NCAS National Caller ID Authentication System The National Telecom Security Border Controller OmniBud INC. 2003 2013 Dedicate to Internet Communication and Access Security
NCAS Registration Module PSTN subscribers with VoIP Calling Requirements of a country register their phone numbers and corresponding SIP details to the National NCAS DB after performing appropriate phone number ownership verification. 2
NCAS Registration Flow National NCAS DB Server NCAS Registration Server PSTN Subscribers with VoIP Calling Requirements of a country register their 1. Phone Number 2. SIP Details to National NCAS DB via Registration Server 3
Caller ID Authentication Module The Caller ID and corresponding SIP details (including VIA, CONTACT ) of an IP originated phone call with Caller ID in domestic phone number format are retrieved and transmitted to Caller ID Authentication Module then compare with the data stored in NCAS DB registered by PSTN subscribers. If the authentication result of Caller ID Authentication Module is failed, the IP originated phone call is suspected to be a Fraud Call of Fake Caller ID. There is no standard format of IP originated phone calls now and the Fraud Calls of Fake Caller IDs are easy to be hidden in these calls. It is easy for the government get rid of the IP originated Fraud Calls and standardize the signals by simple performing Caller ID authentication of IP originated phone calls. 4
SIP Details Sample INVITE sip:111@111.222.333.444 SIP/2.0 Via: SIP/2.0/UDP 111.222.333.443:5060;branch=z9hG4bKtiop3 SIP Server Via: SIP/2.0/UDP 111.222.333.442:5060;branch=z9hG4bK83842.1 IP ( 發 話 SIP 伺 服 器 IP) Via: SIP/2.0/UDP 111.222.333.441:5060;branch=z9hG4bKmp17a ( 發 話 設 備 IP) To: 0911111111 <sip:111@111.222.333.444> From: 0922222222 <sip:222@aaa.com>;tag=42 Caller ID ( 主 叫 號 碼 欄 位 與 發 話 端 URI) Subject: Where are you exactly? SIP Client Contact: <sip:222@111.222.333.441> IP ( 發 話 端 URI) 5
Caller ID Authentication Module A voice phone call is a two way communication. It means if the malicious caller changes the other SIP details together Caller ID, I the phone call will be terminated at the same time. That is the principle NCAS works to authenticate the Fraud Calls of Fake Caller IDs. In order not to affect the service and revenue of current PSTN operators, the IP originated phone calls failed in NCAS authentication should not be blocked, but only added with a Alert Mark to Caller ID to notice the PSTN Callee, thus to meet both needs of PSTN Operator Operation and PSTN Subscriber Protection. 6
Caller ID Authentication Module As to email and message services, because these services are one way communications, the IP originated sender can fake the communication signals together with Caller ID without failing the service. That is one way services like email and message cannot be secured by NCAS based mechanisms. 7
Malicious Call Marking Module There is no Alert Mark added to the Caller ID of an IP originated phone call passes NCAS authentication. An Alert Mark like 000, +++ is added to the Caller ID of an IP originated phone call fails NCAS authentication. If a PSTN Phone can be preset or installed a function of outputting different ring tones or flashes when detecting the Call ID is marked with Alert Mark like 000, +++ ) in the firmware or APPs, the power of putting off Fraud Call of Fake Caller ID will be much stronger. 8
NCAS Operation Flow (Caller ID Authentication Passed) 4. Query in NCAS Query System NCAS DB NCAS Query Server NCAS Fraud Detection Server 3. Send query to NCAS Query Server 5. A passed query by NCAS Query Server NCAS Agent Server 2. Forward SIP invite to NCAS Agent Server 6. Forward the Unmarked SIP invite to PSTN Operator NGN Server 1. Inbound IP Traffic VoIP Provider SIP Server RTP PSTN Operator NGN Server NCAS Procedure Unmarked IP Traffic Marked IP Traffic Unmarked PSTN Traffic Marked PSTN Traffic 9
NCAS Demo Picture (Caller ID Authentication Passed) 10
NCAS Operation Flow (Caller ID Authentication Failed) 4. Query in NCAS Query System NCAS DB NCAS Query Server NCAS Fraud Detection Server 3. Send query to NCAS Query Server 5. A failed query by NCAS Query Server NCAS Agent Server 2. Forward SIP invite to NCAS Agent Server 6. Forward the Marked SIP invite to PSTN Operator NGN Server 1. Inbound IP Traffic VoIP Provider SIP Server RTP PSTN Operator NGN Server NCAS Procedure Unmarked IP Traffic Marked IP Traffic Unmarked PSTN Traffic Marked PSTN Traffic 11
NCAS Demo Picture (Caller ID Authentication Failed) 12
Fraud Call of Fake Caller ID Detection Module The Malicious Call Detection Module accumulates the data including Caller ID, SIP Details, time and performs an instant analysis to perform the Real-Time Suspicious Fraud Call of Fake Caller ID Detection. The Malicious Call Detection Module accumulates the data including Caller ID, SIP Details, time and performs a periodical analysis to perform the accurate Fraud Call of Fake Caller ID Detection. 13
IP Originated Phone Call LOI Module(Optional Optional) It is easy to add the LOI equipments to IP Originate Phone Call LOI Module to record or monitor the phone calls of target criteria like Failed NCAS, target Caller ID, target Callee Phone Number, target SIP Server IP etc. It can not only perform instant LOI of specific purposes, but also significant reduce the cost of LOI building up over PSTN equipments. 14
NCAS DB Registration and Update Flow National NCAS Center NCAS Registration Servers, DB and Fraud Detection Server Domestic PSTN Operator A NCAS DB and Agent Servers Internet VoIP Operators NCAS Registration Servers PSTN subscribers with VoIP Calling Requirements of a country register their phone numbers and corresponding SIP details to the National NCAS DB through themselves or their VoIP Operators. National NCAS Center update latest NCAS details to Domestic PSTN Operators periodically for their NCAS Authentication and Malicious Marking Module to perform NCAS authentication. Domestic PSTN Operator B NCAS DB and Agent Servers 15
NCAS Operation Flow National NCAS Center NCAS Registration Servers, DB and Fraud Detection Server Domestic PSTN Operator A NCAS DB and Agent Servers Internet VoIP/ISR Operator SIP Servers All the IP originated phone call with Caller ID in domestic phone number format are transmitted to NCAS Agent Servers of PSTN Operators to perform: 1. Caller ID Authentication 2. Malicious Call Marking 3. IP Originated Phone Call LOI (optional) Domestic PSTN Operator B NCAS DB and Agent Servers 16
NCAS Fraud Call of Fake Caller ID Detection Flow National NCAS Center NCAS Registration Servers, DB and Fraud Detection Server Domestic PSTN Operator A NCAS DB and Agent Servers Internet VoIP/ISR Operator SIP Servers The Fraud Call of Fake Caller ID Detection Module accumulates the data including Caller ID, SIP Details, time from Domestic PSTN Operators to perform the analysis of instant and periodic Fraud Call of Fake Caller ID Detection. Domestic PSTN Operator B NCAS DB and Agent Servers 17
Best wishes to everybody in the room! OmniBud INC. 2003 2013 Dedicate to Internet Communication and Access Security