Presentation is loading. Please wait.

Presentation is loading. Please wait.

NO-CALL LAW ENFORCEMENT SUMMIT Technology Update: The Future of Call Blocking and Caller ID Authentication Henning Schulzrinne – FCC & Columbia University.

Published byNelson Lang Modified over 9 years ago

Similar presentations

Presentation on theme: "NO-CALL LAW ENFORCEMENT SUMMIT Technology Update: The Future of Call Blocking and Caller ID Authentication Henning Schulzrinne – FCC & Columbia University."— Presentation transcript:

1 NO-CALL LAW ENFORCEMENT SUMMIT Technology Update: The Future of Call Blocking and Caller ID Authentication Henning Schulzrinne – FCC & Columbia University Bikram Bandy – Federal Trade Commission

2 Stopping Unwanted Calls Technology has increased the complexity of the problem – Volume of calls is substantially higher – Costs are lower – Easier to hide – spoofing, multi-network routing, and international Law enforcement alone cannot solve the problem Consumers are frustrated

3 Delivering on the Promise of DNC Technology is the problem – technology must be part of the long-term solution Allow consumers and carriers to play defense Analogous to e-mail spam Spam filter for the Phone

4 October 2012 Results – – Received 798 Submissions – Named 2 winners for the Individual Category and 1 winner for the Organization Category (Google)Google – One of the winners, “Nomorobo,” was on the market and available to consumers by October 2013 - just 6 months after being named one of the winners.

5 Current Weaknesses Data collection Availability Caller ID Spoofing

6 Current Data Collection Consumer driven – Human error – Delayed – Limited

7 Improving Data Collection: Honeypots Honeypots – Real-time data collection – Larger amount of data collected – Improved accuracy – Easier for consumers to report illegal calls – mark as “spam”

8 Improving Data Collection DEFCON 2014 – Zapping Rachel – Build and analyze data from honeypots – www.ftc.gov/zaprachel www.ftc.gov/zaprachel DetectaRobo – June 6-7, 2015 – Analyze honeypot data and create algorithms that identify robocalls based on calling pattern – www.ftc.gov/detectarobo www.ftc.gov/detectarobo DEFCON 2015 -- Robocalls: Humanity Strikes Back – Create a solution that allows consumers to block and forward robocalls to a honeypot – Qualifying round due June 15, 2015, and Final round August 5- 8, 2015 – www.ftc.gov/strikeback www.ftc.gov/strikeback

9 Improving Availability Encourage carrier adoption and marketing of blocking technology FCC Public Notice for Comment on legal impediments to carrier-offered call blocking – https://www.ftc.gov/news-events/press-releases/2015/01/comment-federal- communications-commission-ftc-says-no-legal https://www.ftc.gov/news-events/press-releases/2015/01/comment-federal- communications-commission-ftc-says-no-legal Increasing public awareness through consumer education

10 Combatting Spoofing Spoofing reduces effectiveness of filters Is there a technological solution to combat spoofing?

11 Email spam vs. robocalls Email spamRobocalls LegalityCAN SPAM Canadian effort (CASL) TCPA Originated bybot netspink carriers Origin spoofingphishingfor some Prevent spoofingDKIM, SPFSTIR (tbd) Analyze contentcommonnot possible Rate originatorDNS blacklistsno equivalent of IP address Statistical methodsemail volume & patternsharder due to distribution

12 Two modes of caller ID spoofing Impersonation – spoof target number – Helpful for vishing stolen credit card validation retrieving voicemail messages SWATting disconnect utilities unwanted pizza deliveries retrieving display name (CNAM) premium number fraud Anonymization – pick more-or-less random # including unassigned numbers – Helpful for robocalling intercarrier compensation fraud TDOS 12

13 The economics of robocalls success ratio * payoff * time to shutdown cost of calls cost of boiler room staff - - enforcement spoof prevention spoof prevention no more “free” numbers probability of getting caught * liability - increase probability of apprehension blocking

14 Legitimate caller ID spoofing Doctor’s office – call from personal physician cell phone should show doctor’s office number Call center – airline outbound contract call center should show airline main number, not call center Multiple devices, one number – provide single call-back number (e.g., some VoIP services) from all devices anonymity is distinct problem (caller ID suppression) 14

15 Signing calls PSTN “caller is authorized to use 212 555 1234” “caller is authorized to use 212 555 1234” 212 555 1234 public-private key LEAP

16 What happens at the receiving carrier? 16 signed? should be signed? known caller? validates? N N N Y N YY Y N Y generate special caller ID: 666-666-xxxx  “Spoofed number” generate special caller ID: 666-666-xxxx  “Spoofed number”

17 What needs to happen? call signaling obtaining public keys operational guidelines key generation and distribution implement signing & validation sign & validate late 2015? new contract in progress 1 year? incrementally; with “encouragement”

18 Do Not Originate (DNO) Premise: almost all illegal robo-calls originate on VoIP Thus, gateways as filter for numbers that shouldn’t be there (e.g., IRS or banks) “Do not originate” list of numbers (e.g., PSAP DNC list) “legacy” carriers that don’t interconnect via VoIP SS7 VoIP

19 DNO: How do numbers get onto the list? 911 DNC list Financial institutions Government agencies NANPA: unassigned numbers TDM carrier numbers Facilities- based VoIP (with own gateways) OTT VoIP (except for contracted GWs)

20 Automated call blocking in white list? for vulnerable populations, allow only: address book entries government agencies medical providers emergency alerts for vulnerable populations, allow only: address book entries government agencies medical providers emergency alerts in black list? designated trusted third party report illegal robocalls Y Y N N maintain lists multiple 3 rd party providers

21 Improving caller name reliability Textual caller ID used more than number by recipients Generation of caller name varies: – Various CNAM/LIDB databases: CPN  name – Some from caller carrier, some third-party (reduce dip fees) – Can be generated by third party Change with VoIP: end-to-end delivery – basic name, with attribution (“based on business record”, “self-asserted”) – additional information (“FDIC-registered”, “accredited health care facility”, “registered charity” 21

22 Caller name (CNAM) improvements 15 character limit – mostly due to legacy displays and Bell 202 1200 baud modems? – signaling allows larger data elements Disallows – full names  awkward abbreviations – more information – caller name and affiliation (“John Doe, Acme Corp., Chicago”) – no credentials (license, registration) Architecture issues – multiple providers  difficult to correct errors or prevent impersonation – CNAM dip fees  kickback schemes that enable robocalling – unclear provenance of information

23 Technology assist - summary Automated capture (“honeypots”) Prevent number spoofing Short term: “Do not originate” Allow third-party number filtering Improve caller name (CNAM) reliability

Download ppt "NO-CALL LAW ENFORCEMENT SUMMIT Technology Update: The Future of Call Blocking and Caller ID Authentication Henning Schulzrinne – FCC & Columbia University."

Similar presentations

Aspire Vertical Markets Banking, Finance and Insurance.

Aspire Vertical Markets Banking, Finance and Insurance.
Aspire Vertical Markets Retail Store. Retail Store Solution.

Aspire Vertical Markets Retail Store. Retail Store Solution.
The current 9-1-1 System Landline caller The emergency call process starts with a caller dialing 9-1-1. (highly simplified) © 2011 Colorado 9-1-1 Resource.

The current System Landline caller The emergency call process starts with a caller dialing (highly simplified) © 2011 Colorado Resource.
Banking. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Banking. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
Emergency Call Handling on the MX Page 2 Overview Many countries around the world –different emergency numbers –different emergency laws IP PBX equipment.

Emergency Call Handling on the MX Page 2 Overview Many countries around the world –different emergency numbers –different emergency laws IP PBX equipment.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.

BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Environmental law is what we do. TM 1191 Second Avenue Suite 2200 Seattle, WA 98101 www.martenlaw.com ELECTRONIC WASTE RECYCLING IN THE EUROPEAN UNION.

Environmental law is what we do. TM 1191 Second Avenue Suite 2200 Seattle, WA ELECTRONIC WASTE RECYCLING IN THE EUROPEAN UNION.
Geneva, Switzerland, 2 June 2014 Caller ID Spoofing, Egypt experience Dr. Hosam Abd Elmaoula NTRA EGYPT ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,

Geneva, Switzerland, 2 June 2014 Caller ID Spoofing, Egypt experience Dr. Hosam Abd Elmaoula NTRA EGYPT ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland,
Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.

Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.

STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Massachusetts Telecommunications Symposium Massachusetts Telecommunications Symposium Moving The Complex To The Understandable John Reynolds Integrated.

Massachusetts Telecommunications Symposium Massachusetts Telecommunications Symposium Moving The Complex To The Understandable John Reynolds Integrated.
Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.
28 June 2015 Emergency services for SIP Henning Schulzrinne.

28 June 2015 Emergency services for SIP Henning Schulzrinne.
Numbering Update HENNING SCHULZRINNE JUNE 4, 2015.

Numbering Update HENNING SCHULZRINNE JUNE 4, 2015.
TRAFFIC RECORDS SYSTEM DMVUpdate August 19, 2008.

TRAFFIC RECORDS SYSTEM DMVUpdate August 19, 2008.
SOURCE IDENTITY (ORIGIN AUTHENTICATION) Henning Schulzrinne May 31, 2013 draft-peterson-secure-origin-ps-00.

SOURCE IDENTITY (ORIGIN AUTHENTICATION) Henning Schulzrinne May 31, 2013 draft-peterson-secure-origin-ps-00.
PREVENTING CALLERID SPOOFING Henning Schulzrinne FCC draft-peterson-secure-origin-ps-00.

PREVENTING CALLERID SPOOFING Henning Schulzrinne FCC draft-peterson-secure-origin-ps-00.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google