Bringing Trust to STIR/SHAKEN
Protect your high value PKI encryption keys in a hardware root of trust
In order to combat caller ID spoofing calls on public telephone networks, the Federal Communications Commission (FCC) defined a set of standards calling for carriers to implement caller ID authentication. This protocol was then extended into Canada, with the FCC working with the Canadian Radio-television and Telecommunications Committee (CRTC).
This caller ID authentication is called STIR/SHAKEN (Secure Telephone Identity Revisited /Signature-based Handling of Asserted Information using eTokens). STIR/SHAKEN outlines how telephone service providers will work together to reduce the millions of nuisance calls and scams that take place each year by identifying legitimate callers.
Service providers must implement STIR/SHAKEN by June 30, 2021. Thales can help service providers protect their critical data and infrastructure by generating, managing and storing the digital keys and certificates in a Luna Hardware Security Module (HSM). Storing your CA private keys in a Luna HSM root of trust is essential in order ensure the trustworthiness of all certificates within your PKI.
STIR/SHAKEN is a set of policies and procedures aimed at protecting the public from robocalls, removing their ability to spoof a caller ID. STIR/SHAKEN leverages digital certificates to prove caller legitimacy, by validating the handoff of calls passing through the networks and enabling a phone company to verify that a call is in fact the company that is shown on the caller ID.
STIR: Using digital certificates, service providers will be able to confirm a caller ID; and add a digital certificate to the Session Initiation Protocol (SIP) header that contains information about the message, such as the service providers identity, its trustworthiness, the contact sender and destination address. The message is then decrypted using the service providers public key to ensure its authenticity.
SHAKEN: Calls that are provided by telephony operators and not transmitted over the internet, such as mobile, landlines and Skype, are unable to send the SIP header. SHAKEN provides a list of guidelines on how to deal with incompatible legacy circuit-switched networks, but this is still a work in progress. However, legacy networks are not of huge concern, as most telecom service providers are migrating their networks to IP-based technologies.
At the heart of STIR/SHAKEN is a Public Key Infrastructure (PKI), with a Certificate Authority (CA) issuing digital certificates (electronic files). The CA signs every certificate it issues with a private key, also known as the root key, hence the CAs private key is very special. If the CAs private key fell into the wrong hands, every certificate ever issued by that CA using that private key could no longer be trusted.
Because the CAs private key is the anchor to the trustworthiness of all certificates within a PKI, one must ensure the CAs root key is well protected. A compromise of the root key means that the network of trust inherent within a stable PKI collapses.
A PKI may contain several CAs that are usually arranged in a hierarchy, with a root CA holding the root key at the top, and one of more subordinate CAs below it. Each subordinate CA contains a unique private key, but this is not the root key. The subordinate CA’s identity is established with a certificate derived from its public/private key signed by a root CA’s private key.
As PKI is based on a hierarchy of trust, and because of the importance of the root key and the subordinate CAs’ private keys to the operation of a PKI, they should be protected with the best available physical, technological, and operational security. Hardware Security Modules (HSMs) address these additional security requirements with secure hardware to generate, store, and manage sensitive private keys.