The global telecommunications infrastructure remains vulnerable to caller identity spoofing, fueling multi-billion dollar smishing and vishing epidemics due to an architectural absence of cryptographic verification. Current detection-based paradigms are inherently reactive, allowing attacks to reach end-users. This paper presents WeDDa: A unified protocol-agnostic Cryptographic Trust Framework for Preventing Smishing and Vishing Attacks Through Verified Identity Attestation, which implements a unified cryptographic trust approach integrating existing attestation mechanisms into a protocol-agnostic, mandatory enforcement layer. By implementing gateway-level cryptographic attestation, our framework creates a verified namespace that systematically reduces identity spoofing at its source, under defined deployment assumptions. Its protocol-agnostic design suggests universal applicability, providing a scalable blueprint deployable across current and next-generation (e.g., 5G, 6G) national infrastructures. Our large-scale laboratory simulations, modeled on Egypt’s telecommunications infrastructure, demonstrate proof-of-concept effectiveness. Under controlled conditions, it blocked all simulated spoofing-based attacks without misclassifying legitimate calls with negligible latency. These laboratory simulations results indicate feasibility for preventing identity spoofing; however, real-world validation through pilot deployments is required. Critically, the framework is inherently integrable, requiring no end-user device modifications and imposing minimal additional cost for adoption into existing core networks (SS7, VoIP), emerging standards (5G), and future frameworks (6G). This paper presents a unified protocol-agnostic framework validated through simulation to telecommunications identity spoofing prevention and a foundational trust layer for secure digital ecosystems, establishing a blueprint for networks intrinsically secure against protocol-level impersonation attacks.
Salem et al. (Tue,) studied this question.