Authenticating and Authorizing the Caller: A Defense Mechanism Against Caller ID spoofing

Loading...
Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis

Date

2024-09-30

Department

Major/Subject

Security and Cloud Computing

Mcode

Degree programme

Master's Programme in Security and Cloud Computing

Language

en

Pages

111

Series

Abstract

Caller IDs have served as a method for caller verification for decades. During a phone call, the calling party is identified by caller ID, which indicates the phone number and/or name of the caller. However, technological advancements enabled the modification of this information through caller ID spoofing. Although legitimate caller ID spoofing provides anonymity for the caller and facilitates corporate communications by displaying a consistent business number and name, it also opens the door to fraudulent activities. Malicious actors have been using spoofed caller IDs to impersonate trusted parties and deceiving victims into sharing sensitive information or performing certain actions. The rise in phone-based scams is leading to significant financial and reputational damage on a global scale. Unlike online authentication, identity verification over a phone call is much more challenging. As a result, there is no reliable system that effectively binds the caller ID to the true identity of the caller. This thesis addresses the challenge of caller ID verification by introducing a strong authentication mechanism over a phone call through the use of the upcoming European Digital Identity (EUDI) wallet. This novel solution proposes a dialer application called SecCall that authenticates the caller through the wallet before the call is established. Beyond authentication, it confirms the authority of the caller to use the phone number, which is critical in corporate environments. Additionally, to provide mutual trust, the solution introduces a new approach where call recipients can verify themselves with service providers by sharing minimal identity information. To showcase the caller authentication process, we have developed an Android application prototype for SecCall that relies on the released demo version of the EUDI wallet. The solution proposed in this thesis could be a breakthrough in telecommunication security and bring new perspectives to phone call authentication.

Description

Supervisor

Suoranta, Sanna

Thesis advisor

Slimane, Ben
Seppälä, Otto

Keywords

caller ID, caller ID spoofing, authentication, telephony networks, European Digital Identity (EUDI) Wallet

Other note

Citation