Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann - PowerPoint PPT Presentation

About This Presentation
Title:

Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann

Description:

IPclip = IP Calling Line Identification Presentation ... IPclip adds location information on layer 3 as IP option ... 1. More precise tracing of spam by means of LI ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 27
Provided by: projects7
Category:

less

Transcript and Presenter's Notes

Title: Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann


1
Complementing E-Mails withDistinct, Geographic
Location Informationin Packet-switched IP
Networks
  • Stephan Kubisch, Harald Widiger, Peter
    Danielis,Jens Schulz, Dirk Timmermann
  • stephan.kubischpeter.danielis_at_uni-rostock.de
  • University of Rostock
  • Institute of Applied Microelectronics and
    Computer Engineering
  • Thomas Bahls, Daniel Duchow
  • thomas.bahlsdaniel.duchow_at_nsn.com
  • Nokia Siemens Networks
  • Broadband Access DivisionGreifswald, Germany
  • MIT 2008 Spam Conference, Cambridge, MA, USA,
    March 27-28

2
Outline
  1. Introduction Motivation
  2. The General IPclip Mechanism
  3. Anti-Spam Framework using IPclip
  4. Modifying the E-Mail Header
  5. A Typical Mail Flow
  6. Requirements and Constraints
  7. Advantages
  8. Summary

3
Introduction Motivation
  • Lack of user trustworthiness in the mass-medium
    Internet
  • Spam Masses of unsolicited bulk e-mails
    delivered by SMTP
  • What can be done against spam?
  • Detect?Trace?Prevent
  • Available anti-spam tools trigger on e-mail and
    header content
  • Data can be forged Spammers lie!
  • Anti-spam examples
  • DomainKeys Identified Mail (DKIM)
  • Sender Policy Framework (SPF)
  • SpamAssassin
  • and many more
  • We do have a spam problem!
  • No 100 solution out there!

4
Introduction Motivation
Public Switched Telephone Network vs. Internet
  • Public Switched Telephone Network
  • Line-switched
  • Call number identifies access line and an address
  • Direct interrelationship with location
    information (LI) Trust-by-Wire!
  • Internet
  • Packet-switched
  • IP addresses are ambiguous!
  • No interrelationship with LI No Trust-by-Wire
    (TBW)!
  • Trust-by-Authentication (TBA) to provide user
    trustworthiness?

SMTP and the Internet lack both TBW and TBA! How
do we restore the user's belief in e-mail
services?
5
Outline
  1. Introduction Motivation
  2. The General IPclip Mechanism
  3. Anti-Spam Framework using IPclip
  4. Modifying the E-Mail Header
  5. A Typical Mail Flow
  6. Requirements and Constraints
  7. Advantages
  8. Summary

6
The General IPclip Mechanism
IPclip is used to provide a useful degree of TBW
in IP networks
  • IPclip IP Calling Line Identification
    Presentation
  • Location information (e.g., GPS) is added to each
    IP packet as IP option ? Location information in
    IP
  • Either by the user or by the access node of an
    access network

7
The General IPclip Mechanism
What kind of location information do we use?
  • IP header can contain IP options
  • IP options show a type-length-value structure
  • Location information as value part of an IP
    option

8
The General IPclip Mechanism
Access network most reasonable place for
adding/verifying LI
  • Access node is the 1st trustworthy network
    element
  • User provided location information solely
    verified here
  • Access port access node ID as complementary
    information

9
The General IPclip Mechanism
Using IPclip for ensuring trustworthy location
information (LI) in IP
  • User provided LI trustworthy if within access
    nodes subscriber catchment area (SCA)
  • IPclip on access node sets flags in status field
    depending on LIs trustworthiness

Status Field Status Field Status Field Status Field
Removal Flag Peering Flag Source Flag Trustability Flag
Access Node's SCA (normalized coords)
10
The General IPclip Mechanism
Using IPclip for ensuring trustworthy location
information (LI)
  • User provided LI trustworthy if within access
    nodes subscriber catchment area

Source /Trustability Interpretation Status Flags
User provided / untrusted User LI incorrect. 00
User provided / trusted User LI correct. 01
Network provided / untrusted User LI incorrect and replaced. 10
Network provided / trusted No user LI. ANs LI added. 11
Access Node's SCA (normalized coords)
11
Outline
  1. Introduction Motivation
  2. The General IPclip Mechanism
  3. Anti-Spam Framework using IPclip
  4. Modifying the E-Mail Header
  5. A Typical Mail Flow
  6. Requirements and Constraints
  7. Advantages
  8. Summary

12
Anti-Spam Framework using IPclip
How to use IPclip and location information for
fighting spam?
  • IPclip adds location information on layer 3 as IP
    option
  • Mail transfer agents (MTAs) terminate IP ? We
    need location information on application layer
    (SMTP)
  • The first MTA copies location information in IP
    to e-mail header as location information in SMTP

From - lttimestampgt X-IPclip-Status 1100
X-IPclip-Type GPS X-IPclip-LI
ltlongitudelatitudegt X-IPclip-Port x
X-IPclip-AN A X-IPclip-MTA mx.senderhome.net
86.165.10.2 Return-Path ltsender_at_senderhome.net
gt Received from ...
13
Anti-Spam Framework using IPclip
Typical mail flow between Alice Bob (same
provider network)
14
Anti-Spam Framework using IPclip
4 cases can be distinguished when an e-mail
arrives at an MTA
  • These 4 different possibilities regarding the
    existence of location information (LI) in IP and
    LI in SMTP represent our framework

LI in IP LI in SMTP Interpretation
First MTA ? Insert LI in SMTP
E-mail originates from different provider domain
Not first MTA ? Forward e-mail
Something went wrong ? Treat with special care
2
5
15
Anti-Spam Framework using IPclip
Typical mail flow between Alice Bob (same
provider network)
16
Anti-Spam Framework using IPclip
Requirements and constraints for IPclip in this
use case
  • Fully IPclip-terminated domain, e.g., a
    self-contained provider network
  • IPclip is mandatory at all access nodes
  • IPclip-capable IP stack in relevant network
    devices
  • MTAs must understand location information (LI) in
    IP
  • MTAs must copy LI in IP to e-mail header as LI in
    SMTP
  • Mail User Agents or anti-spam tools must
    understand LI in SMTP to take advantage of it

17
Anti-Spam Framework using IPclip
Privacy issues revelation of sensitive user LI?
  • IPclip supports removal of location information
    (LI) in IP
  • IPclips status field contains removal flag (RF)
  • RF indicates removal of LI in SMTP at recipients
    MTA
  • Source and trustability flag not removed ?
    Trigger for anti-spam mechanisms without
    revealing LI
  • Use an encrypted format for LI

Status Field Status Field Status Field Status Field
Removal Flag (RF) Peering Flag Source Flag Trustability Flag
18
Anti-Spam Framework using IPclip
Advantages
Beneficial Aspect Explanation Benefit
1. Tracing Spam Tracing based on geographic location information More exact than WHOIS lookups of IP addresses
2. Classifying Spam Status flags are additional, trustworthy triggers for anti-spam tools like SpamAssassin More reliable classification of spam
19
Outline
  1. Introduction Motivation
  2. The General IPclip Mechanism
  3. Anti-Spam Framework using IPclip
  4. Modifying the E-Mail Header
  5. A Typical Mail Flow
  6. Requirements and Constraints
  7. Advantages
  8. Summary

20
Summary
  • Conceptual anti-spam framework using IPclip
  • IPclip adds location information (LI, e.g., GPS)
    to each IP packet
  • IPclip guarantees LIs trustworthiness
    (Trust-by-Wire)
  • IPclip-capable MTAs copy LI in IP to e-mail
    header as LI in SMTP
  • Benefits of the proposed approach

1. More precise tracing of spam by means of LI
2. More reliable classification of spam by means
of trustworthy status flags
21
  • Thank you! Any questions?peter.danielis_at_uni-rost
    ock.dehttp//www.imd.uni-rostock.de/networking

22
Introduction Motivation
Trust models for garantueeing trustworthiness of
a user
  • Trust-by-Wire (TBW)
  • Trusted interrelationship between a user and
    his/her geographic location
  • Example Given in Public Switched Telephone
    Network (PSTN)
  • Trust-by-Authentication (TBA)
  • Verification of user identity by means of safe
    information, e.g., passwords
  • Example Applied in the Internet

22
23
Anti-Spam Framework using IPclip
Possibilities for an e-mail sender in adding
location information
24
Anti-Spam Framework using IPclip
Can location information (LI) in SMTP be forged?
  • Yes, but forged LI in SMTP can be detected
  • First MTA knows it is the first one
  • LI in SMTP options may not exist at the first MTA
  • LI in IP only exists at first MTA

25
Mail flows between Alice, Bob Peter (different
provider nets)
Status Field Status Field Status Field Status Field
Removal Flag Peering Flag Source Flag Trustability Flag
26
Comparison DKIM, SPF, IPclip
Why IPclip, differences/benefits compared to
DKIM, SPF
DKIM SPF IPclip
Performance impact associated with scanning, encrypting and decrypting messages Internet domain owner must publish a complete list of every allowed network path Packet processing in wire speed No forwarding problem
No 100 spam protection No 100 spam protection Another trigger for classifying/tracing spam
Write a Comment
User Comments (0)
About PowerShow.com