Taking on the SPIT Threat
Written by martyndavies on Feb 19, 2007 - 11:15 AM
VoIP Telephony SPAM (or SPIT) is a threat that is really only in its infancy today, largely because today the PSTN is still dominant, and VoIP only appears in “islands” that are connected via conventional telephone networks. In five years' time this will be different, and then the ease-of-use and low cost of VoIP will be tempting for spammers.
It’s useful then that NEC have already started to build some useful anti-SPIT tools, and at 3GSM in Barcelona I saw their VoIP SEAL demonstration that had been trailed in some press releases. I had the good fortune to bump into Saverio Niccolini, who’s a researcher for NEC, and a very smart guy when it comes to VoIP Security topics; I last saw him in Berlin at the VoIP Security Workshop last year, where he was speaking about SPIT. Saverio Niccolini is leading the research team for VoIP SEAL, and he showed me the demo.
Basically the idea behind VoIP SEAL is that it analyzes an incoming call in various ways before connecting it. If the call is deemed in some way ‘suspicious’ then it can take the second step of diverting the call to an answer machine for further SPIT tests.
So in the first phase, they have a set of different modules you can select and tune for your environment. Each module contributes a number that represents how dangerous the call might be. At the end, all the indices from the modules are combined into one threat index, and if this exceeds a preset level, then the call is considered suspicious. There are a range of different tests that can be applied, including black list/white list processing; measuring inbound SIP INVITE rates; checking if multiple SIP URIs originate at the same IP address, and so on.
If the call is ‘suspicious’ and gets diverted to the answer machine, further tests can be applied, for example checking if the caller starts streaming audio immediately on connect, ignoring greeting messages and ‘please wait’ messages. It is also possible at this stage to apply a Turing Test (CAPTCHA), i.e. interacting with the caller in order to determine whether a human or machine is on the other end of the call.
I thought the interesting idea here was that not all calls are routed to the answer machine, but that pre-call tests are applied first to see whether that is necessary. This means that there is much less chance of ‘false positive’ detections that abort too many valid calls from humans.
I recorded a short interview with Saverio Niccolini about VoIP SEAL, which you should be able to hear on an upcoming Bluebox show, Dan York’s VoIP Security Podcast.
VoIP SEAL is currently based on SIP Express Router, which they have used as the prototyping platform. It will be productized during the course of this year and integrated into commercial NEC products.
NEC had a lot of great stuff on their 3GSM stand, and I also spent some time with a couple of guys working on integrating NEC/Philips PBX technology with Microsoft Office Connect Server, for integrated presence and VoIP/SIP Gateway functionality. I've seen demos for OCS also from Nortel, Siemens and Mitel, so it seems that all the PBX vendors have concluded that working with Microsoft is the path to more enterprise business.
It’s useful then that NEC have already started to build some useful anti-SPIT tools, and at 3GSM in Barcelona I saw their VoIP SEAL demonstration that had been trailed in some press releases. I had the good fortune to bump into Saverio Niccolini, who’s a researcher for NEC, and a very smart guy when it comes to VoIP Security topics; I last saw him in Berlin at the VoIP Security Workshop last year, where he was speaking about SPIT. Saverio Niccolini is leading the research team for VoIP SEAL, and he showed me the demo.
Basically the idea behind VoIP SEAL is that it analyzes an incoming call in various ways before connecting it. If the call is deemed in some way ‘suspicious’ then it can take the second step of diverting the call to an answer machine for further SPIT tests.
So in the first phase, they have a set of different modules you can select and tune for your environment. Each module contributes a number that represents how dangerous the call might be. At the end, all the indices from the modules are combined into one threat index, and if this exceeds a preset level, then the call is considered suspicious. There are a range of different tests that can be applied, including black list/white list processing; measuring inbound SIP INVITE rates; checking if multiple SIP URIs originate at the same IP address, and so on.
If the call is ‘suspicious’ and gets diverted to the answer machine, further tests can be applied, for example checking if the caller starts streaming audio immediately on connect, ignoring greeting messages and ‘please wait’ messages. It is also possible at this stage to apply a Turing Test (CAPTCHA), i.e. interacting with the caller in order to determine whether a human or machine is on the other end of the call.
I thought the interesting idea here was that not all calls are routed to the answer machine, but that pre-call tests are applied first to see whether that is necessary. This means that there is much less chance of ‘false positive’ detections that abort too many valid calls from humans.
I recorded a short interview with Saverio Niccolini about VoIP SEAL, which you should be able to hear on an upcoming Bluebox show, Dan York’s VoIP Security Podcast.
VoIP SEAL is currently based on SIP Express Router, which they have used as the prototyping platform. It will be productized during the course of this year and integrated into commercial NEC products.
NEC had a lot of great stuff on their 3GSM stand, and I also spent some time with a couple of guys working on integrating NEC/Philips PBX technology with Microsoft Office Connect Server, for integrated presence and VoIP/SIP Gateway functionality. I've seen demos for OCS also from Nortel, Siemens and Mitel, so it seems that all the PBX vendors have concluded that working with Microsoft is the path to more enterprise business.
Reply from dean on Feb 21, 2007 - 04:25 PM
What concerns me at the moment is the ratio of networks and VoIP network applications to VoIP Network security applications or "toolkits" (for want of a better word).
One of the reasons I sat down and wrote this post about the basic design principles involved in building a VoSP network was because I get upwards of 5 e-mails a week from people asking me that very question.
Interestingly, and perhaps tellingly, I've never, ever, been asked about how to secure that network or the potential security issues that may arise whilst running one.
Hopefully some big names like NEC entering the security side of VoIP will throw a little more emphasis on its importance.
I look forward to hearing the Niccolini interview!
Reply from martyndavies on Apr 02, 2007 - 11:06 PM
Reply from dean on Apr 03, 2007 - 12:45 PM
| Forum Rules and Guidelines | About VoIP User | Privacy Policy |
All logos and trademarks in this site are property of their respective owner. Comments and posts are property of the poster, all the rest (c) 2003-2006 VoIP User. No part of this site may be reproduced without our prior consent. |
