Robo-Calls

Robo-Calls STIR/SHAKEN

I believe by now everybody on the planet is sick of Robo-Calls. It used to be only around the Presidential Election we would be bombarded with these calls but now it is a daily annoyance costing us time and money. It is estimated in 2018 there were close to 50 billion RoboCalls made in the USA.. With the implementation of Voice Over IP over the Public Switch Telephone Network (PSTN) it is only going to get worse as bot technology and AI integrate with Voice over IP (VoIP) networks. Fortunately, under the leadership of both the SIP Forum and the United States Federal Communications Commission (FCC), there are the beginnings of a means of combatting these nuisance calls. This new technology is known as Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN).

STIR/SHAKEN uses public key cryptography (PKI) digital certificates to authenticate callers on the VoIP enabled PSTN. Deploying this technology on commercial networks is still in development and negotiation by both the FCC and United States based telecommunications companies like AT&T, Comcast and Verizon. This will add another step in all telephone installations as each customer of a telephone network would be issued a “digital certificate” that would be installed on their end point or mobile phone, IP-PBX, etc. When you make a call the end point would undergo an authentication challenge from a trusted digital certificate authentication authority. If you make a call, the person you are calling would recognize that you are an authenticated caller and would accept your call. This would put a huge dent in the number of “spoofed” numbers being used over the VoIP PSTN.

Why is number spoofing so easy? Under the current protocol standard for VoIP…Session Initiation Protocol (SIP) the legacy telephone network depended on the ten-digit telephone number to locate a caller’s location, and which telephone switch they were associated. SIP only uses these legacy ten-digit numbers, similar to DNS, to locate the end user and terminate the call. In the world of Voice Over IP it is easy for each user to change their outbound Caller-ID. Businesses do this all the time as some workers like to send their private number out instead of the main business number so call backs go directly to their phone.

The current method most vendors use for blocking robocalls is by adding ten-digit telephone numbers to a blacklist from known robo-callers. Because software can be written to generate telephone numbers by the thousands in seconds, it is impossible to keep up using this blocking technique. It is like trying to plug holes in a leaking dam.

With the introduction of digital signatures, callers will now have to be verified using a well proven encryption methodology that is kept trusted by a certificate authority. Certificates can only be issued by this authority, and they cannot be “spoofed”. I’m happy to see the telecommunications industry embracing this exciting new technology and implementing it.

As this is being written there is no specific date for this implementation as there are many hurdles to be overcome for standards so we have compatibility between providers, but insiders are saying before the end of 2020. It will be here before you know it. It is standing room only at all the Telecom Conferences Forums on this topic and no it is not because they think Stir/Shaken is a free cocktail.

Will there be a charge for this? Well, we all know nothing is free. I suspect there will end up being a small charge across the board from the carriers and whomever will be supporting the Authentication Servers, but this will be a small price to pay to put an end to Robo-Calls.

Drew Martin
 

LINKEDIN
>