SBIR-STTR Award

Vulnerabilities in telecommunications channels, particularly mobile phones, are being exploited at alarming rates by malicious attackers to commit fraud, perpetrate scams, and organize data breaches. In addition to loss of taxpayer dollars, such attacks against government agencies such as the DHS can severely compromise national security. A common element of these attacks is the attacker's ability to leverage weaknesses in authentication capabilities of modern telephony systems and to deceptively assume a trusted identity. With the simplicity of caller ID spoofing and the growth of VoIP calling, attackers can spoof any desired caller ID, change their caller ID for every call, and place millions of VoIP calls around the world simultaneously, all while enjoying the protection of being nearly untraceable. The focus of this project is the development of an innovative real-time call authentication system that leverages advanced audio signal processing and machine learning techniques to determine legitimacy of the call when the available metadata is insufficient to make a reliable decision. The core component of the targeted end product will be a smartphone application that provides users with real-time alerts when indications of deception are detected. This will be the first call authentication system of its kind available to end users outside of an enterprise call center setting, and is expected to find broad use across government, corporate, and consumer sectors to protect against the growing incidence of fraud, scams, vishing, and data breach attacks.

Vulnerabilities in telecommunications channels are being exploited at alarming rates by malicious attackers to commit fraud, perpetrate scams, and organize data breaches. In addition to financial losses incurred by corporations and taxpayers, attacks against government agencies such as the DHS can severely compromise national security. A common element of these attacks is the attacker's ability to leverage weaknesses in authentication capabilities of modern telephony systems and to deceptively assume a trusted identity. With the simplicity of caller ID spoofing and the growth of VoIP calling, attackers can spoof any desired caller ID, change their caller ID for every call, and place millions of VoIP calls around the world simultaneously, all while enjoying the protection of being nearly untraceable. The focus of this project is the development of an innovative real-time caller authentication system that leverages advanced audio signal processing and machine learning techniques to determine legitimacy of the call when the available metadata is insufficient to make a reliable decision. The end goal is an automated caller authentication solution that provides users with real-time authentication feedback on multiple platforms like smartphones, PCs, laptops and VoIP systems. This will be the first caller authentication system of its kind available to end users outside of an enterprise call center setting, and is expected to find broad use across government, corporate, and consumer sectors to protect against the growing incidence of fraud, scams, vishing, and data breach attacks. ---------- Vulnerabilities in telecommunications channels are being exploited at alarming rates by malicious attackers to commit fraud, perpetrate scams, and organize data breaches. In addition to financial losses incurred by corporations and taxpayers, attacks against government agencies such as the DHS can severely compromise national security. A common element of these attacks is the attacker's ability to leverage weaknesses in authentication capabilities of modern telephony systems and to deceptively assume a trusted identity. With the simplicity of caller ID spoofing and the growth of VoIP calling, attackers can spoof any desired caller ID, change their caller ID for every call, and place millions of VoIP calls around the world simultaneously, all while enjoying the protection of being nearly untraceable. The focus of this project is to address this problem for government agencies and financial institutions by developing a real-time passive authentication solution for call centers. The solution, Illuma Shield, will leverage advanced audio signal processing and machine learning techniques to passively authenticate inbound callers and to identify fraudsters. Real-time feedback will be provided to customer service representatives and management teams. The end goal is a portable and ready to deploy solution that leverages a unique privacy preserving implementation satisfying stringent security requirements of government and financial services call centers. The solution is expected to find broad use across government agencies and financial services institutions to protect against the growing incidence of fraud, scams, and data breach attacks.