[VOIPSEC] WG: VoIP Spam paper

Hannes Tschofenig Hannes.Tschofenig at gmx.net
Sun Nov 25 07:32:51 CST 2007 

Hi  all

BACKGROUND

In the IETF SIPPING WG we had discussions regarding SPIT prevention 
mechanism. Particularly with regard to the SPIT marking techniques it 
seems that there is some disagreement about the usefulness of 
statistical techniques. A number of ideas have been discussed already on 
various IETF mailing lists.
I would like to bring another paper to your attention that has been 
posted to the VOIPSEC mailing list.

THE PAPER

The paper says that it exploit the fact that in regular communication 
users both make and receive calls, while spammers are interested in only 
making calls and disseminating information. This paper takes existing 
work from the email environment and applies it to VoIP (as it seems).

The basic idea is to observe communication and call duration in 
particular. Thereby, the call duration is used to create, so-called call 
credentials. A call credential CC consists of A, the identity of the 
caller, B, the identity of the call recipient, t, the call duration and 
TS, the time stamp of the call along with a digital signature of the 
same information.

Although not stated explicitly, I assume that information about a users 
call patters are stored with its VoIP provider. Then, when a user makes 
a call information about the call patters (i.e., in the form of call 
credentials) are made available to the receiving domain or other end 
point. Sharing information about the sender with the recipient's domain 
or the recipient itself has been described in 
http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt 
(although no reference to that document is included in the paper). This 
work on utilizing social networks, as described in 
http://tools.ietf.org/id/draft-ono-trust-path-discovery-02.txt, might 
also be applicable.

To deal with the introduction problem turing tests are suggested.

Working on draft-schwartz-sipping-spit-saml-01.txt we encountered 
problems, such as

* Deployment challenge to get SPIT SAML to deploy. Without it being 
widely deployed the receiving domain does not have a way to know 
anything about the call statistics. Hence, the mechanism would only work 
within a single domain. Without sufficient deployment the mechanisms 
described in the paper wouldn't be so useful either. As such, this 
deployment challenge has nothing todo with SAML but is rather a generic 
problem with the solution approach outlined in the paper (although the 
authors claim it differently in Section 2.4 "Related Work").

* Privacy aspects: It is not clear whether it is actually possible to 
distribute some of this information from one domain to another one 
without violating some privacy laws.

* Trusting the information provided by the sending domain is likely to 
work only for larger VoIP providers. In the worst case the Spammer might 
provide this information since he is acting as a VoIP provider.

The idea of using call patterns for SPIT prevention is not new. Still, 
the provided details for using the call duration (using the Eigentrust 
algorithm) in a SPIT prevention scenario are nice. Maybe this paper 
provides a different spin to our SPIT marking discussion.

Ciao
Hannes

PS: http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt did 
not describe which algorithms to use to compute some of the parameters.
I believe that this is fine for an IETF document given that there are a 
lot of implementation specific aspects that are not relevant for 
standardization.


-----Ursprüngliche Nachricht-----
Von: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] Im 
Auftrag von ext vijay arvind
Gesendet: Montag, 12. November 2007 00:34
An: voipsec at voipsa.org
Betreff: [VOIPSEC] VoIP Spam paper

Hello All,

Attached is a link to a VoIP spam approach that we at the Georgia Tech
Information Security center (GTISC) are working on and was presented at the
4th conference of Email and Anti Spam:
http://www.ceas.cc/2007/papers/paper-63.pdf

The basic idea is to try and exploit the fact that in regular communication
users both make and receive calls, while spammers are interested in only
making calls and disseminating information. Users rarely call a spammer and
even if they inadvertently do so, the call will last for a small duration.
Hence we use call duration and the directionality of calling patterns to
distinguish between a regular user and a spammer. We use basic cryptographic
primitives to encapsulate call duration as call credentials. How we combine
these call credentials using social networking theory and the Eigentrust
algorithm (PageRank) to create a spammer detecting mechanism forms the crux
of the paper.

Bouquets and Brickbats are most welcome.

Thanks,
Vijay
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list