1 / 14

Study on Spoofed Call Detection and Prevention i n 3GPP

ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014). Study on Spoofed Call Detection and Prevention i n 3GPP. China Mobile. Contents. Background 3GPP progress Conclusions and recommendations. 3GPP Progress. Backgroud

trista
Download Presentation

Study on Spoofed Call Detection and Prevention i n 3GPP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014) Study on Spoofed Call Detection and Prevention in 3GPP China Mobile

  2. Contents Background 3GPP progress Conclusions and recommendations

  3. 3GPP Progress • Backgroud • A variety of methods and technologies that can be used to make spoofed calls which can cause substantial loss to users and operators. • The origin of problems is wider than just 3GPP networks(TS 23.081) and relates to ISUP(TS 29.163), also used in fixed PSTN.

  4. 3GPP Progress • Security Study on Spoofed Call Detection and Prevention • The project was set up in 3GPP since 2012. • Spec number: TR 33.831 • Rapporteur: LI, Xiangjun,China Mobile • Contributor:NSN,Ericsson,HuaWei,NEC • Latest TR: Draft S3-131201 • http://www.3gpp.org/DynaReport/33831.htm

  5. 3GPP Progress • Objective • Outline valid threat scenarios for caller id spoofing coming to 2G and 3G CS domains. • Analyze and evaluate if any tools in 3GPP can be used to counteract this problem. • Study possible required technology mechanism to detect and prevent.

  6. 3GPP Progress • Spoofed call Scenarios • Spoofed call using the VoIP • Spoofed call using the PRI/PBX • Spoofing id from an IP-PBX towards IMS • Spoofing of caller ID • Spoofing of caller location • ……

  7. 3GPP Progress • Security Requirements • the caller ID received should be authorized. • The unauthorized caller ID should be alerted. • The unauthorized caller ID should be logged. • If the spoofed call is detected, the network should be able to tear down the call and/or save in blacklists. • ……

  8. 3GPP Progress • Candidate solutions for detection • IBCF checking incoming requests from untrusted networks • Present only trusted Calling Line Identifiers • Out of Band Methods closed to user group

  9. 3GPP Progress The solution ‘CS domain protected by an IMS network’ shows some restrictions : the call is originated in an untrusted network while the caller ID of the incoming session belongs to a trusted network. • IBCF checking incoming requests from untrusted networks

  10. 3GPP Progress This solution proposes to present Calling Line Identifiers to the terminating user only if they can be regarded as ‘trusted’. A federation (originating, transit and terminating network(s)) of trust is formed by bilateral or multilateral agreements . • Present only trusted Calling Line Identifiers

  11. 3GPP Progress This solution is appropriate for an individual service provider,and not appropriate as a general purpose protection mechanisms for spoofed calls in general. This is mainly because they require a third party that is trusted by both caller A and caller B, which seems infeasible to set up for any given parties A and B. • Out of Band Methods closed to user group • Verifying Through “Middle” 3rd Party • Using Time-based One Time Password (TOTP) to Verify Caller • Verifying Caller through Shared Confidential Data

  12. Conclusions and recommendations • 3GPP SA3: • This technical report analyses solutions for the spoofed caller ID problem. It seems practically infeasible to provide a solution that requires modifications to the signaling system 7. • SA3 has finalized the present TR. If a more effective solution requiring standardisation is found, a new WID can be created.

  13. Conclusions and recommendations • From CMCC perspective: • The solutions in the present TR have not fully meet China Mobile’s requirements, and more requirements are needed to be implemented into specifications. • We recommend ITU to joint with other SDOs such as 3GPP to continue cooperation on Caller ID spoofing, which can reach a further common understanding.

  14. Thanks!

More Related