An Analysis of Applying STIR/SHAKEN to Prevent Robocalls

The robocall epidemic has caused millions of phone scam victims resulting in billions of financial loss in the USA. To address this issue, Federal Communication Commission (FCC) mandates all Internet Telephony Service Providers (ITSP) to implement Secure Telephony Identity Revisited (STIR) with the Signature-based Handling of Asserted information using toKENs (SHAKEN) to authenticate Voice of Internet Protocol (VoIP) calls on their networks. This chapter provides an analysis of the effectiveness of STIR/SHAKEN in protecting users from being victims of robocalls which are mostly scam calls with fake caller ID. Our analysis shows three majors issues that could have impact on the effectiveness of STIR/SHAKEN. These issues are (a) poorly protected enterprise IP-PBX, (b) unscrupulous service providers, and (c) lack of support of Q.1912.5, which is the interworking standard between IP and Public Switch Telephone Network (PSTN).