[Sipping] WG: [VOIPSEC] VoIP Spam paper
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sun, 25 November 2007 13:32 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwHbU-0006gX-8x; Sun, 25 Nov 2007 08:32:56 -0500
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1IwHbT-0006gM-5s for sipping-confirm+ok@megatron.ietf.org; Sun, 25 Nov 2007 08:32:55 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwHbS-0006fi-QS for sipping@ietf.org; Sun, 25 Nov 2007 08:32:54 -0500
Received: from mail.gmx.net ([213.165.64.20]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IwHbS-0006tj-11 for sipping@ietf.org; Sun, 25 Nov 2007 08:32:54 -0500
Received: (qmail invoked by alias); 25 Nov 2007 13:32:52 -0000
Received: from p54985FA5.dip.t-dialin.net (EHLO [192.168.1.5]) [84.152.95.165] by mail.gmx.net (mp056) with SMTP; 25 Nov 2007 14:32:52 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+ogHZWMwKoWP5q/BPTKl4WmMrrOzKhtJZzRUANSi xSa+kpy7Q3YtHj
Message-ID: <47497983.20009@gmx.net>
Date: Sun, 25 Nov 2007 14:32:51 +0100
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: SIPPING LIST <sipping@ietf.org>, Eric Rescorla <ekr@networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Cc: voipsec@voipsa.org, vijay.arvind@gmail.com
Subject: [Sipping] WG: [VOIPSEC] VoIP Spam paper
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
Hi all BACKGROUND In the IETF SIPPING WG we had discussions regarding SPIT prevention mechanism. Particularly with regard to the SPIT marking techniques it seems that there is some disagreement about the usefulness of statistical techniques. A number of ideas have been discussed already on various IETF mailing lists. I would like to bring another paper to your attention that has been posted to the VOIPSEC mailing list. THE PAPER The paper says that it exploit the fact that in regular communication users both make and receive calls, while spammers are interested in only making calls and disseminating information. This paper takes existing work from the email environment and applies it to VoIP (as it seems). The basic idea is to observe communication and call duration in particular. Thereby, the call duration is used to create, so-called call credentials. A call credential CC consists of A, the identity of the caller, B, the identity of the call recipient, t, the call duration and TS, the time stamp of the call along with a digital signature of the same information. Although not stated explicitly, I assume that information about a users call patters are stored with its VoIP provider. Then, when a user makes a call information about the call patters (i.e., in the form of call credentials) are made available to the receiving domain or other end point. Sharing information about the sender with the recipient's domain or the recipient itself has been described in http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt (although no reference to that document is included in the paper). This work on utilizing social networks, as described in http://tools.ietf.org/id/draft-ono-trust-path-discovery-02.txt, might also be applicable. To deal with the introduction problem turing tests are suggested. Working on draft-schwartz-sipping-spit-saml-01.txt we encountered problems, such as * Deployment challenge to get SPIT SAML to deploy. Without it being widely deployed the receiving domain does not have a way to know anything about the call statistics. Hence, the mechanism would only work within a single domain. Without sufficient deployment the mechanisms described in the paper wouldn't be so useful either. As such, this deployment challenge has nothing todo with SAML but is rather a generic problem with the solution approach outlined in the paper (although the authors claim it differently in Section 2.4 "Related Work"). * Privacy aspects: It is not clear whether it is actually possible to distribute some of this information from one domain to another one without violating some privacy laws. * Trusting the information provided by the sending domain is likely to work only for larger VoIP providers. In the worst case the Spammer might provide this information since he is acting as a VoIP provider. The idea of using call patterns for SPIT prevention is not new. Still, the provided details for using the call duration (using the Eigentrust algorithm) in a SPIT prevention scenario are nice. Maybe this paper provides a different spin to our SPIT marking discussion. Ciao Hannes PS: http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt did not describe which algorithms to use to compute some of the parameters. I believe that this is fine for an IETF document given that there are a lot of implementation specific aspects that are not relevant for standardization. -----Ursprüngliche Nachricht----- Von: voipsec-bounces@voipsa.org [mailto:voipsec-bounces@voipsa.org] Im Auftrag von ext vijay arvind Gesendet: Montag, 12. November 2007 00:34 An: voipsec@voipsa.org Betreff: [VOIPSEC] VoIP Spam paper Hello All, Attached is a link to a VoIP spam approach that we at the Georgia Tech Information Security center (GTISC) are working on and was presented at the 4th conference of Email and Anti Spam: http://www.ceas.cc/2007/papers/paper-63.pdf The basic idea is to try and exploit the fact that in regular communication users both make and receive calls, while spammers are interested in only making calls and disseminating information. Users rarely call a spammer and even if they inadvertently do so, the call will last for a small duration. Hence we use call duration and the directionality of calling patterns to distinguish between a regular user and a spammer. We use basic cryptographic primitives to encapsulate call duration as call credentials. How we combine these call credentials using social networking theory and the Eigentrust algorithm (PageRank) to create a spammer detecting mechanism forms the crux of the paper. Bouquets and Brickbats are most welcome. Thanks, Vijay _______________________________________________ Voipsec mailing list Voipsec@voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] WG: [VOIPSEC] VoIP Spam paper Hannes Tschofenig
- Re: [Sipping] WG: [VOIPSEC] VoIP Spam paper Henning Schulzrinne
- [Sipping] Re: [VOIPSEC] VoIP Spam paper vijay arvind
- [Sipping] Re: [VOIPSEC] VoIP Spam paper Hannes Tschofenig