How PKI Can Fix the Robocall Problem

Presented at BSidesDC 2019, Oct. 26, 2019, 10:30 a.m. (50 minutes)

There is a new ecosystem underway that will impact everyone, especially the irritated people in the U.S. who have received more than 48 billion robocalls last year. This new ecosystem will hopefully put an end to these annoying and fraudulent robocalls calls, which the Federal Communications Commission (FCC) estimates will constitute more than half of all phone calls placed in the U.S. this year. The FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile are behind a new, global technology standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. This new standard addresses the issue of commercial robocallers who are impersonating other callers and committing fraud via Caller ID. Public key infrastructure (PKI) is the backbone of the SHAKEN/STIR global technology standard. In order to build this new ecosystem to facilitate stronger identities for each and every call generated, an effective PKI ecosystem must be implemented. Strong identities and controls will be needed to ensure call identities are trusted globally. PKI is the technology that will be used to identify and verify each phone call. SHAKEN/STIR will shift the identity details from the call originator to the trusted telephone company routing the call. The industry – technology infrastructure, telecommunications, and government entities – needs to work together on a solution that will reduce fraud and put an end to robocalls. As this technology standard evolves and deployed, it is important to identify the security risks telecommunications companies will face and how enterprises can benefit from this work. Security will be required at every level of SHAKEN/STIR implementation.

Presenters:

• Mark Cooper - president and founder at PKI Solutions
  Mark B. Cooper, president and founder of PKI Solutions, has deep knowledge and experience in all things Public Key Infrastructure (PKI), known as “The PKI Guy” since his early days at Microsoft. PKI Solutions Inc. provides consulting, training and software solutions for Microsoft PKI and related technologies for enterprises around the world. Its expertise and proprietary software solutions ensure the right PKI for all enterprise security and management needs, including securing IoT and mobile devices. Prior to founding PKI Solutions, Cooper was a senior engineer at Microsoft, where he was a PKI and identity management subject matter expert who designed, implemented, and supported Active Directory Certificate Services (ADCS) environments for Microsoft’s largest customers.

Links:

• https://bsidesdc2019.busyconf.com/schedule#activity_5cfabc8bba0606426a0000f6

Similar Presentations:

• DerbyCon 1.0 (2011) / Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon?
• Diana Initiative 2020 Virtual / What if we had TLS for Phone Numbers? An introduction to SHAKEN/STIR
• The Circle Of HOPE (2018) / The Phone System Is Dead - Long Live The Phone System!