VoIP spam

VoIP spam or SPIT (Spam over Internet Telephony) are bulk unsolicited, automatically dialled, pre-recorded phone calls using the Voice over Internet Protocol (VoIP).[1] Telephone spam is comparable to E-mail spam, but due to its synchronous character, different mitigation methods are needed.

Voice over IP systems, like e-mail and other Internet applications, are susceptible to abuse by malicious parties who initiate unsolicited and unwanted communications. Telemarketers, prank callers, and other telephone system abusers are likely to target VoIP systems increasingly, particularly if VoIP supplants conventional telephony. The VoIP technology provides convenient tools (e.g. Asterisk and SIPp) and low-priced possibilities to place a large number of Spam calls.

The underlying technology driving this threat is Session Initiation Protocol (SIP).[2] This technology has received significant support from most major telecommunication vendors, and is showing signs of becoming the industry standard for voice, video and other interactive forms of communication such as instant messaging and gaming.

Introduction

VoIP Spam or SPIT is characterized by bulk unsolicited calls using the Voice over Internet Protocol. The spammer attempts to initiate a voice session and then relays a pre-recorded message if the receiver answers. If the prevalent Session Initiation Protocol is used, the sessions are initiated with INVITE messages and the audio data is transferred using the Real-time Transport Protocol . Robocalls can be delivered automatically using telephony software, e.g. using Asterisk call files.

SPIT Mitigation

RFC 5039 [1] contains some basic methods for the mitigation of telephone spam over SIP:

A strong identification of the caller, for example as described in RFC 4474 [3] helps to mitigate SPIT. In a Public switched telephone network (PSTN), the Caller ID permits caller identification, but at least the displayed caller ID can be spoofed.

Various SPIT mitigation methods and frameworks have been proposed. A comprehensive survey of Voice over IP Security Research (Chapter IV b) provides an overview. Many proposals focus on the reputation and the behavior of callers. A statistical analysis of the signaling traffic ands in particular the call frequency can be used to detect anomalies, to observe and finally to black-list suspicious callers.[4] A Voice Spam Detector (VSD)[5] is a multi-stage spam filter based on trust and reputation. The SPIDER project proposes a SPIT mitigation architecture,[6] which uses a detection layer consisting of various modules and a decision layer. The VoIP SEAL system [7] uses different stages. After a signaling analysis in the first stage, the suspicious callers are subjected to tests (e.g. Audio-CAPTCHAs) and the callee is asked for feedback in later stages. SymRank[8] adapts of the PageRank algorithm and computes the reputation of subscribers based on both incoming and outgoing calls. Furthermore, outliers in total talk duration and in repetitive and reciprocal calls can be used to detect suspicious callers.[8]

SPIT detection and mitigation can also be based on the caller's audio data.[9][10] This approach uses audio identification techniques (similar to music identification) to detect calls with identical audio data including certain degradations (e.g., noise and different audio codecs). A robust Acoustic fingerprint is derived from spectral parameters of the audio data and replayed calls are identified by a comparison of fingerprints.[11] A prototype solution has been developed within the VIAT project.

Implementation of Mitigation Measures

There is little information available on implementations of SPIT mitigation measures by Telephone companies. SPIT is generally not yet considered to be problem with similar relevance as E-mail spam. An automated analysis of the call signaling flow can help to discover SPIT. Commercial VoIP software for communication service providers may include a behavioral analysis, e.g. Acme Packet Palladion. Relevant parameters and indications of SPIT are, for example, a high call attempt frequency, concurrent calls, low call completion and low call duration average.

References

  1. 1.0 1.1 "The Session Initiation Protocol (SIP) and Spam (RFC 5039)". Internet Engineering Task Force. Retrieved 14 October 2012.
  2. "SIP: Session Initiation Protocol (RFC 3261)". Internet Engineering Task Force. Retrieved 12 July 2010.
  3. "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) (RFC 4474)". Internet Engineering Task Force. Retrieved 14 October 2012.
  4. D. Shin, J. Ahn, and C. Shim, Progressive Multi Gray-Leveling: A Voice Spam Protection Algorithm, IEEE Network, vol. 20, pp. 18–24, 2006.
  5. R. Dantu and P. Kolan, Detecting Spam in VoIP Networks, in Proceedings of the USENIX Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pp. 31–37, July 2005.
  6. Y. Rebahi, S. Dritsas, T. Golubenco, B. Pannier, and J. F. Juell, A Conceptual Architecture for SPIT Mitigation in SIP Handbook: Services, Technologies, and Security of Session Initiation Protocol, S. A. Ahson and M.Ilyas, Eds., CRCPress, Inc., 2009, ch. 23, pp. 563–582.
  7. J. Seedorf, N. d’Heureuse, S. Niccolini, and T. Ewald, VoIP SEAL: A Research Prototype for Protecting Voice-over-IP Networks and Users, in Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft fu ̈r Informatik e.V.(GI), A. Alkassar and J. Siekmann, Eds., 2008.
  8. 8.0 8.1 H. K. Bokharaei, A. Sahraei, Y. Ganjali, R. Keralapura, and A. Nucci, You can SPIT, but you can’t hide: Spammer identification in telephony networks, 2011 Proceedings IEEE INFOCOM, pp. 41–45, 2011.
  9. Y. Rebahi, S. Ehlert, and A. Bergmann, A SPIT detection mechanism based on audio analysis, in Proceedings of 4th International Mobile Multimedia Communications Conference MobiMedia 2008: July 7–8, 2008, Oulu, Finland. ICST; ACM, 2008.
  10. D. Lentzen, G. Grutzek, H. Knospe, and C. Pörschmann, Content-based Detection and Prevention of Spam over IP Telephony - System Design, Prototype and First Results, IEEE International Communications Conference (ICC) 2011.
  11. G. Grutzek, J. Strobl, B. Mainka, F. Kurth, C. Pörschmann, and H. Knospe, Perceptual Hashing for the Identification of Telephone Speech, Speech Communication; 10. ITG Symposium; Proceedings of , vol., no., pp.1-4, 26-28 Sept. 2012.