Page 183 - ITU Kaleidoscope 2016
P. 183
TOWARD AUTHENTICATED CALLER ID TRANSMISSION: THE NEED FOR A
STANDARDIZED AUTHENTICATION SCHEME IN Q.731.3 CALLING LINE
IDENTIFICATION PRESENTATION
Huahong Tu, Adam Doup´ e, Ziming Zhao, and Gail-Joon Ahn
Arizona State University
{tu, doupe, zzhao30, gahn}@asu.edu
ABSTRACT Despite various efforts to reduce telephone spam, scam and
The rising prevalence of phone fraud is hurting consumers robocalls, complaints on illegal calls has been making record
and businesses. With about a half million reports each year numbers in recent years. According to a recent US govern-
in the United States, phone fraud complaints have more than ment report, the number of phone fraud complaints in the
doubled since 2013. In the current calling line identifica- US more than doubled in just a matter of two years from
tion presentation scheme, the caller ID is trivially spoofed. 2013 to 2015 [1]. The rise of phone scam is troubling, as bil-
Scammers are using spoofed caller IDs to trick their victims lions are lost to phone scams each year [7]. In the US, more
into answering unwanted calls and further a variety of scams. than 75% of the reported fraud and identity theft attempts are
To provide a solution to this problem, this paper proposes made over the phone [1]. Today, the US government receives
an authentication scheme that provides the possibility of a about 200,000 robocall complaints every month, and the total
security indicator for the current Q.731.3 calling line iden- number of reported complaints on illegal calls totaled more
tification presentation supplementary service. The goal of than 3.5 million in 2015 [8].
this proposal is to help prevent users from falling victim to Clearly, all these countermeasures have so far failed at re-
phone impersonation scams, as well as provide a foundation ducing the growth of telephone spam. According to a recent
for future defenses to stop unwanted calls based on the caller research [9], illegal callers today have access to various tech-
ID information. This work will help to guide the future de- nologies aimed at circumventing call blockers and prevent-
velopment of a standardized scheme in authenticating SS7 ing identification. Among them, a practice known as caller
identities. ID spoofing is particularly effective at defeating call block-
ers, avoiding identification, and further a variety of scams.
Keywords— Caller ID, calling line identification, spoofing,
fraud, scam, authentication, verification, standardization To show an example of how caller ID spoofing is used in
phone scams, one type of phone fraud that occurs frequently
is the credit card verification scam, where the spammer
1. INTRODUCTION
spoofs the caller ID of a bank, and uses audio recorded di-
rectly from the credit card issuer to scam his recipients. The
With the introduction of IP access to the Public Switched
audio recording tells the recipients that their credit cards
Telephone Network (PSTN), today the PSTN is rife with
have been suspected of fraud, and is in need of verifying
telephone spam, namely voice, voicemail, and SMS spam.
their personal information to reactivate their account. Of
Voice phishing, vishing, or phone fraud is a significant and
course, the true motive of this scam is to steal the recipients’
rapidly growing problem in many countries, including the
credit card and personal information.
US [1] and UK [2].
To deal with this issue, governments, including the US [3] Furthermore, caller ID spoofing can also frame true owners
and UK [4], have enacted laws to restrict most forms of of spoofed caller IDs with illegal behavior. When a mali-
unwanted telephone calls. Furthermore, some governments cious caller spoofs a known number to commit crimes, such
have established regulatory agencies and telephone num- as making scam calls or illegal purchase orders, or deceiving
ber registries that allow consumers to explicitly opt out of police into raiding a compound [10], true owners of spoofed
unwanted calls [5,6]. caller IDs often end up questioned by law enforcement, and
receive unfriendly calls for wrongdoings that have nothing to
In addition to government efforts, there are also consumer
do with them.
and business products that are made to defend against un-
wanted calls. In the consumer market, there are physical call- The telephone number in North America and many other re-
blocking devices for landline telephones, and various smart- gions follows a numbering format that identifies the region
phone apps, that can block unwanted calls from offending code, central office code, and subscriber number [11]. If the
caller IDs. Among business and network operators, there is a telephone number is spoofed, law enforcement would lose
also supplementary network feature known as MCID (Mali- key information that could identify and locate the offender.
cious Call Identification) that allows the destination operator As most telephone spam defenses today (including law en-
to request identification of the offending calling party. forcement) rely on user feedbacks, caller ID spoofing has
978-92-61-20431-0/CFP1668P-ART © 2016 ITU – 165 – Kaleidoscope