By Lynn Greiner
TORONTO – At the Canadian Telecom Summit on Wednesday, Neustar’s senior vice-president of communications solutions, Jimmy Garvert (above), provided an update on the status of STIR/SHAKEN, the caller ID authentication framework for the Internet Protocol (IP) portion of voice networks, which will be mandated in Canada as of Dec. 1.
Neustar, which has long run the number portability platform in Canada, has more recently become policy administrator and main certificate authority for the new evolution of the SHAKEN framework, call authentication.
“This amazing ecosystem [for voice calling] that’s been built over the years is no longer trusted,” Garvert said. “It’s a huge issue that’s out there; it is the top channel that bad guys are utilizing to commit fraud, and it’s really real tangible dollars that are there. That’s why there’s such a focus by the bad guys to continue to use that phone chain. And one of those tools that they utilize associated with it is caller ID spoofing. It’s the main way that some of these scams are being perpetuated: trying to impersonate a number to get the unsuspecting consumer to answer the phone.”
The government has been pushing to get standards implemented to help provide a tool that will assist people in stopping the bad actors.
“We’re all trying to re-establish trust in voice calling,” Garvert noted. “It’s critically important for all of us.”
The struggle, he said, began with the 2013 advent of IP connections to the phone network that not only created a lot of innovation, but enabled bad actors to abuse the system.
That led to challenges such as figuring out the right way to authenticate a phone call, which led in turn to the STIR (Secure Telephony Identity Revisited) standard, which uses digital certificates to allow endpoints to identify the origin of the data they receive.
SHAKEN (Signature-based Handling of Asserted Information using toKENs) is a set of guidelines for public switched telephone networks that tells them how to deal with missing STIR information. Over the past four to five years, carriers have been accelerating their work on ways to implement STIR/SHAKEN.
“It’s been a long road,” Garvert observed, “and while we’re here [at the Summit], and we’re excited about what we’re seeing, we know and just want to make sure everybody understands, we’re still just at the infancy of now implementing and integrating and leveraging call authentication going forward.”
He’s encouraged to see, over the past few months, an increase in the number of calls that have been signed (hundreds of millions of calls in Canada alone), and an increase in the number of carriers and others who are signing calls. There are still challenges but STIR/SHAKEN will be an important tool in the quest to eradicate bad calls and reestablish trust in voice calls.
One of the challenges he described occurs when a call does not move entirely over IP networks. When a call switches to a TDM interconnect, it loses the digital signature. One solution he discussed was using an out of band service and stashing that signature in the cloud where it can be retrieved later.
He then described some of the challenges in attestation, and the multiple ways the SHAKEN framework can cope with them.
Cross-border calls present yet another problem – extending the authentication attestation between countries. While the U.S. and Canada will have the capability, Garvert said that it will be some time before it extends to the rest of the world.
And, he pointed out, “as Canada and the U.S. become much more effective in stopping the bad actors, those bad actors aren’t going to stop making phone calls. They’re just going to go to the more susceptible countries that don’t have call authentication in place. The whack-a-mole will be in full force and effect.”
Neustar offers a free testbed that enables communications service providers, equipment manufacturers, and software suppliers to collaborate to remotely test solutions, validating the effectiveness of caller authentication standards developed by the Internet Engineering Task Force (IETF) and ATIS. Any service provider with an assigned Operating Company Number (OCN), as maintained by the National Exchange Carrier Association, Inc. (NECA), is eligible to participate.
Screen grab from Canadian Telecom Summit’s online feed.
