Eindhoven University of Technology MASTER Prepare for VoIP Spam Baaijens, M.W. Award date: 2008 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain EINDHOVEN UNIVERSITY OF TECHNOLOGY (TUE) Department of Mathematics and Computer Science and SWISSCOM AG Network Development Prepare for VoIP Spam by Mark Baaijens (m.w.baaijens 'at' gmail.com) “As in many computer security issues, the only way to make sure that you never receive a spam message is to never connect your computer to the Internet. Unfortunately, the unconnected user never receives the many benefits of the most important communications application for business either.” [25] Supervisors: Bart Jacobs, TUE, Eindhoven, the Netherlands Robert Muralt, Swisscom AG, Bern, Switzerland Version 2, 16 November 2007 Research Report Prepare for VoIP Spam Preface From 26 February 2007 until 27 October 2007 I lived in Bern (Switzerland) and worked for Swisscom. During this period I carried out research on VoIP Spam. Due to this research I got an insight into the world of telecommunication and mainly into IP based telephony. This report, which is the main result of this research, serves as my academic thesis to earn the Master of Science degree in Information Security at the Eindhoven University of Technology (TUE). I thank my supervisors, Robert Muralt (Swisscom) and Bart Jacobs (TUE), for their continual guidance and encouragement and for providing me with critical feedback on my work. Many thanks go to my colleagues at Swisscom, who were very supportive and provided me with knowledge and feedback. Many thanks go to Swisscom as a company, because Swisscom provided me with a work place and the financial means for carrying out my research in Switzerland. Last but not at least, thanks go to Judith (my girlfriend) and my family who stimulated and supported me during the period that I lived in Switzerland. Mark Baaijens, Bern, November 2007 Version 2, 16 November 2007 ii Research Report Prepare for VoIP Spam Abstract Internet has grown to the modern Wild West where people are annoyed by others without consequences for the annoying party. Due to the openness of the Internet it is very difficult to control the content and its users. One kind of annoyance is Spam, of which E- mail Spam is a well known variety. In this research, Spam is defined as: unsolicited bulk messages aimed at a large public. The Spammer’s biggest motivator is, of course, money and the most common method to earn money is joining affiliate programs (see Section 4.5). Since telephony systems are moving to ‘all-IP’ and IP networks suffer from a trust problem, a lot of threats which apply to an IP network suddenly also apply to telephony, e.g. Spamming. As the use of IP based telephony is growing it is more and more attractive for a new type of Spamming, VoIP Spamming. Since in a VoIP network the costs (i.e. time and money) for the initiator are lower than the costs (i.e. time and money) for the recipient, VoIP Spam is a potential problem. The annoyance level of VoIP Spam is higher than for E-mail Spam, because VoIP communication is pushed by the network (at originator’s initiative) instead of pulled from the network (at recipient’s initiative). Next to the annoyance for the end user VoIP Spam also causes higher bandwidth demands, higher storage demands, and lower employee productivity. The audio based and real-time characteristics of VoIP make this technology attractive for Spammers. Because VoIP is audio based and real-time, the most effective filtering techniques for E-mail Spam (i.e. Content Filtering) do not apply directly to VoIP Spam. Thus, VoIP Spam counteraction requires more sophisticated countermeasures in order to increase the Spammer’s investment. White/black listing, behaviour analysis, Turing tests, user defined conditions, monitoring, and multiple ID’s seem to be promising countermeasures for VoIP Spam counteraction (see Section 5.1). Combining multiple countermeasures, dependent on the subscriber’s own preference, is the key. Currently the focus in both literature and anti Spam products is on increasing the Spammer’s investment by filtering out Spam messages. Next to increasing the Spammer’s investment, decreasing the Spammer’s benefits could provide new possibilities. It might be possible to decrease benefits by preventing users from reacting to Spam. For phishing attacks this might be very favourable. In the coming years telecom providers must start thinking about VoIP Spam and keep this problem in mind while designing new telephony systems. We propose to implement a user portal, strong identity, and monitoring system as described in Chapter 7. The user portal gives the user the freedom to configure his telephony service according to his preferences and react on individual VoIP Spam problems. The strong identity is essential for the effectiveness of most countermeasures. A monitoring system is important in order to ‘know the enemy’ and to anticipate on the evolvement of the VoIP Spam problem. Version 2, 16 November 2007 iii Research Report Prepare for VoIP Spam Illustration: Jack the Spammer Jack is an IT security specialist at the second largest bank in Europe. He is responsible for the design of security audits in one of the company’s head offices in Switzerland. Approximately twice a week he plans an evening for himself in his study, which his wife finds difficult to understand. What he is doing during this time alone is a riddle for everyone who is closely related to Jack. His interest is to keep it like that. Every time someone asks questions about his activities there, he will say that it has to do with keeping up with the current security trends. Although most people do not know what he is really doing there, we are able to take a look in his ‘kitchen’. Two years ago Jack has developed a virus which is able to infect a computer and force it to join in a huge network of infected devices (i.e. a Bot network), which is managed by him. Due to enhancements of this virus, the Bot network currently consists of 20,000 compromised fixed devices and 5,000 mobile devices (connected via wireless Internet access). This Bot network is capable of executing Spam actions via E- mail. In order to make some extra money he has joined several affiliate programs for e- marketing, with which he has made Spam for diet pills and some financial products. Although it is becoming harder to get an order, he definitely avoids sending Spam for sexual oriented or illegal products. Currently, Jack is looking for a new challenge. The E-mail Spam filters are getting better and therefore it is more difficult to make an effective Spam message. He needs a method to send his message without being bothered by Spam filters. He is currently thinking of using audio-based, and maybe also visual-based, Spam messages in order to bypass the Spam filters and to leave a stronger impression on the recipient. This week he did experiments with audio attachments, which were effective to bypass the Spam filter, but less effective to generate hits… To be continued… This story is used as a real case in this report. Throughout this report the story is extended, in order to introduce terms, ideas and concepts which are used in the subsequent text. Version 2, 16 November 2007 iv Research Report Prepare for VoIP Spam Table of Contents CHAPTER 1 INTRODUCTION ........................................................................................................... 1 1.1. CONVENTIONS.............................................................................................................................. 2 CHAPTER 2 SCOPE AND OBJECTIVES .......................................................................................... 3 CHAPTER 3 TERMINOLOGY ............................................................................................................ 5 3.1. WHAT IS SPAM ............................................................................................................................. 5 3.2. WHAT IS VOIP ............................................................................................................................. 7 3.2.1. The transition to all-IP ........................................................................................................... 8 3.2.2. Network Architectures for VoIP ............................................................................................. 9 3.2.3. The Protocols.......................................................................................................................... 9 3.2.4. Public User Identities ..........................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages131 Page
-
File Size-