skip to main content
10.1145/1595637.1595653acmconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

A policy framework for personalized and role-based SPIT prevention

Published: 07 July 2009 Publication History

Abstract

Voice over IP (VoIP) deployment is increasing at fast pace. Due to the expected decrease of cost for call initiations with VoIP and the risk of infected devices, Spam over IP Telephony (SPIT) is likely to be a serious threat for VoIP service architectures in the near future. Since SPIT is a very personal matter, users must be able to express the level of intrusiveness acceptable to them when receiving calls, i.e., the degree to which a callee is willing to be disturbed by potentially unsolicited calls. Further, companies have a need to enforce role-based and status-based SPIT protection policies in order to allow, e.g., a higher level of intrusiveness for a secretary during the day than for the CEO on his/her mobile at night.
In this paper, we derive requirements for a protection system that enables personalized and role-based SPIT prevention. We examine existing solutions and show that they are insufficient to meet these requirements. Based on this comparison, we design a framework for personalized SPIT prevention. To demonstrate that our framework is capable of meeting the requirements, we give examples that show how important use cases can be addressed with this framework. Finally, we report on our prototypical implementation of the framework in a SIP PBX.

References

[1]
Cisco Security Advisory: Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite. avaliable online at http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml.
[2]
V. A. Balasubramaniyan, M. Ahamad, and H. Park. CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation. In CEAS 2007 Fourth Conference on Email and AntiSpam, 2007.
[3]
T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifier (URI): Generic Syntax. RFC 3986 (Standard), Jan. 2005.
[4]
L. Blair and K. J. Turner. Handling Policy Conflicts in Call Control. In Proc. 8th International Conference on Feature Interaction, pages 39--57. IOS Press, Amsterdam, June 2005.
[5]
N. Damianou, A. K. Bandara, M. Sloman, and E. C. Lupu. A Survey of Policy Specification Approaches. avaliable online at http://en.scientificcommons.org/552923.
[6]
N. d'Heureuse, J. Seedorf, S. Niccolini, and T. Ewald. Protecting SIP-Based Networks and Services from Unwanted Communications. In Proc. IEEE Global Telecommunications Conference IEEE GLOBECOM 2008, pages 1--5, 2008.
[7]
S. Duflos, G. Diaz, V. Gay, and E. Horlait. A Comparative Study of Policy Specification Languages for Secure Distributed Applications. In Management Technologies for E-Commerce and E-Business Applications, LNCS 2506, 2002.
[8]
D. Ferraiolo and R. Kuhn. Role-based access controls. In In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.
[9]
C. Jennings. Computational Puzzles for SPAM Reduction in SIP, draft-jennings-sip-hashcash (expired). Internet Engineering Task Force, July 2007.
[10]
D. Jiang, R. Liscano, and L. Logrippo. Personalization of Internet Telephony Services for Presence with SIP and Extended CPL. In Computer Communications, 29 (18), pages 3766--3779, November 2006.
[11]
J. Lennox, X. Wu, and H. Schulzrinne. Call Processing Language (CPL): A Language for User Control of Internet Telephony Services. RFC 3880 (Proposed Standard), Oct. 2004.
[12]
S. Niccolini, K. Fischer, D. Wing, M. Stiemerling, and H. Tschofenig. Spam feedback for SIP, draft-niccolini-sipping-spam-feedback (expired). Internet Engineering Task Force, Feb. 2008.
[13]
J. Quittek, S. Niccolini, S. Tartarelli, and R. Schlegel. On Spam over Internet Telephony (SPIT) Prevention. IEEE Communications Magazine, 46(8):80--86, 2008.
[14]
J. Quittek, S. Niccolini, S. Tartarelli, M. Stiemerling, M. Brunner, and T. Ewald. Detecting SPIT Calls by Checking Human Communication Patterns. In Proc. IEEE International Conference on Communications ICC '07, pages 1979--1984, 24--28 June 2007.
[15]
J. Rosenberg, G. Camarillo, and D. Willis. A Framework for Consent-Based Communications in the Session Initiation Protocol (SIP). RFC 5360 (Proposed Standard), Oct. 2008.
[16]
H. Schulzrinne, H. Tschofenig, J. Morris, J. Cuellar, J. Polk, and J. Rosenberg. Common Policy: A Document Format for Expressing Privacy Preferences. RFC 4745 (Proposed Standard), Feb. 2007.
[17]
C. Sorge and J. Seedorf. A Provider-Level Reputation System for Assessing the Quality of SPIT Mitigation Algorithms. In Proceddings of IEEE ICC 2009 (to appear), 2009.
[18]
Y. Soupionis, S. Dritsas, and D. Gritzalis. An Adaptive Policy-Based Approach to SPIT Management. In ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security, pages 446--460, Berlin, Heidelberg, 2008. Springer-Verlag.
[19]
H. Tschofenig, G. Dawirs, T. Froment, D. Wing, and H. Schulzrinne. Requirements for Authorization Policies to tackle Spam and Unwanted Communication for Internet Telephony, draft-froment-sipping-spit-requirements (expired). Internet Engineering Task Force, July 2008.
[20]
H. Tschofenig, E. Leppanen, S. Niccolini, and M. Arumaithurai. Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) based Robot Challenges for SIP, draft-tschofenig-sipping-captcha (expired). Internet Engineering Task Force, Feb. 2008.
[21]
H. Tschofenig, D. Wing, H. Schulzrinne, T. Froment, and G. Dawirs. A Document Format for Expressing Authorization Policies to tackle Spam and Unwanted Communication for Internet Telephony, draft-tschofenig-sipping-spit-policy (expired). Internet Engineering Task Force, July 2008.
[22]
A. Westerinen, J. Schnizlein, J. Strassner, M. Scherling, B. Quinn, S. Herzog, A. Huynh, M. Carlson, J. Perry, and S. Waldbusser. Terminology for Policy-Based Management. RFC 3198 (Informational), Nov. 2001.
[23]
D. Wing, S. Niccolini, M. Stiemerling, and H. Tschofenig. Spam Score for SIP, draft-wing-sipping-spam-score (expired). Internet Engineering Task Force, Feb. 2008.

Cited By

View all
  • (2017)Detection of Human and Computer Voice Spammers Using Hidden Markov Model in Voice over Internet Protocol NetworkProcedia Computer Science10.1016/j.procs.2017.09.169115:C(588-595)Online publication date: 1-Nov-2017
  • (2016)SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.27(320-338)Online publication date: May-2016
  • (2015)Spam over IP telephony prevention using Dendritic Cell Algorithm2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN)10.1109/ICSCN.2015.7219895(1-7)Online publication date: Mar-2015
  • Show More Cited By

Index Terms

  1. A policy framework for personalized and role-based SPIT prevention

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      IPTComm '09: Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
      July 2009
      140 pages
      ISBN:9781605587677
      DOI:10.1145/1595637
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 July 2009

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. VoIP security
      2. authorization policies
      3. personalization
      4. spam over IP telephony (SPIT)

      Qualifiers

      • Research-article

      Conference

      IPTComm '09
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 18 of 62 submissions, 29%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2017)Detection of Human and Computer Voice Spammers Using Hidden Markov Model in Voice over Internet Protocol NetworkProcedia Computer Science10.1016/j.procs.2017.09.169115:C(588-595)Online publication date: 1-Nov-2017
      • (2016)SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.27(320-338)Online publication date: May-2016
      • (2015)Spam over IP telephony prevention using Dendritic Cell Algorithm2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN)10.1109/ICSCN.2015.7219895(1-7)Online publication date: Mar-2015
      • (2014)Dendritic cell algorithm for preventing spam over IP telephony2014 International Conference on Informatics, Electronics & Vision (ICIEV)10.1109/ICIEV.2014.7135997(1-6)Online publication date: May-2014
      • (2014)Security analysis of VoIP architecture for identifying SIP vulnerabilities2014 International Conference on Emerging Technologies (ICET)10.1109/ICET.2014.7021022(87-93)Online publication date: Dec-2014
      • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013
      • (2012)An efficient search method for the content-based identification of telephone-SPAM2012 IEEE International Conference on Communications (ICC)10.1109/ICC.2012.6363654(2623-2627)Online publication date: Jun-2012
      • (2011)Content-Based Detection and Prevention of Spam over IP Telephony - System Design, Prototype and First Results2011 IEEE International Conference on Communications (ICC)10.1109/icc.2011.5963108(1-5)Online publication date: Jun-2011

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media