Page 185 - ITU Kaleidoscope 2016
P. 185
ICTs for a Sustainable World
obligation to ensure that the caller ID number is genuine
before it is transmitted. Even in jurisdictions that forbid
telephone service providers from providing falsely declared
caller ID information, with Internet access to an untrust- Figure 4: An example of proposed caller ID security indicator for
worthy telephone service provider, it is easy for a malicious an incoming SMS
caller to start the call request from a different origin, and
transmit the false caller ID to the destination exchange of the
called party. cue of the functionality of the indication. By examining the
authenticity of certificates that underpin the security indica-
tor, users are able to protect themselves from phishing and
4. WHY SECURITY INDICATORS MATTER
impersonation scams.
This is why having a security indicator can be an effective so-
In the internet ecosystem, the HTTP and email are arguably
lution against caller ID spoofing. Examples of possible caller
the most popular types of communication used today. In
ID security indicators for incoming call and SMS are shown
HTTP communication, the universally recognized pad-
in Fig. 3 and 4. By having assurance in the security indica-
lock indicator displayed in the address bar of modern web
tor, users can quickly determine if the sender is authentic by
browsers (such as the one shown in Fig. 1) provides users
recognizing an icon. Furthermore, the prevalence of security
with immediate trust in the web site’s domain name identity.
indicators promotes awareness that the user should only trust
senders that are verified, which may inspire them to be more
vigilant of calls and messages from unverified sources.
Figure 1: An example of HTTPS security indicator in Google
Chrome with extended verification
5. DESIGNING THE CALLER ID
In email communication, the key-shaped security indicator of AUTHENTICATION SCHEME
the email sender (such as the one shown in Fig. 2) in email
clients provides the users with immediate trust in the identity Before we discuss the technical detail of designing the un-
of the email sender. derlying caller ID authentication scheme behind the security
indicator, we first present an overview of the parties involved
in the transmission of a call request.
Figure 2: An example of email security indicator in Gmail
Originating Transit Destination
Calling Party Called Party
Exchange Exchange Exchange
Local Exchange Network SS7 PSTN Local Exchange Network
Figure 5: An overview of the parties involved in the transmission
of a call request
Calling Party is the party initiating the call request with an
user equipment (UE) or software client that connects with the
originating exchange.
Originating Exchange is a switch in the PSTN that gener-
ates and transmits the IAM to the destination exchange per-
taining to the call request from the calling party.
Transit Exchange is an interconnecting switch in the PSTN
that helps to route the messages from the originating ex-
change to the destination exchange.
Destination Exchange is the terminating switch in the PSTN
that receives the IAM and sets up the call with the called
party.
Figure 3: An example of proposed caller ID security indicator for Called Party is the party with an user equipment or software
an incoming call client of the intended called party for the call request.
In general, the sequences within a local exchange network
These security indicators are crucial to informing the user define how user equipment interacts with the local exchange
that the information is from a verified source. The distinctive carrier during a call setup, and the sequences within the
appearance of the security indicator provides an immediate PSTN define how SS7 switches interact with each other
cue of the authenticity of the sender’s identity. The univer- during a call setup. More details of basic call control and
sality of the security indicator symbol provides an immediate signaling procedures can be found in Q.764.2 [19].
– 167 –
