Committed to connecting the world

GSR 2023

Signalling Security

505437_Signalling Security Landing page.jpg

Signalling protocols play a cornerstone role in providing different ICT services from the simple audio/video sessions to the complex digital financial services widely used over the globe. These protocols and telecommunication networks were designed without consideration for security and privacy. It enables attacks on ICT infrastructure including exploiting signalling protocols used for different ICT services.

While many different domains are using the Internet to build trustable connection among their customers, (for instance, most of the financial institutions are widely using the Internet to give their customers more effective tools to control and manage their finances), the lack of security and privacy in existing ICT infrastructure does not enable such trustable connections. Furthermore, in developing countries, where access to financial services is limited only to legacy ICT infrastructure via over-the-top (OTT) applications, there is an ever growing increase of illegal usage of customers’ applications, thus resulting in the unlawful take-over of their assets.

Additionally, many people all over the globe experience the irritating phone calls or calls from parties pretending to be legitimate business ventures (e.g., representatives of banks, health insurance companies, etc.). Technically, these calling parties use the so-called spoofing number – which in essence is the manner in which the calling party number can be replaced with the number of an official enterprise or anyone of trust. As a result, the spoofing numbers as well as robocalls, along with other similar attacks make lives of the customers uncomfortable and unsecure to say the least.

In summary, the signalling exchange level of security and privacy must match the level provided by the Internet to mitigate attacks on ICT infrastructure, which breaks signalling protocols used for establishing different ICT services. Amongst the well-known attacks are telephone spam, spoofing numbers, location tracking, subscriber fraud, intercept calls and messages, DoS, infiltration attacks, routing attacks, etc. These attacks have become a major priority for different stakeholders, in particular the financial institutions and telecom operators.​


Different security measures and relevant solutions can be put in place in order to cope with such vulnerabilities.
The ITU-T Study Group 11, which is the lead group on signalling, has been working on these issues since 2016.
With regard to the spoofing of calling party number, which is considered one of the major issues, ITU-T SG11 has revised Recommendations ITU-T Q.731.3, Q.731.4, Q.731.5 and Q.731.6, in order to specify an exceptional procedure for transit exchange connected to CPE (Customer Premises Equipment) with the aim of providing predefined calling party number by the originating operator.

Also, in order to cope with issues related to intercepting messages and calls, including One-Time-Password which is widely used in the financial institutions, SG11 had developed new Recommendation ITU T Q.3057, which defines the signalling architecture and requirements for interconnection between trustable network entities in support of existing and emerging networks. This Recommendation describes the use of digital signature (digital certificates) in the signalling exchange which may guarantee the trustworthiness of the sender.


SG11 develop​ed the extension of the Recommendation ITU-T Q.3057 by defining algorithms for checking certificates for different protocols using Signalling Security Gateway (SSGW), which validates the signatures of other operator's certificates in order to allow or block the signalling packets (ITU-T Q.3062).

In addition, SG11 developed standard ITU-T Q.3063 which identifies the signalling requirements of calling line identification authentication including codes and signalling procedure based on the mechanism defined in the ITU-T Q.3057.

The requirements for Trusted Signalling Certification Authority (TSCA) and the framework on issuing and distribution of certificates among different operators need to be standardized.

Based on the key takeaways of the ​Workshop on “Improving the security of signalling protocols” (2021):
    • “The trust anchor needs to be a globally trusted SDO, preferably one already in charge of numbering and this anchor must interoperate with existing repositories (such as the ones in the US and Canada).
    • We will need to formulate a way to standardize these local/regional certification processes in order to keep the bad actors out. This standardization process should involve as many countries as possible in order to improve its applicability on the global scale.”
In this regard, ITU-T SG11 is collaborating with ITU-T SG2, SG17 and other SDOs on this subject matter.