1 / 28

SPAM over IP Telephony (SPIT)

Felipe Santos Manoj Deshpande ECE 4112 – Internetwork Security Georgia Institute of Technology. SPAM over IP Telephony (SPIT). Identification and prevention Techniques. Background. SPAM considered one of biggest problems in Internet

cais
Download Presentation

SPAM over IP Telephony (SPIT)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Felipe Santos Manoj Deshpande ECE 4112 – Internetwork Security Georgia Institute of Technology SPAM over IP Telephony (SPIT) Identification and prevention Techniques

  2. Background • SPAM considered one of biggest problems in Internet • SPIT is expected to become a major issue in the next few years with increasing deployment of VoIP solutions • Potential for productivity disturbance is much greater than SPAM

  3. Background • Definition: The transmission of unsolicited calls over Internet telephony (VoIP) • “SPITTERS” will forge their identities • SPITTING agent capable of placing hundreds of simultaneous automated calls • SIP is not voice only, but applies to Instant Messaging and video as well

  4. SPAM vs. SPIT

  5. SPIT Prevention Framework • Goals: • Minimize false positives & negatives • Minimize callee interaction in identifying SPIT • Minimize inconvenience to caller • General enough to work in different environments (work, home, etc) and cultures

  6. SPIT Prevention Framework • 5 Stage Approach: • Stage 1: no interaction w/ users • Blacklist, Whitelist, Graylisting, Circles of Trust, Pattern / AnomalyDetection • Stage 2: caller interaction • Computational Puzzles, SenderChecks, Audio CAPTCHAS (Turing Tests)

  7. SPIT Prevention Framework • 5 Stage Approach (continued): • Stage 3: feedback before call • Manual authorization to receivecall and/or authenticate user • Stage 4: during the call • Content analysis (not currentlyviable) • Stage 5: feedback after call • Reputation System, Limited-Use Address, Payments at Risk, Litigation

  8. SPIT Prevention Techniques • Blacklists & Whitelists • Pros: • Simple implementation • Effective (users in whitelist will always be allowed through and vice versa) • Cons: • Manual data gathering by user or global service required to build such lists • SPITTERS can easily spoof identity and bypass lists

  9. SPIT Prevention Techniques • Circles of Trust • Inter-domain connections are checked before a call is forwarded. Each domain control its users • Pros: • Efficient • Even if a user misbehaves, easy to identify user • Cons: • Requires a priori inter-domain agreements/validation • Relatively complex implementation

  10. SPIT Prevention Techniques • Pattern/Anomaly Detection • Statistical analysis of a user’s calling behavior based on studies that identify “normal” call behavior. • Pros: • Potentially most acurate • Mature methodology • Cons: • Requires monitoring agent to keep track of user behavior • Never before implemented to voice calls

  11. SPIT Prevention Techniques • Graylisting • Consists of calculating a gray level for each and every caller • Gray level determines how likely a caller is to be a SPITTER

  12. SPIT Prevention Techniques • Graylisting (continued) • Progressive Multi Gray-Leveling (PMG) • Considers two levels per caller: short-term level and long-term level • Short-term level • considers the number of calls a given user places within a short period of time (i.e. 10 min) • Level changes rapidly - Prevents DoS attacks • Long-term level • considers the number of calls a given user places within a long period of time (i.e. 10 hours) • Level changes slowly – prevents SPITTER from regaining calling rights

  13. SPIT Prevention Techniques • Graylisting (continued) • Progressive Multi Gray-Leveling (PMG) (continued) • A threshold is established, such that if (short-term level + long-term level) > ThresholdA user’s outgoing call is blocked

  14. SPIT Prevention Techniques • Graylisting (continued) • Pros: • Effective caller limiting approach • Relatively simple implementation • Makes a SPITTER’s task much harder • Cons: • Legitimate users can potentially have calls blocked just for placing too many calls within a given time frame.

  15. SPIT Prevention Techniques • Computational Puzzle • Verify a caller’s “willingness” to place the call by imposing that the client solves a digital puzzle/calculation prior to call establishment • Caller must spend at least a given minimum period of time to ensure solution is not “guessed” • Pros: • Limit a SPITTER’s calling rate by adding required computational overhead to establish • Cons: • Increased overhead for call establishment • Could be relatively easily circumvented

  16. SPIT Prevention Techniques • Sender Check • Verify/authenticate a caller by actively consulting its domain • Equivalent of Sender Policy Framework (SPF) and Sender ID in email • Pros: • Originating domain certifies its users • Prevents user ID spoofing • Cons: • Relies on remote domain information that may not be correctly implemented or updated

  17. SPIT Prevention Techniques • Turing Test • Differentiate between automated computer placed calls (likely SPIT) and calls placed by human beings • Uses Audio Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAS) • Pros: • Quickly and easily identify automated vs. human calls • Cons: • Increased overhead for connection establishment • Could potentially block non-SPIT automated calls (banks, package delivery notifications, reverse 911, etc)

  18. SPIT Prevention Techniques • Consent-Based Communication • User authentication / identity verification • Calleeauthoizes caller a priori with a previously exchanged key or passphrase • Pros: • SPIT is completely blocked, since only authorized callers can place call to user • Cons: • Any new caller who wishes to contact a user must request and receive the shared key a priori

  19. SPIT Prevention Techniques • Content Filtering • Process call content to detect SPIT as done in SPAM filters • Pros: • If viable, would be the most accurate technique • Cons: • Not viable / implementable. Although there exist DSP algorithms to analyze audio data and convert audio waveforms to ASCII text, process is not real-time and call contents are not available for processing until after the call is actually placed.

  20. SPIT Prevention Techniques • Reputation System • Centralized reputation score based on user behavior and other users’ feedback • Pros: • Centralized global resource to identify SPITTERS • Cons: • Requires protocol standardization for feedback framework

  21. SPIT Prevention Techniques • Payments at Risk • Require a refundable payment for each call from an unknown party. The payment is only refunded if the caller was not a SPITTER. • Pros: • Increase cost / decrease profitability of SPIT • Cons: • Quite unrealistic scenario, since a standardized framework would be required for feedback and payment charging and many VoIP services are free and fully p2p

  22. Lab VoIP Testbed

  23. Lab Exercises • Students will: • Configure and setup the VoIP testbed • Establish an authenticated VoIP call and notice a SPITTER’s inability to contact a user that requires caller authentication • Create a SPIT message • Place an automated SPIT call by capturing and replaying the SPIT message created above • Place an automated SPIT call with a spoofed ID

  24. Exercise Results • User Authentication (with shared keys)

  25. Exercise Results • User Authentication (no shared keys)

  26. Exercise Results • Creating SPIT Message & Generating Automated SPIT Call

  27. Exercise Results • Spoofing Caller ID

  28. References • J. Quittek, S. Niccolini, S. Tartarelli, and R. Schlegel, “Prevention of Spam over IP Telephony,” NEC Technical Journal, vol. 1, no. 2, Feb., pp. 114-119, 2006. • D. Shin and C. Shim, “Voice Spam Control with Gray Leveling,” Proceedings of 2nd VoIP Security Workshop, Washington DC, June 1-2 2005. • F. Hammer et al. “Elements of Interactivity in Telephone Conversations,” Proceedings of 8th International Conference on Spoken Language Processing (ICSLP/INTERSPEECH 2004), Vol3, pp.1741-1744, Jeju Island, Korea, Oct. 2004.

More Related