STIR Implementation

Long Term Goals

This project fits in the PSTN Transition program in the S2ERC. The PSTN Transition refers to the transition from the legacy, time-domain multiplexed, SS7-signaled voice network to the new, IP packet-switched, SIP-signaled multimedia network.

Ultimately, we would like to see a telecommunications network that is more secure, does a better job at preserving privacy, and is more usable than the network we have today.

Background for Long Term Goals

One of the security issues facing the industry is uncertainty in authoritatively determining who a caller  is,  particularly  with  respect  to  identifying  the  caller  to  the  called  party.  Callers  with nefarious  intent  tend  to lie  about  their  identity  for one  of two  broad  reasons.  The  first  is to convince the called party that they are not who they really are. For example, shady telemarketers that try to skirt the FCC’s telemarketing  regulations  may use bogus caller identity  to entice a called party to answer their call, whereas the called party might reject the call out of hand if they see it is a telemarketer. The second is to convince the called party that they are someone who they are not. For example, a fraudster might use the identity of a credit card provider to get a called party’s personally identifying information. When the called party sees the caller looks like they are calling from their credit card company, they may be lulled into divulging their credentials.

The term for using a fake caller identity is spoofing.

A related issue is ‘robocalling.’  This is where an automated  system makes thousands  of calls. Some have sophisticated  voice interaction  and AI back-ends  that almost pass the Turing Test (they appear to be live operators). Robocalling has gotten to be such a problem that Congress is holding hearings and introducing bills on the topic.[1]  Robocalling  is related to spoofing, in that robocallers make many of the spoofed calls.

Spoofing can have very real, physical world consequences. Caller identity is intimately tied into the nation’s public safety system. There are numerous examples of criminals spoofing a target’s caller identity, calling 911, and making the call sound like the target is armed and dangerous. In such a situation, the response may be a SWAT team. The team, expecting  the worst, may use tactics  such  as  no-knock  entry.  The  unwitting  target,  who  only  knows  their  home  is  being invaded, may respond in a way that immediately results in the SWAT team summarily executing the target. Thus, the criminal leverages the public safety system to commit murder by proxy.[2]

Spoofing can have economic impacts. For example, many credit card companies will mail their customers credit cards. One threat they have to deal with is someone stealing the cards from the customer’s  mailbox.  To  mitigate  the  threat,  the  card  companies  have  the  customer  call  a telephone number from their phone to say they received the cards. That way, if someone steals their cards, they cannot use them. Unfortunately, if someone steals mail from a mailbox, they also have the name and address of the victim.  With that information, they can lookup the victim’s telephone number, spoof it, and activate the card. 

Spoofing can have privacy impacts. For example, many voice mail systems present a subscriber menu, instead of the caller interaction (e.g., leave a message), if the voice mail system receives a call from the subscriber’s  telephone.  The problem  is if the subscriber  choses to not require  a password for message retrieval, which is a common setup for mobile voice mail systems, then anyone who spoofs their telephone number gets immediate access to the victim’s voice messages, address book, and other services offered by that particular system.

The Alliance for Telecommunications  Industry Solutions (ATIS) and the SIP Forum have been working   on   developing   a   specification   for   Internet   Protocol   based   network-to-network interconnect  (IP-NNI)  that includes  specifying  cryptographically  assured  calling  party identity and management  of the supporting  public  key infrastructure  (PKI).[3]  In parallel,  the IETF has chartered the Secure Telephone Identity Revisited work group (STIR) to “specify Internet-based mechanisms  that  allow  verification  of  the  calling  party's  authorization  to  use  a  particular telephone  number  for an incoming  call.”[4]  Recently,  the technical  work has merged.  Although there is disagreement  on how the PKI will be managed, there is consensus on moving forward with the technology developed by the ATIS/SIP Forum IP-NNI group.

Intermediate Term Objectives

This four-month  project  will implement  the entities  and protocol  of the authenticated  identity management protocol outlined in draft-ietf-stir-rfc4474bis  using the PAI information elements in the INVITE in accordance with the ATIS / SIP Forum Taskforce efforts, including SHAKEN. The implementation approach will be to modify Kamailio (OpenSER) to sign outbound INVITE requests and validate inbound INVITE request.

A prior phase of this project delivered a certificate-signing server, SIP signing, and SIP validation servers, written in node.js.

Schedule of Major Steps:

Prepare design documentation of the authentication and verification servers. [3 weeks].

Develop and debug the authentication and verification servers. [9 weeks]



1 See, e.g., H.R. 3670 (113th), Anti-Spoofing Act of 2014, and S. 2787 (2014), Caller ID Scam Prevention Act of 2014.

2 This almost happened to a security researcher. See no-room-for-cowards/  for an example.