RAG TV: SIP, Signals, Fraud, Robocalls and Politics

Networks are switching to IP, and scammers are taking advantage by ploughing ever more traffic towards their victims. They do this whilst hiding behind your next door neighbor’s phone number to fool you into picking up yet another unwanted call. What can be done to counter the relentless automation of fraud? Arnd Baranowski, CEO of Oculeus, has some answers that involve exploiting the information within SIP, the signaling protocol for voice calls and other forms of communication over IP networks. He joined us for episode 4 of RAG Television to discuss how he and his partners at the University of Kassel had used machine learning to reduce the time taken to identify a fraudulent call from 2 seconds to less than 100 milliseconds.

Serendipity took a liking to this week’s show because the US regulator, the Federal Communications Commission (FCC) had recently told US telcos that every IP network must implement STIR/SHAKEN, a call authentication framework that modifies and builds upon SIP, by mid-2021. STIR/SHAKEN allows the terminating network to confirm the origin of a call, thus preventing the spoofing of caller IDs. However, it works by adding a signature to SIP headers, which means it cannot be used if the call crosses a TDM network, and some have criticized the protocols for being overly expensive. Arnd shared his thoughts on the technical implications of STIR/SHAKEN, and we also debated the merits of two other proposed mechanisms for authenticating calls: SEISMIC, and the A and B Number Handshake. However, cheap calls mean scammers work across borders more than ever before, begging the question of what the US hopes to achieve by enforcing technical standards within its borders but without engaging politically with governments and businesses on other continents.

Watch the show below, and decide for yourself whether the future of fraud prevention involves modifying SIP signals or working around its limitations.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.