![Page 1: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/1.jpg)
Advancing ICT Industry Transformation
Shaken 101: Mitigating Illegal
Robocalling and Caller ID
Scams Webinar
January 30, 2019
Panelists:
Dr. Eric BurgerChief Technology Officer
FCC
Moderator:
Brent StruthersSTI-GA Director
ATIS
Jim McEachernPrincipal Technologist
ATIS
![Page 2: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/2.jpg)
2
Brent Struthers
STI-GA Director
ATIS
![Page 4: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/4.jpg)
4
Jim McEachern
Principal Technologist
ATIS
![Page 5: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/5.jpg)
Outline
• Problem Statement
• SHAKEN vs. STIR
• SHAKEN Protocol
• Functional elements
• Attestation levels
• origid
5
![Page 6: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/6.jpg)
Caller ID
6
Service Provider
Originating service
provider inserts
Caller ID in
network signalling
So what’s the problem?
![Page 7: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/7.jpg)
Caller ID - Enterprise
7
Service Provider
Originating service
provider inserts
Caller ID in
network signalling
Enterprise inserts
Caller ID at PBX Originating service
provider generally
doesn’t validate
Caller ID for enterprise
![Page 8: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/8.jpg)
Caller ID Spoofing: The Problem
8
Service
Provider
Open source IP-PBX
inserts Caller ID
Call appears to
originate locally
Internet
Call center
agent could be
anywhere…
![Page 9: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/9.jpg)
Service
Provider
Caller ID Spoofing: The Problem
9
Service
ProviderInternet
Call center
agent could be
anywhere…
Open source IP-PBX
Inserts Caller ID
Routing through multiple service providers further complicates things
![Page 10: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/10.jpg)
ATIS Board of Directors’ MeetingOctober 20, 2011
Dr. E.202-555-0123
Verified…
10
202-555-0123
![Page 11: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/11.jpg)
ATIS Board of Directors’ MeetingOctober 20, 2011
Dr. E.202-555-0123
… Vs. Good
11
Just because a call is “verified” doesn’t mean it’s “good”.
202-555-0123
![Page 12: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/12.jpg)
Key Insight Behind SHAKEN
• The originating carrier always knows something about the call origination.
• Sometimes the carrier knows/controls the number in Caller ID:
– Mobile phone authenticates with the network
– Landlines are hard-wired to the switch
• Sometimes the carrier knows the customer, but allows the PBX to insert Caller ID:
– Enterprise PBX could display receptionist number for all outgoing calls
– Call center could display toll free number, or local callback number
• Sometimes the carrier only knows the entry point into their network.
• The problem: today there isn’t a secure mechanism for the originating carrier to
communicate this information to the terminating carrier.
• SHAKEN was designed to provide a secure mechanism for this. (Nothing more…)
12
![Page 13: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/13.jpg)
Outline
• Problem Statement
• SHAKEN vs. STIR
• SHAKEN Protocol
• Functional elements
• Attestation levels
• origid
13
![Page 14: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/14.jpg)
SHAKEN vs. STIR
14
Service Provider
STIR:
• Protocol for creating a digital signature with calling party info
• Allows signature to be created/verified in various locations
![Page 15: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/15.jpg)
SHAKEN vs. STIR
15
Service Provider
SHAKEN:
• Specifies how STIR can be deployed in service provider networks
• Focused on “deployability”
![Page 16: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/16.jpg)
SHAKEN 101
16
Originating
Carrier
Terminating
Carrier
Create digital signature:
SHAKEN “PASSporT”
Verification of
SHAKEN “PASSporT”
The essence of SHAKEN is:
1. Originating service provider creates digital signature
based on what it knows about the call origination:
A. The customer and their right to use the number, or
B. The customer (but not the number), or
C. The point it enters their network
2. Assign “origid” to uniquely identify the call origination
![Page 17: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/17.jpg)
Outline
• Problem Statement
• SHAKEN vs. STIR
• SHAKEN Protocol
• Functional elements
• Attestation levels
• origid
17
![Page 18: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/18.jpg)
Phase 1: SHAKEN – Published January 2017
18
STI - AS STI - VS
SIP
Proxy
SIP
Proxy
STI - CRMechanism to sign calling
party information, including
attestation claims and
origid, to generate
PASSporT token.
Mechanism to verify
signature and validate
PASSporT claims.
On-the-wire encoding of PASSporT
token in SIP Identity header.
ATIS-1000074: Signature based Handling of
Asserted information using ToKENs (i.e., SHAKEN)
![Page 19: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/19.jpg)
SHAKEN Attestation Claims – Full Attestation
A. Full attestation: The signing provider shall satisfy all of the following conditions:
– Is responsible for the origination of the call onto the IP based service provider voice
network.
– Has a direct authenticated relationship with the customer and can identify the
customer.
– Has established a verified association with the telephone number used for the call.
– NOTE 1: The signing provider is asserting that their customer can “legitimately” use
the number that appears as the calling party (i.e., the Caller ID). …but they are not
asserting that the call is actually from the number that appears as the calling party
(i.e., SHAKEN allows “legitimate” spoofing).
– NOTE 2: Ultimately it is up to service provider policy to decide what constitutes
“legitimate right to assert a telephone number”… but it will impact “reputation”
19From ATIS-1000074
![Page 20: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/20.jpg)
SHAKEN Attestation Claims – Partial Attestation
B. Partial attestation: The signing provider shall satisfy all of the following
conditions:
– Is responsible for the origination of the call onto its IP-based voice network.
– Has a direct authenticated relationship with the customer and can identify the
customer.
– Has NOT established a verified association with the telephone number being used
for the call.
– NOTE: When partial attestation is used, each customer will have a unique origination
identifier created and managed by the service provider, but the intention is that it will
not be possible to reverse engineer the identity of the customer purely from the
identifier or signature … allows data analytics to establish a reputation profile and
assess the reliability of information asserted by the customer assigned this unique
identifier. Also … for forensic analysis or legal action where appropriate.
20From ATIS-1000074
![Page 21: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/21.jpg)
SHAKEN Attestation Claims – Gateway Attestation
C. Gateway attestation: The signing provider shall satisfy all of the following
conditions:
– Is the entry point of the call into its VoIP network.
– Has no relationship with the initiator of the call (e.g., international gateways).
– NOTE: The token will provide a unique origination identifier of the node in the “origid”
claim. (The signer is not asserting anything other than “this is the point where the call
entered my network”.)
21From ATIS-1000074
![Page 22: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/22.jpg)
Origination Identifier – (“origid”)
• origid: unique origination identifier (“origid”) is a globally unique opaque identifier
corresponding to the service provider-initiated calls themselves, customers,
classes of devices, or other groupings that a service provider might want to use
for determining reputation or trace back identification of customers or gateways.
• For Full Attestation, in general, a single identifier will be used for all direct service
provider-initiated calls on its VoIP network, but a service provider may also choose to
have a pool of identifiers to differentiate geographic regions or classes of customers.
• For Partial Attestation, a single identifier per customer is required in order to differentiate
calls both for trace back and reputation segmentation so that one customer’s reputation
doesn’t affect other customers or the service provider’s call reputation.
• Best practices will likely develop as trace back and illegitimate call identification
practices evolve.
22From ATIS-1000074
![Page 23: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/23.jpg)
SHAKEN Functions
23
STI - AS STI - VS
SIP
Proxy
SIP
Proxy
STI - CRAuthentication
Verification
![Page 24: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/24.jpg)
SHAKEN Example: Full/Partial Attestation
24
Service Provider
(IMS)
Service Provider
(IMS)
STI - AS
STI - VS
SHAKEN Attestation
![Page 25: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/25.jpg)
SHAKEN Example: GW Attestation
25
Service Provider
(IMS)
Service Provider
(SS7)
STI - AS
STI - VS
GW
GW Attestation
![Page 26: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/26.jpg)
SHAKEN Example: Origination Identifier (origid)
26
Service Provider
(IMS)
Service Provider
(IMS)
STI - AS
STI - AS
STI - VS
Partial
Attestation
Partial
Attestation
![Page 27: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/27.jpg)
SHAKEN Example: Origination Identifier (origid)
27
Service Provider
(IMS)
Service Provider
(IMS)
STI - AS
STI - AS
Analytics
STI - VS
Partial
Attestation
Partial
Attestation
![Page 28: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/28.jpg)
SHAKEN Example: Origination Identifier (origid)
28
Service Provider
(IMS)
Service Provider
(IMS)
STI - AS
STI - AS
Analytics
STI - VS
Partial
Attestation
Partial
Attestationorigid: 001
origid: 002
origid: 001
origid: 002
![Page 29: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/29.jpg)
SHAKEN Example: origid But No Analytics
29
Service Provider
(IMS)
Service Provider
(IMS)
STI - AS
STI - AS
STI - VS
Partial
Attestation
Partial
Attestationorigid: 001
origid: 002
origid: 001
origid: 002
• Both calls are verified with the same level
of attestation.
• origid still allows quick traceback once
problems reported.
Note: no Analytics function
X
![Page 30: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/30.jpg)
Future Webinars
• Future webinars will address:
– SHAKEN Governance
– ATIS/Neustar SHAKEN Testbed
– Display Framework: Alternatives and Tradeoffs
30
![Page 31: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/31.jpg)
Questions
31
![Page 32: Shaken 101: Mitigating Illegal Robocalling and Caller ID ... · Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar January 30, 2019 Panelists: Dr. Eric Burger](https://reader036.vdocuments.net/reader036/viewer/2022070808/5f06bd0f7e708231d4197cde/html5/thumbnails/32.jpg)
32
Thank you for attending the
Shaken 101: Mitigating Illegal Robocalling
and Caller ID Scams Webinar
All registered attendees will receive a follow up
email containing links to a recording and the slides
from this presentation.
For information on the SHAKEN Governance Authority, visit
http://www.atis.org/sti-ga/