Momentum is increasing around the STIR / SHAKEN caller ID authentication framework as one of the key pieces in the puzzle to solve the problem of illegal robocalls. STIR / SHAKEN provides a secure mechanism for service providers to cryptographically sign and verify the Caller ID in SIP calls, combating Caller ID spoofing. Legislators in the US are requiring all service providers to deploy STIR / SHAKEN. Combined with Real-Time Analytics, STIR / SHAKEN delivers a powerful solution against robocalls.
At the recent SIPNOC 2019 conference, several key figures in the STIR / SHAKEN brains trust convened for three days of presentation and collaboration during the early stages of deployment of this new, critical, technology.
Verizon, one of the early adopters of STIR / SHAKEN, recently passed the impressive milestone of signing (outbound) or verifying (inbound) 250 million calls interconnected with other STIR / SHAKEN-enabled carriers, all whilst exceeding aggressive performance and latency targets. Their cloud native STIR / SHAKEN implementation is deployed in Verizon’s private OpenStack cloud.
The important lessons which Verizon presented at SIPNOC about their deployment included:
Don’t try to solve everything at once. Start with the simple use cases and expand outwards. Set clear expectations with interconnect partners on the requirements for the format of SIP message exchanges. Be prepared for teething issues as the STIR / SHAKEN protocol flow works its way through various network elements, such as issues with packet sizes, firewalls and silent TCP drops.
It is trailblazers such as Verizon that will help us finally overcome the robocall problem.