One time key Issuing for Verification and Detecting Caller ID Spoofing Attacks

Narongsak Sukma, R. Chokngamwong
{"title":"One time key Issuing for Verification and Detecting Caller ID Spoofing Attacks","authors":"Narongsak Sukma, R. Chokngamwong","doi":"10.1109/JCSSE.2017.8025898","DOIUrl":null,"url":null,"abstract":"Caller ID has been used to tell the recipient who is calling before answering the call. In fact, nowadays using just Caller ID is not enough to proof the real caller since there are several ways to manipulate the caller identity. There are number of solutions to proof the caller e.g. using Time base, SMS base, or hardware. Even using DSA and CA, it can lead to data leak or inconsistent verification processing. The One-time password practices can mitigate the risk of Man-in-the-middle attacks because SSL has vulnerability assessment that can lead to MITM or man in the middle attack. The attacker can intercept SSL verification process between Server and client for sniffing then spoofing. It would be better if we can find a solution that does not rely on CA, Third party and/or external hardware. In this paper, we propose the solution with self-controlled security and one-time key issue to avoid data leak. The one-time key issuance is a good solution for verification and detecting caller ID Spoofing attacker through this methodology since it does not rely on third-party CA and store certification anywhere. This solution provides the best of key management as the one-time secret key is used. Results from our test lab show effectively verification rates and good performance where resource and power consumption are not impacted.","PeriodicalId":6460,"journal":{"name":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","volume":"77 1","pages":"1-4"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 14th International Joint Conference on Computer Science and Software Engineering (JCSSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JCSSE.2017.8025898","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

Caller ID has been used to tell the recipient who is calling before answering the call. In fact, nowadays using just Caller ID is not enough to proof the real caller since there are several ways to manipulate the caller identity. There are number of solutions to proof the caller e.g. using Time base, SMS base, or hardware. Even using DSA and CA, it can lead to data leak or inconsistent verification processing. The One-time password practices can mitigate the risk of Man-in-the-middle attacks because SSL has vulnerability assessment that can lead to MITM or man in the middle attack. The attacker can intercept SSL verification process between Server and client for sniffing then spoofing. It would be better if we can find a solution that does not rely on CA, Third party and/or external hardware. In this paper, we propose the solution with self-controlled security and one-time key issue to avoid data leak. The one-time key issuance is a good solution for verification and detecting caller ID Spoofing attacker through this methodology since it does not rely on third-party CA and store certification anywhere. This solution provides the best of key management as the one-time secret key is used. Results from our test lab show effectively verification rates and good performance where resource and power consumption are not impacted.
用于验证和检测来电显示欺骗攻击的一次性密钥颁发
来电显示已经被用来在接听电话之前告诉收件人谁在打电话。事实上,现在仅仅使用呼叫者ID不足以证明真正的呼叫者,因为有几种方法可以操纵呼叫者身份。有许多解决方案来证明调用者,例如使用时间基础,短信基础或硬件。即使使用DSA和CA,也可能导致数据泄漏或验证处理不一致。一次性密码实践可以降低中间人攻击的风险,因为SSL具有可能导致MITM或中间人攻击的漏洞评估。攻击者可以拦截服务器和客户端之间的SSL验证过程,进行嗅探和欺骗。如果我们能找到一个不依赖CA、第三方和/或外部硬件的解决方案,那就更好了。在本文中,我们提出了一种具有自我控制安全性和一次性密钥问题的解决方案,以避免数据泄露。一次性密钥发布是通过这种方法验证和检测调用者ID欺骗攻击者的一个很好的解决方案,因为它不依赖于第三方CA,并且可以将证书存储在任何地方。此解决方案提供了最好的密钥管理,因为使用了一次性密钥。我们测试实验室的结果显示,在不影响资源和功耗的情况下,验证率和性能都很好。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信