System would Identification of System Generated, Spoof Calls landing at Dial 100 Control Room
Abstract : Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented between enterprises and countries, no mechanism is available today to easily detect such spoofing attacks. This vulnerability has already been exploited with crucial consequences such as faking caller IDs to emergency services (e.g., 9-1-1) or to commit fraud. In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks. CallerDec can be deployed at the liberty of users, without any modification to the existing infrastructures. We implemented our scheme as an App for Android-based phones and validated the effectiveness of our solution in detecting spoofing attacks in various scenarios.
? Existing caller ID protocols do not provide real authentication and hence are untrustworthy for authenticating callers’ locations or identities, because caller IDs are vulnerable to spoofing attacks; i.e., an attacker can easily send a fake caller ID to a callee.
? The detection solution should only change telephone terminals but not the existing telephone infrastructure, because adding any extra hardware to the existing infrastructure or introducing new protocols to the core telephone networks would be a great expense to all telephone carriers.
? To overcome the problem, we leverage Android hidden APIs of ITelephony interface using java reflection. Moreover, telephone carriers may not be able to solve the problem even if they can redesign the protocols.
? While the problem of caller ID spoofing is generally known, previously proposed solutions typically require the cooperation and modification of phone provider networks, which imposes extra cost.
? However, it does not address the problem of fake ID providers, which have both incentive and means to fake most of this meta-data.
• We propose CallerDec, end-to-end caller ID verification schemes that require no modification to the existing telephone infrastructure.
• This is aggravated by the fact that the proposed authentication scheme is only useful if widely deployed, so that unauthenticated calls can be rejected.
• Several ways of comparing the call’s meta-data with the claimed caller ID are proposed, however, it does not address the problem of fake ID providers, which have both incentive and means to fake most of this meta-data.
? The CallerDec performance in various scenarios, and show that it can detect spoofed caller ID effectively and efficiently (i.e. incurring almost no extra energy overhead).
? The Bayesian classifier is an efficient method for calculating posterior probability based on prior probability and likelihood in the training data.
? However, Caller ID has been increasingly used to authenticate the identities of callers, or to verify their physical locations in several systems, ranging from 9-1-1 emergency services, automatic telephone banking systems, credit card activation systems, to voicemail services.
|