What is Meant by STIR/SHAKEN? A Complete Guide

SHAKEN/STIR is indicative of a framework of procedures/protocols. Through these, practices such as call spoofing are limited as much as possible. A broader understanding of the same can be attained when these entities are individually paid attention to. However, it is to note that though Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted Information Using Tokens (SHAKEN) are different, they are collectively effective in preventing spoofing. The usage of this framework can help in authenticating callers, lowering the rise of robocalls, inducing cost-effective call management measures, and more. Given its usage, along with benefits, it can be utilized by numerous industries, mainly ranging from finance to telecommunications.

What is STIR/SHAKEN?

STIR/SHAKEN represents a set of technical protocols as well as procedures. They are useful for combatting the caller ID spoofing attacks on several public telephone networks. The framework is utilized by a local exchange carrier or originating service provider for the authentication of the Caller ID or identity of the originating caller.

• STIR/SHAKEN allows the verification of a Caller ID by a terminating service provider.

• Through this, the possibilities of fraudulent automated calls or robocalls are narrowed down.

• With this practice, the risk of illegal call identity spoofing can be minimized.

• As a result, the recipient is able to trust the call received.

In addition to the above, keep in mind that STIR and SHAKEN are different. While one is a technology, the other is a policy. They function collectively for completing a common objective. Nevertheless, they should be separately looked at for a better understanding.

What is STIR or Secure Telephony Identity Revisited?

STIR, simply put, is an important protocol. Also called Secure Telephony Identity Revisited, the organization, IETF or Internet Engineering Task Force developed it. The protocol ensures the availability of a digital signature. It is provided with the necessary credentials for the calling party.

• The signature or certificate gets embedded in the SIP or the Session Initiation Protocol message.

• This message is utilized for: 

            * Routing a call,
            * Information regarding the called party,
            * And, carrying a call.

What is SHAKEN?

SHAKEN is an applied framework. It comes into use for the deployment of STIR within several carrier networks. Better understood as Secure Handling of Asserted Information Using Tokens, together with Secure Telephony Identity Revisited, its development was initiated. Implementing it is useful for a service provider for the verification/authentication of calls that are received or made across a particular IP network.

How does SHAKEN/STIR Work?

SHAKEN/STIR works through the utilization of digital certificates. Its functioning relies on the common techniques for public-key cryptography. Thus, a calling number is made secure. Or, in other words, every provider of telephone services gets a digital certificate. It is obtained via an authorized certificate provider, considered dependable by telephone service companies. 

This certificate-related technology lets the called party execute verification to check whether the call number is correct and devoid of spoofing.

• As part of the working of this framework, an originating telephone service company, receives an SIP INVITE.

• The company examines the number source of the call for its validity.

• This involves attestation of 3 types:

          * Partial attestation (B),
          * Full attestation (A),
          * And, gateway attestation (C).

• This originating telephone service company creates a header for the SIP identity via a service for authentication.

• This service can indicate a third-party solution that is cloud-hosted.

• Note that the header can comprise information regarding:

          * The number called,
          * Calling number,
          * Level of attestation,
          * Current timestamp,
          * And, origin identifier.

• This SIP INVITE, in addition to the identity header for SIP, is received by the provider of the terminating telephone service.

• Also, this can involve sending an identity token, around several call segments (non-SIP), over the web.

• Afterward, the INVITE and the header are received by a verification service.

• Via the repository for public certificates, this service gets a digital certificate associated with the originating telephone service provider.

• After its verification, the header (base64 URL), gets decoded.

• Its information is compared with the INVITE message.

• The certificate's public key verifies the signature for the header and the certificate chain of trust.

• Its results are shared with the SBC/softswitch of the provider of this terminating service/

• Lastly, the call gets completed.

How Important is the STIR/SHAKEN Suite?

STIR/SHAKEN is important to a considerable extent in the telecommunications sector. Overall, it is a useful tool for enhancing the authenticity of calls. Besides, it plays a role in minimizing the effect of unwanted/fake calls. Its significance can further be realized, in the context of different use cases.

Why is SHAKEN/STIR Important?

The STIR/SHAKEN framework is crucial for several purposes. It can be functional for limiting or preventing robocalls and ensuring that important calls are not missed. Looking at the bigger picture, it not only makes calls secure but reinforces a sense of trustworthiness for callers as well as receivers.

For Authenticating Callers

SHAKEN/STIR is useful in verifying the identity of a caller. This is administered by matching the information of the caller as displayed. Additionally, the number that results in the origination of a call is matched.

• As a consequence of this, a user is able to trust the identity of the caller.

• Given that the authentication of the identity of the caller is taken care of, the receiver involved can pick up the call with no concerns left unresolved.

To Minimize Robocalls

Utilizing Secure Telephony Identity Revisited and Secure Handling of Asserted Information Using Tokens, robocalls can be identified as well as blocked. This is one of the core purposes served by the framework. As parties engage in spoofing, this works as an approach to reducing the instances.

Introducing Cost-Effectiveness

The set of procedures/protocols under SHAKEN/STIR can introduce cost-effectiveness for users. This aspect is focused on by lowering the number of fraudulent or spam calls. Hence, users can be refrained from falling victim to scams involving huge costs. 

Also, the incoming calls that are allowed via a conventional system can bring down the costs, since they don’t require callers to utilize any long-distance calling service.

To Establish the Trustworthiness of a Call

Assuming that a receiver witnesses or receives multiple spam or scam calls in a day, his/her trust can undergo a breach. Given the utilization of the STIR/SHAKEN framework, such a breach can be prevented. This is because it plays a vital role in identifying the phone numbers as well as in authorizing them.

Limiting Caller Identity Spoofing

Certain parties or individuals can prefer caller ID/identity spoofing, particularly for hiding the origins of calls and imitating to be someone else. In case Secure Handling of Asserted Information Using Tokens and Secure Telephony Identity Revisited are used, this practice can be limited.

• Via this framework, malicious parties are prevented from spoofing the IDs of callers.

• Thus, the instances of fraud are reduced.

• At the same time, practices like impersonation are decreased.

For improving Call Centers’ Operations

Call centers can particularly find STIR/SHAKEN to be impactful as it can boost their operations, making them more secure too. For these centers, it becomes possible to verify the identity of callers. Along with this, the outbound call performance is enhanced.

• For the customers of call centers that are reliant on this framework:

          * It gives a sense of assurance that the calls they are making are secure.
          * The possibilities of robocalls are reduced to a great degree.
          * Fraudulent types of calls are prevented.

Who can Implement STIR/SHAKEN?

Businesses or organizations in the telecom industry, at large, can implement Secure Handling of Asserted Information Using Tokens (SHAKEN) and Secure Telephony Identity Revisited (STIR). For them, the combination of the policy and technology, can help fight concerning challenges, ranging from a caller ID’s spoofing to impersonation on the call.

• Aside from this, healthcare businesses can benefit from this framework as it can:

         * Authenticate the phone calls,
         * And, ensure that crucial calls are not blocked.

• Organizations in the finance sector find this protocol to be effective as it can:

         * Make calls secure for them and their customers,
         * And, help them comply with important regulations.

Note that the implementation of STIR/SHAKEN is not limited to these industries. Others such as pharmaceuticals and manufacturing can utilize it as well for varying purposes, revolving around making/receiving calls.

Read Also: What is Conversion Analytics?

All Things Considered

The SHAKEN/STIR framework can be essentially used by organizations that require making calls secure and prevent practices like spoofing. Provided that they thoroughly understand what the solution is and how it works, they can best utilize it. Besides, this comprehension can assist them in applying the protocol rightly where it is required.