What if we had TLS for Phone Numbers? An introduction to SHAKEN/STIR

Presented at Diana Initiative 2020 Virtual, Aug. 21, 2020, noon (60 minutes)

If you've noticed a surge in unwanted robocalls from your own area code in the last few years, you're not alone. The way telephony systems are set up today, anyone can spoof a call or a text from any number. With an estimated 85 billion spam calls globally, it's time to address the problem. This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We'll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.

Presenters:

• Kelley Robinson - Speaker
  Kelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in Brooklyn, is an avid home cook, and spends too much time on Twitter (@kelleyrobinson).

Links:

• https://tdi2020.sched.com/event/dbfa/what-if-we-had-tls-for-phone-numbers-an-introduction-to-shakenstir

Similar Presentations:

• DeepSec 2014 „Do you want to know more?“ / Trap a Spam-Bot for Fun and Profit
• BSidesDC 2019 / How PKI Can Fix the Robocall Problem
• Black Hat USA 2016 / Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud