Authenticating and Authorizing the Caller: A Defense Mechanism Against Caller ID spoofing

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorSlimane, Ben
dc.contributor.advisorSeppälä, Otto
dc.contributor.authorWollel, Salem Getachew
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorSuoranta, Sanna
dc.date.accessioned2024-11-20T22:07:54Z
dc.date.available2024-11-20T22:07:54Z
dc.date.issued2024-09-30
dc.description.abstractCaller IDs have served as a method for caller verification for decades. During a phone call, the calling party is identified by caller ID, which indicates the phone number and/or name of the caller. However, technological advancements enabled the modification of this information through caller ID spoofing. Although legitimate caller ID spoofing provides anonymity for the caller and facilitates corporate communications by displaying a consistent business number and name, it also opens the door to fraudulent activities. Malicious actors have been using spoofed caller IDs to impersonate trusted parties and deceiving victims into sharing sensitive information or performing certain actions. The rise in phone-based scams is leading to significant financial and reputational damage on a global scale. Unlike online authentication, identity verification over a phone call is much more challenging. As a result, there is no reliable system that effectively binds the caller ID to the true identity of the caller. This thesis addresses the challenge of caller ID verification by introducing a strong authentication mechanism over a phone call through the use of the upcoming European Digital Identity (EUDI) wallet. This novel solution proposes a dialer application called SecCall that authenticates the caller through the wallet before the call is established. Beyond authentication, it confirms the authority of the caller to use the phone number, which is critical in corporate environments. Additionally, to provide mutual trust, the solution introduces a new approach where call recipients can verify themselves with service providers by sharing minimal identity information. To showcase the caller authentication process, we have developed an Android application prototype for SecCall that relies on the released demo version of the EUDI wallet. The solution proposed in this thesis could be a breakthrough in telecommunication security and bring new perspectives to phone call authentication.en
dc.format.extent111
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/131725
dc.identifier.urnURN:NBN:fi:aalto-202411217237
dc.language.isoenen
dc.programmeMaster's Programme in Security and Cloud Computingen
dc.programme.majorSecurity and Cloud Computingen
dc.subject.keywordcaller IDen
dc.subject.keywordcaller ID spoofingen
dc.subject.keywordauthenticationen
dc.subject.keywordtelephony networksen
dc.subject.keywordEuropean Digital Identity (EUDI) Walleten
dc.titleAuthenticating and Authorizing the Caller: A Defense Mechanism Against Caller ID spoofingen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes

Files