[stir] An alternative solution to authenticate caller ID
"Hao, Feng" <Feng.Hao@warwick.ac.uk> Wed, 22 November 2023 15:32 UTC
Return-Path: <Feng.Hao@warwick.ac.uk>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D962CC151065 for <stir@ietfa.amsl.com>; Wed, 22 Nov 2023 07:32:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=warwick.ac.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id piC3U1Pznkwt for <stir@ietfa.amsl.com>; Wed, 22 Nov 2023 07:32:06 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2087.outbound.protection.outlook.com [40.107.22.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BB43C14CF17 for <stir@ietf.org>; Wed, 22 Nov 2023 07:32:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CObDN8EyGrwSO4Kkm0tB2GAMe8OIBUrr9biMHnQ109iTMbDhZDRMAlZGE56phpV2HednF+ZtsVAEBlQLuCOeIWrV3wPv1SmHeZg4gvbU4JxOboM0mHG/h+jDjjp2O8K58YmAgoQfekxWtkEZnD9p8/AxfK/utCpXt3vuACsmtIu8u1N2tbYu1vg/kU+vvQV/M0SRpUrdGnNdJ9cah+AbS9ROekwB0J43MGbmZWI8M13AHzHAk7ocTqLgRTvXaaO6ZGD4CcXegGKuUAlunTMkVo1+yj5cOFvuycqeCkhnqt1K5muJNnGVBCsyTZiV2g2ymcwDbbOztDw6I7dvOMsQ+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PKcI/x/SNqd/95FNohMsYFG54BEXoUreWRUkNAEn+XY=; b=StJ9PRpFnSJPuDwaQYUkmv3ZhhfM5SNLMV94x8yW8K9nsSJ5/YGS+HuNSKIscPKnq5liM/43x/vQ+74jdMCRrue7qJaa3sDG5CdSppNR9iLGS8BeHj2SuXaUVFvxDm0IsN5b5CVMp7bOpYDqpGvhK5d5SoMKLLjJZcWCTAA0aPHtAtTpAnhmyJa7Q2C5OkEueiRnXG6vYPq0n3e+YlCp926DWaXTtvh6YTefYfuCixkAN2xay2ZlcVsmYtLXAmZO+L5+KP0bZrKT6SmG8V5L+/K3Xd2IMQwxWQ6OQ/4Ygsfq1vOInDwfjahTYuTF9IR5kBbJ6X8/T1UvQvLT7KDF7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=warwick.ac.uk; dmarc=pass action=none header.from=warwick.ac.uk; dkim=pass header.d=warwick.ac.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=warwick.ac.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PKcI/x/SNqd/95FNohMsYFG54BEXoUreWRUkNAEn+XY=; b=N68PQFqEJXQTSZXpWi540fCh5+6IA/8KJ04Fyu/VPhagWaISvqSi/76VAAKuW54hmToeDRTKq6k+AyMZCJyfaM+RdhlF8D/HJEzjfIhCUKLxYR7Zku8+DaH1OmSNLnsRc71oKaGb4X97xA+L8UJks5DDWQvI5h8Tv/h9tmzxuoM=
Received: from VI1PR01MB4285.eurprd01.prod.exchangelabs.com (2603:10a6:803:65::27) by AS8PR01MB7207.eurprd01.prod.exchangelabs.com (2603:10a6:20b:251::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.18; Wed, 22 Nov 2023 15:32:03 +0000
Received: from VI1PR01MB4285.eurprd01.prod.exchangelabs.com ([fe80::72b6:576a:3650:25c8]) by VI1PR01MB4285.eurprd01.prod.exchangelabs.com ([fe80::72b6:576a:3650:25c8%7]) with mapi id 15.20.7002.028; Wed, 22 Nov 2023 15:32:03 +0000
From: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: An alternative solution to authenticate caller ID
Thread-Index: AdodU79/+D/1l0znQtWBu12C8Rt/fw==
Date: Wed, 22 Nov 2023 15:32:03 +0000
Message-ID: <VI1PR01MB4285343D5901C227C7EBA594D6BAA@VI1PR01MB4285.eurprd01.prod.exchangelabs.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=warwick.ac.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: VI1PR01MB4285:EE_|AS8PR01MB7207:EE_
x-ms-office365-filtering-correlation-id: 39ce8ec5-354a-4d7e-7b6b-08dbeb702d3c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wU/0+z1TOhbrtUUnNtfDd094EHNdEUqtQxK7wr+YzOU5nimSzKws4aDOd1F21vGDkteodTft/uctmRBGNU461J2VMvUi8pfCJM8OouEaoEFKWTanO3TsIKtNi06TlzgtYq7gzAw36yOmNoz53/hl3co4fYXyglQcUpLUKAEi2V9/NIzRwyR4FR6mO5CCkB7zFP1UPgKY5WxvAeo+I6/sJmcRtNpwb8HqoqMJdmYFB1NgHnmpVj2G9VU3BWTMFI56bRP+NoReAmDkROzFqb2Am/Dd0XW27JtJGLNFW0fF/VIvwsqT86B/7wyQ2HdJsF2JnNKbyGbT5AtCdTmvbFE9c8oUZQQYsgpUrEFQ56mFZAsLwkutshXypWWsj0D2TbExtvrXzBP7VXm7vkG6t2drjUk2vb/j2eNFVr1FZnd4kAWW42mqrJyD1lNJXe0KWLDcupP3YW5q72/wyFjst6/f+Veg7qB1984Niw8edfVUHMVK1x6xS1LDb4T9msFxUdwzSd15KDUYQv65VsJdK95vOt/KKDpsJhAFbmKsAoQKOCqpLEjrXLG9qZyw7mV3CF9TSfzq/WmmkSzGPxDKw3uxZcWicS5F/XC1Wezss7z3PHgGQvxVOAJTDzOiZ3qBUNcI
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR01MB4285.eurprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(366004)(396003)(39860400002)(136003)(346002)(230922051799003)(64100799003)(1800799012)(451199024)(186009)(66899024)(5660300002)(966005)(71200400001)(2906002)(478600001)(8676002)(8936002)(66556008)(64756008)(52536014)(66946007)(66476007)(786003)(6916009)(316002)(66446008)(76116006)(86362001)(122000001)(41300700001)(55016003)(83380400001)(33656002)(26005)(38100700002)(6506007)(7696005)(38070700009)(9686003)(166002)(36394005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: finS3uM9QFD1Sex/mbIS1/rnrYp6RBKCYxjlSdRNBKRllBOc8x7biFVteqNGhL7shqMx9/qOnhEbGObT6GVWhXFOV28l9i2WoC9ONa8xiFvZvNeUSwJDLcPXHh9DspPgiRf5nVu5QkxozDlgt1YpXSX76jkW3Kio6Xe3fHlIbHW1pbZPZt/j7z1aSmRfcXSGmz7lzptlyuhSqN6+orNJ+gB1zHvBlsPZC8daki8kz7NYAk13Gp6y8bMRiNH0YZoDSDYUqw/eVeUbhSKVY3Yqkj+1xnQwu7uwwuEFco5v4MHinsjNrr8iX6ZVL3ZoAYe4J/L8brLJCMFIkkShI3eN1lebKkTWRSVEDbUvew8jo/0m4uOLaXMB6PCjWc3YHAy04AKW6Yi1e0xlx7KVteGSpR5EwzgrxtwUleuVbzVtWikCMVGjM9/k9W5TKLoibm5vwhmJ/UuhcB7VSZTooAB+/RLYu6piWxyydE2Fym86U2Um0ElqX4S7LQw/jcwcSUyffoBhOuaR69egeTrCcgMJdQ5Yp3yH2A/gDYzoGR5EdoEYzxwhPFmdZh3Bgp5MshUdP5joGsjUPrRx1i98X7iWoTx+a7bIN3SYUJ8pbH1QZI0Xjfbhzhti47AT4Lyn99PChD5gny6DGlOWsmSVv0p13A8gTjsBzkPlOTpCpWdS5j/gc0wQwfJpRPmhe0G8KPcWgOjHNKNJ6nRng3IF/1POxv1S/FYCX6Na1OMAIhHi5c4Jivju0uovdhAdiRkk8RgoYlpXSWH9AtYV8X4k3ol/HKU8FXDazDH7PSvXLAPd79V+Pm/qn+oX4dZNJQ8Ro8CjvlUq+ydL+o1CBWdsJ62xhcbB0NgygPhWNKgiOE8wj/jm3TlJvhVYBiFg9TD5aPBrhWLo43l6DjODpJYFzn+CdpxYGObYn4ZL9S3jZzT8E+wqok4YdBHUoF3RIsqxvw+m4PpPQYjR2bzi8NBZciNVHn3MRaOQkV0J6JAtKxAsgjmKa3DW8lu1uQ5iUMF9B+xREeDqP5rar8UMrEhp1tSU9YYhJO9qAbU19J9mEjnhnNFJ+PGKnGfeSX5LQMbt3t6QEwCOmyVU8O5jY7VZFWs0Dm9a+zpHMzl7IofSkUxLVbZVJKHbGz5+qzCWkFzW5sCgvjjZb48mFByXMm4NORGEyewXQemcJqCNJtyiKH4Aln63ReILZmfKN40FBkO7lMoaO8q9Fl7/TjNGTNaKv9nfTOsafy0G2lXfTEZq8aT/rYpYBBaqookNZo85yHW104/kJM5zXf3iZboBPVkB5Hhgxa3B/sEHaIr3tMa0b+gKgUiGJMKkxKHnyUeNVdiOxpyBRTywhyqm7zEhCPwS487vkqv0KrpOVhu+pA5mgdvzONzKJCRA4qm+In76uHNI2e1Bv3IA5vtM7FoK1rrPa5mo3X7COjU841ZFgWjnyVLhHjm6H7OtQnavo0xyAP9zMC5sndEOZNrvrioVK8P+fX2P9GRAQa3nI0tJPGuoeFVKbMYJB5MiPpEeYY98G2Bt0ewEq0S+ziepyMYdcS5Wz7VrYiYD/zChG1tI0k6Eu0iFLRs7d7aZLmsqJR6aCrI8zIP6OKMlQfdvwYVoWdJnpYcrVg==
Content-Type: multipart/alternative; boundary="_000_VI1PR01MB4285343D5901C227C7EBA594D6BAAVI1PR01MB4285eurp_"
MIME-Version: 1.0
X-OriginatorOrg: warwick.ac.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR01MB4285.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39ce8ec5-354a-4d7e-7b6b-08dbeb702d3c
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2023 15:32:03.0708 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09bacfbd-47ef-4465-9265-3546f2eaf6bc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nMuv0EqLuX/etJNaQ1t0OGFHr/EB4crqqH0uSmW8YWGmAemBLDqQKXD64EdNO3B/NazuEHFbyfxfu5/gSG4cdKaQOxUKm6actEjm9mBSc44=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR01MB7207
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/CqidN1DgU9T7Rm0dzQRAw4NyCCc>
Subject: [stir] An alternative solution to authenticate caller ID
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2023 15:32:10 -0000
Hello the STIR members, My name is Feng Hao, from the Department of Computer Science, University of Warwick. Over the past two years, I and my team have been researching an alternative solution to authenticate the caller ID without using digital signatures as in STIR/SHAKEN. We want to avoid digital signatures as 1) they require a public key infrastructure which is difficult to scale; 2) they don't work well with non-IP networks (even for IP networks, the digital signatures can be dropped as soon as the call traverses a non-IP intermediate network in the call path). Our solution, called Caller ID Verification (CIV), is based on a challenge-response protocol with the receiver sending a 4-digit challenge embedded as part of the CLI, and the calling party echoing the same 4 digits through DTMF in the response. We have prototyped this solution for landline, mobile and VoIP phones, and it appears that it works for all different networks (IP and non-IP). As researchers, we are limited to only modifying the software on the users' phones for a proof-of-concept demonstration. We believe a more practical deployment would be to implement the challenge-response process in the Telco cloud. For SIP phones, we have tested that the delay for doing the challenge-response between the two SIP phones is around 4 seconds. The delay is mainly caused by using the INVITE signalling message to send the 4-digit challenge, however, we believe this delay can be substantially reduced, e.g., by using an out-of-band signalling message between the SIP servers. Our goal is to reduce the delay to milliseconds. This should be possible but it will require cooperation from the Telecom providers. A standard would help. Our paper has full technical details. It has been accepted for publication in ACM Transactions on Privacy and Security, and a copy of the paper is freely available at https://arxiv.org/abs/2306.06198. I'm reaching out to you to inquire if this is something of interest to the working group. We'll be more than happy to contribute if people think an alternative solution other than using digital signatures is useful. I would like to highlight that our intention is not to replace STIR/SHAKEN, which I understand has been the focus of this working group. From a technical perspective, STIR/SHAKEN authenticate the "carrier", while our solution authenticates the "caller ID". The difference is fundamental; the two solutions may well turn out to be complementary. If anyone has any questions, I'm happy to answer. Any suggestions and comments are most welcome. Best regards, Feng