Security

Secure Telephone Identity Revisited BoF Results in Motivated Working Group

The Secure Telephone Identity Revisited (STIR) BoF was one of the most anticipated sessions of IETF 87—the BoF mailing list had more than 500 messages sent in the month prior to the meeting and because of similarities between the source identification in the telephone network and the source identification techniques for managing spam, the BoF drew interested parties from both the telephony and email worlds.

Today, much of the Public Switched Telephone Network (PSTN) has moved to a Voice over IP (VoIP) core, using IETF standards such as Session Initiation Protocol (RFC 3261) for signaling and Real-time Transport Protocol (RFC 3550) for media transport. However, non-Internet E.164 telephone numbers remain the dominant form of identity used over these VoIP networks. The problem of caller-ID spoofing and anonymization didn’t begin with VoIP, but VoIP has exacerbated it. Widespread VoIP/PSTN interconnection has expanded the number of telephony carriers from dozens to tens of thousands. Before VoIP, there were only a few levels of carriers—typically two local carriers and one transit (long distance) carrier per call. Today, a PSTN VoIP call can traverse multiple levels of VoIP wholesalers and resellers, making it extremely difficult to identify the source of the caller ID. Service providers who deliberately provide false caller identities are known as “pink” carriers. Once caller ID information is inserted into the PSTN, it’s not possible to determine the source or know anything about the trustworthiness of the information.

The STIR BoF kicked off with a discussion of the problem led by Henning Schulzrinne, coauthor of both the SIP and RTP protocols and chief technology officer of the U. S. Federal Communications Commission. A number of other PSTN regulators have participated in the STIR discussion, which shows the level of government interest in the issue.

Schulzrinne outlined the basic problem by describing the two modes of caller-ID spoofing in the PSTN: impersonation and anonymization. Impersonation involves setting a caller ID to a particular identity with the intent to mislead the called party. Criminal activities that rely on spoofing include the following:

  • Vishing (voice phishing): trying to gather login or financial information by impersonating a person or company
  • SWATting: calling an emergency service to get an armed response team dispatched to a given address
  • Validating a stolen credit card
  • Voicemail message theft
  • Disconnecting utilities
  • Delivering unwanted food

Anonymization means setting a caller ID to a random number to make the call untraceable or nonbillable. Anonymization is used to hide robocalling (automated dialing of telephone numbers for sales and fraud purposes that violate do-not-call laws), intercarrier compensation fraud, and Telephony Denial of Service (TDoS). In a TDoS scheme, a business that uses the telephone service for revenue is warned that unless they make an extortion payment, their telephone lines will be made constantly busy by robocalling.

Schulzrinne discussed legitimate caller-ID spoofing applications, such as when a doctor returns a patient’s call from his personal mobile number but displays the office number as the caller ID. Call-center outbound dialing is another case, where the phone number displayed should be the main call-center number rather than the number of the individual agent. Issues with existing source identity approaches in SIP, such as the P-Asserted-Identity header field (RFC 3325) and Enhanced SIP Identity (RFC 4474) were also discussed. Shortcomings of the work done by the Verification Involving PSTN Reachability (VIPR) working group (WG) were presented, as well. Schulzrinne concluded by arguing that telephone-number spoofing is the root of almost all telephone network evil, and that a solution was needed or the role of the PSTN as a universal way for personal and commercial communication could be compromised.

Next, Jon Peterson presented an “in-band” solution. This approach can be used in trunking connections between service providers or between a service provider and an enterprise. In this approach, information about who made the telephone number assertion in the From header field is carried in SIP Identity and Identity-Info header fields that can be cryptographically verified. No changes to any PSTN protocols are involved in this approach, which has some similarities to the techniques used to authenticate the source identity of SMTP email messages developed by the Domain Keys Identified Mail (DKIM) working group. Peterson argued that the Enhanced SIP Identity defined in RFC 4474 with some modification could provide a way for service providers to begin to require authenticated caller ID in intercarrier trunking. Service providers would need credentials so that only the correct service provider could assert particular E.164 telephone identities. With wide deployment and a regulatory mandate, this could eventually result in more-accurate caller ID and make robocalling and TDoS easier to prevent and block.

Eric Rescorla presented an alternative solution known as the “out-of-band” solution. This approach attempts to provide a verification of caller ID asserted by the PSTN without making any changes to the PSTN or VoIP infrastructure. The verification is done over the Internet using a third party known as a Call Placement Service (CPS), which stores and validates Call Placement Records (CPRs), records stored in real-time about who is calling whom. A very similar architecture is used today by Apple’s iMessage service in which E.164 identities are used to route text messages over the Internet. For such a service to work, users need credentials that prove that they “own” or “control” a telephone number. With this service, users would immediately begin seeing authenticated caller ID improvements, assuming that the Call Placement Services and the necessary credentials were deployed.

The resulting discussion focused on the threats and their outlined solutions. An important challenge for both methods is the allocation and validation of credentials for the service providers and users who are entitled to assert a particular E.164 telephone number as an identity. There was also some concern that although the in-band and out-of-band solutions are orthogonal, the out-of-band solution could distract from the in-band solution. Consensus calls taken by chairs Brian Rosen and Russ Housley established a strong interest in solving this problem in the IETF. Subsequent consensus calls showed interest in working on both the in-band and out-of-band solution.

Less than a month after this successful BoF, the STIR WG was chartered, with Robert Sparks and Russ Housley as co-chairs. The charter language for the working group is to work on the in-band approach first, then work on the out-of-band approach. A useful overview Internet-Draft was submitted by Hadriel Kaplan called draft-kaplan-stir-fried. The STIR WG will meet for the first time at IETF 88. They’ve chosen a very aggressive timeline in which protocols are published by the middle of 2014.

With the active participation of PSTN regulators, the protocol work of STIR will likely be referenced by new regulations and laws. Telephone users around the world can look forward to more-accurate caller ID and less telephone crime in the future once this working group completes its chartered items.

For more information, visit the STIR Working Group page at https://datatracker.ietf.org/wg/stir/charter/ or to participate in the work, subscribe to the mailing list by visiting https://www.ietf.org/mailman/listinfo/stir.

No Comments to Show

Leave a Reply

Your email address will not be published. Required fields are marked *