EPSRC Reference: |
EP/T014784/1 |
Title: |
End to End Authentication of Caller ID in Heterogeneous Telephony Systems |
Principal Investigator: |
Hao, Professor F |
Other Investigators: |
|
Researcher Co-Investigators: |
|
Project Partners: |
|
Department: |
Computer Science |
Organisation: |
University of Warwick |
Scheme: |
Standard Research |
Starts: |
05 January 2021 |
Ends: |
04 January 2025 |
Value (£): |
901,040
|
EPSRC Research Topic Classifications: |
Fundamentals of Computing |
Human-Computer Interactions |
Information & Knowledge Mgmt |
Networks & Distributed Systems |
Software Engineering |
|
|
EPSRC Industrial Sector Classifications: |
|
Related Grants: |
|
Panel History: |
Panel Date | Panel Name | Outcome |
03 Mar 2020
|
EPSRC ICT Prioritisation Panel March 2020
|
Announced
|
|
Summary on Grant Application Form |
Caller ID spoofing is a global unsolved problem in the telecommunication industry. This problem has affected billions of telephone users worldwide as an enabler for widespread fraud and social engineering attacks. It has also seriously disrupted public services that require reliable authentication of the caller (e.g., police or medical emergency calls). According to Ofcom, UK consumers receive 5 billion nuisance calls per annum across all networks in the UK. Caller ID spoofing is a common technique used by fraudsters and scammers to hide the identity and to avoid tracing.
The Internet Engineering Task Force (IETF) has formed a special working group to tackle this problem with a proposed solution called STIR/SHAKEN. The STIR/SHAKEN proposal is inspired by the HTTPS web communication and attempts to apply the same approach from web browsers to telephones. However, this proposal has two major drawbacks. First of all, it requires a Public Key infrastructure (PKI), which is expensive to set up and to maintain. Besides the cost and operational issues associated with a PKI, it remains unclear who should act as globally trusted certificate authorities (CAs). Second, STIR/SHAKEN is designed to only work with the SIP system (VoIP), leaving SS7 systems (landline and mobile phones) out of scope. This significantly limits the effectiveness of the proposed solution.
We propose to investigate alternative ways to achieve end-to-end authentication of caller IDs for both SIP and SS7 systems without requiring any PKI. Our main idea is to leverage the DTMF signalling in a call-back session as a trusted channel to send a short code to the purported caller, in conjunction with a password authenticated key exchange (PAKE) protocol to perform key exchange over a data channel to establish a shared high-entropy session key which is then used to authenticate the caller ID end-to-end. This proposed solution has been positively reviewed by our industrial partners. However, the feasibility of this proposal still needs to be further confirmed through research, prototyping, and a comprehensive evaluation of performance, security and usability in real-world telecommunication settings, which will be done in close collaboration with our industrial partners.
We divide the work into three main stages. The first stage (month 1-18) will focus on designing a caller ID authentication framework without a PKI. This includes the architectural designs (Work Package 1) based on PKI-free key exchange protocols, a one-round PAKE (WP 2) which can fit in the proposed framework with the minimised communication latency, and a user interface (WP 3) which can effectively communicate the caller ID authentication status to the end user. The second stage (month 19-36) will focus on building prototypes, which will cover both the SIP (WP 4.1) and SS7 (WP 4.2) systems. The final stage (months 37-48) will focus on the evaluation of the developed prototypes in terms of security, performance and usability.
|
Key Findings |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Potential use in non-academic contexts |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Impacts |
Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
Summary |
|
Date Materialised |
|
|
Sectors submitted by the Researcher |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Project URL: |
|
Further Information: |
|
Organisation Website: |
http://www.warwick.ac.uk |