[VOIPSEC] [Sipping] WG: VoIP Spam paper

[vijay arvind]

Hello Henning,
In the paper we try to address the legitimate callers who fall into the only
outbound category by introducing pre-trusted peers. So users of critical
infrastructure like bank systems that makes only outgoing calls can through
some elaborate mechanism achieve a pre-trusted status in which case their
reputation is preassigned. On the internet pages like google and yahoo are
preassigned a score and what links others have to them doesnt matter.

I have seen notification systems use IM and email kind of mechanisms to
provide this information. This work tries to provide solutions to the VoIP
spam problem where parties are actively involved in a call. We would
definitely need a different Spam prevention mechanism for a system that is
focussed on a larger percentage of purely outbound users.

Bye,
Vijay

On Nov 25, 2007 4:09 PM, Henning Schulzrinne <hgs at cs.columbia.edu> wrote:

> In addition, there are many legitimate callers that fall into the
> outbound-only category, such as notification systems that are becoming
> increasingly popular, from things as mundane as your-flight-is-late
> and your-dentist-appointment-is-tomorrow to important and time-
> critical as student-with-gun-on-the-loose or a-forest-fire-is-heading-
> your-way.
>
> Henning
>
> On Nov 25, 2007, at 8:32 AM, Hannes Tschofenig wrote:
>
> > Hi  all
> >
> > BACKGROUND
> >
> > In the IETF SIPPING WG we had discussions regarding SPIT prevention
> > mechanism. Particularly with regard to the SPIT marking techniques
> > it seems that there is some disagreement about the usefulness of
> > statistical techniques. A number of ideas have been discussed
> > already on various IETF mailing lists.
> > I would like to bring another paper to your attention that has been
> > posted to the VOIPSEC mailing list.
> >
> > THE PAPER
> >
> > The paper says that it exploit the fact that in regular
> > communication users both make and receive calls, while spammers are
> > interested in only making calls and disseminating information. This
> > paper takes existing work from the email environment and applies it
> > to VoIP (as it seems).
> >
> > The basic idea is to observe communication and call duration in
> > particular. Thereby, the call duration is used to create, so-called
> > call credentials. A call credential CC consists of A, the identity
> > of the caller, B, the identity of the call recipient, t, the call
> > duration and TS, the time stamp of the call along with a digital
> > signature of the same information.
> >
> > Although not stated explicitly, I assume that information about a
> > users call patters are stored with its VoIP provider. Then, when a
> > user makes a call information about the call patters (i.e., in the
> > form of call credentials) are made available to the receiving domain
> > or other end point. Sharing information about the sender with the
> > recipient's domain or the recipient itself has been described in
> http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt
> >  (although no reference to that document is included in the paper).
> > This work on utilizing social networks, as described in
> http://tools.ietf.org/id/draft-ono-trust-path-discovery-02.txt
> > , might also be applicable.
> >
> > To deal with the introduction problem turing tests are suggested.
> >
> > Working on draft-schwartz-sipping-spit-saml-01.txt we encountered
> > problems, such as
> >
> > * Deployment challenge to get SPIT SAML to deploy. Without it being
> > widely deployed the receiving domain does not have a way to know
> > anything about the call statistics. Hence, the mechanism would only
> > work within a single domain. Without sufficient deployment the
> > mechanisms described in the paper wouldn't be so useful either. As
> > such, this deployment challenge has nothing todo with SAML but is
> > rather a generic problem with the solution approach outlined in the
> > paper (although the authors claim it differently in Section 2.4
> > "Related Work").
> >
> > * Privacy aspects: It is not clear whether it is actually possible
> > to distribute some of this information from one domain to another
> > one without violating some privacy laws.
> >
> > * Trusting the information provided by the sending domain is likely
> > to work only for larger VoIP providers. In the worst case the
> > Spammer might provide this information since he is acting as a VoIP
> > provider.
> >
> > The idea of using call patterns for SPIT prevention is not new.
> > Still, the provided details for using the call duration (using the
> > Eigentrust algorithm) in a SPIT prevention scenario are nice. Maybe
> > this paper provides a different spin to our SPIT marking discussion.
> >
> > Ciao
> > Hannes
> >
> > PS: http://tools.ietf.org/id/draft-schwartz-sipping-spit-saml-01.txt
> > did not describe which algorithms to use to compute some of the
> > parameters.
> > I believe that this is fine for an IETF document given that there
> > are a lot of implementation specific aspects that are not relevant
> > for standardization.
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org]
> > Im Auftrag von ext vijay arvind
> > Gesendet: Montag, 12. November 2007 00:34
> > An: voipsec at voipsa.org
> > Betreff: [VOIPSEC] VoIP Spam paper
> >
> > Hello All,
> >
> > Attached is a link to a VoIP spam approach that we at the Georgia Tech
> > Information Security center (GTISC) are working on and was presented
> > at the
> > 4th conference of Email and Anti Spam:
> > http://www.ceas.cc/2007/papers/paper-63.pdf
> >
> > The basic idea is to try and exploit the fact that in regular
> > communication
> > users both make and receive calls, while spammers are interested in
> > only
> > making calls and disseminating information. Users rarely call a
> > spammer and
> > even if they inadvertently do so, the call will last for a small
> > duration.
> > Hence we use call duration and the directionality of calling
> > patterns to
> > distinguish between a regular user and a spammer. We use basic
> > cryptographic
> > primitives to encapsulate call duration as call credentials. How we
> > combine
> > these call credentials using social networking theory and the
> > Eigentrust
> > algorithm (PageRank) to create a spammer detecting mechanism forms
> > the crux
> > of the paper.
> >
> > Bouquets and Brickbats are most welcome.
> >
> > Thanks,
> > Vijay
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
> >
> > _______________________________________________
> > Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
> > This list is for NEW development of the application of SIP
> > Use sip-implementors at cs.columbia.edu for questions on current sip
> > Use sip at ietf.org for new developments of core SIP
>
>