STIR/SHAKEN is a framework developed to combat caller ID spoofing and enhance the security and trustworthiness of voice communication over public telephone networks. Think of it like an SSL certificate (used on web domains) but for your phone numbers.
STIR: Secure Telephone Identity Revisited.
SHAKEN: Signature-based Handling of Asserted information using toKENs.
The main goal of STIR/SHAKEN is to verify that the caller ID information (the number that appears when you receive a call) is accurate and has not been spoofed, meaning it hasn't been altered to appear as though the call is coming from a different number.
When a call is initiated, the originating service provider verifies the caller's identity and assigns an attestation level to the call.
Attestation Levels:
The originating service provider creates a SIP (Session Initiation Protocol) header containing the attestation level and a digital signature. This information is encoded in a secure token and attached to the call as it is transmitted over the network.
The call travels through various networks and reaches the terminating service provider (the recipient's service provider).
The terminating service provider verifies the digital signature in the SIP header. It checks if the signature matches the caller ID and that it has not been tampered with during transit. The service provider can decide whether to allow, block, or flag the call based on the verification results.
Improved Call Authenticity
Ensures that the caller ID information is legitimate and trustworthy.
Reduction in Spoofing
Helps to significantly reduce instances of malicious caller ID spoofing.
Enhanced Consumer Trust
Increases consumer confidence in the calls they receive, as they are more likely to trust the caller ID information.
Implementation Costs
Service providers need to invest in upgrading their infrastructure to support STIR/SHAKEN.
International Calls
The framework is primarily designed for domestic calls within countries that adopt it, making international call verification more complex.
Robocalls
While STIR/SHAKEN helps with caller ID spoofing, it is only one part of a broader effort needed to combat robocalls.
In the United States, the Federal Communications Commission (FCC) has mandated the implementation of STIR/SHAKEN for all voice service providers to help reduce illegal robocalls and caller ID spoofing.
STIR/SHAKEN relies on existing internet protocols (SIP) and public key infrastructure (PKI) to ensure the security and integrity of caller ID information.
The framework involves multiple standards and guidelines developed by industry groups such as the Internet Engineering Task Force (IETF) and the Alliance for Telecommunications Industry Solutions (ATIS).
STIR/SHAKEN represents a significant step forward in the fight against caller ID spoofing and illegal robocalls. By providing a standardized way to verify the authenticity of caller ID information, it helps to restore trust in voice communications and protect consumers from fraudulent and malicious activities.