Long Term Goals
This project fits in the PSTN Transition program in the S2ERC. The PSTN Transition refers to the transition from the legacy, time-domain multiplexed, SS7-signaled voice network to the new, IP packet-switched, SIP-signaled multimedia network.
Ultimately, we would like to see a telecommunications network that is more secure, does a better job at preserving privacy, and is more usable than the network we have today.
Background for Long Term Goals
One of the security issues facing the industry is uncertainty in authoritatively determining who a caller is, particularly with respect to identifying the caller to the called party. Callers with nefarious intent tend to lie about their identity for one of two broad reasons. The first is to convince the called party that they are not who they really are. For example, shady telemarketers that try to skirt the FCC’s telemarketing regulations may use bogus caller identity to entice a called party to answer their call, whereas the called party might reject the call out of hand if they see it is a telemarketer. The second is to convince the called party that they are someone who they are not. For example, a fraudster might use the identity of a credit card provider to get a called party’s personally identifying information. When the called party sees the caller looks like they are calling from their credit card company, they may be lulled into divulging their credentials.
The term for using a fake caller identity is spoofing.
A related issue is ‘robocalling.’ This is where an automated system makes thousands of calls. Some have sophisticated voice interaction and AI back-ends that almost pass the Turing Test (they appear to be live operators). Robocalling has gotten to be such a problem that Congress is holding hearings and introducing bills on the topic. Robocalling is related to spoofing, in that robocallers make many of the spoofed calls.
Spoofing can have very real, physical world consequences. Caller identity is intimately tied into the nation’s public safety system. There are numerous examples of criminals spoofing a target’s caller identity, calling 911, and making the call sound like the target is armed and dangerous. In such a situation, the response may be a SWAT team. The team, expecting the worst, may use tactics such as no-knock entry. The unwitting target, who only knows their home is being invaded, may respond in a way that immediately results in the SWAT team summarily executing the target. Thus, the criminal leverages the public safety system to commit murder by proxy.
Spoofing can have economic impacts. For example, many credit card companies will mail their customers credit cards. One threat they have to deal with is someone stealing the cards from the customer’s mailbox. To mitigate the threat, the card companies have the customer call a telephone number from their phone to say they received the cards. That way, if someone steals their cards, they cannot use them. Unfortunately, if someone steals mail from a mailbox, they also have the name and address of the victim. With that information, they can lookup the victim’s telephone number, spoof it, and activate the card.
Spoofing can have privacy impacts. For example, many voice mail systems present a subscriber menu, instead of the caller interaction (e.g., leave a message), if the voice mail system receives a call from the subscriber’s telephone. The problem is if the subscriber choses to not require a password for message retrieval, which is a common setup for mobile voice mail systems, then anyone who spoofs their telephone number gets immediate access to the victim’s voice messages, address book, and other services offered by that particular system.
The Alliance for Telecommunications Industry Solutions (ATIS) and the SIP Forum have been working on developing a specification for Internet Protocol based network-to-network interconnect (IP-NNI) that includes specifying cryptographically assured calling party identity and management of the supporting public key infrastructure (PKI). In parallel, the IETF has chartered the Secure Telephone Identity Revisited work group (STIR) to “specify Internet-based mechanisms that allow verification of the calling party's authorization to use a particular telephone number for an incoming call.” Recently, the technical work has merged. Although there is disagreement on how the PKI will be managed, there is consensus on moving forward with the technology developed by the ATIS/SIP Forum IP-NNI group.
Intermediate Term Objectives
This four-month project will implement the entities and protocol of the authenticated identity management protocol outlined in draft-ietf-stir-rfc4474bis using the PAI information elements in the INVITE in accordance with the ATIS / SIP Forum Taskforce efforts, including SHAKEN. The implementation approach will be to modify Kamailio (OpenSER) to sign outbound INVITE requests and validate inbound INVITE request.
A prior phase of this project delivered a certificate-signing server, SIP signing, and SIP validation servers, written in node.js.
Schedule of Major Steps:
Prepare design documentation of the authentication and verification servers. [3 weeks].
Develop and debug the authentication and verification servers. [9 weeks]
1 See, e.g., H.R. 3670 (113th), Anti-Spoofing Act of 2014, and S. 2787 (2014), Caller ID Scam Prevention Act of 2014.
2 This almost happened to a security researcher. See http://krebsonsecurity.com/2013/03/the-world-has- no-room-for-cowards/ for an example.