Bringing Trust to STIR/SHAKEN

STIR/SHAKEN is a set of policies and procedures aimed at protecting the public from robocalls, removing their ability to spoof a caller ID. STIR/SHAKEN leverages digital certificates to prove caller legitimacy, by validating the handoff of calls passing through the networks and enabling a phone company to verify that a call is in fact the company that is shown on the caller ID.

VOIP systems

STIR: Using digital certificates, service providers will be able to confirm a caller ID; and add a digital certificate to the Session Initiation Protocol (SIP) header that contains information about the message, such as the service providers identity, its trustworthiness, the contact sender and destination address. The message is then decrypted using the service providers public key to ensure its authenticity.

Non IP-based voice interconnections

SHAKEN: Calls that are provided by telephony operators and not transmitted over the internet, such as mobile, landlines and Skype, are unable to send the SIP header. SHAKEN provides a list of guidelines on how to deal with incompatible legacy circuit-switched networks, but this is still a work in progress. However, legacy networks are not of huge concern, as most telecom service providers are migrating their networks to IP-based technologies.

At the heart of STIR/SHAKEN is a Public Key Infrastructure (PKI), with a Certificate Authority (CA) issuing digital certificates (electronic files). The CA signs every certificate it issues with a private key, also known as the root key, hence the CAs private key is very special. If the CAs private key fell into the wrong hands, every certificate ever issued by that CA using that private key could no longer be trusted.

Because the CAs private key is the anchor to the trustworthiness of all certificates within a PKI, one must ensure the CAs root key is well protected. A compromise of the root key means that the network of trust inherent within a stable PKI collapses.

A PKI may contain several CAs that are usually arranged in a hierarchy, with a root CA holding the root key at the top, and one of more subordinate CAs below it. Each subordinate CA contains a unique private key, but this is not the root key. The subordinate CA’s identity is established with a certificate derived from its public/private key signed by a root CA’s private key.

As PKI is based on a hierarchy of trust, and because of the importance of the root key and the subordinate CAs’ private keys to the operation of a PKI, they should be protected with the best available physical, technological, and operational security. Hardware Security Modules (HSMs) address these additional security requirements with secure hardware to generate, store, and manage sensitive private keys.

• Store, generate and manage STIR/SHAKEN private root keys in a Luna HSM to maintain the trustworthiness of the network, and provide the highest degree of protection for the CA and those root keys
• Benefit from a Luna HSM foundation of digital trust that is FIPS 140-2 Level 3 certified and Common Criteria EAL4+ validated, for PKI which is complex at scale
• Perform all cryptographic operations, such as digital certificate signing, within the HSM in order to maintain the integrity and security of the private key
• Luna HSMs protect the integrity of the digital certificates, identities, transactions and cryptographic functions regardless of their environment be it in on-premises, in the cloud, or in a hybrid environment
• Benefit from Multiple roles for strong separation of duties, multi-person MofN with multi-factor authentication for increased security, and data encryption in order to prevent unauthorized access to the HSM and preserve the integrity of the private root keys