Preventing Spam For SIPbased Sessions and Instant Messages

1
Preventing Spam For SIP-based Sessions and
Instant Messages

• Kumar Srivastava
• Henning Schulzrinne
• June 10, 2004

2
The Presentation

• Overview of the problem of spam in SIP-based
  sessions
• Introduction to DAPES (Domain Authentication and
  Policy Enforcement for SIP)
• Introduction to Bonded Domains
• Future work and conclusion

3
Spam..

• Formally, Spam can be defined as Unsolicited Bulk
  Communications (UBC)
• Internet email sent to a group of recipients
  who have not requested it
• The definition remains the same for SIP, but now
  we are talking in terms of SIP calls and instant
  messages

4
DAPES

• Supports communication with previously known and
  unknown entities
• Real-time and automated detection and
  classification of calls and instant messages as
  spam
• Prevents spoofing of domains, user identities
• Can be extended to ascertain trustworthiness of
  unknown entities

5
Domain Classification

• Classification of domains based on their identity
  instantiation and maintenance procedures plus
  other domain policies.
• Admission controlled domains
• Strict identity instantiation with long term
  relationships
• Example Employees, students, bank customers
• Bonded domains
• Membership possible only through posting of bonds
  tied to a expected behavior
• Membership domains
• No personal verification of new members but
  verifiable identification required such as a
  valid credit card and/or payment
• Example E-bay, phone and data carriers
• Open domains
• No limit or background check on identity creation
  and usage
• Example Hotmail
• Open, rate limited domains
• Open but limits the number of messages per time
  unit and prevents account creation by bots
• Example Yahoo

6
Authentication and Verification

• Verification of caller in two stages
• Verifying local user identities
• DIGEST authentication on INVITE and REGISTER
• Verifying outbound SIP proxies of incoming calls
• TLS Authentication and DNS SRV verification
• Reputation Information for determining
  trustworthiness of unknown caller
• Social Networks
• Problem can be reduced to path existence
• Does a friend I trust, trust this person
• Orkut, Friendster..
• Reputation Systems
• Maintain records for domains and users and their
  reputation information and classification for
  domains.
• Support reputation queries and reputation updates
  by authenticated, valid and trustworthy users.

7
DAPES
Architecture of DAPES
8
Bonded Domains

• Introduced in DAPES
• Spamming motivated by financial gains
• Imposes financial restrictions on potential
  spammers
• Idea is to ask users to post bonds against
  sending spam
• Have to ensure optimal bond amount and correct
  channeling of bond proceeds for successful
  working of the system

9
Reputation in social networks

• There are several types of social networks
  providing a rich source of reputation information
• Study aims to analyze relevant social networks
  and isolate features necessary for extracting
  correct reputation information

10
Conclusion

• As IP telephony becomes more popular, spammers
  will target SIP-based communication for sending
  spam
• It is necessary to build in features into
  SIP-domains to ensure that SIP-based
  communications do not fall prey to spam like in
  the case of e-mail