Telecom & SHAKEN/STIR
Public Key Infrastructure (PKI) is a powerful tool that can be used to authorize and verify caller IDs, but it must be managed and secured properly for SHAKEN/STIR to be effective. Futurex’s hardened data encryption solutions protect your sensitive data and enable standards compliance with maximum security and versatility.
SHAKEN/STIR Standards Rely on Cryptography to Verify Callers
Almost no one answers calls from unrecognized phone numbers anymore. The reason of course is that the unknown caller is likely one of the billion robocalls made each year. To protect themselves from a potential scam, most consumers do not answer unless they are certain who is calling. For legitimate businesses, the impact is that they are often unable to contact customers by phone to relay important or sensitive information.
Adding to the problem, the lack of security infrastructure around the phone system makes it too easy for criminals and unscrupulous robocallers to alter or spoof the calling number of their outbound telephone calls in order to deceive the called party. This deception can be as simple as changing the calling number so it appears that someone in your area code is calling, increasing the chances you’ll pick up the phone. It can also be more targeted and specific, opening the door to phishing and other scams.
To stop this scourge, the industry’s response, backed by the FCC, has been to develop a framework of interconnected standards called SHAKEN (Secure Handling of Asserted information using toKENs) and STIR (Secure Telephony Identity Revisited) that defines how telephone service providers should work together to ensure calling numbers are not spoofed.
Based on Proven Public Key Cryptography Techniques
Encryption technology is at the core of SHAKEN/STIR, using digital certificates, based on proven public key cryptography techniques, to ensure the calling number of a telephone call has not been spoofed. At a high level, telephone service providers obtain digital certificates from a certificate authority who is trusted by other telephone service providers. The certificate technology in turn enables the called party to verify that the calling number is accurate and has not been spoofed.
In the SHAKEN/STIR framework, service providers must implement a certificate management system to create and manage the public and private keys that form digital certificates. The private keys are used by the service provider to sign calls. The public key is then used by other service providers to verify that the signature was actually created by the private key.
For SHAKEN/STIR to remain effective over the long term, solutions must be implemented properly with close attention paid to how public and private keys are generated and how the private keys in particular are kept secure. Regardless of whether a SHAKEN/STIR solution is on-premises or a hosted in the cloud, the private keys should be secured using strong encryption and a hardware security module (HSM) such as our Key Management Enterprise Server (KMES) Series 3.
Advantages of Hardware-Based Encryption
Hardware-based data encryption is one of the most secure and efficient methods for protecting sensitive data such as the private keys for SHAKEN/STIR implementations. The KMES Series 3 uses robust, hardened security to protect keys and certificates at the source as well as extensive logical measures, such as dual control and a role-based permission system, that secure sensitive data from both external and internal threats. The KMES Series 3 includes both a hardware security module as well as the certificate lifecycle application, offering a level of functionality not found anywhere else in the industry.
Our KMES solutions have the significant advantage of allowing service providers to securely manage keys and certificates from a remote location through PKI-secured connections. Providers can also implement a scalable infrastructure that can increase processing power to keep pace with growing call volumes.
Taking the Next Step to Stopping Robocallers
SHAKEN/STIR promises to rebuild trust in the telephone network and fight back against robocallers and scammers. But achieving goals means will mean that service providers must take on the responsibility of implementing SHAKEN/STIR solutions that not only meet basic requirements, but also minimize possible obstacles such as security flaws or longer post-dial delays. To discuss data encryption technology and solutions for your needs with a Futurex Solutions Architect, contact us .
Hardware Security Modules
KMES Series 3
Hardened, enterprise-class key and certificate lifecycle management solutions
- Symmetric key lifecycle management for issuance, offline root, and more
- Enterprise certificate authority and public key infrastructure (PKI)
- Registration authority
- Data protection, application encryption, and integration with 3rd-party applications
- Vaultless tokenization
- Quantum-resistant hybrid certificate authority issuance
Guardian Series 3
Empower your administrators with centralized management, redundancy, device status monitoring, and more
- Central management for Futurex devices
- Comprehensive load distribution and automated failover
- User-defined grouping for devices
- Intuitive visual and logical user interface
- Customized notifications, alerts, and status reports
Protect your sensitive data and transactions with industry-leading security in the Vectera Plus general-purpose HSM
- Meets or exceeds industry compliance standards
- Increases the overall speed and functionality of your HSM network
- Supports a variety of cryptographic functionality