Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks

Voice over Internet Protocol (VoIP) networks are vulnerable to caller-ID (caller-identification) spoofing attacks due to the open nature of Session Initiation Protocol (SIP) signaling. Caller-ID spoofing is a critical security threat in modern telecommunication systems, allowing attackers to imperso...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2024-01, Vol.12, p.1-1
Main Authors: Tas, I. Melih, Baktir, Selcuk
Format: Article
Language:English
Subjects:
Algorithms
Authentication
Automatic number identification
Blockchain
Call forwarding
Call line identification
Caller Authentication
Caller-ID Spoofing
Costs
Cryptography
Cybersecurity
Fraud
Government
Identity Spoofing
Internet Protocol
Internet service providers
Internet telephony
IP (Internet Protocol)
Network latency
PBFT
Practical Byzantine Fault Tolerance
Private branch exchanges
Protocols
Regulation
Robocall
Session Initiation Protocol
SIP
Spoofing
Telecommunications
Telephony
Virtual private networks
Voice over IP
VoIP
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Voice over Internet Protocol (VoIP) networks are vulnerable to caller-ID (caller-identification) spoofing attacks due to the open nature of Session Initiation Protocol (SIP) signaling. Caller-ID spoofing is a critical security threat in modern telecommunication systems, allowing attackers to impersonate legitimate callers and gain access to sensitive information. While these attacks pose a significant threat to the telecom and financial industries, the existing solutions are limited to only closed-circuit options for subscribers of the same service provider. In this paper, we present a novel blockchain-based solution to effectively prevent caller-ID spoofing attacks in real time. Our approach employs a low-latency consensus algorithm to manage and verify end-to-end the caller-ID information of Internet Service Providers (ISPs) and institutions. We propose a two-step verification process, in which the accuracy and integrity of Automatic Number Identification (ANI) information is verified at different stages of the call. The proposed solution initiates a renewal of the ISP registration on every caller-ID change, making it unaffected by unusual situations such as roaming, the use of an IP-PBX (Internet Protocol Private Branch Exchange), or the use of a VPN (Virtual Private Network). We also discuss the proposed solution's feasibility and potential deployment issues, including its integration into existing RFC (Request for Comments) efforts and the necessary regulations for service providers to demonstrate compliance. Furthermore, we address future research directions, such as handling complex call scenarios such as call forwarding and teleconference calls. Our approach not only improves the security of telecommunication systems but also provides an efficient and scalable solution to prevent caller-ID spoofing attacks.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3393487