STIR/SHAKEN Explained
Fraudulent robocalls and illegal phone number spoofing have generated millions of unwanted calls, averaging more than 159 million calls every day. That’s over 110,000 fraudulent calls every minute. This is where STIR/SHAKEN comes in.
What Is STIR/SHAKEN?
STIR/SHAKEN refers to two standards that ensure telephone calls come from legitimate sources by verifying the accuracy of the calling number. The protocols are designed to ensure the calling number is authenticated so that individuals aren’t contacted by someone using a fake number.
STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information Using toKENs) use digital certificates based on common public-key cryptography techniques. Each telecommunications provider gets its certificate from a trusted authority (or “trust anchor”).
The digital certificate technology enables that the calling number is accurate. Signalmash call authentication service provides our customers with the tools to ensure that their calls are not flagged as unwanted spam and delivered to end users’ phones without impairment.
How STIR/SHAKEN Works
All telephone service providers participating in STIR/SHAKEN are issued digital certificates from a trusted authority with which they can prove ownership of a given calling number. When a call is made, the calling number is verified with a If the calling number is legitimate, the call is passed onto the caller.
This verification process happens in the background without any user interaction, which is why it’s often called “signature-based handling of asserted information.” To make sure calls are authenticated, both the calling and receiving parties must have certificates from a trusted authority.
Here’s a simplified outline of the STIR/SHAKEN Authentication protocol:
- The calling party initiates a telephone call
- The called party’s telephone carrier verifies the calling number by checking the digital signature against the certificate
- If the verification is successful, the call continues as normal
If for some reason, the verification fails, the call is terminated. This could be because:
- The calling party’s phone number doesn’t have the correct certificate
- The calling party’s telephone is not registered with a STIR/SHAKEN protocol
And here’s a more high-level step-by-step outline of the entire STIR/SHAKEN Authentication protocol:
- The originating telephone service provider receives a SIP invite.
- The service provider for the originating call determines how to validate the calling number (i.e., full, partial, or gateway) based on the call source and calling number.
- The originating service provider uses the caller ID authentication service to generate a SIP Identity header.
- The terminating telephone service provider receives a SIP Invite that has the SIP Identity header.
- The verification service receives the SIP Invite that has the Identity header.
- The verification service receives the certificate of the originating service vendor from the public certificate repository and begins the verification process.
- The verification service returns the results to the terminating service provider’s softswitch/SBC.
- The call is completed to the called party.
What Is SHAKEN Attestation?
An additional security measure built into the STIR/SHAKEN framework is called “attestation.” This allows service providers to vouch for the authenticity of service providers’ certificates. To do this, a service provider creates a JSON document called an “attestation statement,” which contains information about the certificate being attested.
This statement is then signed by the originating service provider’s key and stored in a publicly-accessible location. When a call is made, the terminating service provider can use this statement to verify the authenticity of the certificate being used by the calling party.
The Three Levels of Attestation
There are three levels of attestation.
- Full attestation or “A” — The service provider has verified its connection with the customer who is calling, and the customer is authorized to use the dialing number.
- Partial attestation or “B” — Authentication with the service provider has been established, but the service provider cannot verify that the customer has the necessary permissions to use the calling number.
- Gateway attestation or “C” — The service provider has confirmed that the call was placed on its network, but it has no relationship with the originator of the call (e.g., a call from an international gateway).
What Kinds of Telephone Services Are Using STIR/SHAKEN?
So far, the following telephone services are using STIR/SHAKEN:
- Voice over IP (VoIP) services such as Skype and Vonage
- Mobile carriers such as AT&T, Verizon, and Sprint
- Landline providers such as Comcast and CenturyLink
Benefits of STIR/SHAKEN
STIR/SHAKEN provides several benefits to both individuals and businesses. Here are some of the most important ones:
- It ensures the calling number is accurate.
- It provides caller ID authentication to VoIP services.
- It prevents illegal spoofing calls by verifying whether the phone number belongs to that service provider or not.
- It can mitigate spoofing attacks by verifying that another service provider used its certificate. This prevents fraudsters from disguising their identity through an authorized service provider’s certificate, helping to eliminate phishing and pretexting schemes.
STIR/SHAKEN Impact on Consumers
Consumers with VoIP service can leverage STIR/SHAKEN to authenticate their calls with a called party before completing the call. If a consumer calls another VoIP user and is not equipped with STIR/SHAKEN technology, they will receive a “call blocked” message at both ends of the call. All other users can enable STIR/SHAKEN validation through their SIP client configuration options.
That’s why it is important for you to use a service like Signalmash to ensure your communications aren’t blocked by STIR/SHAKEN protocol. Consolidating your outbound calls and phone numbers with Signalmash can simplify your compliance with STIR/SHAKEN. As a Signalmash customer, your calls are automatically signed with full attestation. This lowers the chance that your calls will be blocked by a terminating carrier.
Signalmash continues to take proactive steps to prevent malicious forms of traffic from entering our network, while ensuring that valid traffic is protected. We are an active partner with the FCC. We advocate telecommunications policies on behalf of our customers. Call us at +1 866.217.9750 to discuss your specific use case.
STIR/SHAKEN FAQs
What does STIR/SHAKEN stand for?
STIR is an abbreviation for “Secure Telephony Identity Revisited”. SHAKEN, on the other hand, represents “Secure Handling of Asserted information using toKENS”.
Who developed STIR and SHAKEN?
It was developed jointly by ATIS (the Alliance for Telecommunications Industry Solutions) and the SIP Forum.
Is STIR/SHAKEN mandatory in the U.S.?
The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act of 2019, which became law on December 30, 2019, requires all voice service providers to use the STIR/SHAKEN technology. Congress ordered the FCC to devise regulations compelling voice providers to employ the technology within 18 months. The FCC published a Public Notice stating that the rules outlined in its November 2020 One-Ring Scam Report and Order, which implemented Section 12 of the Act, would go into effect on January 13, 2021.
What is included in a certificate?
A digital certificate contains specific pieces of information such as a public key, expiration date, issuing authority, subject name (i.e., customer profile), serial number, signature algorithm, and digital signature.
What is the difference between STIR and SHAKEN?
The main difference between STIR and SHAKEN is that STIR focuses on the verification of the identity of the caller, while SHAKEN focuses on verifying the legitimacy of the call.
How Signalmash Can Help
Signalmash began providing STIR/SHAKEN attestation in our network in 2020. We’ve established interoperability natively in our network to help our clients meet STIR/SHAKEN requirements for compliance. Signalmash can help you simplify your STIR/SHAKEN attestation and authentication, ensuring the best possible throughput.
We support initiatives towards compliance with the TRACED Act by providing full STIR/SHAKEN compliance for our CPaaS solutions and telecom network. Get in touch with one of our experts to learn more about the Signalmash validation protocols. Email us at hello [at] signalmash.com or call us at +1 866.217.9750. Or complete our magic contact form here.