Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann University of Rostock Institute.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann University of Rostock Institute."— Presentation transcript:

1 Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann {stephan.kubisch;peter.danielis}@uni-rostock.de University of Rostock Institute of Applied Microelectronics and Computer Engineering Thomas Bahls, Daniel Duchow {thomas.bahls;daniel.duchow}@nsn.com Nokia Siemens Networks Broadband Access Division Greifswald, Germany MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks

2 Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the E-Mail Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 2

3 Complementing E-Mails with Location Information in Packet-switched IP Networks 1.Introduction & Motivation Lack of user trustworthiness in the mass-medium Internet  Spam: Masses of unsolicited bulk e-mails delivered by SMTP What can be done against spam? – Detect  Trace  Prevent Available anti-spam tools trigger on e-mail and header content Data can be forged: Spammers lie! Anti-spam examples – DomainKeys Identified Mail (DKIM) – Sender Policy Framework (SPF) – SpamAssassin – … and many more MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 3

4 Complementing E-Mails with Location Information in Packet-switched IP Networks 1.Introduction & Motivation MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 SMTP and the Internet lack both TBW and TBA! How do we restore the user's belief in e-mail services? SMTP and the Internet lack both TBW and TBA! How do we restore the user's belief in e-mail services? Public Switched Telephone Network vs. Internet 4

5 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the E-Mail Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 5

6 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 6 IPclip = IP Calling Line Identification Presentation Location information (e.g., GPS) is added to each IP packet as IP option  Location information in IP – Either by the user or by the access node of an access network IPclip is used to provide a useful degree of TBW in IP networks

7 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 7 IP header can contain IP options IP options show a type-length-value structure Location information as value part of an IP option What kind of location information do we use?

8 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism Access node is the 1st trustworthy network element – User provided location information solely verified here – Access port + access node ID as complementary information MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 8 Access network most reasonable place for adding/verifying LI

9 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 9 User provided LI trustworthy if within access node‘s subscriber catchment area (SCA) IPclip on access node sets flags in status field depending on LI‘s trustworthiness Access Node's SCA (normalized coords) Using IPclip for ensuring trustworthy location information (LI) in IP Status Field Removal Flag Peering Flag Source Flag Trustability Flag

10 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 2.The General IPclip Mechanism MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 10 User provided LI trustworthy if within access node‘s subscriber catchment area Source / Trustability InterpretationStatus Flags User provided / untrusted User LI incorrect. 00 User provided / trusted User LI correct.01 Network provided / untrusted User LI incorrect and replaced. 10 Network provided / trusted No user LI. AN‘s LI added. 11 Access Node's SCA (normalized coords) Using IPclip for ensuring trustworthy location information (LI)

11 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the E-Mail Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 11

12 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip IPclip adds location information on layer 3 as IP option Mail transfer agents (MTAs) terminate IP  We need location information on application layer (SMTP)  The first MTA copies location information in IP to e-mail header as location information in SMTP MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 12 How to use IPclip and location information for fighting spam?

13 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 13 Typical mail flow between Alice & Bob (same provider network)

14 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip These 4 different possibilities regarding the existence of location information (LI) in IP and LI in SMTP represent our framework MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 14 LI in IPLI in SMTPInterpretation First MTA  Insert LI in SMTP E-mail originates from different provider domain Not first MTA  Forward e-mail Something went wrong  Treat with special care 4 cases can be distinguished when an e-mail arrives at an MTA 2 5

15 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 15 Typical mail flow between Alice & Bob (same provider network)

16 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip Fully IPclip-terminated domain, e.g., a self- contained provider network – IPclip is mandatory at all access nodes IPclip-capable IP stack in relevant network devices – MTAs must understand location information (LI) in IP – MTAs must copy LI in IP to e-mail header as LI in SMTP – Mail User Agents or anti-spam tools must understand LI in SMTP to take advantage of it MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 16 Requirements and constraints for IPclip in this use case

17 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip IPclip supports removal of location information (LI) in IP IPclip‘s status field contains removal flag (RF) – RF indicates removal of LI in SMTP at recipient‘s MTA – Source and trustability flag not removed  Trigger for anti-spam mechanisms without revealing LI Use an encrypted format for LI MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 17 Privacy issues – revelation of sensitive user LI? Status Field Removal Flag (RF)Peering FlagSource FlagTrustability Flag

18 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 18 Advantages Beneficial AspectExplanationBenefit 1. Tracing SpamTracing based on geographic location information More exact than WHOIS lookups of IP addresses 2. Classifying SpamStatus flags are additional, trustworthy triggers for anti- spam tools like SpamAssassin More reliable classification of spam

19 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks Outline 1.Introduction & Motivation 2.The General IPclip Mechanism 3.Anti-Spam Framework using IPclip 1.Modifying the E-Mail Header 2.A Typical Mail Flow 3.Requirements and Constraints 4.Advantages 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 19

20 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 4.Summary MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 20 IPclip adds location information (LI, e.g., GPS) to each IP packet 1. More precise tracing of spam by means of LI 2. More reliable classification of spam by means of trustworthy status flags 2. More reliable classification of spam by means of trustworthy status flags Conceptual anti-spam framework using IPclip Benefits of the proposed approach IPclip guarantees LI’s trustworthiness (Trust-by-Wire) IPclip-capable MTAs copy LI in IP to e-mail header as LI in SMTP

21 Complementing E-Mails with Location Information in Packet-switched IP Networks Thank you! Any questions? peter.danielis@uni-rostock.de http://www.imd.uni-rostock.de/networking MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 21

22 Complementing E-Mails with Location Information in Packet-switched IP Networks 1.Introduction & Motivation Trust-by-Wire (TBW) Trusted interrelationship between a user and his/her geographic location Example: Given in Public Switched Telephone Network (PSTN) Trust-by-Authentication (TBA) Verification of user identity by means of safe information, e.g., passwords Example: Applied in the Internet MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 Trust models for garantueeing trustworthiness of a user 22

23 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 23 Possibilities for an e-mail sender in adding location information

24 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks 3.Anti-Spam Framework using IPclip Yes, but forged LI in SMTP can be detected First MTA knows it is the first one – LI in SMTP options may not exist at the first MTA – LI in IP only exists at first MTA MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 24 Can location information (LI) in SMTP be forged?

25 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 25 Mail flows between Alice, Bob & Peter (different provider nets) Status Field Removal FlagPeering FlagSource FlagTrustability Flag

26 Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks Comparison DKIM, SPF, IPclip MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28 26 Why IPclip, differences/benefits compared to DKIM, SPF DKIMSPFIPclip Performance impact associated with scanning, encrypting and decrypting messages Internet domain owner must publish a complete list of every allowed network path Packet processing in wire speed No „forwarding problem“ No 100 % spam protection Another trigger for classifying/tracing spam

Download ppt "Stephan Kubisch, Harald Widiger, Peter Danielis, Jens Schulz, Dirk Timmermann University of Rostock Institute."

Similar presentations

Exercises and Solutions Lecture 1

Exercises and Solutions Lecture 1
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
A P2P-based Storage Platform for Storing Session Data in Internet Access Networks T. Bahls, D. Duchow Nokia Siemens Networks Broadband Access Division.

A P2P-based Storage Platform for Storing Session Data in Internet Access Networks T. Bahls, D. Duchow Nokia Siemens Networks Broadband Access Division.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
1 Enhancing Email Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.

1 Enhancing Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Internet Networking Spring 2003

Internet Networking Spring 2003
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Networks Evolving? Justin Champion C208 Ext:3723 www.staffs.ac.uk/personal/engineering_and_technology/jjc1.

Networks Evolving? Justin Champion C208 Ext:3723
COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.
Chapter 2 Network Models.

Chapter 2 Network Models.

Similar presentations

Ads by Google