Liaison statement
STIR WG Response to LS on technical measures and mechanism on countering the spoofed call in the visited network of VoLTE

State Posted
Posted Date 2015-03-31
From Group stir
From Contact Russ Housley
To Group ITU-T-SG-17
To Contacts luohongwei@chinattl.com
Ccmartin.euchner@itu.int
chair@ietf.org
iesg@ietf.org
kremer@rans.ru
ko-nakao@kddi.com
tony@yaanatech.com
Scott.Mansfield@Ericsson.com
Response Contact housley@vigilsec.com
Technical Contact rjsparks@nostrum.com
Purpose In response
Attachments (None)
Liaisons referred by this one LS on technical measures and mechanism on countering the spoofed call in the visited network of VoLTE
Body
Re: Liaison 1353 (ITU SG 17 – COM17_LS149)


The IETF STIR WG appreciates the notification from ITU-T SG 17 of the
adoption of its new work item X.ticsc, on "Technical measures and
mechanism on countering the spoofed call in the visited network of
VoLTE." We note that the approach in X.ticsc focuses on the
identification of spoofed or impersonated calls, and the IETF STIR WG
concurs that impersonation is the primary enabler of robocalling,
voicemail hacking, and swatting attacks today, and is thus a proper
scope of ongoing work to combat those attacks.

The X.ticsc document outlines three measures to address the VoLTE spam
problem: IMS-based approaches, RCS-based approaches, and smartphone
functions.

The IMS-based approach discusses how an application server layer of
IMS might detect a spoofed call.  The IETF STIR WG believes that
intermediaries have a role to play in implementing the functions of an
"authentication service," which decides if a caller is authorized to
claim a calling number/identity, and a "verification service," which
ascertains if a request contains a valid cryptographic assertion of
authority.  Our "verification service" roughly aligns with the notion
that a network-based intermediary in the application server layer of
IMS might detect spoofed calls.

We note that the IETF STIR WG has a charter item for an "out-of-band"
approach to identifying impersonation attacks that relies on smartphone
functions or comparable equipment which may be of interest to SG 17.  We
have deferred this work item until we complete work on the "in-band"
SIP-based approach in the IETF STIR WG, but we expect to continue work
on "out-of-band" shortly.

Broadly, we believe the IETF STIR efforts have applicability beyond the
IMS environment, but that does not preclude the IMS and VoLTE visited
network environment from making use of the technology designed in STIR.
In addition, there is an anti-spoofing Study Item in 3GPP SA3 Security
Working Group where STIR work is being examined for applicability in a
VoLTE/IMS deployment.

We again thank SG 17 for notifying us of this new work item.  We would be
happy to work with SG 17 on the use of any IETF technology that SG 17
considers for this solution.