Spit ppt

On Spam over Internet Telephony (SPIT)

Prevention

SPIT is defined as the transmission of unsolicited calls over Internet telephony

Using Internet telephony, these costs are substantially lower

presents a reference model for SPIT prevention systems and provides a classification for a large set of available prevention methods

minimize the probability of blocking legitimate call

maximize the probability of blocking SPIT calls.

minimize the interactions with the callee limit the inconvenience caused to the

caller that tries to place a legitimate call should be general should be flexible

No Interactions With Call

Caller-side Interactions

Callee Interrupted by Call

Callee Receives Call Feedback From

Callee After call

Lists simple mechanism white lists (identities allowed to call) black lists (identities that should be

rejected) members of white lists and black lists may

be configured

Circles of Trust

introducing trusted inter-domain connections

each domain controls its own users and the domains agree not to send SPIT to each other

can be implemented in SIP by using authenticated TLS connections between domains

Pattern/Anomaly Detection

detecting suspicious patterns in VoIP traffic to identify SPIT calls

very general

deciding, based on patterns and signatures whether the incoming call might be SPIT or not

Greylisting first call from an unknown user is

rejected

Computational Puzzle

giving the caller's terminal a resource consuming task to perform before establishing the call

attackers use botnets to distribute the cost of computing puzzles

limits the effectiveness of the solution

Sender Check

verify that a caller is a valid sender for the

domain from which he is calling.

Turing Test

conversational method to tell humans and computers

the judge is a human being

most CAPTCHAs are visual although audio CAPTCHAs exist as well

Consent-based Communication

user A authorize user B, the first time user B tries to contact user A

it solves the first-contact problem but introduces a delay until the first call can be placed

Content Filtering

blocking email spam is essentially based on content analysis

cannot be fully applied to prevent SPIT the receiver has been disturbed by a

ringing phone

Reputation System

attaching reputation score to a contact this score can be evaluated based on user feedback it could also be tied to other methods

Limited-Use Addresses

changing the address as soon as the first spam messages arrive at the address

new address has to be communicated to all contacts

new user has to be able to get the current address of a recipient

Payments At Risk

charging a fee for the first contact

refunding that fee if the call was not SPIT

Legal Action

introducing legislation in all countries to prohibit the distribution of spam over VoIP

there will always be countries where it is legal to send SPIT

First-Contact Feedback

the user can provide a feedback to the server

an unknown identity is allowed to call exactly once and then the callee has to provide a feedback

there is no first-contact problem

we used a modular design for our prevention system that flexibly allows linking stages and uses a modular approach for stages 1 and 2.

SPIT PREVENTION AT STAGE 1 All modules examine incoming call signaling

and produce a score compared to two threshold a low and a high below the lower threshold, the call is

forwarded to the calee between the lower and higher thresholds, call

is forwarded to the second stage modulesrejected or forwarded to a voicemail system

above the higher threshold, either the call is

SPIT PREVENTION AT STAGE 2 If the test is successfully passed ,the

dispatcher forwards the call to the original callee

stage 2 module belonging to the“Turing Test”

based on the assumption that human conversation follows certain activity patterns

sends a prerecorded greeting message

SPIT PREVENTION AT STAGE 5

Software client allows user to terminate the call

• time indicates to the SPIT prevention system that this was SPIT

white/black list module may add the caller identity to the black list.

A systematic classification and reference model for SPIT prevention building blocks

Has a purpose of helping newcomers and practitioners in the area to improve their understanding, and better design and implement SPIT prevention systems

Juergen Quittek & Savario Niccolini; On Spam over Internet Telephony(SPIT) Prevention, IEEE Communication magazine, August 2008

www.2dix.com

THANK YOU