Americans lost almost a billion dollars to fraud in 2017 with the preferred method for scammers being over the phone. The Internal Revenue Service (IRS) has maintained phone scams on their Annual “Dirty Dozen” list of top tax scams in 2018. Further, the average individual received 14.4 robocalls in May 2019 alone, that’s a whopping 4.7 billion robocalls in one month. This is an unprecedented high, well surpassing levels of dinner time nuisance into domains that seriously erode the value and trust in voice service and debilitates the infrastructure. The telephony industry across all access methods is worth several hundreds of billions of dollars and work continues in the industry to safeguard and secure voice services against cybercriminals.
In this webinar Daksha Bhasker would like to bring the attention of the cybersecurity community to the STIR/Shaken (Secure Telephony Identity Revisited/Signature-based handling of Asserted Information using tokens) framework that has been socialized by the robocall strike-force comprising of members across the telecommunications ecosystem in North America in partnership with several councils, forums, Standards bodies and organizations such as the IETF, ATIS, SIP Forum and 3GPP.
In this webinar Daksha Bhasker will provide an overview of the problem at hand, walk through the STIR/SHAKEN architecture, its components, and discuss security architecture considerations that will bolster the implementation. As international regulatory bodies move towards driving security measures against robocalling, this webinar will enable security professionals partner with voice engineering and operations teams where implementation maybe upcoming, be able to partner and support work underway by their telephony providers and be able to ask their suppliers and vendors pertinent security questions that will enable secure architectures and implementation of STIR/SHAKEN.
This question was asked during the webinar:
Legal or other differences between Robocalling to landline vs. cellular phones?
STIR/SHAKEN is a carrier solution that in concept, digitally signs calls that a carrier can verify the origination for, and the destination carrier then verifies the signature – it is essentially call origin verification. This verification will then allow a consumer to choose to ignore robocallers whose numbers do not come in with the call “attestation”. The solution applies to VoIP technology only, and can support both wired VoIP phones and mobile VoIP applications.
This question was asked during the webinar:
Is there secure channel between IBCF at either end? Can somebody hack this? Is there any validations done at the edge itself?
IBCFs are typically placed at the carrier edge, at peering points or NNIs. Peering points generally are highly secure facilities, and historically there have generally been “trust relationships” between carriers at these interconnections. However, as we see the security landscape evolve, we can expect carriers to assume appropriate security postures at these interconnection points as well.
This question was asked during the webinar:
Lot of networks in some of the countries still use PSTN and old devices and when these are used as intermediate networks, how do overcome security challenges?
This question was asked during the webinar:
How frequently are VOIP networks and PSTN network equipment upgraded related to security updates?