Why Call Spoofing Will Not Be Stopped by Digital Signatures
I am Nadejda Papernaia, CEO of the AB Handshake Corporation, and I wanted to introduce myself so we can all talk plainly about the problem of caller ID spoofing and the solutions to it. The AB Handshake is the chief rival to the STIR/SHAKEN protocols that are being implemented by some networks in the USA, and while I have great respect for the technicians behind those protocols, I wouldn’t expect them to be my best advocates. I’m grateful to Commsrisk for this opportunity to speak about another article published recently, called “A Defense of STIR/SHAKEN”.
I don’t know Jim McEachern personally, but I do know he is a respected expert in the governance of SHAKEN, the part of the US approach where a national authority decides which networks are authorized to use their anti-spoofing method. Unfortunately, in his “Defense of STIR/SHAKEN” he made some claims about alternatives to his preferred solution that are not correct, and I need to respond because the AB Handshake is the leading alternative. Even this is imprecise, because I believe Jim was thinking of some theoretical approaches that have not been implemented in practice, and also he may have been thinking of alternatives that his own organization, ATIS, wants to develop to fill the gaps in how STIR/SHAKEN works. The AB Handshake is the only actual alternative available today, so instead of talking about the assumed weaknesses of theoretical methods I want to clarify the reality of the AB Handshake.
The first and most important point is that Jim assumed all anti-spoofing solutions must link each call to a digital signature, as happens with STIR/SHAKEN. The AB Handshake does not. This is the most essential advantage of the AB Handshake. Using a signature is a design decision, and I understand the technical reasons for making this decision, but I also believe the people behind STIR/SHAKEN made the wrong choice. Creating and managing unique signatures must greatly increase the cost and complexity of the technology. The AB Handshake avoids that headache by using a direct real-time out-of-band confirmation so the A and B networks validate the origin and destination of each call as it is being set up. This is why our lean, clean technique does not involve all the complexity that Jim said is necessary.
Networks that implement the AB Handshake use commodity servers as call registries that record basic information about every call the network makes and receives. There is a real-time comparison between A-party and B-party registries when each new record is written. This comparison is performed using out-of-band messages. Any discrepancy will be obvious, without needing to link signatures to calls. Jim argued that communicating the signature within SIP signals must be less complex than any out-of-band method for communicating signatures. This explains why the USA accepted the key limitation of STIR/SHAKEN, which only works for calls where IP networks carry SIP signals from end to end. However, Jim is wrong to believe that carrying the signature within SIP signals is the simplest method. The AB Handshake is an out-of-band technique which is even simpler because it does not involve the exchange of signatures.
Even the supporters of STIR/SHAKEN acknowledge that spoofing will not be stopped by a solution which only works on IP networks. Fraudulent calls can originate anywhere and there are a lot of non-IP networks in the world. The USA still has many, which is why Jim mentioned the work that he and his colleagues are doing to develop out-of-band alternatives to STIR/SHAKEN. They are working on ensuring the interoperability of signatures between in-band and out-of-band solutions because they don’t want to undermine the large investment that vendors and networks have already made in STIR/SHAKEN. However, there would be no need to expend so much effort on the interoperable transfer of signatures if it was no longer assumed that networks must convey signatures. An out-of-band solution that does not rely on signatures would eliminate all of the complexity that Jim is worried about, and would work universally. The AB Handshake is that solution.
To be fair to Jim, he did not describe STIR/SHAKEN as a solution. I understand his point of view because the STIR/SHAKEN protocols were designed to add one new spoofing mitigation tool to the many tools already used in the USA. I know this first-hand as an AT&T customer, and from all the consumer advice that tells me to create my own blocklists for unwanted calls. Jim says it is not possible to create a solution, but we differ on this point. The AB Handshake was designed to solve the problem of CLI manipulation and prevent the worst kinds of voice frauds. It puts an end to short stopping, call stretching, interconnect bypass, PBX hacking and a variety of frauds that hurt operators. This makes the AB Handshake attractive to a much wider range of networks across every country.
The US has taken a path which reflects the strong emotions of politicians and voters upset by robocalls. The FCC, the US telecommunications regulator, was right to take action, but was misinformed by sections of the industry. They were given the impression they had a national problem which could be addressed without securing international cooperation. Many recognized this was wrong. Even during the US election there were robocalls that instructed voters to stay home, with the USTelecom Industry Traceback Group saying they originated in Europe. Fraud solutions must have an international aspect because so many fraudulent calls are international.
Focusing on the specific priorities of the USA meant overlooking the needs of other parties who are vital to the global telecommunications ecosystem, such as international wholesale carriers. It also meant too little consideration was given to developing a solution that would be affordable for every operator. The upfront investment in STIR/SHAKEN is high, even before consideration is given to the cost of upgrading from TDM to IP networks. A universal solution has a chance to succeed if it meets everyone’s requirements at a price they can all afford.
As much as I dislike the robocalls that I receive, I cannot expect an operator on the far side of the planet to be motivated to spend money on a tool designed to save me from bogus calls in Miami. The AB Handshake does not require any updates to the network and does not change any existing protocols. Operators choose to implement the AB Handshake because it is in their own interests to do so. That is why it will succeed. Nothing stops networks from also implementing STIR/SHAKEN if they would like, or if their government tells them to, but given the relative cost and speed of implementation, any operator with a free choice will implement the AB Handshake first. That is why I want to be clear about the differences between the AB Handshake and the signature-driven alternatives that Jim wrote about, as they all place too much emphasis on interoperability with STIR/SHAKEN and not enough emphasis on solving all the real problems that networks and consumers face.
The internet has changed many things, and it is because of the internet that spoofing of phone numbers is now so common. I can understand why people might attempt to use internet technologies to fix problems created by internet technologies. However, voice networks have one feature that makes them special when compared to the way the internet works in general. All voice networks were designed with the knowledge that an operator would actively handle the call at each end, at the same time. Digital signatures are a good security solution if the recipient of a message wants to be able to authenticate it long after it was sent. They are overkill for voice calls because voice communications must be two-way and real-time, and this is why the AB Handshake has the A-party and B-party networks performing their authentication process in parallel to the set-up of the voice call. Direct communication means there is no need to create, transmit or store signatures. The technology of the AB Handshake mirrors the long-established technology of voice networks, including the use of the E164 standard to look up the servers used for each network’s call registry. That makes the AB Handshake safe and effective without needing to be so complicated.
Jim closed his argument by admitting STIR/SHAKEN is imperfect and arguing our global telecommunications industry should work to extend and improve it. I politely disagree. Why should every network in the world pour money and effort into building on those foundations when there is a radically simpler design that will already work for everyone? That is why I have confidence that every operator will adopt the AB Handshake before long. It solves a real problem in the lightest, most elegant way possible. The technology is straightforward, robust and proven. The AB Handshake is real. The only thing which may prevent its success is confusion about how it works and why it is the simplest way to prevent the manipulation of CLIs. You can come direct to me to hear how to stop spoofing, and I will be glad to answer any questions you have. Just don’t be upset if you’re calling from Miami and I hesitate before I pick up.