Internet DRAFT - draft-zhang-stir-scenario-issue
draft-zhang-stir-scenario-issue
STIR C. Zhang, Ed.
Internet-Draft China Mobile Group Design Institute
Intended status: Informational H. Deng
Expires: January 7, 2016 China Mobile Research Institute
July 6, 2015
Issue with current STIR scenario
draft-zhang-stir-scenario-issue-00
Abstract
This document introduces couple of scenarios have been identified to
find out that certificate based solution has some limitation.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 7, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Zhang & Deng Expires January 7, 2016 [Page 1]
�
Internet-Draft STIR scenario issue July 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
The work item "Technical measures and mechanism on countering the
spoofed call in the terminating network of VoLTE (ITU-T X.ticsc,
supplement to ITU-T X.1245)" was established by ITU-T SG17 in Sept,
2014.
However, before the implementation of the mechanism by VoLTE is
taken, the work item of X.ticsc is to focus on the countering
measures in the following three scenarios existing in the current
networks:
We have some definition of the terminology below:
IPBX: Internet-protocol Private Branch Exchange (note: IPBX is the
exit of the caller's private network)
MSC: Mobile Switching Center
LSTP: Low Signaling Transfer Point
HSTP: High singaling Transfer Point
VoLTE AS: Voice over LTE Application Server
1. The caller and caller's visiting/home network are not all in the
trusted domain like below figure 1 and 2.
Zhang & Deng Expires January 7, 2016 [Page 2]
�
Internet-Draft STIR scenario issue July 2015
Bad Guy: Bad guy:
Make a Call Turn Real Number:83658173
+---------+ A Call with To Faked Number:10086
|Telephony| a internal Number +------------------+
|Terminal |--------------------->| IPBX +--+
+---------+ +------------------+ | A Call with
| 10086
+-+-----+
| MSC |
+-+-----+
+----------+ | A Call with
| Exchange | +-----------------+ | 10086
| Gateway |<---------------------| LSP |<-+
| to other | A Call with +-----------------+
| Networks | 0531-10086 Add Area Number:
+----------+ 0531
Figure 1: Caller cannot be trusted
Bad Guy:
Make a Call
+---------+ A Call with A Call with
|Mobile | 13356784321 +-----+ 13356784321 +------+
|Phone |--------------->| MSC |----------------->| LSTP |
+---------+ +-----+ +---+--+
|
|A Call with
|13356784321
+----------+ +-----+------+
| Exchange | | |
| Gateway |<-------------------------------------| VoLTE AS |
| to other | A Call with | |
| Networks | 13201010086 +------------+
+----------+ Bad Guy:
Turn Real Number:
13356784321
To Faked Number:
13201010086
Figure 2: The caller's visiting /home network cannot be trusted
2. The calling ID is real and can be trusted, but highly similar to
some public service numbers, for example, a real mobile phone number
of 132-010-10086 is quite similar to China Mobile's service number
10086. Some bad guy could use it to make fraud against the customers
of China Mobile.
Zhang & Deng Expires January 7, 2016 [Page 3]
�
Internet-Draft STIR scenario issue July 2015
3. The international calling ID can be presented incompletely to the
callee according to some international exchange rules. If the
calling ID is hidden intentionally and legally by the caller in an
international call like the figure 3, the presented caller number
could be the 00 + country code + area code. While, 00 + country code
+ area code could be petty similar to some public service numbers
also. For example, 95 is the country code of Myanmar and also the
first two numbers of many public service numbers of banks in China.
And plus some area codes, a bad caller in Myanmar could mimic many
public service numbers of banks in China and cheat the customers of
these banks easily.
Bad Guy:
Make a Call Add Area Number:
+---------+ A Call with A Call with 5330
|Mobile | number hidden +-----+ number hidden +------+
|Phone |--------------->| MSC |----------------->| LSTP |
+---------+ +-----+ +---+--+
|
|A Call with
|5330
+--------------+ +----+-------+
| International| | |
<------------------| Gateway |<--------------| HSTP |
A Call with | to other | A Call With | |
00955330 | Networks | 955330 +------------+
+--------------+ Add Country Number:
Add International 95
header:00
Figure 3: The caller just hid the ID in a international call
By proposing the integrated measures of detecting and verifying,
blocking, alerting and etc., X.ticsc dedicates to solve the concerns
in these three scenarios listed above at least to some extent. Yet,
the rsisk in the scenario 2 and 3 may still not be solved
systematically even when the mechanism of the end-to-end
authentication is implemented.
Meanwhile, editors of X.ticsc would appreciate any closer
collaboration with the IETF STIR to share the ideas and enhance the
quality of X.ticsc. Just for mention, a new LS/o (TD 1782) has been
sent out to IETF STIR by ITU-T SG17 on April of this year.
Any further discussion would be welcome!
Zhang & Deng Expires January 7, 2016 [Page 4]
�
Internet-Draft STIR scenario issue July 2015
Authors' Addresses
Chen Zhang (editor)
China Mobile Group Design Institute
A16, Danleng Street
Beijing
China
Email: zhangchen@cmdi.chinamobile.com
Hui Deng
China Mobile Research Institute
Xuanwumenxi Ave. No.32
Beijing 100053
China
Email: denghui@chinamobile.com
Zhang & Deng Expires January 7, 2016 [Page 5]
