Robocall and fake caller-id detection

Similar documents
Secure web proxy resistant to probing attacks

Control of jitter buffer size using machine learning

Disabling facial unlocking using facial expression

Basic Concepts in Intrusion Detection

Shaken 101: Mitigating Illegal Robocalling and Caller ID Scams Webinar

Synchronizing Media Content In A Shared Virtual Reality Environment

Allstream NGNSIP Security Recommendations

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

B.Eng. (Hons.) Telecommunications. Examinations for / Semester 1

Artificial Intelligence Powered Brand Identification and Attribution for On Screen Content

Displaying web pages within a software keyboard

atl IP Telephone SIP Compatibility

AuthentiCall: Efficient Identity and Content Authentication for

Machine-Powered Learning for People-Centered Security

BT SIP Trunk Configuration Guide

Voice activated spell-check

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

A Plan For Robocalls: Robosmelter

Domain name system black list false reporting attack

Request for Comments: 5079 Category: Standards Track December Rejecting Anonymous Requests in the Session Initiation Protocol (SIP)

Behavior-Triggered Answer Reconfirmation for Spam Detection in Online Surveys

Improving Newsletter Delivery with Certified Opt-In An Executive White Paper

Handwriting recognition for IDEs with Unicode support

Automatic information protection when device camera is operated by secondary user

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS32 Version 1.5) VozTelecom SIP Trunk service with Built-in Router

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Overview of the Session Initiation Protocol

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS824 Version 1.5) Netia SIP Trunk service with External Router

January 14, Dear Commissioner Rosenworcel:

Hashing technique to optimally balance load within switching networks

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS32 Version 1.5) Peoplefone SIP Trunk service with External Router

REDUCING GRANULARITY OF BROWSER FINGERPRINTING TECHNIQUES

Service Provider PAT Port Allocation Enhancement for RTP and RTCP

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

SMART LIVE CHAT LIMITER

The Telephony Denial of Service (TDoS) Threat

ABC SBC: Secure Peering. FRAFOS GmbH

Multimedia networking: outline

TELEPHONE PREFERENCE SERVICE: The launch of TPS Protect and the future of Nuisance Call Management.

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

let your network blossom Orchid One Security Features

Real-Time Control Protocol (RTCP)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

USING CAPTCHAs TO MITIGATE THE VoIP SPAM PROBLEM

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

SECURITY SOLUTION FOR KUBERNETES USING CLOUD-NATIVE VIRTUAL NETWORK FUNCTIONS

Notification Features For Digital Content In A Mobile-Optimized Format

CHAIRMAN PAI CALLS ON INDUSTRY TO ADOPT ANTI-SPOOFING PROTOCOLS TO HELP CONSUMERS COMBAT SCAM ROBOCALLS

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

CHAPTER 2 LITERATURE REVIEW

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California


Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Marshal s Defense-in-Depth Anti-Spam Engine

A common issue that affects the QoS of packetized audio is jitter. Voice data requires a constant packet interarrival rate at receivers to convert

NGN: Carriers and Vendors Must Take Security Seriously

Technical Disclosure Commons

ABSTRACT. that it avoids the tolls charged by ordinary telephone service

Phishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO

STIR and SHAKEN Framework Overview. IIT Real-Time Conference 2016 Chris Wendt

Navigation of blogs related by a tag

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS824 Version 1.5) LCR SIP Trunk service with Built-in Router

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

A Review Paper on Voice over Internet Protocol (VoIP)

Response of Microsoft Corporation to Ofcom s consultation document. Guidelines for CLI Facilities. 14 November 2017

SIP TRUNKING CARRIER CERTIFICATION OXE-SIP configuration

Group Targeting for Video Ads Based on Location Context

Automatic event scheduling based on weather conditions

Handling unwanted . What are the main sources of junk ?

The Spoofing/Authentication Threat

Secure Telephony Enabled Middle-box (STEM)

Technical Disclosure Commons

Context based automatic responses

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

DETECTION OF POSITION FIXED CONTENT ITEM SLOTS AND CONTROL OF CONTENT DISPLAYED THEREIN

Binarytech Digital Education Karta Allahabad ( Notes)

Security Protection

Short Codes - Social and Public Services. Web Portal. Please visit our website at

Conversion of a 3D scene into video

The Session Initiation Protocol

Replay Real World Network Conditions To Test Cellular Switching

CUCM XO SIP Trunk Configuration Guide

ShoreTel with SIParator version 12.2

Analysis of cells within a spreadsheet

Symantec Protection Suite Add-On for Hosted Security

SV9100 SIP Trunking Service Configuration Guide for Cable ONE Business

IronPort C100 for Small and Medium Businesses

Phishing: When is the Enemy

This guide assists users to configure the Allworx VoIP Phone System and XO SIP Services.

Application Notes for Avaya IP Office Release 8.0 with AT&T Business in a Box (BIB) over IP Flexible Reach Service Issue 1.0

TELEPHONE FEATURES GUIDE Updated August 2018

Application Notes for Configuring SIP Trunking between TelePacific SmartVoice SIP Connect and an Avaya IP Office Telephony Solution 1.

Geo-Restricted In-Video Annotations

[MS-RTPRAD]: Real-Time Transport Protocol (RTP/RTCP): Redundant Audio Data Extensions

Prediction and Selection of Sequence of Actions Related to Voice Activated Computing Systems

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Anti-Spoofing. Inbound SPF Settings

Electronic Network Acceptable Use Policy

Cisco Unified Communications Manager Trunk Types

SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions Used by CM-IMP. XMPP (extensible Messaging and Presence Protocol) Used by CM-IMP

Transcription:

Technical Disclosure Commons Defensive Publications Series December 01, 2017 Robocall and fake caller-id detection Junda Liu Naveen Kalla Shi Lu Follow this and additional works at: http://www.tdcommons.org/dpubs_series Recommended Citation Liu, Junda; Kalla, Naveen; and Lu, Shi, "Robocall and fake caller-id detection", Technical Disclosure Commons, (December 01, 2017) This work is licensed under a Creative Commons Attribution 4.0 License. This Article is brought to you for free and open access by Technical Disclosure Commons. It has been accepted for inclusion in Defensive Publications Series by an authorized administrator of Technical Disclosure Commons.

Liu et al.: Robocall and fake caller-id detection Robocall and fake caller-id detection ABSTRACT Spam phone calls are a source of user unhappiness, and a tool for unscrupulous operators to prey on vulnerable individuals. Spam callers use increasingly sophisticated methods, e.g., disguising a call with a fake caller-id, such that a receiver of the call is given an impression that someone from their contact list is calling. Robocalls, wherein an automated program originates phone calls that targets individuals, e.g., for unsolicited sales or other purposes are a source of annoyance for phone users. One approach to eliminate such calls is to require authentication by a call originating party. However, spam or robocallers are unlikely to identify themselves as such. Techniques described herein utilize signaling messages of a phone call to serve as a signature or fingerprint for the phone call. Legitimate phone calls have distinct signatures, while spam-calls, robocalls, and calls with fake caller-id have their own distinct pattern. This difference is leveraged to detect and thwart unwanted calls. KEYWORDS Robocall fake caller-id caller-id spoofing call authentication VoIP SIP spam call Published by Technical Disclosure Commons, 2017 2

Defensive Publications Series, Art. 845 [2017] BACKGROUND Spam calls, calls with spoofed caller-id, and robocalls are a source of user annoyance and displeasure with telephone calls. One approach to limit such unwanted calls is to enforce the originating party to send accurate information regarding itself. For example, in session initiation protocol (SIP), a header known as P-asserted-identity is provided. However, it is up to the sender to certify authenticity of the P-asserted-identity field. Sophisticated spammers can, with some effort, successfully authenticate themselves using the P-asserted-identity field. It is in the interest of spammers, robocallers, and caller-id spoofers to not identify themselves as such. There are other mechanisms built into VoIP standards to allow calls only from authenticated callers and not from anonymous or fake callers. However, due to the complexity of the network and requirements for various legitimate but niche callers, e.g., businesses that do not want to reveal an internal extension number of its employees in outgoing calls, spammers find a way to masquerade as authentic, e.g., neither bulk-calling nor unsolicited, callers. Some current solutions perform a database look-up of caller-ids that are marked as suspicious. However, such approach is not real-time, and relies on massive crowd-sourced data collection with known inaccurate classifications. Further, a database lookup cannot prevent spoofed caller-id, e.g., when a fake caller appears as a caller from one s contact list. DESCRIPTION A majority of robocalls today are VoIP calls, e.g., IMS-based, rather than PSTNswitched. The techniques described herein make advantageous use of the footprint of signaling messages of VoIP calls to characterize the call. Rather than relying on an originating party to authenticate itself, techniques of this disclosure identify spam-calls / robocalls / spoofed caller- 3

Liu et al.: Robocall and fake caller-id detection id at the receiving end (if based on IMS call-flow), or at intermediate network nodes such as gateways (which can analyze signaling packets). The techniques include several mechanisms to fingerprint a call, as described below. 1. Fingerprinting SIP, SDP, RTP, RTCP packets. In current networks, the signaling needed to set up a call is separated from the media packets. Various protocols are used during call setup and during media flow, such as: a. session initiation protocol (SIP), which is a signaling protocol used for call setup; b. session description protocol (SDP), which is used to agree upon parameters, e.g., codec-type, used by both parties; c. real time protocol (RTP), which is used to transfer media packets, e.g., audio, after call establishment; d. RTP control protocol (RTCP), which is used to control parameters of the RTP during a call; etc. Each of these protocols have characteristics that reveal call origins, and thus can be used to establish or estimate the bona fides of a caller. For example, in SIP, there are hundreds of fields that each carrier fills in a different way. The way a carrier fills the SIP fields is used as a fingerprint for the carrier. Thus, per the techniques described herein, an incoming call with a suspicious SIP fingerprint is flagged as a call that may be spam, robocall, or have spoofed caller-id. Example (call authentication based on SIP analysis) A caller claims a false From: address in SIP, thereby effectively faking caller-id. The techniques described herein include Published by Technical Disclosure Commons, 2017 4

Defensive Publications Series, Art. 845 [2017] performing an analysis of the network routing fields, e.g., at a gateway. If such analysis reveals a different provenance, it is established that the caller-id is fake. 2. Verifying carrier-id as determined by fingerprint analysis against claimed carrier-id. An incoming call is served by an originating carrier, and the name of the carrier (and radioaccess technology) is declared in appropriate packet headers. However, as described above, fingerprint analysis of the signaling packets can reveal that the declared carrier name is false. Differences between the declared carrier and carrier determined using fingerprint analysis indicates that the call is spam, robocall, or has a spoofed caller-id. 3. Detecting that the caller-id is fake. If a database look-up shows that the claimed caller-id is a real number that belongs to a certain carrier, and a fingerprint analysis of the signaling packets reveals a different carrier, it is determined that the caller-id is false. A caller-id field that is of certain formats, e.g., unsigned format, is a flag that the caller-id is false or that the call is a robocall. 4. Detecting fake calls based on caller patterns. A sudden change in the pattern of a caller on a contact list is also an indication of spoofed caller-id. For example, if a call is received via VoIP with information that it is from a person on a contact list, and it is known that the person normally calls through PSTN, such information is used as an indicator that the VoIP caller is fake. 5. Detecting spam based on general properties. Spam and robocalls are likely generated directly by a computer using VoIP, and typically originate from a small cluster of locations. While such properties do not definitively establish a call as spam, they serve as an 5

Liu et al.: Robocall and fake caller-id detection indicator. Such indicator is combined with other indications of spam, to establish the true nature of a call. Fig. 1 6. Detecting a spoofed call based on routing pattern. Fig. 1 shows detection of a spoofed call based on routing patterns. As illustrated in Fig. 1, user A (102) receives a call from user B (114) who pretends to be another user B (116). The spoofed call is routed to user A via the internet (110) through a VoIP service provider A (106) and IMS network (104), as illustrated by the red arrow. However, it is known that the actual route to user B is via telephone network (112), VoIP service provider B (108) and IMS network (104), as illustrated by the green arrow. The call from user B cannot take the same route as that from the real user B. Based on the different routing patterns, it is determined that the call is not from user B. The detection can be performed on the device of user A, by the IMS server, and/or by the VoIP service provider. Published by Technical Disclosure Commons, 2017 6

Defensive Publications Series, Art. 845 [2017] The techniques described herein can be implemented as part of a smartphone operating system to detect spam calls, robocalls, and calls with fake caller-id information. CONCLUSION Techniques of this disclosure detect spam-callers, robocalls, or spoofed caller-ids based on fingerprint analysis of packet headers and call properties. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback