Kubisch Harald Widiger Peter Danielis Jens Schulz Dirk Timmermann stephankubischpeterdanielis unirostockde University of Rostock Institute of Applied Microelectronics and Computer Engineering ID: 591639
Download Presentation The PPT/PDF document "Stephan" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Stephan Kubisch, Harald Widiger, Peter Danielis,Jens Schulz, Dirk Timmermann{stephan.kubisch;peter.danielis}@uni-rostock.deUniversity of Rostock Institute of Applied Microelectronics and Computer EngineeringThomas Bahls, Daniel Duchow{thomas.bahls;daniel.duchow}@nsn.comNokia Siemens NetworksBroadband Access DivisionGreifswald, GermanyMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28
Complementing E-Mails with
Distinct, Geographic Location Information
in Packet-switched IP NetworksSlide2
OutlineIntroduction & MotivationThe General IPclip MechanismAnti-Spam Framework using IPclipModifying the E-Mail HeaderA Typical Mail FlowRequirements and ConstraintsAdvantagesSummaryMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-282Slide3
Introduction & MotivationWe do have a spam problem!Lack of user trustworthiness in the mass-medium InternetSpam: Masses of unsolicited bulk e-mails delivered by SMTPWhat can be done against spam? DetectTracePreventAvailable anti-spam tools trigger on e-mail and header content Data can be forged: Spammers lie!Anti-spam examplesDomainKeys Identified Mail (DKIM) Sender Policy Framework (SPF)SpamAssassin… and many moreMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-283No 100% solution out there!Slide4
Introduction & MotivationPublic Switched Telephone NetworkLine-switchedCall number identifies access line and an addressDirect interrelationship with location information (LI): Trust-by-Wire!InternetPacket-switchedIP addresses are ambiguous! No interrelationship with LI: No Trust-by-Wire (TBW)! Trust-by-Authentication (TBA) to provide user trustworthiness?MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28SMTP and the Internet lack both TBW and TBA!How do we restore the user's belief in e-mail services?
Public Switched Telephone Network vs. Internet
4Slide5
OutlineIntroduction & MotivationThe General IPclip MechanismAnti-Spam Framework using IPclipModifying the E-Mail HeaderA Typical Mail FlowRequirements and ConstraintsAdvantagesSummaryMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-285Slide6
The General IPclip MechanismMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-286IPclip = IP Calling Line Identification PresentationLocation information (e.g., GPS) is added to each IP packet as IP option Location information in IPEither by the user or by the access node of an access networkIPclip is used to provide a useful degree of TBW in IP networksSlide7
The General IPclip MechanismMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-287IP header can contain IP optionsIP options show a type-length-value structureLocation information as value part of an IP optionWhat kind of location information do we use?Slide8
The General IPclip MechanismAccess node is the 1st trustworthy network elementUser provided location information solely verified hereAccess port + access node ID as complementary informationMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-288Access network most reasonable place for adding/verifying LISlide9
The General IPclip MechanismMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-289User provided LI trustworthy if within access node‘s subscriber catchment area (SCA)IPclip on access node sets flags in status field depending on LI‘s trustworthinessAccess Node's SCA (normalized coords)Using IPclip for ensuring trustworthy location information (LI) in IPStatus FieldRemoval Flag
Peering Flag
Source
Flag
Trustability
FlagSlide10
The General IPclip MechanismMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2810User provided LI trustworthy if within access node‘s subscriber catchment areaSource /TrustabilityInterpretationStatus FlagsUser provided / untrustedUser LI incorrect.00User provided / trustedUser LI correct.01Network provided / untrustedUser LI incorrectand
replaced.
10
Network
provided
/
trusted
No
user
LI.
AN‘s
LI
added
.
11
Access Node's SCA (normalized coords)
Using I
P
clip for ensuring trustworthy location information (LI)Slide11
OutlineIntroduction & MotivationThe General IPclip MechanismAnti-Spam Framework using IPclipModifying the E-Mail HeaderA Typical Mail FlowRequirements and ConstraintsAdvantagesSummaryMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2811Slide12
Anti-Spam Framework using IPclipIPclip adds location information on layer 3 as IP optionMail transfer agents (MTAs) terminate IP We need location information on application layer (SMTP)The first MTA copies location information in IP to e-mail header as location information in SMTPMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2812From - <timestamp>
X-IPclip-Status: 1100
X-IPclip-Type: GPS
X-IPclip-LI: <longitude;latitude>
X-IPclip-Port: x
X-IPclip-AN: A
X-IPclip-MTA: mx.senderhome.net [86.165.10.2]
Return-Path: <sender@senderhome.net>
Received: from ...
How to use IPclip and location information for fighting spam?Slide13
Anti-Spam Framework using IPclipMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2813Typical mail flow between Alice & Bob (same provider network)Slide14
Anti-Spam Framework using IPclipThese 4 different possibilities regarding the existence of location information (LI) in IP and LI in SMTP represent our frameworkMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2814LI in IPLI in SMTPInterpretationFirst MTA Insert LI in SMTPE-mail originates from different provider domainNot first MTA Forward e-mailSomething went wrong Treat with special care
4 cases can be distinguished when an e-mail arrives at an MTA
2
5Slide15
Anti-Spam Framework using IPclipMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2815Typical mail flow between Alice & Bob (same provider network)Slide16
Anti-Spam Framework using IPclipFully IPclip-terminated domain, e.g., a self-contained provider networkIPclip is mandatory at all access nodesIPclip-capable IP stack in relevant network devicesMTAs must understand location information (LI) in IPMTAs must copy LI in IP to e-mail header as LI in SMTPMail User Agents or anti-spam tools must understand LI in SMTP to take advantage of itMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2816Requirements and constraints for IPclip in this use caseSlide17
Anti-Spam Framework using IPclipIPclip supports removal of location information (LI) in IPIPclip‘s status field contains removal flag (RF)RF indicates removal of LI in SMTP at recipient‘s MTASource and trustability flag not removed Trigger for anti-spam mechanisms without revealing LIUse an encrypted format for LIMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2817Privacy issues – revelation of sensitive user LI?Status Field
Removal
Flag
(RF)
Peering
Flag
Source
Flag
Trustability
FlagSlide18
Anti-Spam Framework using IPclipMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2818AdvantagesBeneficial AspectExplanationBenefit1. Tracing SpamTracing based on geographic location informationMore exact than WHOIS lookups of IP addresses2. Classifying SpamStatus flags are additional, trustworthy triggers for anti-spam tools like SpamAssassinMore reliable classification
of spamSlide19
OutlineIntroduction & MotivationThe General IPclip MechanismAnti-Spam Framework using IPclipModifying the E-Mail HeaderA Typical Mail FlowRequirements and ConstraintsAdvantagesSummaryMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2819Slide20
SummaryMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2820IPclip adds location information (LI, e.g., GPS) to each IP packet1. More precise tracing of spam by means of LI2. More reliable classification of spam by means oftrustworthy status flags Conceptual anti-spam framework using IPclipBenefits of the proposed approach
IPclip guarantees LI’s trustworthiness (Trust-by-Wire)
IPclip-capable MTAs copy
LI in IP
to e-mail header as
LI in SMTPSlide21
Thank you! Any questions?peter.danielis@uni-rostock.dehttp://www.imd.uni-rostock.de/networkingMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2821Slide22
Introduction & MotivationTrust-by-Wire (TBW)Trusted interrelationship between a user and his/her geographic locationExample: Given in Public Switched Telephone Network (PSTN)Trust-by-Authentication (TBA)Verification of user identity by means of safe information, e.g., passwordsExample: Applied in the InternetMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28Trust models for garantueeing trustworthiness of a user 22Slide23
Anti-Spam Framework using IPclipMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2823Possibilities for an e-mail sender in adding location informationSlide24
Anti-Spam Framework using IPclipYes, but forged LI in SMTP can be detectedFirst MTA knows it is the first oneLI in SMTP options may not exist at the first MTALI in IP only exists at first MTAMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2824Can location information (LI) in SMTP be forged?Slide25
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2825Mail flows between Alice, Bob & Peter (different provider nets)Status FieldRemoval FlagPeering FlagSource FlagTrustability FlagSlide26
Comparison DKIM, SPF, IPclipMIT 2008 Spam Conference, Cambridge, MA, USA, March 27-2826Why IPclip, differences/benefits compared to DKIM, SPFDKIMSPFIPclipPerformance impact associated with scanning, encrypting and decrypting messagesInternet domain owner must publish a complete list of every allowed network pathPacket processing in wire speedNo „forwarding problem“No 100 % spam protectionNo 100 % spam protectionAnother trigger for classifying
/tracing spam