Who's calling? Engineering identity, authorization for VoIP calls

To enable legal voice call interception in the world of VoIP, service operators need to find a way to gain accurate user identity and authentication.

Editor's note: In part two of our series on the evolution of voice services from the public switched telephone

network to Voice over Internet Protocol (VoIP), CIMI Corp. President Tom Nolle looks at how service providers may enable the legal interception of voice calls over the Internet, where identifying and authenticating VoIP users comes with built-in challenges. Part one looked at VoIP challenges facing carriers, including emergency services and connecting different voice services using ENUM without the unifying force of plain old telephone service.

In addition to finding the accurate location of a voice call in VoIP, as discussed in part one, the lawful intercept of a call is a major challenge for voice services evolving away from the public switched telephone network. In nearly all cases outside the PSTN, there's no fixed association between either a device or an access connection and the parties to the call. So in the future of voice, questions arise about who is responsible for intercepting calls and how the interception can be accomplished. Many experts believe that the problems of lawfully intercepting VoIP calls simply can't be solved for wireline voice in the future.

It is possible to define a voice service that would, at the time of connection, employ a dialog between endpoint devices to obtain authentication.

All communications services require the ability to create a path between the parties, which means they have to be addressable in some way. For a given VoIP community, there may be a place where knowledge of a call could be obtained, but that doesn't mean the call could be routed to a place where it could be legally intercepted.

Call routing is a network matter, and interception could be reliable only at network access points or gateways. Access points are unpredictable in the world of IP, and gateways may be out of the legal jurisdiction of the party that wants to intercept the call.

One reason to believe VoIP call interception is impossible is because of the final technical point in voice evolution -- the question of authoritative identity. On the public switched telephone network, when copper loops connected to black phones through carrier switches, they created the user connection to a voice network. The identity of the user was fairly authoritative. With VoIP services today, virtually all providers allow the user to set the caller ID that will be reported, which can lead to caller ID spoofing. Plus, there's no validation of the ID supplied. "Do not call" lists and traditional Caller ID services are defeated by loss of authoritative identity.

There is no way to impose identity constraints on users or alternative voice service networks other than to refuse connectivity completely, because a non-conforming user or network would allow non-authentic addresses to enter the system. It is possible, however, to define a voice service that would, at the time of connection, employ a dialog between endpoint devices to obtain authentication.

Over time, this strategy is likely to be adopted. Mobile phones with Wi-Fi Internet capability, for example, could be used to terminate wireline voice calls and could provide user authentication at a fairly rigorous level, if needed.

If this is the only way to authenticate the parties on calls in the future, the path of wireline voice is likely to move evolution toward having customized endpoint devices, just as mobile voice does. Virtual device clients could also be authenticated, so we could see the voice evolution path leading toward a framework where all forms of communication could be authorized. If this happens, then trust services might be the most important next-gen services that network operators could offer.

This was first published in April 2014

Dig deeper on Service Delivery

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchNetworking

SearchDataCenter

SearchCloudComputing

SearchCloudProvider

Close