1 / 10

Preventing Spam For SIP-based Sessions and Instant Messages

This presentation provides an overview of the problem of spam in SIP-based sessions and introduces DAPES (Domain Authentication and Policy Enforcement for SIP) and "Bonded Domains". It discusses the future work and conclusion on preventing spam in SIP-based communications.

murtagh
Download Presentation

Preventing Spam For SIP-based Sessions and Instant Messages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004

  2. The Presentation… • Overview of the problem of spam in SIP-based sessions • Introduction to DAPES (Domain Authentication and Policy Enforcement for SIP) • Introduction to “Bonded Domains” • Future work and conclusion

  3. Spam.. • Formally, Spam can be defined as Unsolicited Bulk Communications (UBC) • “Internet email” sent to a group of recipients who have not requested it • The definition remains the same for SIP, but now we are talking in terms of SIP calls and instant messages

  4. DAPES • Supports communication with previously known and unknown entities • Real-time and automated detection and classification of calls and instant messages as “spam” • Prevents spoofing of domains, user identities • Can be extended to ascertain trustworthiness of unknown entities

  5. Domain Classification • Classification of domains based on their identity instantiation and maintenance procedures plus other domain policies. • Admission controlled domains • Strict identity instantiation with long term relationships • Example: Employees, students, bank customers • Bonded domains • Membership possible only through posting of bonds tied to a expected behavior • Membership domains • No personal verification of new members but verifiable identification required such as a valid credit card and/or payment • Example: E-bay, phone and data carriers • Open domains • No limit or background check on identity creation and usage • Example: Hotmail • Open, rate limited domains • Open but limits the number of messages per time unit and prevents account creation by bots • Example: Yahoo

  6. Authentication and Verification • Verification of caller in two stages • Verifying local user identities • DIGEST authentication on INVITE and REGISTER • Verifying outbound SIP proxies of incoming calls • TLS Authentication and DNS SRV verification • Reputation Information for determining trustworthiness of unknown caller • Social Networks • Problem can be reduced to “path existence” • Does a friend I trust, trust this person • Orkut, Friendster.. • Reputation Systems • Maintain records for domains and users and their reputation information and classification for domains. • Support reputation queries and reputation updates by authenticated, valid and trustworthy users.

  7. DAPES Architecture of DAPES

  8. Bonded Domains • Introduced in DAPES • Spamming motivated by financial gains • Imposes financial restrictions on potential spammers • Idea is to ask users to post bonds against sending spam • Have to ensure optimal bond amount and correct channeling of bond proceeds for successful working of the system

  9. Reputation in social networks • There are several types of social networks providing a rich source of reputation information • Study aims to analyze relevant social networks and isolate features necessary for extracting correct reputation information

  10. Conclusion • As IP telephony becomes more popular, spammers will target SIP-based communication for sending spam • It is necessary to build in features into SIP-domains to ensure that SIP-based communications do not fall prey to spam like in the case of e-mail

More Related