STIR

Secure Telephone Identity Revisited

Security →
Introduced in Rel-17

STIR is a framework of standards that cryptographically verifies a calling party's telephone number by using digital signatures attached to SIP signaling to combat caller ID spoofing and attest the call's authorized origin.

Category
Security
Introduced
Rel-17
Where
Services
Specifications
3 specs
STIR Description Purpose Detected Changes Specifications

Description

Secure Telephone Identity Revisited (STIR) is a comprehensive 3GPP and IETF standards framework designed to restore trust in caller identification by preventing the spoofing of calling line identification (CLI). At its core, STIR provides a mechanism for originating networks to cryptographically sign the identity of the caller (the telephone number) and for terminating networks to verify that signature before presenting the call to the called party. The architecture is based on a decentralized trust model where Authentication Services (ATS) in the originating network and Verification Services (VS) in the terminating network perform the key operations.

The technical workflow begins when a call is initiated. In the originating network, a STIR-enabled entity (like an S-CSCF or a dedicated STIR Authentication Service) creates a digital identity token called a PASSporT (Personal Assertion Token). This token contains critical claims: the calling party's number (orig), the called party's number (dest), the time of issuance (iat), and a unique call identifier. This token is then signed using a private key associated with the originating service provider's domain. The signed PASSporT is inserted into the SIP INVITE request, typically within the Identity header as defined in RFC 8224.

As the SIP INVITE traverses networks towards the destination, the terminating network's STIR Verification Service extracts the PASSporT. To verify the signature, the VS performs a series of steps. It first determines the appropriate public key required for verification. This is done by querying a public key infrastructure, specifically using the Telephone Identity (TEL) URI of the caller to discover a corresponding Secure Telephone Identity Governance Authority (STI-GA) and then a Certificate Repository Service (CRS) to retrieve the public key certificate of the originating provider. Upon successful signature verification, the VS confirms that the caller ID has not been altered in transit and that it was attested by a trusted originating network. The verification result (e.g., "verstat: TN-Validation-Passed") is then added to the SIP signaling, allowing the terminating UE or network to apply appropriate handling, such as displaying a verified checkmark or prioritizing the call.

Purpose & Motivation

STIR was created to combat the escalating global problem of caller ID spoofing, which fuels spam, fraud (like vishing and Wangiri fraud), and robocalls. The traditional SS7 and SIP signaling systems used in telephony networks had no inherent security mechanism to validate the source of caller ID information. Malicious actors could easily inject false numbers into the "From" header, leading to widespread consumer distrust in the telephone network. This eroded the utility of voice services and caused significant financial and privacy harms.

The framework, initially developed by the IETF and later adopted and profiled by 3GPP starting in Release 17, was motivated by regulatory pressure and industry need for a technical solution. It addresses the limitations of previous, often proprietary, call-filtering solutions by providing an end-to-end cryptographic verification standard that works across administrative and technological boundaries (e.g., between different carriers, between IP and TDM networks). STIR establishes a chain of trust where service providers vouch for the numbers they assign to their subscribers. Its "Revisited" designation distinguishes it from earlier, less comprehensive attempts at secure caller ID. By enabling verified caller ID, STIR aims to restore confidence in voice communications, empower users to make informed answering decisions, and provide a foundation for richer, trusted communication services.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (7 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-17 2 changes

In Release 17, 3GPP enhanced the STIR framework by formally integrating the Caller Identity Analytics function into the IMS stage 2 specifications. This introduced the capability for the terminating network to analyze traffic data for fraud trends and modify the caller name information delivered to the end user's UE based on its risk assessment. The release also provided clarifications and requirements for the concurrent delivery of STIR/SHAKEN verification results alongside Enhanced Calling Name (eCNAM) data to the terminating party.

  • STIR/SHAKEN/eCNAM/RCD in Stage 2 TS 33.127CR0136
  • IMS stage 2 clarification due to STIR/SHAKEN and RCD/eCNAM TS 33.127CR0154
Rel-18 4 changes

In Release 18, the STIR/SHAKEN function was updated to ensure alignment between specification stages and to correct minor technical scenarios. The release specifically introduced clarifications for intra-CSP (Communication Service Provider) sessions and defined the CSP's choice of Telephony Application Server for handling these procedures. These changes provided more precise operational guidance while maintaining the core framework for authenticated caller identity and spoofing protection.

  • Corrections to the diagrams – Part III (STIR/SHAKEN) TS 33.127CR0199
  • STIR/SHAKEN: Updates to have alignment with stage 3 TS 33.127CR0184
  • STIR/SHAKEN - changes to correct a scenario that never happens TS 33.127CR0190
  • STIR/SHAKEN – intra-CSP session and CSP choice of Telephony AS TS 33.127CR0232
Rel-19 1 change

In Release 19, the STIR/SHAKEN function was updated to include messaging, specifically through an editorial update to incorporate RFC 9475. This update integrates the STIR/SHAKEN framework for authenticating caller identity into the messaging context, as referenced in the specification's clause E.2.3. The change aligns the handling of identity verification and spoofing protection for messaging with the established procedures for voice calls.

  • Editorial update of RFC 9475 in clause E.2.3 STIR/SHAKEN for messaging TS 33.127CR0254

Explore further

Broader topics and technologies where STIR plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Encryption & IntegrityMEC (Edge Computing)Privacy (SUPI, SUCI)
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference STIR, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 22.173 vk00 IMS Multimedia Telephony Service Definition Rel-20
TS 23.700 vk00 XR Services Application Enablement Layer Rel-20
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19