Skip to content

stramanu/telecom-identity-layer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Telecommunications Identity Layer (TIL)

Draft Proposal — Version 0.2 Status: Early-stage conceptual proposal for discussion License: Creative Commons Attribution 4.0 International (CC BY 4.0)

Abstract

Modern telephone networks lack a cryptographic mechanism to verify the true origin of a call. This document proposes the Telecommunications Identity Layer (TIL): a federated Public Key Infrastructure (PKI) framework that binds telephone numbers to cryptographically verifiable identity certificates issued by trusted authorities. TIL extends existing systems such as STIR/SHAKEN and SIP Identity to provide entity-level verification, consistent end-user trust signals, and backward compatibility with legacy PSTN infrastructure. This document is intended for discussion and does not represent a standard or implementation commitment.

Table of Contents

  1. Problem Statement
  2. Core Idea
  3. System Overview
  4. Call Flow
  5. Relation to Existing Work
  6. Threat Model
  7. Goals and Non-Goals
  8. Open Questions
  9. Security Considerations
  10. Motivation
  11. Status of this Document

1. Problem Statement

Modern telephone systems do not provide a reliable mechanism to verify the true origin of a call. As a result:

  • Caller ID spoofing is trivial to execute at both SIP and SS7 layers
  • Robocalls and scam calls are widespread, causing significant economic and social harm
  • Users cannot reliably distinguish legitimate institutions (banks, government entities) from attackers impersonating them
  • Telephone calls are routinely weaponized for social engineering attacks

Existing mitigations — most notably STIR/SHAKEN — reduce certain classes of spoofing but fall short of a comprehensive solution:

  • Deployment is not global or uniform across all carriers and jurisdictions
  • They provide call origin attestation, not entity-level identity verification
  • They do not define consistent end-user trust semantics across network boundaries

2. Core Idea

TIL introduces a federated cryptographic identity layer for telephone numbers. Each telephone number is bound to a cryptographically verifiable identity certificate issued by a trusted authority — a Telecommunications Infrastructure Provider (TIP) — within a federated PKI hierarchy.

In simplified form:

Phone Number → Cryptographic Identity Certificate → Verified Entity

This binding allows any receiving party to verify the identity of the calling entity, regardless of the underlying network path, in a manner analogous to how HTTPS certificates verify website identity.

3. System Overview

TIL is based on a federated PKI model adapted to telecommunications constraints.

3.1 Trust Hierarchy

TIL defines three layers of trust:

graph TD
    R["🏛️ Root Trust Authority (RTA)"]
    R --> T1["📡 Telecom Provider A (TIP)"]
    R --> T2["📡 Telecom Provider B (TIP)"]
    R --> T3["📡 Telecom Provider C (TIP)"]
    T1 --> E1["🏦 Bank — Certificate"]
    T1 --> E2["🏥 Hospital — Certificate"]
    T2 --> E3["🏛️ Government Agency — Certificate"]
    T2 --> E4["🏢 Enterprise — Certificate"]
    T3 --> E5["👤 Verified Individual — Certificate"]

    style R fill:#1a1a2e,color:#fff,stroke:#4a90d9
    style T1 fill:#16213e,color:#fff,stroke:#4a90d9
    style T2 fill:#16213e,color:#fff,stroke:#4a90d9
    style T3 fill:#16213e,color:#fff,stroke:#4a90d9
Loading
Layer Role
Root Trust Authorities (RTA) Federated governance entities; anchor of the trust chain
Telecommunications Infrastructure Providers (TIP) Act as Certificate Authorities; issue and manage end-entity certificates
End Entities Organizations or individuals owning one or more telephone numbers

3.2 Identity Binding

Each TIL certificate binds the following fields:

Field Description
phoneNumbers One or more E.164-formatted telephone numbers
entityIdentity Organization name or verified individual identity
issuingTIP Identifier of the issuing Telecommunications Infrastructure Provider
publicKey Public key for signature verification
validityPeriod notBefore / notAfter timestamps
revocationEndpoint URL or reference for revocation status checks (OCSP/CRL)
certLevel Certificate assurance level (e.g., domain, organization, individual)

A conceptual certificate structure:

TILCertificate {
    version:            2
    serialNumber:       <unique identifier>
    issuer:             <TIP distinguished name>
    validity:           { notBefore, notAfter }
    subject:            { entityName, entityType }
    phoneNumbers:       ["+1-800-555-0100", "+1-800-555-0101"]
    publicKey:          <public key>
    extensions: {
        certLevel:      "organization"
        revocation:     <OCSP endpoint>
    }
    signature:          <TIP signature>
}

4. Call Flow

The following diagram illustrates the end-to-end identity verification flow between Telecommunications Infrastructure Providers.

flowchart LR
    A["📞 Caller"] --> B["Originating TIP"]
    B --> C["Attach Cryptographic\nSignature + Certificate"]
    C --> D["Interconnection\nNetwork"]
    D --> E["Receiving TIP"]
    E --> F["Verify Identity\nChain"]
    F --> G["User Device"]
    G --> H{"Trust Status"}

    H -->|"✅ Verified"| I["Verified Entity\n(Bank, Gov, Org)"]
    H -->|"⚠️ Unverified"| J["Unverified Caller"]
    H -->|"🚫 Invalid"| K["No Attestation /\nSuspicious Origin"]
Loading

Trust Outcomes

Status Meaning User Signal
Verified Entity Certificate valid, chain verified, number matches Display entity name and badge
⚠️ Unverified Caller No TIL certificate present Standard caller ID, no badge
🚫 Invalid / Suspicious Certificate invalid, revoked, or number mismatch Warning indicator

5. Relation to Existing Work

TIL extends, rather than replaces, existing standards and frameworks.

System Scope Deployment Status Limitation
STIR/SHAKEN Call origin attestation at carrier level Partial (US, CA, some EU) Limited entity identity model; not globally deployed
SIP Identity (RFC 8224) Cryptographic identity in SIP signaling Limited Scoped to SIP; no federated entity registry
X.509 / PKI General-purpose certificate infrastructure Widespread (HTTPS) Not adapted to telephony number binding
TIL (this proposal) Entity-bound cryptographic identity for phone numbers Proposed Requires federated adoption

TIL draws on the proven trust model of X.509 PKI, the telephony integration work of STIR/SHAKEN, and the SIP-layer identity mechanisms of RFC 8224, combining them into a unified, entity-centric framework.

6. Threat Model

Adversary Capabilities Considered

TIL assumes adversaries capable of:

  • Caller ID spoofing at SIP or SS7 layers
  • Operating compromised or malicious VoIP providers
  • Conducting social engineering using legitimate-looking numbers
  • Manipulating inter-provider signaling

Assumptions Not Made

TIL does not assume:

  • Total compromise of all Root Trust Authorities simultaneously
  • Universal non-cooperation among all Telecommunications Infrastructure Providers

Attack Surface Summary

Attack Vector TIL Mitigation
Caller ID spoofing Certificate binds number to verified entity; mismatch is detectable
Compromised VoIP provider Federated trust limits blast radius; revocation mechanisms apply
Stolen/misused valid certificate Revocation propagation; certificate pinning options
SS7 interception/manipulation Cryptographic signature independent of signaling path integrity
Social engineering via verified number TIL verifies identity, not intent; behavioral legitimacy is a non-goal

7. Goals and Non-Goals

Goals

  • Cryptographically verifiable caller identity bound to telephone numbers
  • Federated trust model across Telecommunications Infrastructure Providers
  • Backward compatibility with legacy PSTN systems during incremental rollout
  • Clear, consistent end-user trust signals independent of carrier
  • Incremental deployment path without requiring simultaneous global adoption

Non-Goals

  • Eliminating all spam or unwanted calls (TIL verifies identity, not intent)
  • Centralizing global telecommunications governance under a single authority
  • Guaranteeing behavioral legitimacy of verified entities
  • Replacing existing telephony infrastructure (PSTN, SIP, SS7)

8. Open Questions

The following questions require further analysis and community input:

  1. Governance model — How are Root Trust Authorities selected, audited, and removed? What international body or federated consortium governs them?
  2. Revocation propagation — How is certificate revocation propagated in near-real-time across a global, federated network without becoming a bottleneck?
  3. Privacy-preserving identity — How can entity identity be verified without exposing sensitive personal data, particularly for individual (non-organizational) certificates?
  4. Legacy PSTN integration — What is the integration path for carriers and devices that do not support TIL natively?
  5. Economic incentives — What incentivizes Telecommunications Infrastructure Providers to adopt and enforce TIL, particularly in markets without regulatory pressure?
  6. Certificate assurance levels — How are different levels of identity verification (domain, organization, individual) defined and audited in a telephony context?

9. Security Considerations

Risks

Risk Description
Root/intermediate CA compromise Compromise of a trust anchor could allow fraudulent certificates to be issued
Certificate misuse A legitimately issued certificate could be used for malicious purposes
Privacy exposure Certificate metadata could be used to track entities or individuals
Regulatory misuse Governments could compel TIPs to issue false certificates or revoke legitimate ones

Mitigations

  • Federated trust model limits the impact of any single authority compromise
  • Revocation mechanisms (OCSP, CRL) allow timely invalidation of compromised certificates
  • Minimal identity disclosure — certificates should expose only the information necessary for trust decisions
  • Transparency logs (analogous to Certificate Transparency for HTTPS) to provide auditability of certificate issuance

10. Motivation

Telephone communication remains one of the primary channels for high-trust interactions — banking, healthcare, emergency services, government communications — yet it is the only major communication medium that lacks a cryptographic identity layer.

This structural gap enables large-scale fraud that cannot be meaningfully mitigated with superficial measures. Addressing it requires systemic redesign at the infrastructure level, in a manner analogous to the transition from HTTP to HTTPS: incremental, federated, and driven by clear trust signals to end users.

TIL is a proposal toward that goal.

11. Status of this Document

This is an early-stage conceptual proposal in the style of an IETF Internet-Draft, intended to stimulate discussion among telecommunications engineers, standards bodies, and policymakers.

It does not represent a finalized standard, an implementation commitment, or an official position of any organization.

Feedback and contributions are welcome.

Discussion

This is an early-stage proposal. Feedback, criticism, and contributions are welcome. Open a Open a GitHub DiscussionOpen a GitHub Discussion for general feedback or specific technical concerns

License

Creative Commons Attribution 4.0 International (CC BY 4.0)

About

A cryptographic identity layer for telephone numbers, designed to reduce caller ID spoofing, robocalls, and telephone-based social engineering attacks.

Topics

security pki internet-draft voip telecommunications caller-id stir-shaken protocol-design

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors