Confs Space
Security Aug 9, 2019

PKI and SHAKEN STIR Will Fix Robocalls

DEF CON 27 Crypto and Privacy Village
DEF CON 27 Crypto and Privacy Village Conference Collection

There is a new ecosystem underway that will impact everyone, especially the irritated people in the U.S. who have received more than 48 billion robocalls last year. This new ecosystem will hopefully put an end to these annoying and fraudulent robocalls calls, which the Federal Communications Commission (FCC) estimates will constitute more than half of all phone calls placed in the U.S. this year. The FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile are behind a new, global technology standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. This new standard addresses the issue of commercial robocallers who are impersonating other callers and committing fraud via Caller ID.

Public key infrastructure (PKI) is the backbone of the SHAKEN/STIR global technology standard. In order for the entire ecosystem to work, it needs to be created with a trusted PKI system as the base, using digital signatures in every single call, which are verified and authenticated. SHAKEN/STIR uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. The way it works is each telephone service provider obtains its digital certificate from a certificate authority that is trusted by other telephone service providers. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed. In order to build this new ecosystem to facilitate stronger identities for each and every call generated, an effective PKI ecosystem must be implemented. Strong identities and controls will be needed to ensure call identities are trusted globally. PKI is the technology that will be used to identify and verify each phone call. SHAKEN/STIR will shift the identity details from the call originator to the trusted telephone company routing the call.

The industry – technology infrastructure, telecommunications, and government entities – needs to work together on a solution that will reduce fraud and put an end to robocalls. As this technology standard evolves and deployed, it is important to identify the security risks telecommunications companies will face and how enterprises can benefit from this work. Security will be required at every level of SHAKEN/STIR implementation.

BIO Mark B. Cooper is president and founder of PKI Solutions. He has deep knowledge in all things Public Key Infrastructure (PKI) and has been known as “The PKI Guy” since his early days at Microsoft. PKI Solutions Inc. provides consulting, training and software solutions for Microsoft PKI and related technologies for enterprises around the world. Prior to founding PKI Solutions, Cooper was a senior engineer at Microsoft, where he was a PKI and identity management subject matter expert who designed, implemented and supported Active Directory Certificate Services (ADCS) environments for Microsoft’s largest customers.

#DEFCON #Hacking #Crypto #Privacy #Security #Infosec #Village