Spoofing Against Spoofing: Towards Caller ID Verification In Heterogeneous Telecommunication Systems

Caller ID spoofing is a global industry problem and often acts as a critical enabler for telephone fraud. To address this problem, the Federal Communications Commission (FCC) has mandated telecom providers in the US to implement STIR/SHAKEN, an industry-driven solution based on digital signatures. STIR/SHAKEN relies on a public key infrastructure (PKI) to manage digital certificates, but scaling up this PKI for the global telecom industry is extremely difficult, if not impossible. Furthermore, it only works with IP-based systems (e.g., SIP), leaving the traditional non-IP systems (e.g., SS7) unprotected. So far the alternatives to the STIR/SHAKEN have not been sufficiently studied. In this paper, we propose a PKI-free solution, called Caller ID Verification (CIV). CIV authenticates the caller ID based on a challenge-response process instead of digital signatures, hence requiring no PKI. It supports both IP and non-IP systems. Perhaps counter-intuitively, we show that number spoofing can be leveraged, in conjunction with Dual-Tone Multi-Frequency (DTMF), to efficiently implement the challenge-response process, i.e., using spoofing to fight against spoofing. We implement CIV for VoIP, cellular, and landline phones across heterogeneous networks (SS7/SIP) by only updating the software on the user's phone. This is the first caller ID authentication solution with working prototypes for all three types of telephone systems in the current telecom architecture. Finally, we show how the implementation of CIV can be optimized by integrating it into telecom clouds as a service, which users may subscribe to.Comment: 25 pages, 12 figures, 2 table

Convergence: the next big step

Recently, web based multimedia services have gained popularity and have proven themselves to be viable means of communication. This has inspired the telecommunication service providers and network operators to reinvent themselves to try and provide value added IP centric services. There was need for a system which would allow new services to be introduced rapidly with reduced capital expense (CAPEX) and operational expense (OPEX) through increased efficiency in network utilization. Various organizations and standardization agencies have been working together to establish such a system. Internet Protocol Multimedia Subsystem (IMS) is a result of these efforts. IMS is an application level system. It is being developed by 3GPP (3rd Generation Partnership Project) and 3GPP2 (3rd Generation Partnership Project 2) in collaboration with IETF (Internet Engineering Task Force), ITU-T (International Telecommunication Union – Telecommunication Standardization Sector), and ETSI (European Telecommunications Standards Institute) etc. Initially, the main aim of IMS was to bring together the internet and the cellular world, but it has extended to include traditional wire line telecommunication systems as well. It utilizes existing internet protocols such as SIP (Session Initiation Protocol), AAA (Authentication, Authorization and Accounting protocol), and COPS (Common Open Policy Service) etc, and modifies them to meet the stringent requirements of reliable, real time communication systems. The advantages of IMS include easy service quality management (QoS), mobility management, service control and integration. At present a lot of attention is being paid to providing bundled up services in the home environment. Service providers have been successful in providing traditional telephony, high speed internet and cable services in a single package. But there is very little integration among these services. IMS can provide a way to integrate them as well as extend the possibility of various other services to be added to allow increased automation in the home environment. This thesis extends the concept of IMS to provide convergence and facilitate internetworking of the various bundled services available in the home environment; this may include but is not limited to communications (wired and wireless), entertainment, security etc. In this thesis, I present a converged home environment which has a number of elements providing a variety of communication and entertainment services. The proposed network would allow effective interworking of these elements, based on IMS architecture. My aim is to depict the possible advantages of using IMS to provide convergence, automation and integration at the residential level

Softswitch Design and Performance Analysis

The increasing number of subscribers’ demands in telecommunication sector has motivated the operators to provide high quality of service in cost effective way. Moreover, operators need to have an open structure system so that they can move their systems to the next generation network architecture. For this purpose, Softswitch is an appropriate technology because it is a safe and cost efficient solution and though it can migrate from traditional circuit-switching based telephone system to internet protocol packet-switching based networking. Softswitch network divides the logical switch into several parts with different functions such as signaling gateway, media gateway, media server, etc. Standard communication protocols are implemented between those parts. Softswitch is software-based system to make connection between devices, and moreover to control voice calls, data and routes calls through different entities of the networks. Softswitch supports management functions such as provisioning, fault handling and reporting, billing, operational support, etc. Softswitch suitable for all types of traffic and services so it is very demanding in the competitive world of mobile operators. In this thesis, Softswitch has been studied and analyzed in details. Softswitch network consisted of different integrated modules such as transportation, calling and signaling, service application and management. Each module provides different services such as call control, routing, billing and network management. Each module is discussed from functional and service point of views. Softswitch based wireless network architecture as well as variety of service solutions is presented. Different protocol interfaces in softswitch network such as signaling system number 7 are explained. Moreover, bearer calls, independent call control protocol, gateway control protocol, IP bearer control protocol are explained as well. Variety of softswitch network architectures analysis has been done based on their performance and the applicability. Three Softswitch network architectures are proposed which are validated through simulations.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Performance analysis and deployment of VoLTE mechanisms over 3GPP LTE-based networks

Long Term Evolution based networks lack native support for Circuit Switched (CS) services. The Evolved Packet System (EPS) which includes the Evolved UMTS Terrestrial Radio Access Network (E-UTRAN) and Evolved Packet Core (EPC) is a purely all-IP packet system. This introduces the problem of how to provide voice call support when a user is within an LTE network and how to ensure voice service continuity when the user moves out of LTE coverage area. Different technologies have been proposed for the purpose of providing a voice to LTE users and to ensure the service continues outside LTE networks. The aim of this paper is to analyze and evaluate the overall performance of these technologies along with Single Radio Voice Call Continuity (SRVCC) Inter-RAT handover to Universal Terrestrial Radio Access Networks/ GSM-EDGE radio access Networks (UTRAN/GERAN). The possible solutions for providing voice call and service continuity over LTE-based networks are Circuit Switched Fall Back (CSFB), Voice over LTE via Generic Access (VoLGA), Voice over LTE (VoLTE) based on IMS/MMTel with SRVCC and Over The Top (OTT) services like Skype. This paper focuses mainly on the 3GPP standard solutions to implement voice over LTE. The paper compares various aspects of these solutions and suggests a possible roadmap that mobile operators can adopt to provide seamless voice over LTE

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

From mashups to telco mashups: A survey

Given their increasing popularity and novel requirements and characteristics, telco mashups deserve an analysis that goes beyond what's available for mashups in general. Here, the authors cluster telco services into different types, analyze their features, derive a telco mashup reference architecture, and survey how well existing mashup tools can respond to these mashups' novel needs. © 2012 IEEE

Spoofing Against Spoofing: Towards Caller ID Verification In Heterogeneous Telecommunication Systems

Caller ID spoofing is a global industry problem and often acts as a critical enabler for telephone fraud. To address this problem, the Federal Communications Commission (FCC) has mandated telecom providers in the US to implement STIR/SHAKEN, an industry-driven solution based on digital signatures. STIR/SHAKEN relies on a public key infrastructure (PKI) to manage digital certificates, but scaling up this PKI for the global telecom industry is extremely difficult, if not impossible. Furthermore, it only works with IP-based systems (e.g., SIP), leaving the traditional non-IP systems (e.g., SS7) unprotected. So far the alternatives to the STIR/SHAKEN have not been sufficiently studied. In this paper, we propose a PKI-free solution, called Caller ID Verification (CIV). CIV authenticates the caller ID based on a challenge-response process instead of digital signatures, hence requiring no PKI. It supports both IP and non-IP systems. Perhaps counter-intuitively, we show that number spoofing can be leveraged, in conjunction with Dual-Tone Multi-Frequency (DTMF), to efficiently implement the challenge-response process, i.e., using spoofing to fight against spoofing. We implement CIV for VoIP, cellular, and landline phones across heterogeneous networks (SS7/SIP) by only updating the software on the user’s phone. This is the first caller ID authentication solution with working prototypes for all three types of telephone systems in the current telecom architecture. Finally, we show how the implementation of CIV can be optimized by integrating it into telecom clouds as a service, which users may subscribe to