Introduction to Stir & Shaken
Stir Shaken is a set of protocols that aims to authenticate the identity of the originator of a call, ensuring that the number displayed to the recipient is legitimate.
This technology aims to combat telephone fraud, such as spoofing, and to reduce the volume of unwanted and abusive calls, providing greater confidence and transparency for users. In addition, it seeks to restore security and trust in telephony.
In Brazil, the implementation of Stir Shaken is based on a system that guarantees the authenticity of telephone calls through a two-step verification process, following the model based on SIP redirect, which differentiates it from practices adopted in other countries, such as the United States, for example.
In the United States, the system is directly integrated into the process of issuing and validating digital certificates. When a call is made, the system generates a digital authentication certificate, which is used to sign the call at the time of origination. This signature is carried throughout the call and validated at the receiving end, ensuring the authenticity and integrity of the data.
This approach may have been chosen in Brazil for regulatory or infrastructure reasons, or even to simplify the initial adoption of the technology, since the SIP redirect model serves the Brazilian telephony scenario very well, since we have many legacy and heterogeneous networks.
How Stir & Shaken works via SIP redirect
In Brazil, instead of performing authentication at the time of the call using the certificate, the Brazilian system performs the digital signature through an external query to the server that we call STI-AS (Neustar's system where the certificate authentication is performed). This step is performed by the call originating provider.
When a call is received, the destination verifies through the STI-VS portal (Neustar's system where certificate verification is performed) whether the digital signature is valid. If the verification is successful, the call recipient can see an indicator, such as an icon or message, that confirms the legitimacy of the call.
STI-AS can have 3 different types of return:
P-Attestation-Indicator: A – The service provider has authenticated the caller and is authorized to use the calling number.
Example: Subscriber registered on the softswitch of the originating telephone operator.
P-Attestation-Indicator: B – The service provider has authenticated the call source, but cannot verify that the call source is authorized to use the calling number.
Example: a phone number behind a corporate PBX.
P-Attestation-Indicator: C – The service provider has authenticated where the call came from, but cannot authenticate the origin of the call.
Example: Incoming call from an international gateway.
Stir & Shaken happening in practice:
Packet Captures
With the adoption of these protocols, it is necessary for the call to be diverted to the STI-AS servers, when it is an outgoing call, so that the call can be signed. When querying the STI-AS, it returns the Identity field within the SIP 302 Moved Temporarily packet.
For STI-VS, when it is an incoming call, to search for the call originator's information. As shown in the image below:
Settings
Below is a step-by-step guide to configuring Stir Shaken in the SIPPulse system.
Step 1: Adjust the softswitch settings so that stir shaken calls are sent to the correct SBC pipe.
Step 2: Release the IPs that can send calls to the SBC. This must be done within the SIP Server menu.
Step 3: Configure the network interfaces available on the server. We recommend that
ports other than 5060 should be used, as this interface is reserved for internal system use. To send the call between Freeswitch and Opensips, SIPPulse recommends using port 5080. This must be configured in the Network Interface menu.
Step 4: In the Pipe Sip menu, configure the pipes according to the call types described in the PTI. It is important to differentiate the call types through different ports.
Step 5: Go to the SIP/SIP-I Routing menu and configure your SIP-I interconnection or transport route. Please note that it is important to select your routing type, SIP or SIP-I. Also pay attention to the configuration of the STI-AS and STI-VS domains.
Step 6: An extremely important point is the configuration of SIP-I handling. In this menu, it is necessary to create input rules so that the number is in the E-164 format. This is necessary because the STI-AS and STI-VS systems only process numbers in this format.
Step 7: All numbers that will participate in a campaign and have contracted stir shaken must be configured in the TN List menu, always in the CN+N8 format.
Once these steps are complete, you can now send an authenticated call. If the company receiving the call has Stir Shaken, it will validate the digital signature on the STI-VS portal. If the verification is successful, the end customer will receive the originator's information.
Conclusion
The operation of the Stir Shaken system on Brazilian soil represents a significant advance in the fight against fraudulent calls and telephone number falsification, offering greater trust and transparency in telecommunications.
Despite the implementation differences between the existing models, each model seeks to meet regional needs. The Brazilian model was developed with the reality of our country in mind. Centralizing authentication through SIP redirect offers advantages in terms of simplicity and compatibility with existing networks, but may require additional efforts to ensure international interoperability. Regardless of the approach, the success of stir-shaken depends on its widespread adoption, thus contributing to the reduction of fraud and increasing user confidence in telecommunications.
EN 
PT_BR