Fraudulent Spoofed Calling is one of the most popular methods used by scammers to trick their targets into revealing their personal or sensitive information which they can use to steal money or perform other fraudulent activities. By using this method, scammers are able to change the caller ID to any number other than the actual number used for calling. So basically, scammers disguise the number they are calling from and the number that displays on the target’s caller ID appears to be from a government agency or someone familiar like one of the contacts of the receiver. A simple example would be displaying ‘911 emergency’ or one’s bank’s phone number.
Neighbor Spoofing is a common example of spoofed calling where robocallers display a number similar to the receiver’s caller ID. This is done to increase the chances that the target will answer the call.
What is the Role of STIR / SHAKEN in Combating Spoofed Calls?
STIR stands for Secure Telephony Identity Revisited and SHAKEN stands for Secure Handling of Asserted information using toKENs. STIR/SHAKEN is a suite of protocols and procedures designed to reduce fraudulent robocalls and illegal phone number spoofing.
STIR vs SHAKEN : What’s the Difference?
STIR is basically the set of protocols used to create a digital signature for a call. It focuses on end devices and allows verification of the signature. SHAKEN addresses the deployment which means it focuses on how STIR can be implemented within carrier networks.
How does STIR / SHAKEN Work?
STIR/SHAKEN makes use of digital certificates which are based on common public cryptographic keys to define the authenticity of a phone number. Here’s how it works:
- When a call gets initiated, the originating service provider receives an SIP INVITE.
- This originating service provider then checks the source of the call and its phone number to determine how to attest its validity which is one from the following three levels:
Full Attestation (A) – Full Attestation means the service provider has established a verified association with the telephone number of the calling party.
Partial Attestation (B) – This means that the service provider approved the authentication for the origin of the call i.e. the customer but has not established a verified association with the phone number used for making the call.
Gateway Attestation (C) – This is when the service provider has authenticated the entry point of the call or from where it received the call, but not the source of the call.
- Now an SIP Identity header is created by the originating service provider. This SIP identity header contains information on the call origin, calling number, called number, current timestamp, and level of attestation.
- The SIP INVITE with the SIP Identity header is sent to the terminating service provider.
- The SIP INVITE with Identity Header is passed on to the verification service.
- The verification service obtains the digital certificate from the public certificate repository and starts its multi-step verification process. If all the verification steps gets completed, then it is declared that the number has not been spoofed.
- The results are returned to the terminating service provider.
Deploying SBCs with STIR/SHAKEN to Prevent Unwanted Robocalling
Deployment of Session Border Controllers is one of the most effectual ways to combat robocalling through STIR/SHAKEN technology. REVE SBC is a powerful and scalable platform that has been adopted by several communication service providers to ensure that their network remains robust and resilient to robocalls as well as various frauds that happen in the telecom industry. Read our post on Telecom Fraud Management to identify and prevent telecom frauds in real-time.
Now it is clear that STIR and SHAKEN are call authentication standards that provide a secure way to validate a caller’s identity and stop illegal caller ID spoofing. If you are looking for SBCs with STIR/SHAKEN solutions, then please get in touch with us.