Free Webinar - Is Your PKI Healthy? The Essential Guide to Comprehensive Assessments! Sign up here
Schedule a Demo
Blog August 5, 2019 Authentication, Cryptographic Keys, Cybersecurity, encryption, PKI, Robocalls, SHAKEN/STIR

SHAKEN/STIR is Getting Real

by Mark B. Cooper

The Federal Communications Commission (FCC) estimates robocalls will constitute more than half of all phone calls placed in the U.S. this year. In an effort to end to this, the FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile have lined up behind a new standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. Read about the FCC’s latest robocall summit here.

Public key infrastructure (PKI) is the backbone of SHAKEN/STIR, using digital certificates based on common public key cryptography techniques to ensure the calling number of a telephone call has not been spoofed. However, SHAKEN/STIR requires a comprehensive ecosystem and will only effectively work if every deployment at every telco (or commercial CA) is secure. The graphic illustrating SHAKEN/STIR is available to download here.

As the ecosystem is being defined, the players involved need to educate themselves on the many places where things can go wrong including bad policies, lax security controls, or weak operational practices. Bad actors will absolutely try to subvert this security to initiate “validated” calls.

See you at Black Hat USA 2019 and DEF CON 27

I will be onsite at Black Hat USA 2019 and DEF CON 27 – presenting How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem at the DEF CON 27 Crypto & Privacy Village. If I don’t see you on the show floor before hand, join me Friday, August 9 at 5:00 p.m. at Planet Hollywood, Celebrity Ballroom 2.

In my talk, I will address the current landscape and what’s at stake, outline the SHAKEN/STIR global standard, explain how it works, explain the ecosystem and the players, discuss the evolution and deployment, and dive into the technical stuff.

Afterward, please join me as PKI Solutions and Keyfactor host a Crypto Chat & Drinks on Friday, August 9, 6-8 p.m., Blue Moon Bar, Planet Hollywood, immediately following my talk.

Related Resources

  • Blog
    October 7, 2024

    Preventing ServiceNow-style Root Certificate Outages with PKI Posture Management

  • Blog Image of a person sitting at a desk working on a laptop with PKI Spotlight on the screen.
    October 4, 2024

    Announcing the October 2024 PKI Spotlight® Release

    PKI, PKI Spotlight
  • Blog
    August 16, 2024

    To Revoke or Not to Revoke: Balancing Security with Performance and Operational Complexity

    CA, Certificate Authority, Certificate Revocation List, CRL, OCSP, PKI, VPN

Mark B. Cooper

President & Founder at PKI Solutions, Leading PKI Cybersecurity Subject Matter Expert, Author, Speaker, Trainer, Microsoft Certified Master.

View All Posts by Mark B. Cooper

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *