Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann University of Rostock Institute.

Slides:

Advertisements

Similar presentations

Exercises and Solutions Lecture 1

Advertisements

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

A P2P-based Storage Platform for Storing Session Data in Internet Access Networks T. Bahls, D. Duchow Nokia Siemens Networks Broadband Access Division.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Firewalls and Intrusion Detection Systems

Lesson 7: Business, , & Personal Information Management

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

1 Enhancing Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Internet Networking Spring 2003

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Networks Evolving? Justin Champion C208 Ext:3723

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

Chapter 2 Network Models.

The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

Towards Modeling Legitimate and Unsolicited Traffic Using Social Network Properties 1 Towards Modeling Legitimate and Unsolicited Traffic Using.

Forensic and Investigative Accounting

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Protocols and the TCP/IP Suite

William Stallings Data and Computer Communications 7 th Edition Data Communications and Networks Overview Protocols and Architecture.

Mukesh N. Tekwani Elphinstone College Mumbai

Network Protocol Models and Architecture Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.

Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Of Rostock University DuDE: A D istributed Computing System u sing a D ecentralized P2P E nvironment The 4th International Workshop on Architectures, Services.

TCP/IP Transport and Application (Topic 6)

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

MODULE I NETWORKING CONCEPTS.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

C August 24, 2004 Page 1 SMS Spam Control Nobuyuki Uchida QUALCOMM Incorporated Notice ©2004 QUALCOMM Incorporated. All rights reserved.

Labelcast Protocol Presented by Wang Hui 80th IETF, March 2011 draft-sunzhigang-sam-labelcast-01.

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

BZUPAGES.COM Presentation on TCP/IP Presented to: Sir Taimoor Presented by: Jamila BB Roll no Nudrat Rehman Roll no

LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,

Prepared by Engr.Jawad Ali BSc(Hons)Computer Systems Engineering University of Engineering and Technology Peshawar.

1 LAN – local area network overview: 1.Types of networks 2.Network topology 3.LAN local area networks 4.Introduction to TCP/IP 5.IEEE / Wireless.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

K. Salah1 Security Protocols in the Internet IPSec.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.

Virtual Local Area Networks In Security By Mark Reed.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Anti-Spam Managing Spam with Kerio Connect

Internet Business Associate v2.0

The Devil and Packet Trace Anonymization

Internet Protocol: Connectionless Datagram Delivery

Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park

Lec 5 Layers Computer Networks Al-Mustansiryah University

By Ian Foster, Jon Larson, Max Masich, Alex C

Social Media And Global Computing Sending

Secure Access Node: An FPGA-based Security Architecture for Access Networks The Sixth International Conference on Internet Monitoring and Protection (ICIMP.

Chapter 15 – Part 2 Networks The Internal Operating System

Outline Using cryptography in networks IPSec SSL and TLS.

William Stallings Data and Computer Communications

A Configurable FPGA-Based Traffic Generator for High-Performance Tests of Packet Processing Systems The Sixth International Conference on Internet Monitoring.

WJEC GCSE Computer Science

Protection Mechanisms in Security Management

NET 323D: Networks Protocols

Presentation transcript:

Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann University of Rostock Institute of Applied Microelectronics and Computer Engineering Thomas Bahls, Daniel Duchow Nokia Siemens Networks Broadband Access Division Greifswald, Germany MIT 2008 Spam Conference, Cambridge, MA, USA, March Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks

Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Location Information in Packet-switched IP Networks 1.Introduction & Motivation Lack of user trustworthiness in the mass-medium Internet  Spam: Masses of unsolicited bulk s delivered by SMTP What can be done against spam? – Detect  Trace  Prevent Available anti-spam tools trigger on and header content Data can be forged: Spammers lie! Anti-spam examples – DomainKeys Identified Mail (DKIM) – Sender Policy Framework (SPF) – SpamAssassin – … and many more MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Location Information in Packet-switched IP Networks 1.Introduction & Motivation MIT 2008 Spam Conference, Cambridge, MA, USA, March SMTP and the Internet lack both TBW and TBA! How do we restore the user's belief in services? SMTP and the Internet lack both TBW and TBA! How do we restore the user's belief in services? Public Switched Telephone Network vs. Internet 4

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March IPclip = IP Calling Line Identification Presentation Location information (e.g., GPS) is added to each IP packet as IP option  Location information in IP – Either by the user or by the access node of an access network IPclip is used to provide a useful degree of TBW in IP networks

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March IP header can contain IP options IP options show a type-length-value structure Location information as value part of an IP option What kind of location information do we use?

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism Access node is the 1st trustworthy network element – User provided location information solely verified here – Access port + access node ID as complementary information MIT 2008 Spam Conference, Cambridge, MA, USA, March Access network most reasonable place for adding/verifying LI

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March User provided LI trustworthy if within access node‘s subscriber catchment area (SCA) IPclip on access node sets flags in status field depending on LI‘s trustworthiness Access Node's SCA (normalized coords) Using IPclip for ensuring trustworthy location information (LI) in IP Status Field Removal Flag Peering Flag Source Flag Trustability Flag

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March User provided LI trustworthy if within access node‘s subscriber catchment area Source / Trustability InterpretationStatus Flags User provided / untrusted User LI incorrect. 00 User provided / trusted User LI correct.01 Network provided / untrusted User LI incorrect and replaced. 10 Network provided / trusted No user LI. AN‘s LI added. 11 Access Node's SCA (normalized coords) Using IPclip for ensuring trustworthy location information (LI)

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip IPclip adds location information on layer 3 as IP option Mail transfer agents (MTAs) terminate IP  We need location information on application layer (SMTP)  The first MTA copies location information in IP to header as location information in SMTP MIT 2008 Spam Conference, Cambridge, MA, USA, March How to use IPclip and location information for fighting spam?

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March Typical mail flow between Alice & Bob (same provider network)

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip These 4 different possibilities regarding the existence of location information (LI) in IP and LI in SMTP represent our framework MIT 2008 Spam Conference, Cambridge, MA, USA, March LI in IPLI in SMTPInterpretation First MTA  Insert LI in SMTP originates from different provider domain Not first MTA  Forward Something went wrong  Treat with special care 4 cases can be distinguished when an arrives at an MTA 2 5

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March Typical mail flow between Alice & Bob (same provider network)

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip Fully IPclip-terminated domain, e.g., a self- contained provider network – IPclip is mandatory at all access nodes IPclip-capable IP stack in relevant network devices – MTAs must understand location information (LI) in IP – MTAs must copy LI in IP to header as LI in SMTP – Mail User Agents or anti-spam tools must understand LI in SMTP to take advantage of it MIT 2008 Spam Conference, Cambridge, MA, USA, March Requirements and constraints for IPclip in this use case

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip IPclip supports removal of location information (LI) in IP IPclip‘s status field contains removal flag (RF) – RF indicates removal of LI in SMTP at recipient‘s MTA – Source and trustability flag not removed  Trigger for anti-spam mechanisms without revealing LI Use an encrypted format for LI MIT 2008 Spam Conference, Cambridge, MA, USA, March Privacy issues – revelation of sensitive user LI? Status Field Removal Flag (RF)Peering FlagSource FlagTrustability Flag

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March Advantages Beneficial AspectExplanationBenefit 1. Tracing SpamTracing based on geographic location information More exact than WHOIS lookups of IP addresses 2. Classifying SpamStatus flags are additional, trustworthy triggers for anti- spam tools like SpamAssassin More reliable classification of spam

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March IPclip adds location information (LI, e.g., GPS) to each IP packet 1. More precise tracing of spam by means of LI 2. More reliable classification of spam by means of trustworthy status flags 2. More reliable classification of spam by means of trustworthy status flags Conceptual anti-spam framework using IPclip Benefits of the proposed approach IPclip guarantees LI’s trustworthiness (Trust-by-Wire) IPclip-capable MTAs copy LI in IP to header as LI in SMTP

Complementing s with Location Information in Packet-switched IP Networks Thank you! Any questions? MIT 2008 Spam Conference, Cambridge, MA, USA, March

Complementing s with Location Information in Packet-switched IP Networks 1.Introduction & Motivation Trust-by-Wire (TBW) Trusted interrelationship between a user and his/her geographic location Example: Given in Public Switched Telephone Network (PSTN) Trust-by-Authentication (TBA) Verification of user identity by means of safe information, e.g., passwords Example: Applied in the Internet MIT 2008 Spam Conference, Cambridge, MA, USA, March Trust models for garantueeing trustworthiness of a user 22

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March Possibilities for an sender in adding location information

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip Yes, but forged LI in SMTP can be detected First MTA knows it is the first one – LI in SMTP options may not exist at the first MTA – LI in IP only exists at first MTA MIT 2008 Spam Conference, Cambridge, MA, USA, March Can location information (LI) in SMTP be forged?

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks MIT 2008 Spam Conference, Cambridge, MA, USA, March Mail flows between Alice, Bob & Peter (different provider nets) Status Field Removal FlagPeering FlagSource FlagTrustability Flag

Complementing s with Distinct, Geographic Location Information in Packet-switched IP Networks Comparison DKIM, SPF, IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March Why IPclip, differences/benefits compared to DKIM, SPF DKIMSPFIPclip Performance impact associated with scanning, encrypting and decrypting messages Internet domain owner must publish a complete list of every allowed network path Packet processing in wire speed No „forwarding problem“ No 100 % spam protection Another trigger for classifying/tracing spam