STIR/SHAKEN, a communications security framework, was introduced in response to growing concerns over the prevalence and effects of unsolicited calls on telecommunications networks. It has been estimated that between 3 and 5 billion “robocalls” are made each month – and that over 40% of these communications are somehow related to fraud.
To assist them in their efforts at gaining access to valuable information or financial assets, criminal actors will often resort to a technique known as spoofing. Here, they kuwait telegram use various methods to alter the apparent origin of their outbound phone calls, hoping to fool the recipient into answering what they think is a call that comes from a known location, individual, or institution.
At the milder end of the scale, such deception can assist the perpetrator in gaining a ready ear for an advertising pitch or information gathering survey. In more severe cases, spoofing can be used by fraudsters and criminals for tricking call recipients into releasing funds, or divulging sensitive data.
The Federal Communications Commission (FCC) has been advocating initiatives to curtail this sort of activity since 2014. In response, the telecommunications industry has developed the communications security framework and technology standard known as STIR/SHAKEN.
In fact, as of June 30, 2021, the FCC has adopted rules requiring telco service providers to deploy a STIR/SHAKEN solution – so it’s definitely something worth knowing about.
STIR/SHAKEN is a combined acronym. The STIR portion is derived from the first letters of Secure Telephony Identity Revisited and provides a statement of intent for what the technology framework has been created to address.
SHAKEN is a construct taken from the phrase Secure Handling of Asserted information using toKENs. This points to the digital methodology used in managing communications data, under the STIR/SHAKEN protocol.
Beyond the lettering, STIR is actually a working group within an internet standards body known as the IETF (the Internet Engineering Task Force). This organization has developed a set of protocols used in creating digital signatures for telephone calls. SHAKEN encompasses the standards governing how STIR should be deployed by telecommunication service providers within their networks. It was formally developed by the Alliance for Telecommunications Industry Solutions (ATIS), and is accredited by the American National Standards Institute (ANSI).
Basic Principles of STIR/SHAKEN
The STIR Working Group has a charter mandating it to define mechanisms that allow the verification of a calling party’s authorization to use a particular telephone number.
To achieve this, the STIR/SHAKEN framework makes use of digital certificates, to guarantee the security of the originating number for a phone call. These certificates are based on the techniques of common public key cryptography, under which each service provider must acquire a digital certificate from a certificate authority that is trusted by other telephone service providers.
In essence, the cryptographic certificate technology enables the party receiving a call to verify that the calling number is accurate, and has not been spoofed. In a STIR/SHAKEN call, the originating service provider will sign (or attest) to their relationship with the caller, and their right to use the calling number.
Within the Session Initiation Protocol (SIP) of a digital voice communication, STIR provides the ability to authenticate the caller ID. The SHAKEN protocol defines the end-to-end architecture required to implement caller ID authentication using STIR in the telephone network.