Jäger: Automated Telephone Call Traceback
Authors: 
David Adei, Varun Madathil, Sathvik Prasad, Bradley Reaves, Alessandra ScafuroAuthors Info & Claims
Pages 2042 - 2056
Abstract
Unsolicited telephone calls that facilitate fraud or unlawful telemarketing continue to overwhelm network users and the regulators who prosecute them. The first step in prosecuting phone abuse is traceback --- identifying the call originator. This fundamental investigative task currently requires hours of manual effort per call. In this paper, we introduce Jäger, a distributed secure call traceback system. Jäger can trace a call in a few seconds, even with partial deployment, while cryptographically preserving the privacy of call parties, carrier trade secrets like peers and call volume, and limiting the threat of bulk analysis. We establish definitions and requirements of secure traceback, then develop a suite of protocols that meet these requirements using witness encryption, oblivious pseudorandom functions, and group signatures. We prove these protocols secure in the universal composibility framework. We then demonstrate that Jäger has low compute and bandwidth costs per call, and these costs scale linearly with call volume. Jäger provides an efficient, secure, privacy-preserving system to revolutionize telephone abuse investigation with minimal costs to operators.
References
[1]
D. Adei, V. Madathil, S. Prasad, B. Reaves, and A. Scafuro. Jäger: Automated Telephone Call Traceback (Extended Technical Report) . http://arxiv.org/abs/2409.02839.
[2]
D. Adei, V. Madathil, S. Prasad, B. Reaves, and A. Scafuro. GitHub: Jäger Source Code. https://github.com/wspr-ncsu/jaeger.git.
[3]
D. Adei, V. Madathil, S. Prasad, B. Reaves, and A. Scafuro. Zenodo: Jäger Source Code. https://zenodo.org/doi/10.5281/zenodo.12733869.
[4]
M. Arafat, A. Qusef, and G. Sammour. Detection of Wangiri Telecommunication Fraud Using Ensemble Learning. In IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT), 2019.
[5]
G. Ateniese, J. Camenisch, S. Hohenberger, and B. de Medeiros. Practical Group Signatures without Random Oracles. IACR Cryptol. ePrint Arch., 2005.
[6]
Aura. Intelligent Digital Safety for the Whole Family. https://www.aura.com.
[7]
M. A. Azad, S. Bag, S. Tabassum, and F. Hao. Privy: Privacy preserving collaboration across multiple service providers to combat telecom spams. IEEE Transactions on Emerging Topics in Computing, 8(2):313--327, 2017.
[8]
M. A. Azad and R. Morla. Rapid detection of spammers through collaborative information sharing across multiple service providers. Future Generation Computer Systems, 95:841--854, 2019.
[9]
A.-L. Barabási and R. Albert. Emergence of scaling in random networks. Science, 286(5439):509--512, 1999.
[10]
C. Baum, T. Frederiksen, J. Hesse, A. Lehmann, and A. Yanai. Pesto: proactively secure distributed single sign-on, or how to trust a hacked server. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2020.
[11]
A. Belenky and N. Ansari. IP traceback with deterministic packet marking. IEEE Communications Letters, 7(4):162--164, 2003.
[12]
J. Bercu. Industry traceback 2023 and beyond. In SIPNOC, 2023.
[13]
G. Bianconi and A.-L. Barabási. Competition and multiscaling in evolving networks. Europhysics Letters, 54(4):436, 2001.
[14]
H. K. Bokharaei, A. Sahraei, Y. Ganjali, R. Keralapura, and A. Nucci. You can SPIT, but you can't hide: Spammer identification in telephony networks. In Proceedings IEEE INFOCOM, 2011.
[15]
D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Annual International Cryptology Conference. Springer, 2004.
[16]
D. Boneh, S. Gorbunov, H. Wee, and Z. Zhang. BLS signature scheme. Technical report, Technical Report draft-boneh-bls-signature-00, IETF, 2019.
[17]
J. Bootle, A. Cerulli, P. Chaidos, E. Ghadafi, and J. Groth. Foundations of fully dynamic group signatures. In International Conference on Applied Cryptography and Network Security, pages 117--136. Springer, 2016.
[18]
J. Burns, D. Moore, K. Ray, R. Speers, and B. Vohaska. Ec-oprf: Oblivious pseudo-random functions using elliptic curves. Cryptology ePrint Archive, 2017.
[19]
J. Camenisch, M. Drijvers, A. Lehmann, G. Neven, and P. Towa. Short threshold dynamic group signatures. In International Conference on Security and Cryptography for Networks, pages 401--423. Springer, 2020.
[20]
S. Casacuberta, J. Hesse, and A. Lehmann. Sok: Oblivious pseudorandom functions. In IEEE European Symposium on Security and Privacy (EuroS&P), 2022.
[21]
Y. J. Choi and S. J. Kim. An improvement on privacy and authentication in GSM. In Information Security Applications: 5th International Workshop, WISA 2004, Jeju Island, Korea, August 23--25, 2004, Revised Selected Papers 5. Springer, 2005.
[22]
I. Dacosta and P. Traynor. Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks. In USENIX Annual Technical Conference, 2010.
[23]
R. Dantu and P. Kolan. Detecting Spam in VoIP Networks. SRUTI, 5:5--5, 2005.
[24]
N. Döttling, L. Hanzlik, B. Magri, and S. Wohnig. Mcfly: Verifiable encryption to the future made practical. IACR Cryptol. ePrint Arch., page 433, 2022.
[25]
FCC. Robocall Mitigation Database . https://fccprod.servicenowservices.com/rmd?id=rmd_welcome.
[26]
FCC. FCC Fines Telemarketer 225 Million for Spoofed Robocalls.
[27]
FCC. Telephone Robocall Abuse Criminal Enforcement and Deterrence Act. https://www.fcc.gov/TRACEDAct.
[28]
FCC. Rules and Regulations Implementing the Telephone Consumer Protection Act (TCPA) of 1991, 2012.
[29]
FCC. The Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, 2021.
[30]
FCC. Report to Congress on Robocalls And Transmission Of Misleading or Inaccurate Caller Identification Information, Dec 2022.
[31]
E. F. Foundation. NSA Spying. https://www.eff.org/nsa-spying.
[32]
FTC. Complying with the Telemarketing Sales Rule. https://www.ftc.gov/business-guidance/resources/complying-telemarketing-sales-rule.
[33]
E. Ghadafi. Efficient distributed tag-based encryption and its application to group signatures with efficient distributed traceability. In International Conference on Cryptology and Information Security in Latin America. Springer, 2014.
[34]
C. Gong and K. Sarac. IP traceback based on packet marking and logging. In IEEE International Conference on Communications, 2005.
[35]
M. T. Goodrich. Probabilistic Packet Marking for Large-Scale IP Traceback. IEEE/ACM Transactions on Networking, 16(1):15--24, 2008.
[36]
S. M. Gowri, G. S. Ramana, M. S. Ranjani, and T. Tharani. Detection of Telephony Spam and Scams using Recurrent Neural Network (RNN) Algorithm. In International Conference on Advanced Computing and Communication Systems (ICACCS), volume 1. IEEE, 2021.
[37]
P. Gupta, B. Srinivasan, V. Balasubramaniyan, and M. Ahamad. Phoneypot: Data-driven understanding of telephony threats. In NDSS, 2015.
[38]
S. Heuser, B. Reaves, P. K. Pendyala, H. Carter, A. Dmitrienko, W. Enck, N. Kiyavash, A.-R. Sadeghi, and P. Traynor. Phonion: Practical Protection of Metadata in Telephony Networks. Proc. Priv. Enhancing Technol., 2017(1):170--187.
[39]
Hiya. Caller ID, Call Blocker & Protection. https://www.hiya.com.
[40]
H.-M. Hsu, Y. S. Sun, and M. C. Chen. Collaborative scheme for VoIP traceback. Digital Investigation, 7(3--4), 2011.
[41]
IBM. Libgroupsig. https://github.com/IBM/libgroupsig/wiki.
[42]
ITG. Industry Traceback group. https://tracebacks.org/for-providers, 2015.
[43]
S. Jarecki, A. Kiayias, H. Krawczyk, and J. Xu. Toppss: cost-minimal password-protected secret sharing based on threshold oprf. In Applied Cryptography and Network Security: 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10--12, 2017, Proceedings 15, pages 39--58. Springer, 2017.
[44]
K. Jensen, T. Van Do, H. T. Nguyen, and A. Arnes. Better protection of SS7 networks with machine learning. In International Conference on IT Convergence and Security (ICITCS). IEEE, 2016.
[45]
H. Li, X. Xu, C. Liu, T. Ren, K. Wu, X. Cao, W. Zhang, Y. Yu, and D. Song. A machine learning approach to prevent malicious calls over telephony networks. In IEEE Symposium on Security and Privacy. IEEE, 2018.
[46]
J. Liu, B. Rahbarinia, R. Perdisci, H. Du, and L. Su. Augmenting telephone spam blacklists by mining large CDR datasets. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018.
[47]
V. Madathil, S. A. K. Thyagarajan, D. Vasilopoulos, L. Fournier, G. Malavolta, and P. Moreno-Sanchez. Cryptographic Oracle-based Conditional Payments. In Network and Distributed System Security Symposium, 2023.
[48]
S. Mavoungou, G. Kaddoum, M. Taha, and G. Matar. Survey on Threats and Attacks on Mobile Networks. IEEE Access, 4:4543--4572, 2016.
[49]
N. McInnes, E. Zaluska, and G. Wills. Analysis of a PBX toll fraud honeypot. Int. J. Inf. Secur. Res, 9(1):821--830, 2019.
[50]
I. Murynets, M. Zabarankin, R. P. Jover, and A. Panagia. Analysis and detection of SIMbox fraud in mobility networks. In IEEE Conference on Computer Communications, 2014.
[51]
H. Mustafa, W. Xu, A. R. Sadeghi, and S. Schulz. You can call but you can't hide: detecting caller ID spoofing attacks. In IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE, 2014.
[52]
C. Network. Bls signatures library. https://github.com/Chia-Network/bls-signatures, 2024.
[53]
C. of Federal Regulation. 42.6 Retention of telephone toll records. https://www.ecfr.gov/current/title-47/chapter-I/subchapter-B/part-42/subject-group-ECFR738054ac73e20e0/section-42.6.
[54]
B. Oh, J. Ahn, S. Bae, M. Son, Y. Lee, M. Kang, and Y. Kim. Preventing SIM Box Fraud Using Device Model Fingerprinting. In NDSS Symposium, 2023.
[55]
S. Pandit, K. Sarker, R. Perdisci, M. Ahamad, and D. Yang. Combating Robo-calls with Phone Virtual Assistant Mediated Interaction. In USENIX Security Symposium. USENIX Association, 2023.
[56]
P. Patankar, G. Nam, G. Kesidis, and C. R. Das. Exploring Anti-Spam Models in Large Scale VoIP Systems. In International Conference on Distributed Computing Systems, 2008.
[57]
S. Prasad, E. Bouma-Sims, A. K. Mylappan, and B. Reaves. Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis. In USENIX Security Symposium, 2020.
[58]
S. Prasad, T. Dunlap, A. Ross, and B. Reaves. Diving into Robocall Content with SnorCall. In USENIX Security Symposium, 2023.
[59]
A. Ravi, M. Msahli, H. Qiu, G. Memmi, A. Bifet, and M. Qiu. Wangiri Fraud: Pattern Analysis and Machine-Learning-Based Detection. IEEE Internet of Things Journal, 2023.
[60]
B. Reaves, L. Blue, H. Abdullah, L. Vargas, P. Traynor, and T. Shrimpton. AuthentiCall: Efficient Identity and Content Authentication for Phone Calls. In USENIX Security Symposium, 2017.
[61]
B. Reaves, L. Blue, and P. Traynor. AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels. In USENIX Security Symposium, 2016.
[62]
B. Reaves, E. Shernan, A. Bates, H. Carter, and P. Traynor. Boxed out: Blocking cellular interconnect bypass fraud at the network edge. In USENIX Security Symposium, 2015.
[63]
U. U. Rehman and A. G. Abbasi. Security analysis of VoIP architecture for identifying SIP vulnerabilities. In International Conference on Emerging Technologies. IEEE, 2014.
[64]
N. Ruan, Z. Wei, and J. Liu. Cooperative Fraud Detection Model With Privacy-Preserving in Real CDR Datasets. IEEE Access, 7:115261--115272, 2019.
[65]
M. Sahin and A. Francillon. Over-the-top bypass: Study of a recent telephony fraud. In ACM SIGSAC Conference on Computer and Communications Security, 2016.
[66]
M. Sahin and A. Francillon. Understanding and Detecting International Revenue Share Fraud. In NDSS, 2021.
[67]
M. Sahin, A. Francillon, P. Gupta, and M. Ahamad. SoK: Fraud in Telephony Networks. In IEEE European Symposium on Security and Privacy (EuroS&P), 2017.
[68]
I. N. Sherman, J. D. Bowers, K. McNamara Jr, J. E. Gilbert, J. Ruiz, and P. Traynor. Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators. In NDSS, 2020.
[69]
TransNexus. STIR/SHAKEN statistics from October 2023. https://transnexus.com/blog/2023/shaken-statistics-october/, Nov 2023.
[70]
Truecaller. Caller ID & Call Blocking App. https://www.truecaller.com.
[71]
V. S. Tseng, J.-C. Ying, C.-W. Huang, Y. Kao, and K.-T. Chen. Fraudetector: A graph-mining-based framework for fraudulent phone call detection. In ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2015.
[72]
H. Tu, A. Doupé, Z. Zhao, and G.-J. Ahn. SoK: Everyone hates robocalls: A survey of techniques against telephone spam. In IEEE Symposium on Security and Privacy, 2016.
[73]
H. Tu, A. Doupé, Z. Zhao, and G.-J. Ahn. Toward authenticated caller ID transmission: The need for a standardized authentication scheme in Q. 731.3 calling line identification presentation. In 2016 ITU Kaleidoscope: ICTs for a Sustainable World. IEEE, 2016.
[74]
H. Tu, A. Doupe, Z. Zhao, and G.-J. Ahn. Toward Standardization of Authenticated Caller ID Transmission. IEEE Communications Standards Magazine, 1(3), 2017.
[75]
K. Ullah, I. Rashid, H. Afzal, M. M. W. Iqbal, Y. A. Bangash, and H. Abbas. SS7 Vulnerabilities?A Survey and Implementation of Machine Learning vs Rule Based Filtering for Detection of SS7 Network Attacks. IEEE Communications Surveys & Tutorials, 22(2):1337--1371, 2020.
[76]
B. Welch. Exploiting the weaknesses of SS7. Network Security, (1):17--19, 2017.
[77]
Y.-S. Wu, S. Bagchi, N. Singh, and R. Wita. Spam detection in voice-over-IP calls through semi-supervised clustering. In 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pages 307--316, 2009.
Index Terms
- Jäger: Automated Telephone Call Traceback
Recommendations
Collaborative scheme for VoIP traceback
While voice over IP (VoIP) services have brought many desirable communication features to the general public, they have also become a medium through which criminals communicate and conduct illegal activities e.g., fraud and blackmail without being ...
An efficient fair UC-secure protocol for two-party computation
With the development of modern Internet and mobile networks, there is an increasing need for collaborative privacy-preserving applications. Secure multi-party computation SMPC gives a general solution to these applications and has become a hot topic. ...
Analysis of traceback techniques
ACSW Frontiers '06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's to protect their networks from DDoS attacks. Recently, several novel traceback ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 24Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)24
Reflects downloads up to 13 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in