Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation

Sheoran, Amit; Fahmy, Sonia; Peng, Chunyi; Modi, Navin

doi:10.1109/infocom.2019.8737567

Cited by 7 publications

(15 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [31], a network-assisted caller-ID authentication solution was proposed to validate the caller-ID information used during call setup, but is only applicable to 4G (Fourth-Generation) networks and not able to prevent caller-ID spoofing initiated via VoIP.…”

Section: B Evaluation Of Academic Solutions For Caller-id Spoofingmentioning

confidence: 99%

Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks

Tas,

Baktir

2024

IEEE Access

View full text Add to dashboard Cite

Voice over Internet Protocol (VoIP) networks are vulnerable to caller-ID (calleridentification) spoofing attacks due to the open nature of Session Initiation Protocol (SIP) signaling. Caller-ID spoofing is a critical security threat in modern telecommunication systems, allowing attackers to impersonate legitimate callers and gain access to sensitive information. While these attacks pose a significant threat to the telecom and financial industries, the existing solutions are limited to only closedcircuit options for subscribers of the same service provider. In this paper, we present a novel blockchainbased solution to effectively prevent caller-ID spoofing attacks in real time. Our approach employs a lowlatency consensus algorithm to manage and verify end-to-end the caller-ID information of Internet Service Providers (ISPs) and institutions. We propose a two-step verification process, in which the accuracy and integrity of Automatic Number Identification (ANI) information is verified at different stages of the call. The proposed solution initiates a renewal of the ISP registration on every caller-ID change, making it unaffected by unusual situations such as roaming, the use of an IP-PBX (Internet Protocol Private Branch Exchange), or the use of a VPN (Virtual Private Network). We also discuss the proposed solution's feasibility and potential deployment issues, including its integration into existing RFC (Request for Comments) efforts and the necessary regulations for service providers to demonstrate compliance. Furthermore, we address future research directions, such as handling complex call scenarios such as call forwarding and teleconference calls. Our approach not only improves the security of telecommunication systems but also provides an efficient and scalable solution to prevent caller-ID spoofing attacks.

show abstract

Section: B Evaluation Of Academic Solutions For Caller-id Spoofingmentioning

confidence: 99%

Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks

Tas,

Baktir

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…With assisted network solutions, the callee can communicate with a GW, and the GW can communicate with PBX [22] and/or with the IP Multimedia Subsystem (IMS) [9]. These solutions have several flaws.…”

Section: Related Workmentioning

confidence: 99%

“…The outcomes of the fake CID name are identified after the communication. It may cause significant loss of valuable material and/or the leaking of private information [9]. It was difficult to identify fake CID because there is no standard unique identification, such as a MAC address on a LAN network to identify CID.…”

Section: Introductionmentioning

confidence: 99%

“…In the network solutions category, which are the iVisher system [22] and Network ASsisted CID authentication (NASCENT) system [9], these mechanisms need GateWay(GW) to be upgraded to enable communication between GW and the IP Multimedia Subsystem (IMS) or Private Branch eXchange (PBX) [22], [9]. The upgraded GW needs to be programmable to insert a code that can analyze the packets and return new calls/messages to PBX/IMS.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Enhancement of SIP Protocol in VoIP Communication

Lema,

Simba,

Mushi

2023

JICTS

View full text Add to dashboard Cite

In Voice over IP (VoIP) systems, calls are started, maintained, and ended using the Session Initiation Protocol (SIP). One of the SIP flaws is the lack of enough data to validate users, and its contents can be changed to fake the Caller Identification (CID). Fake CID can be used by hackers to trick receivers and obtain valuable materials. Existing solutions have a number of faults, including the use of more network resources, the use of insufficient data to identify fake CID, and high call setup delay for caller and callee during the validation process. This work presents an algorithm to enhance SIP protocol security to mitigate the flaws of the previous solutions that are used to address CID spoofing. By using the Media Access Control (MAC) address, the algorithm can validate the CID and warn the callee for the fake CID. The algorithm was developed and tested by using Mininet, Python based open source OpenFlow (POX) controller, SIPp simulator, Linphone softphone, and freePBX. All faked CID were detected and receivers were alerted on the linphone screen. Session setup delay obtained are within the 15.1 ms to 27.3 ms, which are within the acceptable Quality of Service (QoS) ranges.

show abstract

“…Both the increase of robocalls and limited robocall prevention have prompted research to understand the threats [11], [12], [13] and solutions from heuristics to cryptography [14]. Solutions include using Caller ID (assuming no spoofing), black or whitelisting [15], call back verification [16], content and audio analysis [17], [18], chatbots [19], provider-based solutions (e.g., SHAKEN/STIR [20], Authenticated Caller ID [21], [22]), end-to-end solutions (e.g., AuthentiCall [23], [24]), and mobile applications that implement some of these solutions. This work investigates the use of mobile applications and evaluates the warning designs being used to alert users of incoming robocalls.…”

Section: Introductionmentioning

confidence: 99%

Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators

Sherman

Bowers

McNamara³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Robocalls are inundating phone users. These automated calls allow for attackers to reach massive audiences with scams ranging from credential hijacking to unnecessary IT support in a largely untraceable fashion. In response, many applications have been developed to alert mobile phone users of incoming robocalls. However, how well these applications communicate risk with their users is not well understood. In this paper, we identify common real-time security indicators used in the most popular anti-robocall applications. Using focus groups and user testing, we first identify which of these indicators most effectively alert users of danger. We then demonstrate that the most powerful indicators can reduce the likelihood that users will answer such calls by as much as 43%. Unfortunately, our evaluation also shows that attackers can eliminate the gains provided by such indicators using a small amount of targetspecific information (e.g., a known phone number). In so doing, we demonstrate that anti-robocall indicators could benefit from significantly increased attention from the research community.

show abstract

Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation

Cited by 7 publications

References 10 publications

Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks

Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks

Security Enhancement of SIP Protocol in VoIP Communication

Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators

Contact Info

Product

Resources

About