spam over ip telephony (spit) identification and prevention techniques felipe santos manoj deshpande...
TRANSCRIPT
SPAM OVER IP TELEPHONY (SPIT)Identification and prevention Techniques
Felipe SantosManoj DeshpandeECE 4112 – Internetwork SecurityGeorgia Institute of Technology
Background SPAM considered one of biggest
problems in Internet SPIT is expected to become a major
issue in the next few years with increasing deployment of VoIP solutions
Potential for productivity disturbance is much greater than SPAM
Background Definition: The transmission of unsolicited
calls over Internet telephony (VoIP) “SPITTERS” will forge their identities SPITTING agent capable of placing
hundreds of simultaneous automated calls SIP is not voice only, but applies to Instant
Messaging and video as well
SPAM vs. SPIT
SPAM SPIT
User can sort through or filter messages based on content and header
VoIP is a real time protocol that does not allow grant the receiver access to the contents of the call prior to its acceptance
Email is delivered asynchronously, whenever a user decides to download/access email
Victim is interrupted instantly with the phone ringing
SPAMMER does not know for sure when or whether his message will reach the victim
A successful call guarantees that the user exists, is currently online, and will most likely receive the message soon.
SPIT Prevention Framework Goals:
Minimize false positives & negatives Minimize callee interaction in identifying
SPIT Minimize inconvenience to caller General enough to work in different
environments (work, home, etc) and cultures
SPIT Prevention Framework 5 Stage Approach:
Stage 1: no interaction w/ users Blacklist, Whitelist, Graylisting,
Circles of Trust, Pattern / AnomalyDetection
Stage 2: caller interaction Computational Puzzles, Sender
Checks, Audio CAPTCHAS (Turing Tests)
SPIT Prevention Framework 5 Stage Approach (continued):
Stage 3: feedback before call Manual authorization to receive
call and/or authenticate user Stage 4: during the call
Content analysis (not currentlyviable)
Stage 5: feedback after call Reputation System, Limited-Use
Address, Payments at Risk, Litigation
SPIT Prevention Techniques Blacklists & Whitelists
Pros: Simple implementation Effective (users in whitelist will always be allowed
through and vice versa) Cons:
Manual data gathering by user or global service required to build such lists
SPITTERS can easily spoof identity and bypass lists
SPIT Prevention Techniques Circles of Trust
Inter-domain connections are checked before a call is forwarded. Each domain control its users
Pros: Efficient Even if a user misbehaves, easy to identify user
Cons: Requires a priori inter-domain
agreements/validation Relatively complex implementation
SPIT Prevention Techniques Pattern/Anomaly Detection
Statistical analysis of a user’s calling behavior based on studies that identify “normal” call behavior.
Pros: Potentially most acurate Mature methodology
Cons: Requires monitoring agent to keep track of user
behavior Never before implemented to voice calls
SPIT Prevention Techniques Graylisting
Consists of calculating a gray level for each and every caller
Gray level determines how likely a caller is to be a SPITTER
SPIT Prevention Techniques Graylisting (continued)
Progressive Multi Gray-Leveling (PMG) Considers two levels per caller: short-term level and long-
term level Short-term level
considers the number of calls a given user places within a short period of time (i.e. 10 min)
Level changes rapidly - Prevents DoS attacks Long-term level
considers the number of calls a given user places within a long period of time (i.e. 10 hours)
Level changes slowly – prevents SPITTER from regaining calling rights
SPIT Prevention Techniques Graylisting (continued)
Progressive Multi Gray-Leveling (PMG) (continued) A threshold is established, such that if
(short-term level + long-term level) > ThresholdA user’s outgoing call is blocked
SPIT Prevention Techniques Graylisting (continued)
Pros: Effective caller limiting approach Relatively simple implementation Makes a SPITTER’s task much harder
Cons: Legitimate users can potentially have calls
blocked just for placing too many calls within a given time frame.
SPIT Prevention Techniques Computational Puzzle
Verify a caller’s “willingness” to place the call by imposing that the client solves a digital puzzle/calculation prior to call establishment
Caller must spend at least a given minimum period of time to ensure solution is not “guessed”
Pros: Limit a SPITTER’s calling rate by adding required
computational overhead to establish Cons:
Increased overhead for call establishment Could be relatively easily circumvented
SPIT Prevention Techniques Sender Check
Verify/authenticate a caller by actively consulting its domain
Equivalent of Sender Policy Framework (SPF) and Sender ID in email
Pros: Originating domain certifies its users Prevents user ID spoofing
Cons: Relies on remote domain information that may not be
correctly implemented or updated
SPIT Prevention Techniques Turing Test
Differentiate between automated computer placed calls (likely SPIT) and calls placed by human beings
Uses Audio Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAS)
Pros: Quickly and easily identify automated vs. human calls
Cons: Increased overhead for connection establishment Could potentially block non-SPIT automated calls (banks,
package delivery notifications, reverse 911, etc)
SPIT Prevention Techniques Consent-Based Communication
User authentication / identity verification Callee authoizes caller a priori with a previously
exchanged key or passphrase Pros:
SPIT is completely blocked, since only authorized callers can place call to user
Cons: Any new caller who wishes to contact a user must
request and receive the shared key a priori
SPIT Prevention Techniques Content Filtering
Process call content to detect SPIT as done in SPAM filters
Pros: If viable, would be the most accurate technique
Cons: Not viable / implementable. Although there exist DSP
algorithms to analyze audio data and convert audio waveforms to ASCII text, process is not real-time and call contents are not available for processing until after the call is actually placed.
SPIT Prevention Techniques Reputation System
Centralized reputation score based on user behavior and other users’ feedback
Pros: Centralized global resource to identify SPITTERS
Cons: Requires protocol standardization for feedback
framework
SPIT Prevention Techniques Payments at Risk
Require a refundable payment for each call from an unknown party. The payment is only refunded if the caller was not a SPITTER.
Pros: Increase cost / decrease profitability of SPIT
Cons: Quite unrealistic scenario, since a standardized
framework would be required for feedback and payment charging and many VoIP services are free and fully p2p
Lab VoIP Testbed
Lab Exercises Students will:
Configure and setup the VoIP testbed Establish an authenticated VoIP call and notice
a SPITTER’s inability to contact a user that requires caller authentication
Create a SPIT message Place an automated SPIT call by capturing and
replaying the SPIT message created above Place an automated SPIT call with a spoofed ID
Exercise Results User Authentication (with shared keys)
Exercise Results User Authentication (no shared keys)
Exercise Results Creating SPIT Message & Generating
Automated SPIT Call
Exercise Results Spoofing Caller ID
References J. Quittek, S. Niccolini, S. Tartarelli, and R.
Schlegel, “Prevention of Spam over IP Telephony,” NEC Technical Journal, vol. 1, no. 2, Feb., pp. 114-119, 2006.
D. Shin and C. Shim, “Voice Spam Control with Gray Leveling,” Proceedings of 2nd VoIP Security Workshop, Washington DC, June 1-2 2005.
F. Hammer et al. “Elements of Interactivity in Telephone Conversations,” Proceedings of 8th International Conference on Spoken Language Processing (ICSLP/INTERSPEECH 2004), Vol3, pp.1741-1744, Jeju Island, Korea, Oct. 2004.