Re: [Sipping] WG: [VOIPSEC] VoIP Spam paper
Henning Schulzrinne <hgs@cs.columbia.edu> Mon, 26 November 2007 00:09 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwRXU-0004VH-Jf; Sun, 25 Nov 2007 19:09:28 -0500
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1IwRXT-0004VC-Et for sipping-confirm+ok@megatron.ietf.org; Sun, 25 Nov 2007 19:09:27 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwRXT-0004V4-4E for sipping@ietf.org; Sun, 25 Nov 2007 19:09:27 -0500
Received: from brinza.cc.columbia.edu ([128.59.29.8]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IwRXR-0003Pk-6i for sipping@ietf.org; Sun, 25 Nov 2007 19:09:27 -0500
Received: from Henning-Schulzrinnes-Computer (pool-70-21-184-101.nwrk.east.verizon.net [70.21.184.101]) (user=hgs10 mech=PLAIN bits=0) by brinza.cc.columbia.edu (8.14.1/8.14.1) with ESMTP id lAQ09Kcl026365 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 25 Nov 2007 19:09:20 -0500 (EST)
Message-Id: <CAD99A0D-A223-455A-BA4B-D9AA61D877DD@cs.columbia.edu>
From: Henning Schulzrinne <hgs@cs.columbia.edu>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <47497983.20009@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v915)
Subject: Re: [Sipping] WG: [VOIPSEC] VoIP Spam paper
Date: Sun, 25 Nov 2007 19:09:19 -0500
References: <47497983.20009@gmx.net>
X-Mailer: Apple Mail (2.915)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.48 on 128.59.29.8
X-Spam-Score: -1.0 (-)
X-Scan-Signature: 827a2a57ca7ab0837847220f447e8d56
Cc: vijay.arvind@gmail.com, voipsec@voipsa.org, SIPPING LIST <sipping@ietf.org>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
In addition, there are many legitimate callers that fall into the outbound-only category, such as notification systems that are becoming increasingly popular, from things as mundane as your-flight-is-late and your-dentist-appointment-is-tomorrow to important and time- critical as student-with-gun-on-the-loose or a-forest-fire-is-heading- your-way. Henning On Nov 25, 2007, at 8:32 AM, Hannes Tschofenig wrote: > Hi all > > BACKGROUND > > In the IETF SIPPING WG we had discussions regarding SPIT prevention > mechanism. Particularly with regard to the SPIT marking techniques > it seems that there is some disagreement about the usefulness of > statistical techniques. A number of ideas have been discussed > already on various IETF mailing lists. > I would like to bring another paper to your attention that has been > posted to the VOIPSEC mailing list. > > THE PAPER > > The paper says that it exploit the fact that in regular > communication users both make and receive calls, while spammers are > interested in only making calls and disseminating information. This > paper takes existing work from the email environment and applies it > to VoIP (as it seems). > > The basic idea is to observe communication and call duration in > particular. Thereby, the call duration is used to create, so-called > call credentials. A call credential CC consists of A, the identity > of the caller, B, the identity of the call recipient, t, the call > duration and TS, the time stamp of the call along with a digital > signature of the same information. > > Although not stated explicitly, I assume that information about a > users call patters are stored with its VoIP provider. Then, when a > user makes a call information about the call patters (i.e., in the > form of call credentials) are made available to the receiving domain > or other end point. Sharing information about the sender with the > recipient's domain or the recipient itself has been described in http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt > (although no reference to that document is included in the paper). > This work on utilizing social networks, as described in http://tools.ietf.org/id/draft-ono-trust-path-discovery-02.txt > , might also be applicable. > > To deal with the introduction problem turing tests are suggested. > > Working on draft-schwartz-sipping-spit-saml-01.txt we encountered > problems, such as > > * Deployment challenge to get SPIT SAML to deploy. Without it being > widely deployed the receiving domain does not have a way to know > anything about the call statistics. Hence, the mechanism would only > work within a single domain. Without sufficient deployment the > mechanisms described in the paper wouldn't be so useful either. As > such, this deployment challenge has nothing todo with SAML but is > rather a generic problem with the solution approach outlined in the > paper (although the authors claim it differently in Section 2.4 > "Related Work"). > > * Privacy aspects: It is not clear whether it is actually possible > to distribute some of this information from one domain to another > one without violating some privacy laws. > > * Trusting the information provided by the sending domain is likely > to work only for larger VoIP providers. In the worst case the > Spammer might provide this information since he is acting as a VoIP > provider. > > The idea of using call patterns for SPIT prevention is not new. > Still, the provided details for using the call duration (using the > Eigentrust algorithm) in a SPIT prevention scenario are nice. Maybe > this paper provides a different spin to our SPIT marking discussion. > > Ciao > Hannes > > PS: http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt > did not describe which algorithms to use to compute some of the > parameters. > I believe that this is fine for an IETF document given that there > are a lot of implementation specific aspects that are not relevant > for standardization. > > > -----Ursprüngliche Nachricht----- > Von: voipsec-bounces@voipsa.org [mailto:voipsec-bounces@voipsa.org] > Im Auftrag von ext vijay arvind > Gesendet: Montag, 12. November 2007 00:34 > An: voipsec@voipsa.org > Betreff: [VOIPSEC] VoIP Spam paper > > Hello All, > > Attached is a link to a VoIP spam approach that we at the Georgia Tech > Information Security center (GTISC) are working on and was presented > at the > 4th conference of Email and Anti Spam: > http://www.ceas.cc/2007/papers/paper-63.pdf > > The basic idea is to try and exploit the fact that in regular > communication > users both make and receive calls, while spammers are interested in > only > making calls and disseminating information. Users rarely call a > spammer and > even if they inadvertently do so, the call will last for a small > duration. > Hence we use call duration and the directionality of calling > patterns to > distinguish between a regular user and a spammer. We use basic > cryptographic > primitives to encapsulate call duration as call credentials. How we > combine > these call credentials using social networking theory and the > Eigentrust > algorithm (PageRank) to create a spammer detecting mechanism forms > the crux > of the paper. > > Bouquets and Brickbats are most welcome. > > Thanks, > Vijay > _______________________________________________ > Voipsec mailing list > Voipsec@voipsa.org > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org > > > > _______________________________________________ > Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sip@ietf.org for new developments of core SIP _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] WG: [VOIPSEC] VoIP Spam paper Hannes Tschofenig
- Re: [Sipping] WG: [VOIPSEC] VoIP Spam paper Henning Schulzrinne
- [Sipping] Re: [VOIPSEC] VoIP Spam paper vijay arvind
- [Sipping] Re: [VOIPSEC] VoIP Spam paper Hannes Tschofenig