Secure caller ID for VOIP

Session Initiation Protocol explained

Session Initiation Protocol is used widely for the setup, teardown and management of VOIP calls. Much of its functionality is related to the setup of calls, as its name implies. Part of this setup involves the delivery of the caller's identity so that the called party can decide how to treat the call -- what is, essentially, Internet caller ID.

The basic mechanism for caller ID in the core SIP specification (RFC 3261) works much as it does in e-mail. The caller information has a From header field, including the address. That mechanism worked well enough in an Internet that was largely free of malicious users, but it quickly became clear that the technique could be abused, as it has been in e-mail. It is possible to spoof "From" VOIP headers and hide the sender's true identity.

These problems were remedied by a specification known as P-Asserted-ID (RFC 3325), published in November 2002 by the IETF. With P-Asserted-ID, a single network or a small federation of networks can provide network-verified caller ID services.

P-Asserted-ID was a big step forward, and it has seen widespread use with SIP networks. However, even at the time of publication it was known to be a stopgap solution. The primary problem is that it works only for single provider networks or with small federations of tightly coupled providers enjoying strong mutual trust. To date, this is exactly the kind of VOIP network that has been deployed. Most VOIP networks don't connect with each other over IP and instead rely on the public switched telephone network.

However, it is becoming apparent to many providers that IP is a better form of network interconnection. IP can cost less; enable voice, video and multimedia; provide high-value services such as presence and instant messaging; and enable high-quality wideband speech.

P-Asserted-ID falls apart in larger IP interconnected environments because its assertions of identity are not cryptographic. There is no way to securely verify that the domain of the caller is the one that asserted the identity present in the message. Thus, in a large interconnected group of networks, the value of P-Asserted-ID is equal to the trustworthiness of the least trustworthy network in the group.

Fortunately, specifications have just been completed for a technique known as SIP Identity. These specifications (RFC 4474) were published in August 2006 and provide a giant leap forward in terms of secure caller ID.

The basic mechanism is shown in the above graphic. The caller, Joe, has a SIP uniform resource indicator of, which Joe's phone places into the From header field of its SIP messages. When Joe makes a call, Joe's phone emits a SIP INVITE (step 1) and sends this to the server for This server challenges the message, asking Joe's phone to provide credentials (step 2). Joe's phone obliges, retrying the INVITE with appropriate credentials (step 3).

These credentials verify that the caller is indeed Joe and that the From field is accurate. The server applies a cryptographic signature over portions of the message and includes that signature, along with an HTTP URL for getting its certificate, into the SIP message (step 4). The called party retrieves this certificate (step 5) and checks the signature. If it is validated, it provides strong assurance that the caller really is in the domain

SIP Identity is also the cornerstone of many of the techniques that can be applied to prevent VOIP spam, also known as spam over Internet telephony, or SPIT. Because of its importance for interconnections and for blocking spam, SIP Identity will play an increasingly important role in future VOIP networks.

Rosenberg is a Cisco Fellow with Cisco. He can be reached at

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jonathan Rosenberg

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?