Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods



Similar documents
A Phased Framework for Countering VoIP SPAM

An outline of the security threats that face SIP based VoIP and other real-time applications

Internet Telephony Terminology

Prevention of Spam over IP Telephony (SPIT)

Voice Printing And Reachability Code (VPARC) Mechanism for prevention of Spam over IP Telephony (SPIT)

Mobile IP Network Layer Lesson 01 OSI (open systems interconnection) Seven Layer Model and Internet Protocol Layers

Methods for Lawful Interception in IP Telephony Networks Based on H.323

SPAM over Internet Telephony (SPIT) und Abwehrmöglichkeiten

White Paper Integration of TTY Calls into a Call Center Using the Placeholder Call Technique Updated: February 2007

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

A Study on Countering VoIP Spam using RBL

An Introduction to VoIP Protocols

Application Note - Using Tenor behind a Firewall/NAT

Configuring the Sonus SBC 2000 with Cisco Unified Call Manager 10.5 for Verizon Deployment

ZyXEL IP PBX Support Note. ZyXEL IP PBX (X2002) VoIP. Support Notes

Integration of GSM Module with PC Mother Board (GSM Trunking) WHITE/Technical PAPER. Author: Srinivasa Rao Bommana

Contents. Specialty Answering Service. All rights reserved.

Creating your own service profile for SJphone

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

EZLoop IP-PBX Enterprise SIP Server

Enabling Users for Lync services

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

SIM Configuration Guide. February 2015 Version 1 Document Reference: 8127

Office Link System for FOMA Internal Line Connections

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

ETM System SIP Trunk Support Technical Discussion

Detecting Spam in VoIP Networks. Ram Dantu Prakash Kolan

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Introduction to Computer Security Benoit Donnet Academic Year

Release the full potential of your Cisco Call Manager with Ingate Systems

BEng (Hons) Telecommunications. Examinations for / Semester 1

Setting Up Message Notifications in Cisco Unity 8.x

Link Gate SIP. (Firmware version 1.20)

ICE 008 IP PBX. 1. Product Information New Mini PBX Features System Features

Telephone Charging System

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Digium Switchvox AA65 PBX Configuration

VoIP / SIP Planning and Disclosure

Preparatory Meeting for Phase 2 of Philippine National ENUM Trial

METHODS OF INTEGRATING mvoip IN ADDITION TO A VoIP ENVIRONMENT

NAT TCP SIP ALG Support

Integrating notification services in computer network and mobile telephony

Feature and Technical

Any to Any Connectivity Transparent Deployment Site Survivability

OFFICEED Service System

Prevention of Anomalous SIP Messages

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

Universal Unified Communications Integration

of the existing VoLTE roaming and interconnection architecture. This article compares existing circuit-switched models with the earlier

Introduction to VoIP Technology

Configuration Notes 290

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Communications and Networking

Chapter 10 Session Initiation Protocol. Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University

Device SIP Trunking Administrator Manual

Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670

Fonality. Optimum Business Trunking and the Fonality Trixbox Pro IP PBX Standard Edition V p13 Configuration Guide

SIP Security Controllers. Product Overview

Transport Layer Protocols

Interactive Voice Response System by Using Asterisk

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

spiderstar VoIP Interface Version 4.0 User manual

Category: ClearTrunk Hosted PBX Features

How to make free phone calls and influence people by the grugq

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

architecture: what the pieces are and how they fit together names and addresses: what's your name and number?

Virtual Call Center. Dragan Savić, Sara Stančin, Grega Jakus, Sašo Tomažič University of Ljubljana, Faculty of Electrical Engineering

Frequently Asked Questions about Integrated Access

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Using MIS 3e Chapter 6A Appendix

Application Notes Rev. 1.0 Last Updated: February 3, 2015

Ingate Firewall/SIParator SIP Security for the Enterprise

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

VoIP Conformance Labs

Updated Since :

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Building the Lync Security Eco System in the Cloud Fact Sheet.

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Virtual FAX Function in Vigor IPPBX 2820 Series

Functional Specifications Document

mobile unified communications client and docking station

VOICE OVER IP SECURITY

Network Technologies

VoIP telephony over internet

Proxies. Chapter 4. Network & Security Gildas Avoine

Chapter 11 Cloud Application Development

With 360 Cloud VoIP, your company will benefit from more advanced features:

com.sat IP Basic ISDN

Step into the next level of office communication

[Asterisk IP Telephony Solutions]

Application Notes Rev. 1.0 Last Updated: January 9, 2015

SIP Trunking using the EdgeMarc Network Services Gateway and the Mitel 3300 ICP IP-PBX

Cisco Emergency Responder 9.0

Session Initiation Protocol (SIP) The Emerging System in IP Telephony

Securing SIP Trunks APPLICATION NOTE.

Internet Telephony PBX System. IPX-300 Series. Quick Installation Guide

3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW

Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006

IP- PBX. Functionality Options

Transcription:

보안공학연구논문지 (Journal of Security Engineering), 제 10권 제 1호 2013년 2월 Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods Ji-Yeon Kim 1), Hyung-Jong Kim 2) Abstract VoIP (Voice over Internet Protocol) services can be abused by spammers who send out commercial messages in bulk due to their cost saving effects. However, an effort to prevent spam has hardly been made in implementing VoIP system, so that a spam reporting system that collects various types of VoIP spam and makes use of them to impose legal sanctions or to improve spam filtering techniques has not yet been developed. In this paper, we propose a VoIP spam reporting system by extending an existing spam reporting system of mobile phones. We design a message format for reporting VoIP spam by analyzing CDR (Call Detailed Records) that can be obtained from VoIP devices, and propose various paths which connect VoIP phones to spam reporting servers. In addition, we design the system modules and elicit their functional requirements of hardware and software. Keywords : VoIP (Voice over Internet Protocol), SPIT (SPam over Internet Telephony), Spam reporting system 1. Introduction Spam refers to unsolicited commercial messages, and is sent to many random recipients one-sidedly [1][2]. Email spam is a representative of spam with no charge for use, and call spam and SMS spam through mobile phones have also increased with the widespread use of mobile phones. Recently, as the number of VoIP users increases due to cost savings, VoIP spam is also being appeared. As far as email spam and mobile phone spam are concerned, there are many countermeasures such as not only various spam filtering techniques but also an ex post facto measure such as a spam reporting system. A spam reporting system makes users to send spam contents containing information about spammers to spam reporting servers with a simple operation. In addition, it can be used to impose legal sanctions or to update spam database. However, no spam reporting system has been operated for VoIP, because hardly any spam filtering techniques has been applied to VoIP system yet. In this paper, we propose a spam reporting system for VoIP spam, including a reporting message Received(January 09, 2013), Review request(january 10, 2013), Review Result(1st: January 28, 2013, 2nd: February 07, 2013) Accepted(February 28, 2013) 1 139-774, Department of Information Security, Seoul Women s University, Korea email: jykim07@swu.ac.kr 2 (Corresponding author) 139-774, Department of Information Security, Seoul Women s University, Korea email: hkim@swu.ac.kr * This work was supported by a special research grant from Seoul Women s University (2012). 1

Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods format, reporting paths, and a method for constructing the system. We design the system by extending a spam reporting system of mobile phones operated by Korea Internet Security Agency (KISA). In regard to the KISA s system, there is only a reporting path using MO (Mobile Originated) service due to limitations of mobile phones, such as an expensive usage charges for internet access through 2G or 3G network. In comparison, reporting charges for VoIP spam can be free or small costs, because VoIP uses wired or wireless internet network, such as Wi-Fi (Wireless Fidelity), WiBro (Wireless Brodband Internet), and HSPA (High Speed Packet Access). In addition, various TCP/IP-based applications can be installed on VoIP phones, so that we can make reporting messages in different ways. For these reasons, we suggest various reporting methods using not only MO service but also Web service, SMTP (Simple Mail Transfer Protocol) service and an application specialized spam reporting system. The remainder of this paper is organized as follows. In section 2, we describes various types of VoIP spam and the existing spam reporting system, and CDR that can be obtained in IP-PBX (Private Branch exchange) to suggest a message format. In section 3 and 4, we design the message format and propose various reporting paths. In section 5, we suggest main modules of the system and elicit their functional requirements. Finally, the conclusions and future work are presented in section 6. 2. Background In VoIP, there are many types of spam such as call spam, SMS spam, callback URL spam, IM spam, and presence spam. From the users viewpoint, those can be classified into two types of spam, voice spam and text spam. Call spam belongs to the voice spam and the text spam comprises the others. In this work, we define a message format that can distinguish the two types of spam. In addition, we refer to the existing reporting system of mobile phones operated by KISA, which uses five indices for reporting spam such as connected number, calling number, receiving time, contents, and a call type [3]. To develop the additional indices for VoIP spam, we look at CDR information that can be collected from IP-PBX [4]. Table 1 shows the information classified into three parts, call, caller, and callee. [Table 1] CDR information of IP-PBX Classification Call Caller Callee Call Detailed Records sequence number, call connected time, duration, internal fail code, call initiation time, release time, call type origination IP address, original calling number, calling number, calling user group, calling tenant group, outgoing route, outgoing route name dialed number, called user group, called tenant group, incoming route name, incoming route 2

보안공학연구논문지 (Journal of Security Engineering), 제 10권 제 1호 2013년 2월 3. Design of a message format of VoIP spam reporting system All the indices required to report mobile phone spam can also be made use of for VoIP spam. In order to develop the additional indices, we need to look at the column of caller in Table 1 to get information about spam caller. Origination IP address is an IP address of a calling party s phone which is used for call signaling. Original calling number refers to a calling line, and it defers from a calling number that can be changed by callers. Calling number is the same as the existing index for mobile phone spam. However, the other three indices cannot provide information about the end user, because those are information associated with IP-PBX, multi-tenant, and outgoing trunk, respectively. Thus, we have defined the format by developing two additional indices, origination IP address and original calling number, as shown in Table 2. [Table 2] A message format of VoIP spam reporting system Index Origination IP address Original calling number Calling number Connected number Receiving time Call type Contents Descriptions IP address used for call signaling Calling number used for call signaling Calling number shown on display of callee Dialed number received VoIP spam The time at which the spam arrived at the phone The title of event reported spam Voice spam : Voice Text spam : SMS, IM, CBURLSMS, Presence Spam messages arrived at the phone In case that original calling number is forged, we can find the place of dispatch by tracing origination IP address. However, in order to trace the address, some premises are required as below. Premise 1. VoIP phones should be able to analyze SIP messages. Premise 2. Both caller and callee should be VoIP user. Premise 3. Origination IP address should not be modified and spoofed by service providers or attackers. Premise 4. VoIP phones should use public IP address. Since origination IP address is included in a SIP message sent to a VoIP phone, the phones should be able to analyze the SIP message to extract the address. If one of the caller and callee does not use VoIP, a SIP message is translated in trunk gateway of mobile phone providers, so that a SIP message cannot be sent to 3

Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods VoIP phones. In addition, even though we succeed in tracing the address, the address should be correct and should not use private IP address to identify a spammer. 4. Development of reporting paths of VoIP spam reporting system As far as the KISA s system is concerned, it sends reporting messages in the form of SMS by using MO service. In comparison, reporting messages of VoIP can be sent in various ways by using TCP/IP application layer protocols or an application specialized spam reporting system. In this paper, we propose three additional reporting paths such as using HTTP protocol, SMTP protocol, and the specialized application, as shown in Fig. 1. [Fig. 1] Three reporting paths of VoIP spam reporting system As regards using HTTP, a reporting message is sent through port 80 or some other designated ports, using a web browser embedded in the VoIP phone [5]. The phone communicates with the web server by using HTTP methods such as GET and POST. Fig. 2 shows an example reporting message using POST method, which includes indices for reporting the spam in each filed. In the case of using SMTP, a reporting message is sent to the mail server through port 25. Although the mail server is overloaded or disrupted due to a large amount of services, it can provide the reliability for the message by periodically re-transmitting. Lastly, in the case of using the specialized application, it sends a reporting message through a designated port, and does not need to have the message header. In order to use the application, the spam collection center and VoIP phone manufacturers need to discuss the message format and the path in advance. 4

보안공학연구논문지 (Journal of Security Engineering), 제 10권 제 1호 2013년 2월 POST /path/script.cgi HTTP/1.1 HOST: SPAMSERVER.KISA.OR.KR From: hkim@swu.ac.kr User-Agent: SPAMTool/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 158 origin_ip=101102027038&origin_num=021234567&call_num=021234567&con_num=021234567 &recv_time=12%3a30%2030%2djun%2d2010&call_type=sms%2dtest&content=callwhene veryouwant [Fig. 2] An example reporting message sent using POST method 5. Design of VoIP Spam Reporting System Modules In this section, we propose a method for constructing the spam reporting system by defining system modules and their required functions. The system consists of three types of modules, VoIP phones, spam reporting servers, and an integrated spam processing system. The client side is composed of VoIP phones that can report spam. The server side is composed of an integrated spam processing system and three spam reporting servers, web server, email server, and MO server. Table 3 presents requirements of hardware and software for implementation of the modules. [Table 3] Functional requirements of main system modules Module Component Requirements VoIP phones must be able to run TCP/IP-based application and H/W send messages via SMS and MMS. VoIP phone Reporting software for SMS and MMS S/W Web browser for reporting spam MO server system H/W Web server system Spam reporting server Email server system Web page for reporting spam S/W Processing software of email server Hardware for sending reported messages to spam database H/W Integrated spam processing system Software of the specialized spam reporting server S/W Management software for data sequencing 5

Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods In case that a VoIP phone does not have a display, the user can report spam by pressing the designated keypad button agreed by the reporting paths. Spam reporting servers receive reporting messages from VoIP phones and send all the messages to an integrated spam processing system that integrates the messages and extracts spam data, and then stores the data into database. In order to store the data in chronological order, the processing system should be able to add time field to data, and software to retrieve and manage the data should be provided to an administrator. Fig. 3 shows the process of the integrated spam processing system. [Fig. 3] Data sequencing process of Integrated spam processing system module 6. Conclusion We have proposed a spam reporting system that collects VoIP spam from the users and can be used to impose legal sanctions or to improve spam filtering techniques. In order to develop the system we have designed a message format to report spam by extending the existing reporting indices of mobile phone spam. We have developed two additional indices such as origination IP address and original calling number by looking at IP-PBX. Since original calling number can be forged in the internet, we have suggested four premises required for use of origination IP address as the reporting index. In addition, we have developed additional reporting paths such as using HTTP, SMTP, and specialized application, because the reporting messages can be sent to spam reporting servers using TCP/IP application layer protocols in contrast to the spam reporting system of mobile phones has only a path using MO service. For implementation of the system, we have designed main system modules, VoIP phones, spam reporting servers, and an integrated spam processing system. In addition, we have elicited their requirements of hardware and 6

보안공학연구논문지 (Journal of Security Engineering), 제 10권 제 1호 2013년 2월 software. This work can be made use by organizations or companies who want to collect and manage VoIP spam. As future work, we will develop additional reporting indices, and security techniques and policies to provide the reliability to the system should be developed. References [1] P.M. Figliola, Spam: An Overview of Issues Concerning Commercial Electronic Mail, CRS Report for Congress, The library congress (2008). [2] M. Hurley, VoIP vulnerabilities, CCIP Information note, Centre for Critical Infrastructure Protection (2007), Issue 06. [3] http://www.kisa.or.kr, February 15 (2013). [4] Tenor Carrier MultiPath Switch, Quintum Tenor CMS CDR, product guide, Quintum Technologies (2005). [5] R. Fielding et el., Hypertext Transfer Protocol HTTP/1.1, RFC 2616, The Internet Engineering Task Force (1999). [6] http://www.tta.or.kr, February 15 (2013). [7] T. S. Guzella and W. M. Caminhas, A review of machine learning approaches to Spam filtering, Expert Systems with Applications (2009), Vol. 35, Issue 7, pp. 10206-10222. [8] G. Schryen, The impact that placing email addresses on the Internet has on the receipt of spam: An empirical analysis, Computers and Security (2007), Vol. 26, Issue 5, pp. 361-372. 7

Design of Standard VoIP Spam Report Format Supporting Various Spam Report Methods Authors Ji-Yeon Kim She received her B.S. degree in information security engineering from Seoul Women s University in 2007. She is currently a doctoral student in Computer Engineering at Seoul Women s University. Research interests: VoIP Security, Cloud Computing Security, Information Security and Modeling and Simulation. Hyung-Jong Kim He has been a faculty member of Seoul Women s University since Mar. 2007. He worked as a principal researcher of Korea Information Security Agency (KISA) from 2001 to 2007. He received his information engineering B.S. (1996) degree in Sungkyunkwan university, Korea. Also, he received his M.S. (1998) and Ph. D. (2001) degree in electrical computer engineering department of Sungkyunkwan university. He worked in the CyLab Korea at CMU (Carnegie Mellon University) as avisiting scholar from 2004 to 2006. Research interests: VoIP Security, Information Security and Simulation modeling methodology. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information