This Small Business Innovation Research (SBIR) Phase I research project will explore technologies that will enable an improvement in trust in the converged telephony infrastructure without negatively impacting user experience. Telephony has long been viewed as a trusted communications medium and a variety of transactions conducted over the telephone depend on such trust. For example, to combat credit card and other financial fraud, banks rely on their ability to securely communicate with their customers via the phone. Unfortunately, while the convergence of traditional telephony with cellular and IP networks offers many benefits, it has opened it to additional security threats. Call metadata such as caller identifier can now be easily manipulated and attacks including voice phishing have already resulted in financial losses for banks. The intellectual merit of this research project lies in demonstrating that the source and intermediary networks in a phone call introduce artifacts in the audio that can be used to uniquely identify its source. The project will investigate features that capture key call artifacts and apply machine learning techniques to fingerprint call sources. A key goal will be the validation of the preliminary results at the scale that will arise in real-world deployments.
The broader impact of the project will come from the development of a secure Caller-ID alternative with applicability both in the enterprise setting as well as at the consumer end. Because the proposed approach only relies on analysis of audio at the receiving end, it requires no changes to be made to the telephony infrastructure. This is especially advantageous not only because of the complex and diverse nature of this infrastructure, but also because unlike a cryptographic solution both ends of a call do not need to participate in the process. The ubiquitous nature of the telephone and possible erosion of trust in this medium will have serious consequences for both businesses and citizens. The success of this project will help maintain this trust and thus it will have broad commercial and societal impact.
The telephony channel, which was trusted in the past, has become susceptible to a number of new attacks because of the growing popularity of Voice-over-IP (VoIP). As VoIP converges with traditional telephony and the telecommunications infrastructure become more open and diverse, it becomes highly challenging to verify information that comes with a call request. Consequently, information such as caller-id, can be easily altered or spoofed. Criminals are using such manipulation to pose as legitimate customers of banks and several financial institutions have suffered losses because of caller-id spoofing attacks. The focus of this project was on creating a phone fraud detection system (FDS), which can analyze the audio of a call to assess information about its source and the network over which the call was transmitted. The FDS system can be used by financial institutions to detect calls that may have been part of fraudulent transactions. The FDS provides valuable information for assessing the risk of a call coming from a fraudster. For example, it can help determine if a call is coming from a landline, cellular or a VoIP phone. In addition, coarse-grain geographic location of the source of a call can be determined as well. If a customer typically calls from locations in the United States and the call appears to be coming from an overseas location, this could alert the bank and as a result, additional safeguards can be utilized before a requested transaction is processed. Though currently focussed on financial institutions this system can help any enterprise that uses a phone for transactions including healthcare, service providers and government agencies (IRS). A detailed evaluation of the FDS, including suitable visualizations of intelligence information produced by it, has been completed and it is deployment ready. In addition to the technology challenges associated with building the FDS, the project also focused on extensive customer interactions to develop a go-to-market strategy and pricing models. FDS is available both as an appliance that can be deployed on-premise or as a software-as-a-service solution for smaller financial institutions. For broader awareness of this problem, this technology was presented to financial industry groups like the Financial Services Round Table (FSRTC) and the Communications Fraud Control Association (CFCA). The technology has also received many awards including being recognized by RSA as one of the top 10 most innovative and by Gartner in its Cool Vendor technologies for telecommunication