Unsolicited Communication / SPIT / multimedia-spam

Similar documents
Unsolicited Communication in the NGN

Towards Standardized Prevention of Unsolicited Communications and Phishing Attacks

Standardization Trends of the Next Generation Network in ETSI TISPAN

INCREASING TRUST IN CALLING LINE IDENTIFICATION AND ORIGINATING IDENTIFICATION

Workshop Report. ETSI TISPAN The Home of NGN Standards. Beijing, China, 28 May, 2008

draft ETSI TR V0.5.0 ( )

NGN Security standards for Fixed-Mobile Convergence

Overview and Status of NGN Standardization Activities. Naotaka Morita Vice Chairman of SG13, ITU-T NTT Service Integration Laboratories

VoIP Security Threat Analysis

Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN):

ETSI TISPAN Vision on Convergence. FMCA Convergence & Customer Experience 26 June 2008 Sophia-Antipolis, France

3GPP TS V ( )

ISO/IEC TR TECHNICAL REPORT

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Ingate SIParator /Firewall SIP Security for the Enterprise

Federated Identity Management and Network Virtualization

Cisco Unified Presence 8.0

ETSI TC INT ACTIVITIES IN THE FIELD OF IMS STANDARDIZATION AND TESTING. Giulio Maggiore ETSI TC INT Chairman Martin Brand ETSI TC INT Vice Chairman

Unified Communications Manager Express Toll Fraud Prevention

3GPP TS V9.3.0 ( )

TISPAN. Defining the Next Generation Network

Nairobi (Kenya), 9-12 May 2005 Session 1.2 "International Framework"

What is NGN? Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011

COMMUNICATIONS ALLIANCE LTD REPORT FROM THE IP LOCATION INFORMATION WORKING GROUP

ETSI TS V8.1.0 ( ) Technical Specification

Cisco Converged Services Platform

3GPP TS V8.9.0 ( )

ISO/IEC TR TECHNICAL REPORT

Presented at MarcusEvans Conference VoIP Business Strategies Forum, Berlin, 9-11 November 2005

TIM Specification for Gm Interface between an User Equipment and the Fixed IMS Network: MultiMedia Telephony Supplementary Services

Interconnection & Roaming IMS Signalling Profile (Release 2.0) May 2013

Overview of the Session Initiation Protocol

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

atl IP Telephone SIP Compatibility

Open Standards and Interoperability for IP Multimedia Subsystem (IMS)

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Services and Related Issues of NGN Standards Activities

Telecom MISP. Building a Telecom Information Sharing Platform. Alexandre De Oliveira

MonAM ( ) at TUebingen Germany

ETSI LI Standards Overview

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

ETSI TS V2.1.1 ( ) Technical Specification

The leader in session border control. for trusted, first class interactive communications

Using Cross-Media Relations to Identify Important Communication Requests: Testing the Concept and Implementation

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

A Policy Framework for Personalized and Role-Based SPIT Prevention

NGN interconnection: technology challenges. Dr. Rochdi ZOUAKIA.

ENUM in the UK..and the NGN standards arena

Unified Communications For Enterprise

Status of IMS-Based Next Generation Networks for Fixed Mobile Convergence

Unified Communications Platform

Requirements and capabilities for. NGN services Marco Carugi Nortel Networks March 2005 Jeju Island, South Korea

ETSI TS V ( ) Technical Specification

ETSI TS V ( )

Skype for Business Mobile Client Comparison Guide

Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives

Evolutionary steps towards NGN communications services in Australia

ETSI TS V1.2.2 ( )

white paper MMTel a standard for multimedia services over IMS

Location in SIP/IP Core (LOCSIP)

Fixed Mobile Convergence s Role in In-building Coverage. Charles Bradshaw Leader, Wireless Core Marketing May 2, 2007

Secure Telephony Enabled Middle-box (STEM)

3GPP support for IP based Emergency Calls - April 2007 Status

INSE 7110 Winter 2004 Value Added Services Engineering in Next Generation Networks Week #5. Roch H. Glitho- Ericsson/Concordia University

ETSI TS V2.0.0 ( ) Technical Specification

ETSI TS V ( )

INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE

IP MULTIMEDIA SUBSYSTEM (IMS) SECURITY MODEL

TC32 presentation to ECMA General Assembly, Edinburgh, 22nd June 2000

Real-time Communications Security and SDN

Gerald McQuaid, Chairman ETSI TC LI. ETSI All rights reserved

Fixed Mobile Convergence

Competing with OTT Services: RCS e without IMS. November 15, 2011

3GPP in Public Safety and Security 2nd ETSI Security Workshop: Future Security January 2007 Sophia Antipolis, France

IMS in the Next Generation Network

Adaptive Quality of Service Management for Next Generation Residential Gateways

ETSI TS V ( )

3GPP TS V ( )

SESSION BORDER CONTROL IN IMS AN ANALYSIS OF THE REQUIREMENTS FOR SESSION BORDER CONTROL IN IMS NETWORKS

4G: Convergence, Openness for Excellence and Opportunity Cisco Systems, Inc

The Spoofing/Authentication Threat

Service delivery platform: Critical enabler to service provider s new revenue stream

2. SA1 Release 11 Standardization Trends

EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATION SOCIETY AND MEDIA

CDMA2000 Workshop. Paul Le Rossignol. Nortel Networks, OMA Board Director

ETSI TS V1.2.1 ( )

ETSI TS V ( )

ETSI TC STQ Speech and multimedia Transmission Quality

Evolution and Migration to IMT-2000 & Systems beyond

PROPOSAL THESIS RESEACH IP MULTIMEDIA PACKET DELAY AND TRAFFIC ANALYSIS

FT ETSI STANDARDS FOR PUBLIC COMMENT

Draft Recommendation X.sdnsec-3 Security guideline of Service Function Chain based on software defined network

ETSI TS V1.1.1 ( )

ABC SBC: Secure Peering. FRAFOS GmbH

Business Considerations for Migration to IMT-2000

IP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007

Certified Information Systems Auditor (CISA)

i-mcs Italtel IMS & VoLTE solution 1/ Italtel S.p.A. All rights reserved

Security Assessment Checklist

Transcription:

Unsolicited Communication / SPIT / multimedia-spam overview of this topic in different SDOs Thilo Ewald NGN Group, NEC Laboratories Europe NEC Europe Ltd., Heidelberg, Germany ewald@nw.neclab.eu Page <date> 1

Jan 08-2 Overview Problem statement Definition of Unsolicited communication Forecast of next generation SPAM? Classification on identifying UC Classification on reacting on UC Possible Deployment scenarios Ongoing work IETF ITU 3GPP TISPAN Other.. NEC s VoIP SEAL Demonstrator of feasibility to identify and prevent UC for VoIP AOB

Jan 08-3 Problem statement SMS/MMS SPAM, SPIT, multimedia-spam, etc Similar wording for the same problem Unsolicited communication Social threat More stress at home and in office, Reduced performance at work More difficult to establish communication e.g. phone switched off to prevent it from ringing Voice mailbox filling with voice spam messages no means to distinguish spam from good voice messages, information lost Business Market will develop more slowly Customers will be disappointed by new technology (NGN) Good call Riiing... Riiing... SPIT calls

Jan 08-4 Forecast of next generation SPAM? NGN devices will become ubiquitous as em@il accounts nowadays are Number of VoIP subscribers will increase dramatically within the NGN Residential VoIP subscribers growing linearly already since year 2000 Today em@il SPAM keeps on increasing 3600 spam messages per day for a small enterprise 100 SPAM messages per day for a end users Voice SPAM over PSTN in Germany 2 calls per week per residential subscriber Conclusion SPIT is ~ 1000 time cheaper than voice spam over PSTN 2000 SPIT calls per week per residential subscriber!

Jan 08-5 Classification on identifying UC knowledge base feedback system system callee system callee Stage 1: non-intrusive Stage 2: caller interaction Stage 3: feedback before call Stage 4: feedback during call Stage 5: feedback after call Non-intrusive test Blacklisting / white listing Message/Call rate analysis Simultaneous call analysis Call behavior analysis Statistically analysis... Caller Interactions touring test... FB before call buddy list integration consent-based communications... FB during call SPIT hang-up button FB after call service center General & Personalized Personalized

Jan 08-6 Classification on Reacting on UC Legal aspect No operator is allowed to intercept communication attempts Only with contractual power operators are allowed to react in behalf of the customer to communication attempts Technical means Block Re-route (i.e. mailbox) Indicate

Jan 08-7 Possible Deployment scenarios Caller (SPITer) (Optional) Identify mark Access node Access network (Optional) Identify mark Core border Core network Identify mark prevent Border gateway User profiles Callee (Bob) UC detection in the NGN network Legacy device UC detection in the NGN network IMS device Caller (SPITer) Identify mark Access node Access network Identify mark Core border Core network Identify mark Border gatewa y Callee (Bob) Identify mark prevent

Ongoing work in the SDOs IETF, ITU, 3GPP, TISPAN Other.. Page <date> 8

Jan 08-9 UC in the IETF (SPIT) Draft-ietf-sipping-spam-03 The Session Initiation Protocol (SIP) and SPAM draft-niccolini-sipping-spitstop Signalling TO Prevent SPIT (SPITSTOP) Reference Scenario draft-niccolini-sipping-feedback-spit SIP Extensions for SPIT identification draft-jung-sipping-authentication-spit Authentication between the Inbound Proxy and the UAS for Protecting SPIT in the Session Initiation Protocol (SIP) draft-schwartz-sipping-spit-saml SPAM for Internet Telephony (SPIT) Prevention using the Security Assertion Markup Language (SAML) draft-froment-sipping-spit-authz-policies Authorization Policies for Preventing SPIT

Jan 08-10 UC in the ITU (multimedia SPAM) The ITU is working on the thread Countering spam by technical means in the ITU-T Study Group 17 - Question 17/17 (Study Period 2005-2008). X.ocsip Overview of countering SPAM for IP multimedia application - TD 2499 Rev.1 This Recommendation specifies basic concepts, characteristics, and effects of Spam in IP multimedia applications such as IP Telephony, instant messaging, multimedia conference, etc. It provides technical issues, requirements for technical solutions, and applicability of countering mechanism of email spam into IP multimedia spam. It provides basis and guideline for developing further technical solutions on countering Spam. X.fcsip Technical Framework of Countering IP Multimedia SPAM TD 2498 This Recommendation will specify general architecture of countering spam system on IP multimedia applications such as IP Telephony, instant messaging, multimedia conference, etc. It will provide functional blocks of necessary network entities to counter spam and their functionalities, and describe interfaces among the entities. To build secure session against spam attack, User Terminals and Edge Service Entities such as proxy server or application servers will be extended to have spam control functions. We will also show interfaces between these extended peer entities, and interfaces with other network entities which can involve for countering spam. X.csreq Requirement on countering SPAM TD 2496 Requirements on countering spam are clarified in this recommendation. There are many types of spam, such as email spam, Mobile messaging spam and IP multimedia spam. Various types of spam may have both common and specific requirements on countering it. For one type of spam, the requirement in different entities should also be clarified.

Jan 08-11 UC in 3GPP (SMS/MMS SPAM) ETSI TR 141 031 V6.0.0 / ETSI TS 122 031 V6.0.0. / ETSI TS 123 031 V6.0.0 Fraud Information Gathering System (FIGS) FIGS provides the means for the HPLMN to monitor a defined set of subscriber activities. The aim is to enable service providers/network operators to a service to limit their financial exposure to large unpaid bills produced on subscriber accounts whilst the subscriber is roaming 3GPP TR XXX XXX Protection against SMS, MMS and IMS SPAM; Study of Different SPAM Protection Mechanisms This TR studies existing and new mechanisms to enable to limit the effects of the SPAM. The following services are considered into the scope of this TR: SMS, MMS, IMS messaging/presence/call and also email messages. The scope is indeed large and ambitious, but as the trend is too converge all medias, the anti SPAM solution has to be adapted to this concept. Investigation based on the 3GPP architecture regarding SMS/MMS/IM SPAM were done Potential solution to counter this threat were analyzed and defence mechanisms were proposed

Jan 08-12 UC in TISPAN (unsolicited communication) ETSI TS 183 016 - MCID (Malicious call identification) This service enables the callee to indicate that an incoming communication is considered to be malicious and it should be identified and registered. ETSI TS 186 006-1 - OIR (Originating Identification Restriction ) The OIR service enables the originating party to prevent presentation of any network-provided identity to the terminating party, and is applicable to all session-based services of the NGN. The OIR supplementary service is described in. ETSI EN 300 798 - ACR (Anonymous Communication Rejection) This service ACR allows a user to reject incoming communications when the caller is anonymous. ETSI TS 183 011- ICB (Incoming Communication Barring) ICB allows a user to block incoming communications based on the identity of the caller. TR WI07025 UC (Feasibility study of preventing unsolicited communication in the NGN) The document WI07025 reports on the feasibility of counteracting the occurrence of Unsolicited Communications (UC) in the NGN. It also addresses the methodologies on preventing the terminating party from receiving UC. The report takes the form of a TVRA and quantifies the likelihood and impact of UC in the NGN where UC is initiated in a variety of forms. A definition of the term unsolicited communication and its context is given as used in NGN. Relevant objectives and requirements are extracted for the NGN architecture, signalling and security.

Jan 08-13 UC in other SDOs GSMA Mobile Spam Code of Practice Code of conduction within GSM network OMA OMA has drafted a set of requirements and architecture for Categorization Based Content Screening (CBCS) suggesting among other things usage of ICAP protocol to transfer content categorization information. Content Screening is defined as the act of blocking, allowing or amending content, thereby, it also includes malware. It is suggested that the OMA requirements and architecture are considered for the unsolicited communication study as appropriate. The current OMA work can be found in the following specifications: Categorization Based Content Screening Framework Requirements, Candidate Version 1.0 11 July 2006 (a newer one may already exist), Open Mobile Alliance OMA-RD-CBCS-V1_0-20060711-C The document describes Use Cases for categorization based content screening and high level requirements on the functionality of such a system. Categorization-based Content Screening Framework Architecture, Draft Version 1.0 28 Aug 2006, Open Mobile Alliance OMA-AD-CBCS-V1_0-20060828-D The document presents an architectural model for a two-tier solution of a CBCS Enabler. The CBCS Enabler evaluates and/or enforces Screening Rules.

VoIP SEAL (VoIP SEcure Application Layer Firewall) NEC s demonstrator for identifying, analyzing and preventing UC in the environment of VoIP VoIP SEAL Page <date> 14

Jan 08-15 NEC VoIP SEAL : Characteristics Covers multiple aspects of VoIP Security Provide protection against wide range of attacks Key issues Flexible protection technology is required Encryption and authentication will not be enough No single method of protection Solution VoIP SEcure Application Level firewall (VoIP SEAL) Modular and extensible platform prevention of SPIT and (D)DoS attacks Multiple different VoIP protection modules cooperate On-line plug-and-play integration of new modules On-line configuration of modules On-line update of modules Good call Good call SPIT calls SPIT calls SIP Proxy SIP Proxy with additional modules VoIP SEAL now with NEC solution

Jan 08-16 Building Blocks for SPIT Prevention (Classification) No Interactions With Call Participants black/white-listing call-rate analysis Caller-side Interactions Turing test Feedback from callee before call Import buddy-list Specify personal black/whitelist Feedback from callee during call Special hang-up button Feedback from callee After Call IVM-system Special number (i.e. #7748) Web-frontend knowledge base feedback system system callee system callee Stage 1: non-intrusive Stage 2: caller interaction Stage 3: feedback before call Stage 4: feedback during call Stage 5: feedback after call

VoIP SEAL: Characteristics Covers multiple aspects of VoIP Security Provide protection against wide range of attacks Standard-based SIP-based for Next Generation Networks (NGN) SIP extensions currently entering the standardization process (D)DoS attacker Phone Proxy Server Application Server VoIP SEAL Firewall Peering Point (SBC) SPIT caller Jan 08-17 Good caller

Jan 08-18 VoIP SEAL: Internal Architecture VoIP SEAL covers different stages with different modules mix of open and closed loops Stage 1 modules are combined using a scoring system Stage 2 modules are combined based on the output of the previous stage Stage 3/4/5 use the information coming from feedbacks to work in collaboration with Stage 1 modules Module 1 Module 2... Module n + + + Scoring System Module 1 Module 2... Module n Dispatcher Stage 1 accept / reject Stage 2 accept / reject VoIP SEAL Feedback Processing Terminals Stage 3/4/5

Jan 08-19 Advanced SPIT Prevention Mechanisms analyze signaling messages voice signal energy interact with caller caller VoIP SEAL callee 0 time 0 ringing greeti ng & ques tion answer time calling bob@nec.de suspicious caller: additional tests 1. Energy level of conversation during greeting/question? unknown@somewhere.com Too high SPIT block the call Close to zero: process further or accept the call

Jan 08-20 Screenshot of Prototype GUI

Jan 08-21 AOB Question & Answers

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback