AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Bradley Reaves, North Carolina State University; Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, and Thomas Shrimpton, University of Florida https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/reaves This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Bradley Reaves Logan Blue Hadi Abdullah North Carolina State University University of Florida University of Florida reaves@ufl.edu bluel@ufl.edu hadi10102@ufl.edu Luis Vargas Patrick Traynor Thomas Shrimpton University of Florida University of Florida University of Florida lfvargas14@ufl.edu
[email protected]fl.edu
[email protected]fl.edu Abstract interact call account owners. Power grid operators who detect phase synchronization problems requiring Phones are used to confirm some of our most sensi- careful remediation speak on the phone with engineers tive transactions. From coordination between energy in adjacent networks. Even the Federal Emergency providers in the power grid to corroboration of high- Management Agency (FEMA) recommends that citizens value transfers with a financial institution, we rely on in disaster areas rely on phones to communicate sensitive telephony to serve as a trustworthy communications identity information (e.g., social security numbers) to path. However, such trust is not well placed given the assist in recovery [29]. In all of these cases, participants widespread understanding of telephony’s inability to depend on telephony networks to help them validate provide end-to-end authentication between callers.