My Proposal about how to protect your VoIP Customers against Caller ID Spoofing

Thanks to the VoIP we can link remote places and communicate with us at the lowest cost possible. VoIP companies know that, and it is one of the biggest reasons why this industry has been growing.

If you are already educated about VoIP, you have for sure read about SIP and RTP. There are other protocols, but I will focus on these two as they are the most common. The SIP is used to do the signalling while the RTP carriers the sound; SIP has many functions in the VoIP but the main one is the related to the INVITE action. The INVITE action is the one responsible to initiate the calls, it carriers all details about the call, including the Caller ID Number.

Sadly for use, the SIP does not provide any mechanism to prevent spoofing the Caller ID. This means I could (but I will not) call someone and act on someone behalf from the Parliament of Canada by setting my Caller ID to 1 866 599 4999. If you do a little search, you will find there are many frauds. Many of them related to revenue agencies.

The Government of Canada through its telecommunication body, the Canadian Radio-television and Telecommunications Commission, recognizes this danger and it has published a communicate about Measures to reduce caller identification spoofing and to determine the origins of nuisance calls.

The CRTC suggest the use of STIR and SHAKEN; however, in my experience, I believe this is not enough and it is just a poor try to cover the real risk. I will explain my line of thinking.

The Caller ID Spoofing Problem

Blocking the Caller ID spoofing between SIP endpoints is not that hard. You can use STIR or SHAKEN for that. If you are SMTP educated, you will find that they work somehow similar like DKIM and SMIME; some headers are added in the SIP payload, and then those headers are then verified against a central authority. Personal speaking, I do not like the idea of using a central authority, especially because it involves many manual procedures related to certificate management.

Although the SIP-to-SIP scenario could be more than enough for some big companies, I will not let you forget about small ones. In this scenario, it is very likely that a call goes through the PSTN. The thing of routing a SIP call through the PSTN is that at some point the call will jump from SIP to PSTN, and later from PSTN to SIP. This SIP-PSTN-SIP jump makes the SIP payload to lose any custom or non-essential header. There it is where the STIR or SHAKEN become useless.

There should be another way!

My anti-Spoofing Proposal

First of all, my proposal does not discover anything new. I am just applying well-known technologies in a better way. The proposal involves the following:

• SPF: similar use to the SMTP protocol, the SPF will be used to keep the IP-DID pair
• ENUM: as an option, this can be used as an ENUM database
• DNSSEC: this security extension of the DNS will help to void any DNS forge

The Sign-Up Process

The first thing you need to do in my proposal is to sign-up. The sign-up process is nothing than a verification process to be 100% certain you own the DID number you are claiming to have.

The sign-up process is as follows:

1. Company Manager visits the WEB site to get a unique PIN number
2. The Company PBX calls the verification number
3. The Verification PBX calls back and it gets the PIN number from the first step
4. if the PIN is correct, the public DNS records are published

The Production Process

No better way to explain it than with an example: Alice is a customer from VoIP Company A with an assigned phone number. She is calling Bob who is a customer of VoIP Company B. Bob has his own phone number assigned. Both companies are aligned with my proposal.

1. Alice calls from her IP Phone that is registered to a VoIP Company A' s PBX. The telephone sends an INVITE signal to the PBX.
2. Company A's PBX finds the number is no local and it routes the call through one of its carriers. Before routing, this PBX changes the CID Number that Bob will see. In this case, the CID Number will be Alice's assigned DID.
3. The call travels through the PSTN and it arrives at Company B's PBX.
4. VoIP B's PBX queries the DNS for the SPF records to know the IP of Company A's PBX that is originating the call. DNSSEC is recommended here to void any illegal record forge.
5. VoIP B's PBX asks VoIP A's PBX if Alice's Phone Number is calling Bob's Phone Number.
6. if Alice is effectively calling, Company B's PBX will deliver the call to Bob's IP Phone and the call will connect as usual. If Company A's PBX is nog aligned, it is up to Company B to block the call or to add a warning that caller ID could not be verified.

Pros and Cons

In a quick think, I enumerate some pros and cons. First the cons:

• Central point of verification: all VoIP companies would need to run the verification process for each of their DID's

Pros:

• You can verify calls even if they pass through the PSTN
• PBXes could connect directly through the use of ENUM if they which. The use of ENUM discard the use of a carrier and allows direct Internet connections

What is next?

This is a very good question. As you see, this is just the first attempt. I will get soon a website up and will start doing some proof of concept. The idea is having an easy and reliable way to reduce the risk of caller id spoofing.

All comments are welcome.

Good luck!