Presentation is loading. Please wait.

Presentation is loading. Please wait.

STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.

Published byBryce Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction."— Presentation transcript:

1 STIR Secure Telephone Identity

2 Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction

3 Calling number used to be considered as trustworthy o it is marked as such (« network provided » / asserted identity) in the signaling o it is provided by a third party which is expected to be trustworthy. Problem: in practice it is less and less reliable o calling party numbers may be flagged by networks as asserted and trustworthy when the upstream source is not. o there is nothing in the number or the signaling to demonstrate it is being used by an entity (provider/customer) that has ‘authority’ over that number Context – Past and Present

4 Various applications assume a valid calling party number o calling line number presentation o Network functions Fixed & mobile implicit/partial: voicemail authentication, customer support helpline added value service routing, emergency service directory reverse-lookup Implicit identification o User/application-level features implicit identification for location based services (landlines). implicit authentication: transaction confirmation TEXTs…, Issues raised with number misappropriation/highjack o voice mail hacking, o robotcalling, aggressive telemarketing… o “vishing”: voice or VoIP phishing o uncivil practices known as “swatting” (false report of an incident to emergency services) => STIR WG Drivers

5 From: http://datatracker.ietf.org/wg/stir/charter/http://datatracker.ietf.org/wg/stir/charter/ The STIR working group will specify Internet-based mechanisms that allow verification of the calling party's authorization to use a particular telephone number for an incoming call. Work will produce o A problem statement detailing the deployment environment and situations that motivate work on secure telephone identity o A threat model for the secure telephone identity mechanisms o A privacy analysis of the secure telephone identity mechanisms o A document describing the SIP in-band mechanism for telephone number-based identities during call setup o A document describing the credentials required to support telephone number identity authentication STIR Charter

6 From: http://datatracker.ietf.org/doc/draft-ietf-stir- problem-statement/http://datatracker.ietf.org/doc/draft-ietf-stir- problem-statement/ In the classical public-switched telephone network, a limited number of carriers trusted each other, without any cryptographic validation, to provide accurate caller origination information VoIP, text messaging, Caller ID spoofing have changed the game STIR Problem Statement

7 Use Cases Considered o VoIP-to-VoIP Call o IP-PSTN-IP Call o PSTN-to-VoIP Call o VoIP-to-PSTN Call o PSTN-VoIP-PSTN Call o PSTN-to-PSTN Call Limitations of current solutions o Identity o Verification Involving PSTN Reachability o Credential handling STIR Problem Statement

8 From: http://datatracker.ietf.org/doc/draft-ietf-stir- threats/http://datatracker.ietf.org/doc/draft-ietf-stir- threats/ Impersonation of a calling party number enables o Robocalling o Vishing o Swatting o Even more… Attacks o Voicemail Hacking o Unsolicited Commercial Calling o Denial of Service Attacks The work considers various use cases of how impersonation takes place and the attack vectors Threats

9 The Problem Statement document has been submitted for Publication as an Information RFC The Threats document has another round of updates to go before being progressing to the next step toward RFC General consensus that the signing mechanism will mimic what already exists for email-like SIP URIs john@example.com and adapt it for phone numbers: john@example.com o Associate credentials with phone numbers o Define extensions in SIP to convey a “proof” that the calling ‘party’ (user/network…) has some authority over the number o Make it possible for the called party (user/network…) to verify this Status of work

10 IETF o www.ietf.org www.ietf.org STIR work o http://datatracker.ietf.org/wg/stir/charter/ http://datatracker.ietf.org/wg/stir/charter/ o Mailing List https://www.ietf.org/mailman/listinfo/stir Meeting archive from last IETF meeting o http://www.ietf.org/proceedings/89/stir.html http://www.ietf.org/proceedings/89/stir.html Become involved!

11 STIR Working Group o http://datatracker.ietf.org/wg/stir/ http://datatracker.ietf.org/wg/stir/ o Charter and latest documents can be found there M 3 AAWG o http://www.m3aawg.org/ http://www.m3aawg.org/ o Voice and Telephony Anti-Abuse Workshop Voice and Telephony Anti-Abuse Workshop http://www.m3aawg.org/vta-sig o Presentation given at IETF 89 in March 2014 http://www.ietf.org/proceedings/89/slides/slides-89-stir-2.pdf Related work and links

Download ppt "STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction."

Similar presentations

Presence and IM as SIP Services Jonathan Rosenberg Chief Scientist.

Presence and IM as SIP Services Jonathan Rosenberg Chief Scientist.
Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
THIS IS THE WAY ENUM Variants Jim McEachern Carrier VoIP Standards Strategy THIS IS.

THIS IS THE WAY ENUM Variants Jim McEachern Carrier VoIP Standards Strategy THIS IS.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security

Cryptography and Network Security
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
DISPATCH Call-Info purpose for TRS (draft-kyzivat-dispatch-trs-call-info-purpose-02) IETF 92, March 23, 2015 Author: Paul Kyzivat Presenting: Brian Rosen.

DISPATCH Call-Info purpose for TRS (draft-kyzivat-dispatch-trs-call-info-purpose-02) IETF 92, March 23, 2015 Author: Paul Kyzivat Presenting: Brian Rosen.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Lucent Technologies - Proprietary 27 September, 20001 A look at security of Voice over IP protocols Irene Gassko Lucent Technologies Bell Laboratories.

Lucent Technologies - Proprietary 27 September, A look at security of Voice over IP protocols Irene Gassko Lucent Technologies Bell Laboratories.
Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.
Chapter 8 Web Security.

Chapter 8 Web Security.
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.

Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Geneva, Switzerland, 2 June 2014 Study on Spoofed Call Detection and Prevention in 3GPP China Mobile ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,

Geneva, Switzerland, 2 June 2014 Study on Spoofed Call Detection and Prevention in 3GPP China Mobile ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,
PREVENTING CALLERID SPOOFING Henning Schulzrinne FCC draft-peterson-secure-origin-ps-00.

PREVENTING CALLERID SPOOFING Henning Schulzrinne FCC draft-peterson-secure-origin-ps-00.
Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.

Identity in SIP (and in-band) STIR BoF Berlin, DE 7/30/2013.
Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA.

Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA.

Similar presentations

Ads by Google