A SIP-oriented SPIT Management Framework

Voice over IP (VoIP) telephony is increasingly gaining popularity among home and business users alike, as a viable alternative to traditional telephony, and is expected to achieve a significant market share in the near future. When this happens, it is also expected that several new threats exploiting the Internet vulnerabilities will appear. One of these is the Spam over Internet Telephony (SPIT). This paper examines in detail the SPIT attack, provides a review and assessment of previously proposed SPIT management techniques and proposes the use of an attack-oriented methodology for thwarting the SPIT threat. This results in a generic SPIT management framework, which combines the strengths of existing solutions, while alleviating their insufficiencies.

[1]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[2]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.

[3]  S. El Sawda,et al.  SIP Security Attacks and Solutions: A state-of-the-art review , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[4]  Ram Dantu,et al.  Detecting Spam in VoIP Networks , 2005, SRUTI.

[5]  Alan B. Johnston,et al.  Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session Initiation Protocol , 2006 .

[6]  D. Sisalem,et al.  SIP Spam Detection , 2006, International Conference on Digital Telecommunications (ICDT'06).

[7]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[8]  Kumar Srivastava,et al.  Preventing Spam For SIP-based Instant Messages and Sessions , 2004 .

[9]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[10]  Lorrie Faith Cranor Towards usable Web privacy and security , 2005, WWW '05.

[11]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[12]  Jeff Hodges,et al.  Using SAML to protect the session initiation protocol (SIP) , 2006, IEEE Network.

[13]  Alan B. Johnston,et al.  SIP: Understanding the Session Initiation Protocol , 2001 .

[14]  Dimitris Gritzalis,et al.  Attack Modeling of SIP-Oriented SPIT , 2007, CRITIS.

[15]  Giannis F. Marias,et al.  Threat Analysis of the Session Initiation Protocol Regarding Spam , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[16]  Dongwook Shin,et al.  Progressive multi gray-leveling: a voice spam protection algorithm , 2006, IEEE Network.

[17]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[18]  Bernie Mulgrew,et al.  Proceedings IEEE International Conference on Communications , 1989 .