Authenticating and Authorizing the Caller: A Defense Mechanism Against Caller ID spoofing
Loading...
URL
Journal Title
Journal ISSN
Volume Title
School of Science |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2024-09-30
Department
Major/Subject
Security and Cloud Computing
Mcode
Degree programme
Master's Programme in Security and Cloud Computing
Language
en
Pages
111
Series
Abstract
Caller IDs have served as a method for caller verification for decades. During a phone call, the calling party is identified by caller ID, which indicates the phone number and/or name of the caller. However, technological advancements enabled the modification of this information through caller ID spoofing. Although legitimate caller ID spoofing provides anonymity for the caller and facilitates corporate communications by displaying a consistent business number and name, it also opens the door to fraudulent activities. Malicious actors have been using spoofed caller IDs to impersonate trusted parties and deceiving victims into sharing sensitive information or performing certain actions. The rise in phone-based scams is leading to significant financial and reputational damage on a global scale. Unlike online authentication, identity verification over a phone call is much more challenging. As a result, there is no reliable system that effectively binds the caller ID to the true identity of the caller. This thesis addresses the challenge of caller ID verification by introducing a strong authentication mechanism over a phone call through the use of the upcoming European Digital Identity (EUDI) wallet. This novel solution proposes a dialer application called SecCall that authenticates the caller through the wallet before the call is established. Beyond authentication, it confirms the authority of the caller to use the phone number, which is critical in corporate environments. Additionally, to provide mutual trust, the solution introduces a new approach where call recipients can verify themselves with service providers by sharing minimal identity information. To showcase the caller authentication process, we have developed an Android application prototype for SecCall that relies on the released demo version of the EUDI wallet. The solution proposed in this thesis could be a breakthrough in telecommunication security and bring new perspectives to phone call authentication.Description
Supervisor
Suoranta, SannaThesis advisor
Slimane, BenSeppälä, Otto
Keywords
caller ID, caller ID spoofing, authentication, telephony networks, European Digital Identity (EUDI) Wallet