Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann

1
Complementing E-Mails withDistinct, Geographic
Location Informationin Packet-switched IP
Networks

• Stephan Kubisch, Harald Widiger, Peter
  Danielis,Jens Schulz, Dirk Timmermann
• stephan.kubischpeter.danielis_at_uni-rostock.de
• University of Rostock
• Institute of Applied Microelectronics and
  Computer Engineering
• Thomas Bahls, Daniel Duchow
• thomas.bahlsdaniel.duchow_at_nsn.com
• Nokia Siemens Networks
• Broadband Access DivisionGreifswald, Germany
• MIT 2008 Spam Conference, Cambridge, MA, USA,
  March 27-28

2
Outline

1. Introduction Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
4. Modifying the E-Mail Header
5. A Typical Mail Flow
6. Requirements and Constraints
7. Advantages
8. Summary

3
Introduction Motivation

• Lack of user trustworthiness in the mass-medium
  Internet
• Spam Masses of unsolicited bulk e-mails
  delivered by SMTP
• What can be done against spam?
• Detect?Trace?Prevent
• Available anti-spam tools trigger on e-mail and
  header content
• Data can be forged Spammers lie!
• Anti-spam examples
• DomainKeys Identified Mail (DKIM)
• Sender Policy Framework (SPF)
• SpamAssassin
• and many more

• We do have a spam problem!

• No 100 solution out there!

4
Introduction Motivation
Public Switched Telephone Network vs. Internet

• Public Switched Telephone Network
• Line-switched
• Call number identifies access line and an address
• Direct interrelationship with location
  information (LI) Trust-by-Wire!
• Internet
• Packet-switched
• IP addresses are ambiguous!
• No interrelationship with LI No Trust-by-Wire
  (TBW)!
• Trust-by-Authentication (TBA) to provide user
  trustworthiness?

SMTP and the Internet lack both TBW and TBA! How
do we restore the user's belief in e-mail
services?
5
Outline

1. Introduction Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
4. Modifying the E-Mail Header
5. A Typical Mail Flow
6. Requirements and Constraints
7. Advantages
8. Summary

6
The General IPclip Mechanism
IPclip is used to provide a useful degree of TBW
in IP networks

• IPclip IP Calling Line Identification
  Presentation
• Location information (e.g., GPS) is added to each
  IP packet as IP option ? Location information in
  IP
• Either by the user or by the access node of an
  access network

7
The General IPclip Mechanism
What kind of location information do we use?

• IP header can contain IP options
• IP options show a type-length-value structure
• Location information as value part of an IP
  option

8
The General IPclip Mechanism
Access network most reasonable place for
adding/verifying LI

• Access node is the 1st trustworthy network
  element
• User provided location information solely
  verified here
• Access port access node ID as complementary
  information

9
The General IPclip Mechanism
Using IPclip for ensuring trustworthy location
information (LI) in IP

• User provided LI trustworthy if within access
  nodes subscriber catchment area (SCA)
• IPclip on access node sets flags in status field
  depending on LIs trustworthiness

Status Field Status Field Status Field Status Field
Removal Flag Peering Flag Source Flag Trustability Flag
Access Node's SCA (normalized coords)
10
The General IPclip Mechanism
Using IPclip for ensuring trustworthy location
information (LI)

• User provided LI trustworthy if within access
  nodes subscriber catchment area

Source /Trustability Interpretation Status Flags
User provided / untrusted User LI incorrect. 00
User provided / trusted User LI correct. 01
Network provided / untrusted User LI incorrect and replaced. 10
Network provided / trusted No user LI. ANs LI added. 11
Access Node's SCA (normalized coords)
11
Outline

1. Introduction Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
4. Modifying the E-Mail Header
5. A Typical Mail Flow
6. Requirements and Constraints
7. Advantages
8. Summary

12
Anti-Spam Framework using IPclip
How to use IPclip and location information for
fighting spam?

• IPclip adds location information on layer 3 as IP
  option
• Mail transfer agents (MTAs) terminate IP ? We
  need location information on application layer
  (SMTP)
• The first MTA copies location information in IP
  to e-mail header as location information in SMTP

From - lttimestampgt X-IPclip-Status 1100
X-IPclip-Type GPS X-IPclip-LI
ltlongitudelatitudegt X-IPclip-Port x
X-IPclip-AN A X-IPclip-MTA mx.senderhome.net
86.165.10.2 Return-Path ltsender_at_senderhome.net
gt Received from ...
13
Anti-Spam Framework using IPclip
Typical mail flow between Alice Bob (same
provider network)
14
Anti-Spam Framework using IPclip
4 cases can be distinguished when an e-mail
arrives at an MTA

• These 4 different possibilities regarding the
  existence of location information (LI) in IP and
  LI in SMTP represent our framework

LI in IP LI in SMTP Interpretation
First MTA ? Insert LI in SMTP
E-mail originates from different provider domain
Not first MTA ? Forward e-mail
Something went wrong ? Treat with special care
2
5
15
Anti-Spam Framework using IPclip
Typical mail flow between Alice Bob (same
provider network)
16
Anti-Spam Framework using IPclip
Requirements and constraints for IPclip in this
use case

• Fully IPclip-terminated domain, e.g., a
  self-contained provider network
• IPclip is mandatory at all access nodes
• IPclip-capable IP stack in relevant network
  devices
• MTAs must understand location information (LI) in
  IP
• MTAs must copy LI in IP to e-mail header as LI in
  SMTP
• Mail User Agents or anti-spam tools must
  understand LI in SMTP to take advantage of it

17
Anti-Spam Framework using IPclip
Privacy issues revelation of sensitive user LI?

• IPclip supports removal of location information
  (LI) in IP
• IPclips status field contains removal flag (RF)
• RF indicates removal of LI in SMTP at recipients
  MTA
• Source and trustability flag not removed ?
  Trigger for anti-spam mechanisms without
  revealing LI
• Use an encrypted format for LI

Status Field Status Field Status Field Status Field
Removal Flag (RF) Peering Flag Source Flag Trustability Flag
18
Anti-Spam Framework using IPclip
Advantages
Beneficial Aspect Explanation Benefit
1. Tracing Spam Tracing based on geographic location information More exact than WHOIS lookups of IP addresses
2. Classifying Spam Status flags are additional, trustworthy triggers for anti-spam tools like SpamAssassin More reliable classification of spam
19
Outline

1. Introduction Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
4. Modifying the E-Mail Header
5. A Typical Mail Flow
6. Requirements and Constraints
7. Advantages
8. Summary

20
Summary

• Conceptual anti-spam framework using IPclip

• IPclip adds location information (LI, e.g., GPS)
  to each IP packet

• IPclip guarantees LIs trustworthiness
  (Trust-by-Wire)

• IPclip-capable MTAs copy LI in IP to e-mail
  header as LI in SMTP

• Benefits of the proposed approach

1. More precise tracing of spam by means of LI
2. More reliable classification of spam by means
of trustworthy status flags
21

• Thank you! Any questions?peter.danielis_at_uni-rost
  ock.dehttp//www.imd.uni-rostock.de/networking

22
Introduction Motivation
Trust models for garantueeing trustworthiness of
a user

• Trust-by-Wire (TBW)
• Trusted interrelationship between a user and
  his/her geographic location
• Example Given in Public Switched Telephone
  Network (PSTN)
• Trust-by-Authentication (TBA)
• Verification of user identity by means of safe
  information, e.g., passwords
• Example Applied in the Internet

22
23
Anti-Spam Framework using IPclip
Possibilities for an e-mail sender in adding
location information
24
Anti-Spam Framework using IPclip
Can location information (LI) in SMTP be forged?

• Yes, but forged LI in SMTP can be detected
• First MTA knows it is the first one
• LI in SMTP options may not exist at the first MTA
• LI in IP only exists at first MTA

25
Mail flows between Alice, Bob Peter (different
provider nets)
Status Field Status Field Status Field Status Field
Removal Flag Peering Flag Source Flag Trustability Flag
26
Comparison DKIM, SPF, IPclip
Why IPclip, differences/benefits compared to
DKIM, SPF
DKIM SPF IPclip
Performance impact associated with scanning, encrypting and decrypting messages Internet domain owner must publish a complete list of every allowed network path Packet processing in wire speed No forwarding problem
No 100 spam protection No 100 spam protection Another trigger for classifying/tracing spam