ENUM (E.164 NUmber Mapping) is a technology that has been around for a little while that has promised much and, so far, delivered little to the average user. As Nominet has recently been awarded the contract to administer the UK 4.4.e164.arpa delegation, I thought it was time that I put my thoughts on this subject down in writing.

I’m going to cover the potential of ENUM in the telecoms industry and what it could mean to you, along with how it is currently being used and what potential security issues surround ENUM.

Lets get started with a short primer. ENUM is a way of storing & supplying information about an entity using DNS like storage and retrieval. DNS is the technology that allows domain names to be used for things such as web site and email addresses. For now, consider ENUM to be a way to catalogue and retrieve potentially dynamic properties attached to a single ‘number’ or URL.

Up to now most applications have centred around telephony but other services such as email, IM and web could be accessed via ENUM. So a simple example would be that I have a URL of [email protected] and, using this one single piece of information, I could make available any data relating to me that I wanted to. This might be my phone or mobile number or an IM contact. Instead of having to remember and hand out my mobile number, landline number, IM address, email address or even my twitter URL I could let my ENUM retain that information.

The major excitement around this technology is in the telecoms world at the moment. At the telco level ENUM allows different telcos to learn how to route calls between themselves. This becomes most valuable when those calls are routed over IP networks.

For example, if an ENUM lookup is done on telephone number 01234567890 it might return sip:[email protected] as the preferred destination. As IP routing of voice calls is generally regarded as a cheaper method than TDM the advantages are evident—the potential to route calls at a lower cost for telcos and reduce cost for the consumer. Enterprising businesses and home users could potentially make use of ENUM to learn how to route calls over IP rather than the PSTN. This could leave telco’s looking for ways to maintain revenue streams.

However there are potential issues inherent in this approach. Aside from any reliability issues that occur with any complex technical service, there are serious security concerns to address.

In order for a call to be routed over the IP network the receiving device has to accept and “trust” the incoming connection. Why is this is a major issue? Consider email. One of the major blights on email is Spam. Spam exists in part because in order for the email systems to work each email server has to accept and “trust” incoming connections from any other email server. This fact is used by the spammers to great effect. Most spam avoidance techniques work on spotting or blocking known or suspect emails or servers. We have all experienced spam issues at one time or another and IT professionals know all to well how much work has to be done to combat it.

Let’s return to the issue of using IP to route calls using ENUM. If each receiving IP device has to accept and “trust” the incoming call it doesn’t take a genius to spot the opportunity for the spammers. In the world of ENUM we may have to contend with SPIT (Spam over Internet Telephony). SPIT can take the form of auto-dialled pre-recorded phone calls. It doesn’t take much imagination to see where spammers could go with this. To compound matters, in the IP world there is no “friendly” telco to “generally” shield us from the bad guys.

Another issue exists around the validity of the data in an ENUM database. For instance a few months back I ran an experiment and did ENUM lookups with a couple of well known public ENUM servers for all the telephone numbers dialled from our office PBX. The results were surprising. A number of other telcos claimed to be the route for numbers that belong to another major telco. This is potentially a problem as a rogue user could publish ENUM data about a telephone number that didn’t belong to them for mischievous or even criminal reasons. They could proxy the call through their own server, recording it along the way, and then pass it on to the legitimate receiver unbeknown to the caller. Now while there may be an innocent reason why this happens it perfectly illustrates the potential issues relating to privacy and corporate secrecy. Unless PBX administrators are aware of this issue and how to guard against it then their systems could be vulnerable to this type of attack.

As I mentioned at the start of this article, Nominet the UK Top-Level Domain (TLD) registrar has recently been awarded the contract to administer the UK 4.4.e164.arpa delegation. It has put in place a system of Validation Agencies which will authenticate publishers of ENUM data and approve the validity of the data they publish. So in theory this new ENUM service should stop the problem previously mentioned (in the UK at least). However it does nothing to stop spammers using VoIP as any PBX wanting to be contactable via ENUM has to be by definition open to the IP world. I made this point to a Nominet representative at a recent event and his response was that in time technology would overcome this issue. Well we are still waiting for a credible email spam solution, so what hope is there for viable SPIT solutions and when they arrive will they be effective?

That being said, great strides are being made to use ENUM securely by telcos all around the world to route calls over IP. In time ENUM seems set to replace the existing routing technologies of the TDM world and that opens up all kinds of possibilities.

Will we see a day when individuals can reliably lookup the ENUM information of anyone around the world?