NCAS
NCAS
National Caller ID Authentication System National Caller ID Authentication System
The National Telecom Security Border Controller The National Telecom Security Border Controller
OmniBud INC. 2003–2013
NCAS Registration Module
NCAS Registration Module
“
“PSTN subscribers with VoIP Calling RequirementsPSTN subscribers with VoIP Calling Requirements”” of a of a country register their
country register their phone numbers and corresponding SIP phone numbers and corresponding SIP
details to the National NCAS DB
details to the National NCAS DB after performing appropriate after performing appropriate phone number ownership verification.
NCAS Registration Flow
NCAS Registration Flow
NCAS Registration Server
“PSTN Subscribers with VoIP
Calling Requirements” of a country register their
1. Phone Number 2. SIP Details
to National NCAS DB via Registration Server
National NCAS DB Server
Caller ID Authentication Module
Caller ID Authentication Module
The
The Caller ID and corresponding SIP details (including VIA, Caller ID and corresponding SIP details (including VIA, CONTACT
CONTACT……)) of of an IP originated phone call with Caller ID in an IP originated phone call with Caller ID in domestic phone number format
domestic phone number format are retrieved and transmitted are retrieved and transmitted to Caller ID Authentication Module then compare with the data to Caller ID Authentication Module then compare with the data stored in NCAS DB registered by PSTN subscribers.
stored in NCAS DB registered by PSTN subscribers.
If the authentication result of Caller ID Authentication Module If the authentication result of Caller ID Authentication Module is
is ““failedfailed””, , the IP originated phone call is suspected to be a the IP originated phone call is suspected to be a Fraud Call of Fake Caller ID.
Fraud Call of Fake Caller ID.
There is no standard format of IP originated phone calls now
There is no standard format of IP originated phone calls now
and the Fraud Calls of Fake Caller IDs are easy to be hidden in
and the Fraud Calls of Fake Caller IDs are easy to be hidden in
these calls.
these calls. It is easy for the government get rid of the IP It is easy for the government get rid of the IP originated Fraud Calls and standardize the signals by simple
originated Fraud Calls and standardize the signals by simple
performing Caller ID authentication of IP originated phone calls
5
INVITE sip:111@111.222.333.444 SIP/2.0
Via: SIP/2.0/UDP 111.222.333.443:5060;branch=z9hG4bKtiop3
Via: SIP/2.0/UDP 111.222.333.442:5060;branch=z9hG4bK83842.1
(
(發話發話SIPSIP伺服器伺服器IP)IP)
Via: SIP/2.0/UDP 111.222.333.441:5060;branch=z9hG4bKmp17a
( (發話設備發話設備IP)IP) To: 0911111111 <sip:111@111.222.333.444> From: 0922222222 <sip:222@aaa.com>;tag=42 ( (主叫號碼欄位與發話端主叫號碼欄位與發話端URI)URI)
Subject: Where are you exactly?
Contact: <sip:222@111.222.333.441> ( (發話端發話端URI)URI) Caller ID SIP Server IP SIP Client IP
SIP Details Sample
A voice phone call is a two way communication.
A voice phone call is a two way communication. It means if the It means if the malicious caller changes the other SIP details together Caller I
malicious caller changes the other SIP details together Caller ID, D, the phone call will be terminated at the same time.
the phone call will be terminated at the same time. That is the That is the principle NCAS works to authenticate the Fraud Calls of Fake principle NCAS works to authenticate the Fraud Calls of Fake Caller IDs.
Caller IDs.
In order not to affect the service and revenue of current PSTN In order not to affect the service and revenue of current PSTN operators,
operators, the IP originated phone calls failed in NCAS the IP originated phone calls failed in NCAS
authentication should not be blocked,
authentication should not be blocked, but only added with a but only added with a “
“Alert MarkAlert Mark”” to Caller ID to notice the PSTN to Caller ID to notice the PSTN CalleeCallee, , thus to thus to meet both needs of PSTN Operator Operation and PSTN meet both needs of PSTN Operator Operation and PSTN Subscriber Protection.
Subscriber Protection.
Caller ID Authentication Module
7
As to email and message services, because these services are As to email and message services, because these services are
one way communications,
one way communications, the IP originated sender can fake the the IP originated sender can fake the communication signals together with Caller ID without failing
communication signals together with Caller ID without failing
the service.
the service. That is one way services like email and message That is one way services like email and message cannot be secured by NCAS based mechanisms.
cannot be secured by NCAS based mechanisms.
Caller ID Authentication Module
Malicious Call Marking Module
Malicious Call Marking Module
There is no
There is no ““Alert MarkAlert Mark”” added to the Caller ID of an IP added to the Caller ID of an IP originated phone call passes NCAS authentication.
originated phone call passes NCAS authentication. An
An ““Alert MarkAlert Mark”” like like ““000, +++000, +++…”…” is added to the Caller ID of is added to the Caller ID of an IP originated phone call fails
an IP originated phone call fails NCAS authentication.NCAS authentication. If a PSTN Phone can be preset or installed a function of
If a PSTN Phone can be preset or installed a function of
outputting different
outputting different ““ring tones or flashesring tones or flashes”” when when detecting detecting the Call ID is marked with
the Call ID is marked with ““Alert MarkAlert Mark”” like like ““000, +++000, +++……) ) in in the firmware or APPs, the power of putting off
the firmware or APPs, the power of putting off ““Fraud Call of Fraud Call of Fake Caller ID
NCAS Operation Flow
NCAS Operation Flow
(Caller ID Authentication Passed(Caller ID Authentication Passed) ) ) ) ) ) ) )VoIP Provider SIP Server
NCAS Query Server
4. Query in NCAS Query System
NCAS DB
5. A passed query by NCAS Query Server
NCAS Agent Server
3. Send query to NCAS Query Server
NCAS Fraud Detection Server
2. Forward SIP invite to NCAS Agent Server
1. Inbound IP Traffic
6. Forward the Unmarked SIP invite to PSTN Operator NGN Server NCAS Procedure NCAS Procedure Unmarked IP Traffic Unmarked IP Traffic Marked IP Traffic Marked IP Traffic Unmarked PSTN Traffic Unmarked PSTN Traffic Marked PSTN Traffic Marked PSTN Traffic 9 PSTN Operator NGN Server RTP
NCAS Demo Picture
NCAS Operation Flow
NCAS Operation Flow
(Caller ID Authentication Failed) (Caller ID Authentication Failed)VoIP Provider SIP Server
NCAS Query Server
4. Query in NCAS Query System
NCAS DB
5. A failed query by NCAS Query Server
NCAS Agent Server
3. Send query to NCAS Query Server
NCAS Fraud Detection Server
2. Forward SIP invite to NCAS Agent Server
1. Inbound IP Traffic
11
6. Forward the Marked SIP invite to
PSTN Operator NGN Server PSTN Operator NGN Server NCAS Procedure NCAS Procedure Unmarked IP Traffic Unmarked IP Traffic Marked IP Traffic Marked IP Traffic Unmarked PSTN Traffic Unmarked PSTN Traffic Marked PSTN Traffic Marked PSTN Traffic RTP
NCAS Demo Picture
Fraud Call of Fake Caller ID Detection Module
Fraud Call of Fake Caller ID Detection Module
13
The Malicious Call Detection Module accumulates the data
The Malicious Call Detection Module accumulates the data
including Caller ID, SIP Details, time
including Caller ID, SIP Details, time…… and and performs an instant performs an instant analysis to perform the
analysis to perform the ““RealReal--Time Suspicious Fraud Call of Time Suspicious Fraud Call of Fake Caller ID Detection
Fake Caller ID Detection””..
The Malicious Call Detection Module accumulates the data
The Malicious Call Detection Module accumulates the data
including Caller ID, SIP Details, time
including Caller ID, SIP Details, time…… and and performs a periodical performs a periodical analysis to perform the accurate
analysis to perform the accurate ““Fraud Call of Fake Caller ID Fraud Call of Fake Caller ID Detection
IP Originated Phone Call LOI Module
IP Originated Phone Call LOI Module
(
(
(
(
(
(
(
(
Optional
Optional
)
)
)
)
)
)
)
)
It is easy to add the LOI equipments to IP Originate Phone Call
It is easy to add the LOI equipments to IP Originate Phone Call
LOI Module to record or monitor the phone calls of target
LOI Module to record or monitor the phone calls of target
criteria like Failed NCAS, target Caller ID, target Callee Phone
criteria like Failed NCAS, target Caller ID, target Callee Phone
Number, target SIP Server IP
Number, target SIP Server IP…… etc. etc. It can not only perform It can not only perform instant LOI of specific purposes, but also significant reduce th
instant LOI of specific purposes, but also significant reduce the e cost of LOI building up over PSTN equipments.
Internet
NCAS DB Registration and Update Flow
NCAS DB Registration and Update Flow
“
“PSTN subscribers with VoIP Calling RequirementsPSTN subscribers with VoIP Calling Requirements”” of a of a country register their phone numbers and corresponding country register their phone numbers and corresponding SIP details to the National NCAS DB through themselves SIP details to the National NCAS DB through themselves or their VoIP Operators. National NCAS Center update or their VoIP Operators. National NCAS Center update latest NCAS details to Domestic PSTN Operators latest NCAS details to Domestic PSTN Operators periodically for their NCAS Authentication and Malicious periodically for their NCAS Authentication and Malicious Marking Module to perform NCAS authentication.
Marking Module to perform NCAS authentication.
15
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
VoIP Operators
NCAS Registration Servers
VoIP Operators
NCAS Registration Servers
National NCAS Center NCAS Registration Servers, DB
and Fraud Detection Server
National NCAS Center NCAS Registration Servers, DB
Internet
All the IP originated phone call with Caller ID in All the IP originated phone call with Caller ID in domestic phone number format are transmitted to domestic phone number format are transmitted to NCAS Agent Servers of PSTN Operators to perform: NCAS Agent Servers of PSTN Operators to perform: 1.
1. Caller ID AuthenticationCaller ID Authentication 2.
2. Malicious Call MarkingMalicious Call Marking
NCAS Operation Flow
NCAS Operation Flow
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
VoIP/ISR Operator SIP Servers
VoIP/ISR Operator SIP Servers
National NCAS Center NCAS Registration Servers, DB
and Fraud Detection Server
National NCAS Center NCAS Registration Servers, DB
Internet
17
NCAS Fraud Call of Fake Caller ID Detection Flow
NCAS Fraud Call of Fake Caller ID Detection Flow
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator B NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
Domestic PSTN Operator A NCAS DB and Agent Servers
VoIP/ISR Operator SIP Servers
VoIP/ISR Operator SIP Servers
National NCAS Center NCAS Registration Servers, DB
and Fraud Detection Server
National NCAS Center NCAS Registration Servers, DB
and Fraud Detection Server
The Fraud Call of Fake Caller ID Detection Module The Fraud Call of Fake Caller ID Detection Module accumulates the data including Caller ID, SIP Details, accumulates the data including Caller ID, SIP Details, time
time…… from Domestic PSTN Operators to perform the from Domestic PSTN Operators to perform the analysis of instant and periodic
analysis of instant and periodic “Fraud Call of Fake Caller “Fraud Call of Fake Caller ID Detection