IEEE Access (Jan 2024)
Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks
Abstract
Voice over Internet Protocol (VoIP) networks are vulnerable to caller-ID (caller-identification) spoofing attacks due to the open nature of Session Initiation Protocol (SIP) signaling. Caller-ID spoofing is a critical security threat in modern telecommunication systems, allowing attackers to impersonate legitimate callers and gain access to sensitive information. While these attacks pose a significant threat to the telecom and financial industries, the existing solutions are limited to only closed-circuit options for subscribers of the same service provider. In this paper, we present a novel blockchain-based solution to effectively prevent caller-ID spoofing attacks in real time. Our approach employs a low-latency consensus algorithm to manage and verify end-to-end the caller-ID information of Internet Service Providers (ISPs) and institutions. We propose a two-step verification process, in which the accuracy and integrity of Automatic Number Identification (ANI) information is verified at different stages of the call. The proposed solution initiates a renewal of the ISP registration on every caller-ID change, making it unaffected by unusual situations such as roaming, the use of an IP-PBX (Internet Protocol Private Branch Exchange), or the use of a VPN (Virtual Private Network). We also discuss the proposed solution’s feasibility and potential deployment issues, including its integration into existing RFC (Request for Comments) efforts and the necessary regulations for service providers to demonstrate compliance. Furthermore, we address future research directions, such as handling complex call scenarios such as call forwarding and teleconference calls. Our approach not only improves the security of telecommunication systems but also provides an efficient and scalable solution to prevent caller-ID spoofing attacks.
Keywords