EPSRC logo

Details of Grant 

EPSRC Reference: EP/T014784/1
Title: End to End Authentication of Caller ID in Heterogeneous Telephony Systems
Principal Investigator: Hao, Professor F
Other Investigators:
von Muhlenen, Dr A
Researcher Co-Investigators:
Project Partners:
RedTone Telecommunications Ltd TrueCall Group Ltd
Department: Computer Science
Organisation: University of Warwick
Scheme: Standard Research
Starts: 01 April 2020 Ends: 31 March 2024 Value (£): 901,040
EPSRC Research Topic Classifications:
Fundamentals of Computing Human-Computer Interactions
Information & Knowledge Mgmt Networks & Distributed Systems
Software Engineering
EPSRC Industrial Sector Classifications:
Communications
Related Grants:
Panel History:
Panel DatePanel NameOutcome
03 Mar 2020 EPSRC ICT Prioritisation Panel March 2020 Announced
Summary on Grant Application Form
Caller ID spoofing is a global unsolved problem in the telecommunication industry. This problem has affected billions of telephone users worldwide as an enabler for widespread fraud and social engineering attacks. It has also seriously disrupted public services that require reliable authentication of the caller (e.g., police or medical emergency calls). According to Ofcom, UK consumers receive 5 billion nuisance calls per annum across all networks in the UK. Caller ID spoofing is a common technique used by fraudsters and scammers to hide the identity and to avoid tracing.

The Internet Engineering Task Force (IETF) has formed a special working group to tackle this problem with a proposed solution called STIR/SHAKEN. The STIR/SHAKEN proposal is inspired by the HTTPS web communication and attempts to apply the same approach from web browsers to telephones. However, this proposal has two major drawbacks. First of all, it requires a Public Key infrastructure (PKI), which is expensive to set up and to maintain. Besides the cost and operational issues associated with a PKI, it remains unclear who should act as globally trusted certificate authorities (CAs). Second, STIR/SHAKEN is designed to only work with the SIP system (VoIP), leaving SS7 systems (landline and mobile phones) out of scope. This significantly limits the effectiveness of the proposed solution.



We propose to investigate alternative ways to achieve end-to-end authentication of caller IDs for both SIP and SS7 systems without requiring any PKI. Our main idea is to leverage the DTMF signalling in a call-back session as a trusted channel to send a short code to the purported caller, in conjunction with a password authenticated key exchange (PAKE) protocol to perform key exchange over a data channel to establish a shared high-entropy session key which is then used to authenticate the caller ID end-to-end. This proposed solution has been positively reviewed by our industrial partners. However, the feasibility of this proposal still needs to be further confirmed through research, prototyping, and a comprehensive evaluation of performance, security and usability in real-world telecommunication settings, which will be done in close collaboration with our industrial partners.

We divide the work into three main stages. The first stage (month 1-18) will focus on designing a caller ID authentication framework without a PKI. This includes the architectural designs (Work Package 1) based on PKI-free key exchange protocols, a one-round PAKE (WP 2) which can fit in the proposed framework with the minimised communication latency, and a user interface (WP 3) which can effectively communicate the caller ID authentication status to the end user. The second stage (month 19-36) will focus on building prototypes, which will cover both the SIP (WP 4.1) and SS7 (WP 4.2) systems. The final stage (months 37-48) will focus on the evaluation of the developed prototypes in terms of security, performance and usability.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.warwick.ac.uk