[VOIPSEC] VoIP and Fraud

Mark Fletcher fletch at nortel.com
Tue Feb 15 08:53:11 CST 2005 

I agree with you Geoff, and that is the inherent problem. In an all IP
environment, point-to-point trust models can be developed. The problem is
that a user on a standard POTS line has no way of authenticating an IP end
point at the far end. That authentication would have to come from a higher
level. I agree, some sort of admission control would have to be developed to
prevent an unauthenticated end point from even coming online. The root of
the problem, I believe, is that new we have placed control in the users
hands. 

Take the E911 system for example, no location data is actually 'passed' from
the origination point. The E911 Location screen is populated at the
dispatcher console based on a ALI database dip using the CLID as the index.
So for example in NJ, I can be in Atlantic City, hit a local PRI trunk with
spoofed CLID, and end up at a PSAP in Newark (practically the other end of
the State). E911 routing is based on CLID and nothing else, and
unfortunately that is now easier to spoof.

In the same respect, the name you get on CLASS Caller ID service at your
house is also based on a database dip at your local CO. So if I could spoof
my CLID to match the number of your local PD, I could call your house and
the CLASS name display would read "ANYTOWN POLICE DEPT". Imagine what I
could do then......

Yes, this is fixable with a change and/or policing of the technology, but
that is not coming anytime soon.

Fletch

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Geoff Devine
Sent: Monday, February 14, 2005 10:51 PM
To: Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VoIP and Fraud


Mark Fletcher fletch at nortel.com writes:
> There are many potential areas, but one that concerns me is the 
> ability for a user to easily spoof their Caller ID. Typically this has 
> only been available to administrators of a PBX with PRI circuits. Many 
> call this 'security via obscurity'. By spoofing CLID, a caller could 
> raise havoc with Emergency Services and the national E9-1-1 system, or 
> use a spoofed CLID to socially engineer people into giving up personal 
> information.

 

The issue here is that endpoints can't be trusted.  Endpoints can only be
authenticated.  A PBX running Primary Rate ISDN is quite different from a
mass market subscriber SIP endpoint somewhere out there in the world.  You
should not _trust_ that device to give you accurate CallerID.  The device is
portable so you should use its routable IP address to obtain physical
location rather than _trust_ it to tell you where it is.  To create a secure
service, you can't blindly pass SIP messages around as a lightweight SIP
Proxy.  You have to adopt a more hardened Back2Back User Agent model where
you understand exactly what the endpoint is signaling and have the abilty to
police the signaling.

 

Geoff

More information about the Voipsec mailing list