4PSA Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Elena C.

Saved on

compared with

New Version Current

changes.mady.by.user Elena C.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

What is STIR/SHAKEN

STIR/SHAKEN is a set of protocols and procedures intended to counteract caller ID spoofing on public telephone networks. Caller ID spoofing involves masking the caller's identity or making it appear that the call is coming from a legitimate source, such as a local phone number or a well-known organization. This type of spoofing is often used by robocallers and is common for calls made through voice-over-IP (VoIP) systems, which can be located anywhere in the world. STIR, or Secure Telephony Identity Revisited, is a protocol for providing calling party information with a digital signature that can be produced and verified at various locations. SHAKEN, or Secure Handling of Asserted information using Tokens, focuses on how STIR can be implemented within carrier networks and addresses deployability. While STIR focuses on end devices, SHAKEN focuses on the carrier network.

...

3. The terminating service provider verifies the identity header and decides what to do with the call. It can also add a verstat string in the PAI header, which means that the call was already verified.

How STIR/SHAKEN works with VoipNow

For VoipNow, the authentication functionality is developed in Kamailio and the verification functionality is developed in Asterisk.

Call authentication

To be able to sign calls with an Identify Header you will need a private key and a certificate from an authorized STI-CA (Secure Telephone Identity Certification Authority). The list with approved certification authorities is published here. The process of obtaining the certificate may differ from one company from another, but all of them will require that the service provider has been assigned an OCN. Further details about the paper work that needs to be completed is available here.

...

Code Block
themeMidnight
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiMTAtMTUwLTkxLTEzNi40Z3JpZC5ldS9jZXJ0LnBlbSJ9.eyJhdHRlc3QiOiJCIiwiZGVzdCI6eyJ0biI6WyI2MjYyNjIiXX0sImlhdCI6MTY2ODUyNjA2OCwib3JpZyI6eyJ0biI6IjU1NTU1NTUifSwib3JpZ2lkIjoiNTEwYjk4MTItNDk3Ny00NjU2LTg3ZDEtNGY3MjM0MDAxZTBjIn0.dUVr9JSmF9RN6VNtVw7oGmyAWLqQNp4W4qP6Lensc3et72BBE-Eya94eQNhoWGzTW_jau3oS69RMqBrtp7Ds9A;info=<teststirshaken.com/cert.pem>;alg=ES256;ppt=shaken

Verification

VoipNow will process all calls by default without taking into account if the Identity header is missing, present or fails the identity_check. The default action is set to PASS.

...

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.