Combating Caller ID Spoofing on 4G Mobile Phones

Research Areas: Network Security

Principal Investigator: Chunyi Peng

Caller ID spoofing forges the authentic caller identity, thus making the call appear to originate from another user. This seemingly simple attack technique has been used in the growing telephony frauds and scam calls, resulting in substantial monetary loss and victim complaints. Unfortunately, caller ID spoofing is easy to launch, yet hard to defend; no effective and practical defense solutions are in place to date.

In this project, we aim to develop both effective and practical defense against caller ID spoofing, without requiring additional infrastructure support or changes on telephony systems. In particular, we propose CEIVE (Callee-only inference and verification), a victim-device only solution. We formulate the design as an inference and verification problem. Given an incoming call, CEIVE leverages a callback session and its associated call signaling observed at the phone to infer the call state of the other party. It further compares with the anticipated call state, thus quickly verifying whether the incoming call comes from the originating number. We exploit the standardized call signaling messages to extract useful features, and devise call-specific verification and learning to handle diversity and extensibility. We have implemented CEIVE on Android phones and validated its effectiveness with all top four US mobile carriers, one landline and two small carriers.

Personnel

Students: Haotian Deng, Youssef Elabd

Representative Publications

  • Deng, Haotian, Weicheng Wang, and Chunyi Peng. "CEIVE: Combating Caller ID Spoofing on 4G Mobile Phones Via Callee-Only Inference and Verification." ACM International Conference on Mobile Computing and Networking, MobiCom. ACM. 2018.

Keywords: 4G Signaling, Callee-only defense, Caller ID spoofing, CEIVE

Coming Up!

Our annual security symposium will take place on April 7th and 8th, 2020.
Purdue University, West Lafayette, IN

More Information