Skip to main content

Director of Programmes for MEF, James Williams, is joined by the members of the Numeracle and TransNexus teams to take a deep dive into the intricacies of call authentication, with a focus on the Consolidated Signing Service Provider (SSP) Matrix of Attestation found in the 2020 CATA (Call Authentication Trust Anchor) Working Group’s report, and the role of attestation in verifying the legitimacy of caller identity.

The present-day landscape of telecommunications presents a suite of challenges for businesses, with fraudulent call activities manifesting at an alarming frequency. It’s an issue every business owner can relate to – unknown numbers flooding customer call logs, potentially compromising a company’s reputation and number integrity.

Attestation Levels and the STIR/SHAKEN protocols emerge as crucial mechanisms in the quest to ensure call authenticity. The accuracy and reliability of a call’s origin and trustworthiness play a critical role, both for the service provider terminating the call and for their subscribers. Not simply signing the call but making sure the call contains valuable information is essential to prevent misleading and unwarranted trust scenarios.

The ABC’s of Attestation Levels

“The primary reason STIR/SHAKEN hasn’t been as successful as anticipated is due to our reliance on the terminating side to use the information effectively, which isn’t always guaranteed. Often, the call validation treatment and analytics come from a separate vendor than the one providing the verification service. The integration between these two can be imperfect. Furthermore, if enforcement relies on legal proceedings against bad service providers, it becomes a time-consuming, slow, and expensive process. This area of
standards and commercial development continues to be very active and requires further refinement.”
– Pierce Gorman, Distinguished Member of the Technical Staff, Numeracle

Consider Attestation Levels as your business’s ID Card. They offer a snapshot of your communication’s credibility, defining how these communications will be treated by the receiver. Understanding attestation levels isn’t just beneficial—it’s critical. Your business’s ability to ensure that its communications are well-received and considered authentic depends on this understanding.

At the core of call authenticity lies attestation levels: A, B, and C. Designed to measure the trustworthiness of a call’s source, they constitute a vital guide for service providers to assess your calls’ credibility.

  • Full Attestation (Level A): The service provider fully attests that the call source and call ID are accurate and have been verified.
  • Partial Attestation (Level B): The service provider can confirm the source of the call but cannot authenticate the call ID.
  • Gateway Attestation (Level C): The service provider can only verify that the call entered their network but cannot ascertain the call’s origin or ID

What does this mean for your business? Ideally, the higher the attestation level, the more likely your business’s calls are to be accepted as legitimate and reach the intended recipients; however, it’s significantly more complicated than that. While the vision behind attestation levels aimed to ensure that higher-rated calls would be more likely accepted as legitimate, the practical execution of this system has proven to be more complex. Therefore, while striving for higher attestation levels may seem like a logical strategy, it’s crucial to understand that these ratings may not fully guarantee the perceived authenticity of your businesses calls.

A Closer Look at the SSP Matrix

To tackle the accurate assignment of attestation levels, an SSP (Signing Service Provider) Matrix comes into the picture. This comprehensive framework dissects several factors that contribute to the trustworthiness level linked with a call. These factors encompass reputation, caller ID history, and assertion practices. By scrutinizing each element, service providers can assign the apt attestation level to incoming calls.

It’s pivotal to understand that the process of determining an attestation level isn’t a simplistic, one-dimensional task—it’s a comprehensive evaluation that dives deep into multifarious elements of the call. The power of the SSP Matrix lies in its systematic and detailed approach, ensuring there’s alignment between the assigned attestation level and the call’s actual authenticity. This alignment not only bolsters the call’s integrity but also elevates user confidence in call identification.

Unpacking the STIR/SHAKEN Framework

STIR/SHAKEN protocols represent an industry-wide response to an unprecedented surge in caller ID spoofing crimes. The main objective lies in constructing an authentication framework that reassures callers that their identity is verifiable by service providers. The backbone of this protection effort rests upon cryptographic
certificates, which are used to digitally sign calls at their point of origin. These digital signatures serve a two-fold purpose: They solidify the identity of the calling party, and offer a protective line of defense against any manipulation during the call’s transit.

“The concept behind STIR/SHAKEN is akin to adding sticky notes around a phone number. Various entities come in, sign, and attest that the Caller ID number is, indeed, authentic to the person making the call.” – Sarah Delphey, VP of Trust Solutions, Numeracle

The true power of these protocols, however, comes into play when the verification process begins. Call authenticity is cross-verified when these digital signatures sync with the public keys residing within a centralized database. The harmonious alignment of these components validates the call’s origin and its path, confirming its genuine nature. Consequently, this aims to ensure the integrity of your business’s calls and shields them against fraudulent practices.
The Nexus between Attestation Levels and STIR/SHAKEN Protocols

As telecommunications becomes an increasingly complex domain, the industry seeks synergy between disparate elements to offer seamless and secure services. When it comes to call integrity and legitimacy, a key intersection lies between attestation levels and the STIR/SHAKEN protocols.

The underpinnings of attestation levels hinge on the practical application of STIR/SHAKEN protocols. The protocols’ validation process plays a crucial role in shaping the attestation levels assigned to incoming calls. Committing to the STIR/SHAKEN protocols means ensuring the calling party’s identity is undeniably accurate. By successfully affirming this identity, service providers can confidently assign appropriate attestation levels, empowering call recipients to base their responses on reliable data.

“STIR/SHAKEN offers a mechanism for the receiving service provider to identify, even before answering or accepting the call, who or at least which service provider is initiating the call. This feature becomes incredibly potent when combined with the attestation levels.”
– Alec Fenichel, CTO & Software Tech, TransNexus

Glaring Gaps

The path to leveraging STIR/SHAKEN protocols and ensuring accurate attestation Levels is not without its challenges. For these processes to function optimally,
reliable connectivity between diverse service providers is paramount. But, real-world complications, such as indirect connections and infrastructure limitations, can put a spanner in the works. These complexities can interrupt the verification process, posing significant challenges to maintaining secure, authenticated communication.
As we venture deeper into the world of call authentication and confront its realities, it becomes clear these solutions, while significant, are only pebbles paving the path to a much broader, more secure landscape.

Call Attestation: A Partial Solution at Best

While call attestation brings something valuable to the security table, its inherent flaws and vulnerabilities make it a partial solution at best. These attestation levels, lacking in foolproof validation, may present false assurances that can be exploited by fraudulent entities.
Moreover, this mechanism fails to address calls that illicitly slip through the three significant classes of attestation (A, B, and C), creating an exploitable efficiency gap. While guidelines exist for A, B, and C call attestations, service providers have the liberty to execute local policies that may not necessarily align with best practices. Therefore, solely relying on call attestation for all authentication needs remains a precarious strategy in the face of increasingly sophisticated telecommunication fraud.
STIR/SHAKEN: A Starting Point, Not the Destination

The STIR/SHAKEN framework is often misunderstood as a tool specifically for preventing robocalls, illegal calls, or spoofed calls. The protocols, while innovative, offer a narrow solution when faced with the widening gamut of telecommunication challenges. While they promise a path to deter identity misuse in IP voice networks, these protocols leave unprotected areas such as non-IP legacy systems and other communication channels.

Moreover, these protocols were primarily designed to prevent caller ID spoofing and didn’t initially account for other forms of fraudulent activities. Legitimate businesses can face challenges with their calls being incorrectly labeled as spam or fraud due to these protocols.

Despite their effectiveness and importance, call attestation and STIR/SHAKEN protocols do not offer an all-encompassing solution to the challenges within our telecommunications networks. These measures, though beneficial, paint an incomplete picture of the security landscape. They act as individual threads within an intricate tapestry that demands a more robust, holistic approach.

Bridging the Gaps with Numeracle

The existing methods of call attestation and STIR/SHAKEN protocols, while valuable foundational elements, fall short of providing a comprehensive solution, leaving room for gaps and vulnerabilities and frequently leading blame games for the ineffective combat against robocalls

At Numeracle, we’ve stepped up to this challenge, offering an innovative Entity Identity Management™ Solution. Far beyond the conventions, our approach encompasses broader dimensions, fostering a more comprehensive, flexible, and personalized solution. It’s all about aligning strategies with your business’s specific needs.

You no longer need to tackle convoluted processes alone. We stand by your side, providing personalized support and expert assistance to ensure your organization thrives amidst the challenges of the telecommunication space. For businesses ready to break free from the constraints of conventional practices and take a stride towards secure, efficient communications, we invite you to join forces with us. Our reservoir of industry expertise and unique, solution-oriented approach is just an email away!