Robocalling and Caller ID Spoofing – Detect, Mitigate and Deter

According to the FCC, robocalls and Caller ID spoofing (often associated with telemarketing) are the number one source of consumer complaints — and I could not agree more.  In a four-hour period last week, I received no less than eight robocalls — everything from surveys, to travel promotions, to political calls, to people claiming they were from the Federal Government and that there was a warrant out for my arrest!

According to YouMail’s Robocall Index, which estimates monthly robocall volume in the United States, over 2.6 billion robocalls were placed nationwide in September 2016, equaling approximately 8.1 calls per person affected — a nearly 300 percent increase from a year ago.

Monthly Robocalls Nationwide, Dec. 2015-Present


Source: YouMail Robocall Index

What is driving this rapid increase in robocalls? Technology such as cloud hosting services and call-generation software platforms combined with the Internet (rather than international voice circuits with high per-minute costs) provides an attractive (and potentially lucrative) environment for telemarketers.

This problem has become so large that in July the FCC established a Robocalling Strike Force, composed of over 30 leading telecommunications service providers and equipment manufacturers with the mission to “accelerate development and adoption of new tools and solutions to abate the proliferation of illegal and unwanted robocalls…”

Industry Developments – Techniques and Approaches

Because the technology options for robocallers will continue to evolve, there is no “one size fits all” solution to this problem. As such, the industry is developing a layered and flexible response that can adapt to changing tactics.

One notable challenge will be ensuring that legitimate and valid use cases of robocalling are not blocked.  Common examples include school announcements, weather alerts, prescription notifications and medical appointment reminders.

Some of the solutions being implemented in this multi-layer approach include:

  • Deployment of SHAKEN/STIR framework (just to be clear this is not about how you take your martini!)
  • Call Detail Record (CDR) Traceback
  • Deployment of Do Not Originate Servers
  • Blacklist/whitelists with data analytics
  • Post Call reporting mechanism

In order to address these concerns, the industry is focusing its efforts across three key areas:  source authentication, network and consumer blocking tools.  The industry is also facilitating effective enforcement with the power to traceback and shut-down offending accounts.  The goal of these solutions is to protect the consumers from unwanted calls and give them more control over the calls and texts they receive.

This blog post will focus primarily on the authentication process.

Authentication

STIR (Secure Telephony Identity Revisited) is the standard developed by IETF that defines a signature to verify the calling number, and specifies how it will be transported in SIP “on the wire” whereas SHAKEN (Signature-based Handling of Asserted information using toKENs) is the framework document developed by ATIS/SIP Forum IP-NNI task force to provide an implementation profile for service providers implementing STIR.  SHAKEN/STIR will be the basis for verifying calls, classifying calls and facilitating the ability to trust the caller ID information. However, the full benefits of this standard will only be realized on networks that have been fully transitioned to IP and will offer limited or no mitigation for calls that either originate or terminate on the PSTN.

These standards will perform what is known as attestation: providing verification of the caller’s legitimacy – related to its origination. In short, the service provider will classify the origination of the call into three levels of attestation: Full, Partial and Gateway.

  1. Full Attestation: the signing provider is responsible for origination of the call onto the network; has a direct authenticated relationship with the customer, including identity; and has a verified association with the telephone number used for the call
  2. Partial Attestation: the signing provider is responsible for origination of the call onto the network; has a direct authenticated relationship with the customer, including identity; but does NOT have a verified association with the telephone number used for the call
  3. Gateway Attestation: the signing provider is the entry point of the call onto its network, but has no relationship with the initiator of the call.

Although there are many additional steps in the process, mitigating problems associated with Caller ID spoofing will require calls to be signed by the originating carrier and verified by the terminating carrier to determine if the calling party information for the call is legitimate.

No Easy or Single Solution

The ability to combat the growing problem of robocalls requires participation from a number of parties that include not only the service providers, but  third-party platform and services companies, the FCC, the Federal Trade Commission as well as the consumer.

Although the SHAKEN/STIR mitigation techniques do not solve the problem, they are foundational capabilities which others can build upon. Without reliable calling party information, other solutions such as Do Not Originate lists or even robocalling blocking services will continue to be at risk – as they have no way of knowing if a number has been spoofed.

While these techniques can help reduce the number of unwanted calls – their capabilities will be greatly improved by STIR/SHAKEN.

ATIS and Robocalling

In October 2016, the Robocall Strike Force issued its report outlining its plans to develop comprehensive methods to prevent, detect, and filter unwanted robocalls.

As noted in the report some of ATIS’ work initiatives will address the following:

  1. Source authentication and caller ID: ATIS has accelerated its work on the standards to authenticate and verify caller identification for calls carried over an Internet Protocol (IP) network. The goal is to ensure robocall-blocking applications have access to accurate calling party information, and create higher end-user confidence in the identification of incoming calls for VoIP.
  2. A certificate framework and governance model:   ATIS is developing a framework under which cryptographic certificates would be issued to service providers, as well as an entire structure and ecosystem under which they will be managed. This work will protect the integrity of the calling party authentication service by ensuring that certificates are only provided to entities entitled to receive them.
  3. Lab testing of new tools and solutions: ATIS is also working to validate key caller-ID elements to support deployment in service provider networks. This work will facilitate the testing of implementations based on these industry standards to assess their effectiveness for signing and verifying calling numbers.

ATIS looks forward to continuing its efforts to mitigate caller ID spoofing and robocalling—and to advancing the mission of the Robocall Strike Force with all due urgency.

ATIS has delivered a wide range of resources to mitigate caller ID spoofing and robocalling, including the whitepapers Calling Party Spoofing Mechanisms and Mitigation Techniques as well as Developing Calling Party Spoofing Mitigation Techniques: ATIS’ Role.

Jim McEachern
Senior Technology Consultant, ATIS

###

About ATIS

As a leading technology and solutions development organization, the Alliance for Telecommunications Industry Solutions (ATIS) brings together the top global ICT companies to advance the industry’s most critical business priorities. ATIS’ 150 member companies are currently working to address 5G, the all-IP transition, network functions virtualization, big data analytics, cloud services, the ICT implications of Smart Cities, emergency services, M2M, cyber security, network evolution, quality of service, billing support, operations, and much more. These priorities follow a fast-track development lifecycle – from design and innovation through standards, specifications, requirements, business use cases, software toolkits, open source solutions, and interoperability testing.

ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of the oneM2M global initiative, a member of the International Telecommunication Union (ITU), as well as a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit www.atis.org.

About SIP Forum

The SIP Forum is an IP communications industry association that engages in numerous activities that promote and advance SIP-based technology, such as the development of industry recommendations, the SIPit, SIPconnect-IT and RTCWeb-it interoperability testing events, special workshops, educational seminars, and general promotion of SIP in the industry. The SIP Forum is also the producer of the annual SIPNOC conferences (for SIP Network Operators Conference), focused on the technical requirements of the service provider community. One of its notable technical activities is the development of the SIPconnect Technical Recommendation – a standards-based SIP trunking recommendation that provides detailed guidelines for direct IP peering and interoperability between IP PBXs and SIP-based service provider networks. Other important Forum initiatives include work in Fax-over-IP interoperability, User Agent Configuration, Video Relay Service interoperability, security, NNI, and SIP and IPv6. For more information, please visit: http://www.sipforum.org.

About Neustar

Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar (NYSE: NSR) isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. As one of the few companies capable of knowing with certainty who is on the other end of every interaction, we're trusted by the world's great brands to make critical decisions some 20 billion times a day. We help marketers send timely and relevant messages to the right people. Because we can authoritatively tell a client exactly who is calling or connecting with them, we make critical real-time responses possible. And the same comprehensive information that enables our clients to direct and manage orders also stops attackers. We know when someone isn't who they claim to be, which helps stop fraud and denial of service before they're a problem. Because we're also an experienced manager of some of the world's most complex databases, we help clients control their online identity, registering and protecting their domain name, and routing traffic to the correct network address. By linking the most essential information with the people who depend on it, we provide more than 12,000 clients worldwide with decisions—not just data. More information is available at www.neustar.biz.

Comments