caller ID spoofing – technical challenges & Standards

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Geneva, Switzerland, 2 June 2014 The UK experience and approach to damage mitigation Huw Saunders, Director, Network Infrastructure, Ofcom

August 2005IETF 63 VOIPEER1 Issues in Numbering, Naming and Addressing voipeer BoF IETF 63 – Paris, August 2005 Richard Stastny ÖFEG.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

© 2004 AT&T, All Rights Reserved. The world’s networking company SM An Evolution Path for Numbering and Interconnection Future Of Numbering Symposium November.

STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

Introduction to Local Number Portability: What VoIP Providers Need to Know Wednesday October 14, 2009 Astricon 2009 – Glendale, AZ

Numbering Update HENNING SCHULZRINNE JUNE 4, 2015.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

SOURCE IDENTITY (ORIGIN AUTHENTICATION) Henning Schulzrinne May 31, 2013 draft-peterson-secure-origin-ps-00.

PREVENTING CALLERID SPOOFING Henning Schulzrinne FCC draft-peterson-secure-origin-ps-00.

Session Initialization Protocol (SIP)

Via contains the address at which the originator is expecting to receive responses to this request. Mandatory To contains a display name and a SIP URI.

BASIC TELECOMMUNICATIONS

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

© 2008 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. 1 Video Relay Service and Assignment.

ENUM? “ Telephone Number Mapping (ENUM or Enum, from TElephone NUmber Mapping) is a suite of protocols to unify the telephone numbering system E.164 with.

1 NGN Issues - Numbering and Addressing Peter Darling ACIF NGN FOG No. 3.

PSTN – User ENUM – „Infrastructure ENUM“ An ETSI View Richard Stastny IETF60 San Diego.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

ENUM Update for voipeer BOF Richard Shockey ENUM co-chair IETF 63 Paris.

1 © NOKIA 1999 FILENAMs.PPT/ DATE / NN SIP Service Architecture Markus Isomäki Nokia Research Center.

© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. Voice Peering Steve Heap Chief Technology Officer.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. VoIP Peering Pilot Using the Internet2 Backbone.

STIR Charter (discussion) STIR BoF Berlin, DE 7/30/2013.

NO-CALL LAW ENFORCEMENT SUMMIT Technology Update: The Future of Call Blocking and Caller ID Authentication Henning Schulzrinne – FCC & Columbia University.

© 2004 AT&T, All Rights Reserved. The world’s networking company SM VoIP, Portability, and the Evolution of Addressing LNPA & Future of Numbering Working.

Draft-khan-ip-serv-peer-arch-03.txt SPEERMINT Peering Architecture IETF-66, Montreal, Canada Sohel Khan, Ph.D. Technology Strategist.

Sridhar Ramachandran Chief Technology Officer Core Session Controller.

Credentials Roadmap STIR WG IETF 90 (Toronto) Sean Turner

BY SHARATH.R. MNP 1. SERVICE OPERATOR PORTABILITY 2. LOCATION PORTABILITY 3. SERVICE PORTABILITY.

Presented By Team Netgeeks SIP Session Initiation Protocol.

Certificate Credentials STIR WG IETF 91 (Honolulu) Sean Jon.

SOURCE IDENTITY (ORIGIN AUTHENTICATION) Henning Schulzrinne August 2013 draft-peterson-secure-origin-ps-01 + mailing list discussion.

Robocalling in the VoIP Age Henning Schulzrinne, FCC What does VoIP offer to robocallers? We (kind of) solved the spam problem – why not robocalls?

Intelligent Interconnects in the VoIP Peering Environment

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

California Public Utilities Commission MLTS E9-1-1 Caller Location Information Proceeding (R ) Public Workshop California Office July 27,

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Core VoIP and 911 issues and alternatives Henning Schulzrinne Columbia University August 2003.

Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

SIP Security Issues : The SIP Authentication Procedure and its Processing Load Speaker: Lin-Yi Wu Advisor : Prof. Yi-Bing Lin Date : 2003/04/09.

Enumservice VOID draft-stastny-enum-void-00 Richard Stastny Lawrence Conroy IETF60 San Diego.

History-Info header and Support of target-uri Solution Requirements Mary Barnes Francois Audet SIPCORE.

The Session Initiation Protocol - SIP

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

IPCentrex solution from COLLAB. ONECONTACT PBX THE GAME IS ON Global Surplus capacity Pressure on tariffs Hosted Services (In the Cloud/ telco) Broadband.

Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.

SIP AAI a possibility for TF-EMC2 and TF-ECS cooperation

Henning Schulzrinne IETF 97

IP Telephony (VoIP).

draft-rescorla-fallback-01

TN Proof-of-Possession and Number Portability

Chris Wendt, David Hancock (Comcast)

Jean-François Mulé CableLabs

Thursday, September 3, :30 – 9:15 a.m.

Technology assistance

IPNNI SHAKEN Enterprise Models: LEMON TWIST

Robocalling Blocking Cause and Effect

Enterprise Use Cases and A-Level Attestation

Enterprise Use Cases and A-Level Attestation

Presentation transcript:

caller ID spoofing – technical challenges & Standards Henning Schulzrinne FCC

Introduction What is number (callerID) spoofing? NANC 9/18/13 Introduction What is number (callerID) spoofing? Is there “good” spoofing? What happens with spoofing? How does this relate to (illegal) robocalling? How can we reduce (and maybe eliminate) spoofing? What are on-going standardization activities? Are there short-term improvements? What about caller name display?

Caller ID spoofing Easily available on (SIP) trunks NANC 9/18/13 Caller ID spoofing Easily available on (SIP) trunks US Caller ID Act of 2009: Prohibit any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value. Also: FCC phantom traffic rules

Two modes of caller ID spoofing NANC 9/18/13 Two modes of caller ID spoofing Impersonation spoof target number Helpful for vishing stolen credit card validation retrieving voicemail messages SWATting disconnect utilities unwanted pizza deliveries retrieving display name (CNAM) Anonymization pick more-or-less random # including unassigned numbers Helpful for robocalling intercarrier compensation fraud TDOS

Who gets spoofed? Unassigned numbers NANC 9/18/13 Who gets spoofed? Unassigned numbers Numbers assigned to innocent (random) third parties consumers may have to change phone numbers Numbers assigned to vishing targets credit card fraud numbers system administrators

Impact of illegal robocalls NANC 9/18/13 Impact of illegal robocalls Consumer fraud Nuisance impact on landline higher than cell phone  increase abandonment of landlines? Loss of phone numbers (personal & small business) Impact on legitimate mass-calling services (e.g., alerts) Cost to carriers: Customer service calls with no good resolution ICC fraud

NANC 9/18/13 FTC enforcement

Spoofing & robocalling complaints NANC 9/18/13 Spoofing & robocalling complaints FTC gets 200,000 complaints a month (2012Q4) Consumers usually can’t tell spoofed robocalls

Changes in environment Old (pre-2000) new Small number of carriers serving customers with fixed number pools (residential, inbound) carriers that provide services to non-carriers (e.g., Google Voice, VRS) voice service providers (via APIs) Carriers either larger or rural  trusted “Pink” carriers (robocalls = lots of minutes) Carriers with deep engineering skills Telecom engineers fired or retired Call routing determined by physical transport (MF or SS7) logical routing via SIP proxies Domestic calls stay within the country call from NJ to NY may visit Berlin #’s only for certificated carriers (~ 1000) interconnected VoIP providers (trial) 1000 block assignment individual numbers? Geographic assignment (LATA, area code) no direct relationship to geography (800#, mobile, VoIP, M2M, …)

Often laundered through multiple providers NANC 9/18/13 Robocalling Often laundered through multiple providers “pink carriers” (often abroad)

Legitimate caller ID spoofing NANC 9/18/13 Legitimate caller ID spoofing Doctor’s office call from personal physician cell phone should show doctor’s office number Call center airline outbound contract call center should show airline main number, not call center Multiple devices, one number provide single call-back number (e.g., some VoIP services) from all devices anonymity is distinct problem (caller ID suppression)

Stop spoofing  stop robocalls NANC 9/18/13 Stop spoofing  stop robocalls If numbers can be trusted, filters work: industry-wide fraudulent number list (e.g., DoNotCall violators) crowd-sourcing “bad” numbers by other consumers and services Filter options: opt-in service by terminating carrier (e.g., using consumer-chosen source of numbers) app on Android smartphones corporate PBX and hosted VoIP services Enable consumer choice Note: initially, only some calls will be validated Type of call Validated? Sample action Personal friend (in address book) Maybe answer “Good” robocaller (e.g., alert service, airline) Yes “Lazy” robocaller (legal) No voicemail “Bad” robocaller

Making numbers trustworthy (again) NANC 9/18/13 Making numbers trustworthy (again) Carriers get cryptographic certificates for number ranges they have been assigned May delegate to customers (e.g., BPO call centers, individuals with legitimate needs) Originating caller or carrier signs CPN in VoIP signaling Any entity in call path can validate whether caller is entitled to use number as CPN typically, terminating carrier or VoIP-to-SS7 gateway Can be used to mark SS7 GAP fields

Strawman operation: number assignment NANC 9/18/13 Strawman operation: number assignment ② ① cert for 555-1200? public key = PA db.att.com ③ private ENUM future numbering DB

Requirements E.164 number source authenticity E.164 taken loosely (N11, P-ANI, non-reachable numbers, …) assume that numbers can be canonicalized for signing seems to work for VM, CDRs, SS7 translation, … Complete solution (but not necessarily one mechanism) number assignment to validation validate caller ID later?: extended caller information Functionality must work without human intervention at caller or callee minimal changes to SIP must survive SBCs must allow partial authorized & revocable delegation doctor’s office third-party call center for airline must allow number portability among carriers (that sign)

Certificate models Integrated with number assignment NANC 9/18/13 Certificate models Integrated with number assignment assignment of number includes certificate: “public key X is authorized to use number N” issued by number assignment authority (e.g., NPAC), possibly with delegation chain allocation entity  carrier ( end user) separate proof of ownership similar to web domain validation e.g., similar to Google voice validation by automated call back “Enter the number you heard in web form” Automate by SIP OPTIONS message response?

Strawman: call signing for VoIP NANC 9/18/13 Strawman: call signing for VoIP ② (555-1200,555-1800,17:21:09)PrA = gbUre8Rps1 INVITE From: 555-1200 To: 555-1800 Date: 17:21:09 Identity: gbUre8Rps1 URL: db.att.com/5551200 INVITE From: 555-1200 To: 555-1800 Date: 17:21:09 ① carrier

Strawman: validation ⑤ Decrypt Identity using public key  H NANC 9/18/13 Strawman: validation ⑤ Decrypt Identity using public key  H Hash(From, To, Date) = H? ③ INVITE From: 555-1200 To: 555-1800 Date: 17:21:09 Identity: gbUre8Rps1 URL: db.att.com/5551200 ⑥ validates? “555-1200” db.att.com ④ Y N ⑦ deliver call flag as unvalidated “unvalidated call rejection” works also if trusted non-VoIP termination (e.g., domestic SS7)

Options almost all of these could interoperate in single system Number validation Public key only (e.g., DNS) public private X.509 cert single certifier (per CC) separate delivery (URL) single “CDN” number-based access (no URL) multiple certifiers per CC single cert store (hierarchy) any cert anywhere

Incremental deployment signed? N Y should be signed? validates? N Y N Y known caller? N Y N Y

Non-SIP paths SS7 goodcall.com 5551200: goodcall.com NANC 9/18/13 Non-SIP paths 5551200: goodcall.com 5551201: norobo.com SS7 legitimate call center goodcall.com INVITE From: 555-1200 To: 555-1800 Date: 17:21:09 Identity: gbUre8Rps1 URL: goodcall.com/5551200

Status March 2013: IETF plenary talk in Orlando NANC 9/18/13 Status March 2013: IETF plenary talk in Orlando May 2013: IETF-sponsored industry meeting in DC ~30 attendees (Neustar, AT&T, Verizon, ALU, Genband, Cisco, Google, ISOC, …) July 2013: Initial “birds-of-a-feather” (BOF) meeting in Berlin Sept. 2013: IETF STIR [Secure Telephone Identity Revisited] working group formed Multiple initial drafts on problem statement and initial solution proposals Oct 2013: MAAWG meeting in Montreal

IETF STIR working group NANC 9/18/13 IETF STIR working group http://datatracker.ietf.org/wg/stir/charter/ FAQ at http://tools.ietf.org/internet-drafts/draft-kaplan-stir-fried-00.txt

Known unknowns Who will sign first, by choice or mandate? large carriers (“get rid of robocall complaints”) legitimate outbound call centers (“I want my snow day alert to be received”) high-value users (“I want to prevent identity theft”) smartphone end users Who will validate first? carriers concerned about intercarrier compensation fraud carriers sick of customer complaint calls new entrants looking for differentiator (“switch and no more robocalls!”)

NANC 9/18/13 Short-term band-aids Premise: almost all illegal robo-calls originate on VoIP Thus, gateways as filter for numbers that shouldn’t be there SS7 VoIP “legacy” carriers that don’t interconnect via VoIP “Do not originate” list of numbers

Improving caller name reliability NANC 9/18/13 Improving caller name reliability Textual caller ID used more than number by recipients Generation of caller name varies: Various CNAM/LIDB databases: CPN  name Some from caller carrier, some third-party (reduce dip fees) Can be generated by third party Change with VoIP: end-to-end delivery basic name, with attribution (“based on business record”, “self-asserted”) additional information (“FDIC-registered”, “accredited health care facility”, “registered charity”) Initial discussion mail list at IETF: CNIT

Conclusion Robocalls generate the most telephone-related complaints NANC 9/18/13 Conclusion Robocalls generate the most telephone-related complaints and cause significant financial harms to consumers & carriers enabled by low-cost international and mass VoIP calling Stopping spoofing will greatly reduce robocalls and allow consumer choice with operational benefits for carriers Initial efforts at technical solutions 2-3 year implementation horizon May need interim solutions Need industry, numbering administrator & state regulator help & input, i.e., you!

RFC 4474 (SIP Identity) INVITE sip:bob@biloxi.example.org SIP/2.0 Via: SIP/2.0/TLS pc33.atlanta.example.com;branch=z9hG4bKnashds8 To: Bob <sip:bob@biloxi.example.org> From: Alice <sip:alice@atlanta.example.com>;tag=1928 Call-ID: a84b4c76e66710 CSeq: 314159 INVITE Max-Forwards: 70 Date: Thu, 21 Feb 2002 13:02:03 GMT Contact: <sip:alice@pc33.atlanta.example.com> Identity: “KVhPKbfU/pryhVn9Yc6U=“ Identity-Info: <https://atlanta.example.com/atl.cer>;alg=rsa-sha1 Content-Type: application/sdp Content-Length: 147 v=0 o=UserA 2890844526 2890844526 IN IP4 pc33.atlanta.example.com s=Session SDP … SBC may change domains changed by SBC

Problems with RFC 4474 see rosenberg-sip-rfc4474-concerns Cannot identify assignee of telephone number Intermediate entity re-signs request B2BUAs re-originate call request replace everything except method, From & To (if lucky)