Skip to content
HomeSIP Network Operators Conferences (SIPNOC)SIPNOC 2017General Session - Day Two8b. DHS Research and Enterprise/Government Applications of Authentication/Spoofing

8b. DHS Research and Enterprise/Government Applications of Authentication/Spoofing

[featured_image]
Download
Download is available until [expire_date]
  • Version
  • Download 94
  • File Size 543.13 KB
  • File Count 1
  • Create Date December 4, 2017
  • Last Updated December 4, 2017

8b. DHS Research and Enterprise/Government Applications of Authentication/Spoofing

Presented by Mark Collier, CTO, SecureLogix Corporation.

This session will provide an overview of voice security issues encountered by enterprise and government organizations. The Department of Homeland Security (DHS) Science and Technology (S&T) Cyber Security Division (CSD) is investing in research into addressing voice security issues, such as Telephony Denial of Service (TDoS) and calling number spoofing. TDoS is a flood of inbound calls, typically into a public-facing contact center, which prevents legitimate customers from receiving service. TDoS is becoming more common and like other voice attacks, made more difficult to address due to calling number spoofing.

DHS is working with SecureLogix to address this issue. SecureLogix is enhancing their existing solutions, to address more complex forms of TDoS. The approach includes an ability to analyze call data in real-time and determine if calls are legitimate or malicious. This is work is focused on high capacity environments such as the largest bank contact centers in the county, as well as NG911, which has unique requirements.

DHS is also investing in addressing the calling number spoofing (and lack of authentication issue). Calling number spoofing makes all inbound voice attacks more difficult to address, including TDoS, robocalls, impersonations scams, and financial fraud. SecureLogix is addressing this issue by building a cloud-based spoofing/authentication server, which uses a variety of techniques to determine if the calling number for a call is spoofed or authentic. This server uses a number of proprietary techniques, use of proprietary information from service providers, Do-Not-Originate (DNO) concepts, and use of STIR/SHAKEN in the future.

DHS and SecureLogix are validating the research through formal pilot deployments at Greater Harris County (Houston) 911 and Palm Beach County 911. We are also executing a pilot with a very large bank. The goal of these pilots is to validate our approach for TDoS mitigation and tailor it to the specific requirements of these environments.