What is STIR/SHAKEN?
STIR/SHAKEN are technology standards that define how to digitally sign phone calls to verify caller identity and prevent spoofing.
STIR (Secure Telephone Identity Revisited), a standard created by the IETF is considered a universal standard that can be successfully deployed in any country to help authenticate calls using SIP-based services. STIR has also been tested extensively in the ATIS Testbed, by domestic and international carriers, for numerous years.
SHAKEN, on the other hand, was designed specifically for the U.S., and deals with governance issues in how the STIR efforts should be managed.
Here's How STIR/SHAKEN Works:
1) A user wants to originate a call:
* Calling party dials number of called party they wish to reach
* Calling party device sends request to their service provider
2) Originating Service Provider (OSP) invokes authentication service. The OSP is the service provider that attests to ownership of a phone number that originated from its network. This enables the terminating service provider to “trust” that the call was originated from a valid source and was not spoofed.
* Authentication service validates the relationship with calling party
* Assigns attestation level (A, B, C) § Generates SIP Identity Header (PASSporT) using authentication service and private key, obtained from SKS, to sign (authenticate) call
3) Originating service provider sends SIP INVITE to terminating service provider
4) Terminating Service Provider (TSP) invokes its verification service. The TSP is the service provider that has a relationship with the call recipient. The TSP:
* Validates that the call information has not been tampered with and completes the call.
* Initiates a service request to the OSP’s certificate repository for a certificate and public key
5) Originating Service Provider returns certificate and public key
* Verification service validates the call is from an authenticated source
* Examine certificate issuer to ensure it’s from originating service provider
* Validates CA that issued certificate is from the list in Trust Store approved by PA
* TSP sends attestation level (A,B, or C) and completes call
How Attestation Works
STIR/SHAKEN uses vital information about the originating caller to assign an attestation rating of A, B, or C to each call. These “ratings” set by originating service providers (OSP) indicate how certain they are that the outgoing call is made by the owner of the number and that the OSP has authenticated the right of the caller to use the phone number.
The receiving carrier (a.k.a. the terminating carrier) uses a decryption key and the attestation rating to validate the caller’s number and help identify spoofed calls.
Depending on the call treatment algorithm used by your service provider, customers will be notified with a symbol, verification keyword, or alert indicating that the incoming call has been validated. If the call cannot be verified, the carrier may block the call and/or alert the call recipient to a potential scam call.
Full: The carrier originated the call from a known customer, using a phone number they provided to the customer.
Partial: The carrier knows the caller’s identity but hasn’t verified the right of the caller to the calling number.
Gateway: The carrier received a call originated elsewhere and cannot verify the caller or the phone number. This is a common scenario for international calls.