Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

Slides:



Advertisements
Similar presentations
Network Operations Research Nick Feamster
Advertisements

Lecture 3 Title: Online Payment: Credit Card and PayPal
Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Red Flag Rules: What they are? & What you need to do
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
Graduate Application Project Design Concept Walkthrough
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web
Netiquette Rules.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Introduction to SAP R/3.
Using the Engaging Networks tools Ghazal Vaghedi Toronto February 21, 2012 #12ENCONF.
Broadcast service Core tools. Agenda 1.Introduction – tool and its main features 2.Setting up and sending a simple broadcast 3.Achieving.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Security Guidelines and Management
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
This document is for informational purposes only, and Tekelec reserves the right to change any aspect of the products, features or functionality described.
Credit Card Processing Overview. Credit Card Setup Overview  Call The Business Link ( ) Decide on Processor/Clearing House Software. Eprocess.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Session Initiation Protocol (SIP) 王承宇 張永霖.
Countermeasures of Spam over Internet Telephony in SIP.edu Campuses with MySQL and LDAP Support Speaker: Chang-Yu Wu Adviser: Dr. Quincy Wu School: National.
Phishing Problem Kristián Kučerák Milan Just. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power.
7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.
INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.
Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.
Andrew Allen Communication Service Identifier.
Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,
Copyright 2010, The World Bank Group. All Rights Reserved. Recommended Tabulations and Dissemination Section B.
CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.
Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim.
For state institutions and local governments How to introduce a payment module using VISS infrastructure?
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Securing Access to Data Using IPsec Josh Jones Cosc352.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Understand Protection LESSON Security Fundamentals.
Done by… Hanoof Al-Khaldi Information Assurance
I S P S loss Prevention.
Chris Wendt, David Hancock (Comcast)
Cross-Site Request Forgeries: Exploitation and Prevention
Fun gym Cambridge Nationals R001.
Fun gym Cambridge Nationals R001.
Attribute Based Addressing for SIP
Technology assistance
Slides Credit: Sogand Sadrhaghighi
Instructor Materials Chapter 5: Ensuring Integrity
Getting the Green Light on the Red Flags Rule
Presentation transcript:

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004

2 The Presentation… Overview of the problem of spam in SIP-based sessions Introduction to DAPES (Domain Authentication and Policy Enforcement for SIP) Introduction to “Bonded Domains” Future work and conclusion

3 Spam.. Formally, Spam can be defined as Unsolicited Bulk Communications (UBC) “Internet ” sent to a group of recipients who have not requested it The definition remains the same for SIP, but now we are talking in terms of SIP calls and instant messages

4 DAPES Supports communication with previously known and unknown entities Real-time and automated detection and classification of calls and instant messages as “spam” Prevents spoofing of domains, user identities Can be extended to ascertain trustworthiness of unknown entities

5 Domain Classification Classification of domains based on their identity instantiation and maintenance procedures plus other domain policies. Admission controlled domains Strict identity instantiation with long term relationships Example: Employees, students, bank customers Bonded domains Membership possible only through posting of bonds tied to a expected behavior Membership domains No personal verification of new members but verifiable identification required such as a valid credit card and/or payment Example: E-bay, phone and data carriers Open domains No limit or background check on identity creation and usage Example: Hotmail Open, rate limited domains Open but limits the number of messages per time unit and prevents account creation by bots Example: Yahoo

6 Authentication and Verification Verification of caller in two stages Verifying local user identities DIGEST authentication on INVITE and REGISTER Verifying outbound SIP proxies of incoming calls TLS Authentication and DNS SRV verification Reputation Information for determining trustworthiness of unknown caller Social Networks Problem can be reduced to “path existence” Does a friend I trust, trust this person Orkut, Friendster.. Reputation Systems Maintain records for domains and users and their reputation information and classification for domains. Support reputation queries and reputation updates by authenticated, valid and trustworthy users.

7 DAPES Architecture of DAPES

8 Bonded Domains Introduced in DAPES Spamming motivated by financial gains Imposes financial restrictions on potential spammers Idea is to ask users to post bonds against sending spam Have to ensure optimal bond amount and correct channeling of bond proceeds for successful working of the system

9 Reputation in social networks There are several types of social networks providing a rich source of reputation information Study aims to analyze relevant social networks and isolate features necessary for extracting correct reputation information

10 Conclusion As IP telephony becomes more popular, spammers will target SIP-based communication for sending spam It is necessary to build in features into SIP-domains to ensure that SIP-based communications do not fall prey to spam like in the case of

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.