carriers also do not have a legal obligation to ensure that the caller ID number is verified. In fact, some VoIP carriers sell customizable caller ID as a service feature. So you might ask what about law enforcement?
- #19 Right now, there is a sever lack of accountability in telephone identities, until that changes, we’re still going to have vast amounts of robocalls and scam calls hurting consumers and businesses.
- #27 Talk about why TLS cannot be applied in deplorability, and STIR
- #34 Give a bit more background of cert revocation and why it matters. Some stories.