Abstract
The robocall epidemic has caused millions of phone scam victims resulting in billions of financial loss in the USA. To address this issue, Federal Communication Commission (FCC) mandates all Internet Telephony Service Providers (ITSP) to implement Secure Telephony Identity Revisited (STIR) with the Signature-based Handling of Asserted information using toKENs (SHAKEN) to authenticate Voice of Internet Protocol (VoIP) calls on their networks. This chapter provides an analysis of the effectiveness of STIR/SHAKEN in protecting users from being victims of robocalls which are mostly scam calls with fake caller ID. Our analysis shows three majors issues that could have impact on the effectiveness of STIR/SHAKEN. These issues are (a) poorly protected enterprise IP-PBX, (b) unscrupulous service providers, and (c) lack of support of Q.1912.5, which is the interworking standard between IP and Public Switch Telephone Network (PSTN).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ITSP is also known as phone companies. Almost all phone companies are offering Internet telephony service. Large ITSPs are also referenced as carriers.
References
Katherine, Skiba, New, shocking statistics about robocalls, https://www.aarp.org/money/scams-fraud/info-2019/robocalls-statistics.html
M. Singh, Spam calls grew 18% in 2019, https://techcrunch.com/2019/12/03/truecaller-spam-call-robocall-report-2019/
FCC News, March 31, 2020. https://docs.fcc.gov/public/attachments/DOC-363399A1.pdf
D. Butcher, X. Li, J. Guo, Security challenge and defense in VoIP infrastructures. IEEE Trans. Syst. Man Cybern. 37-6, 1152–1162 (2007)
J. Rosenberg, et al., SIP: Session Initiation Protocol, RFC3261, June 2002
H. Hakan Kilinc, T. Yanik, A survey of SIP authentication and key agreement schemes, IEEE communications surveys & tutorials, Vol 16, Issue 2, 2nd Quarter 2014, pp. 1005–1023
Shao Bo, Li Cheng Shu, Identity-based SIP authentication and key agreement, 7th international conference on computational intelligence and security, Hainan, China, Dec 2011
C. Jennings, et al., Private extensions to the Session Initiation Protocol (SIP) for asserted identity within trusted networks, RFC3325, Nov 2002
J. Peterson, Neustar, A privacy mechanism for the session Initiation Protocol (SIP), RFC3323, Nov 2002
J. Peterson, et al., Enhancements for authenticated identity management in the Session Initiation Protocol (SIP), RFC4474, Aug 2006
J. Peterson, et al., Authenticated identity management in the Session Initiation Protocol (SIP), RFC8224, Obsolete 4474, Feb 2018
C. Wendt, et al., PASSporT: Personal Assertion Token, RFC8225, Feb 2018
J. Peterson, et al., Secure telephone identity credentials: Certificates, RFC8226, Feb 2018
J. McEachern, E. Burger, How to shut down robocallers, IEEE Spectrum, pp. 46–52, Dec 2019
M. Chiang, E. Burger, An affordable solution for authenticated communications for enterprise and personal use, IEEE 8th annual computing and communication workshop and conference (CCWC), Las Vegas, NV, USA, Feb 2018
Alliance for Telecommunications Industry Solutions, Signature-based Handling of Asserted information using toKENs (SHAKEN), ATIS-1000074, Jan 2017
C. Wendt, et al., Personal Assertion Token (PaSSporT) Extension for Signatured-based Handling of Asserted Information using toKENs (SHAKEN), RFC8588, May 2019
Justice News, The Department of Justice Files Actions to Stop Telecom Carriers Who Facilitated Hundreds of Millions of Fraudulent Robocalls to American Consumers, January 28, 2020., https://www.justice.gov/opa/pr/department-justice-files-actions-stop-telecom-carriers-who-facilitated-hundreds-millions
G. Camarillo, et al., Integrated Services Digital Network (ISDN) User Part (ISUP) to Session Initiation Protocol (SIP) Mapping, RFC3398, Dec 2002
ITU-T, Interworking between session initiation protocol (SIP) and bearer independent call control protocol or ISDN user part, Q.1912.5, January 2018
M. Dolly, An introduction and overview of the STIR/SHAKEN framework, the 8th SIPNOC Conference, Herndon, VA, USA, Dec 2018
FCC Site, Combating spoofed robocalls with caller ID authentication, https://www.fcc.gov/call-authentication
James Yu, Prevention of toll fraud against IP-PBX, Proceedings of 2015 international conference on security and management (SAM’15), Las Vegas, pp. 259–265, July 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Yu, J. (2021). An Analysis of Applying STIR/SHAKEN to Prevent Robocalls. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, MS., Tinetti, F.G. (eds) Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence. Springer, Cham. https://doi.org/10.1007/978-3-030-71017-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-71017-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71016-3
Online ISBN: 978-3-030-71017-0
eBook Packages: EngineeringEngineering (R0)