For those not familiar with STIR, it is an effort (working group) attempting to solve the issue of spoofed calling number (caller ID). It has become so easy to generate calls with random anonymous numbers or specific/targeted spoofed numbers, that the source number has lost most of its value as an indicator of who is calling. This enables some attacks, but more importantly, makes other attacks such as Telephony Denial of Service (TDoS), voice SPAM (robocalls), scams, voice phishing (vishing), and harassing/threatening calls much more of an issue.
I just finished attending the 2014 SIP Network Operators Conference (SIPNOC). I couldn’t attend some of the conference and missed the update on the Secure Telephony Identify Revisited (STIR). However, I checked the checked the IETF website and there has been quite a bit of activity and there are several new documents that are worth a read. You can find these documents at:
SecureLogix offers solutions to the issues described above and spoofed calling number makes this a challenge.