In the US, subscriber authentication technology is gaining momentum - the SHAKEN / STIR protocol. Let's talk about the principles of its operation and potential implementation difficulties.
/flickr/
Problem with calls
Unsolicited robo calls are the most common reason for consumer complaints to the US Federal Trade Commission. In 2016 the organization
These spam calls don't just take people's time. Automatic call services are used to extort money. According to YouMail, in September last year, 40% of the four billion robo calls
The problem was brought to the attention of the US Federal Communications Commission (FCC). Organization representatives
How the SHAKEN/STIR protocol works
Telecom operators will work with digital certificates (they are based on public key cryptography) that will allow the verification of callers.
The verification procedure will proceed as follows. First, the operator of the person making the call receives a request
After that, the operator adds a message with a time stamp, call category and a link to an electronic certificate to the INVITE request header. Here is an example of such a message
{
"alg": "ES256",
"ppt": "shaken",
"typ": "passport",
"x5u": "https://cert-auth.poc.sys.net/example.cer"
}
{
"attest": "A",
"dest": {
"tn": [
"1215345567"
]
},
"iat": 1504282247,
"orig": {
"tn": "12154567894"
},
"origid": "1db966a6-8f30-11e7-bc77-fa163e70349d"
}
Further, the request goes to the provider of the called subscriber. The second operator decrypts the message using the public key, compares the content with the SIP INVITE, and verifies the authenticity of the certificate. Only after that a connection is established between the subscribers, and the "receiving" party receives a notification about who is calling him.
The whole verification process can be represented by a diagram:
According to experts, caller verification
Opinions
ΠΠ°ΠΊ
Read on our blog:
But there is an opinion in the industry that the protocol will not become a βsilver bulletβ. Experts say scammers will simply use workarounds. Spammers will be able to register a "dummy" PBX in the operator's network in the name of an organization and make all calls through it. In case of PBX blocking, it will be possible to simply re-register.
On
Since the beginning of the year, congressmen
It should be noted that SHAKEN/STIR
What else to read in our blog on HabrΓ©:
Source: habr.com