Transcript Unsolicited Calls in LTE/IMS

Unsolicited Calls in IMS
Spam, Spit - will we be facing SpIMS
too?
© 2008 Institute of Broadband Communications
Michael Hirschbichler
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
2
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
3
Vienna University of Technology
Why creating unsolicited calls
Is it worth creating Spam over Internet Telephony?
classic call-center
VoIP-based call-center
fix-costs
500€ (E1 with 30
channels)
30€ (512 kbs, capable handling
30 bidirectional calls with
G.723.1- Codec)
cost per call
0.02€ per billing unit
0.02€ per billing unit (SIP2PSTN)
0€ (SIP2SIP),
© 2008 Institute of Broadband Communications
4
Vienna University of Technology
„Spam over SIP“
• In general, three type of "Spam" (RFC5039)
– SPIT (Spam over Internet-Telephony)
– SPIM (Spam over Instant Messaging)
– SPPP (Spam over Presence Protocol)
Usually, term SPIT is
used for all types
© 2008 Institute of Broadband Communications
Michael
5 Hirschbichler
Vienna University of Technology
An example for distributed SPIT deployment
1. spitter captures a large amount of
hosts by installing trojans
2. Uses this ‚botnet‘-infrastructure for
sending SPIT
VoIP-enabled
devices
Spitter
Botnet
© 2008 Institute of Broadband Communications
9
Vienna University of Technology
Building Blocks for SPIT Prevention
• Classification
–
–
–
–
–
no interactions with call participants
caller-side interactions
callee interrupted by call
callee receives call
feedback from callee after call
(RFC5039)
© 2008 Institute of Broadband Communications
10
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
11
Vienna University of Technology
The IP Multimedia Subsystem (IMS)
• Architectural framework for delivering IP multimedia
• Originally designed by 3rd Generation Partnership
Project (3GPP)
– extended by 3GPP2, TISPAN
• For ease of integration, IETF specified protocols are
used
– SIP, SDP, Diameter, etc.
• No standardisation of applications, it isolates the access
network from the service layer
– IMS is access-agnostic
– from GPRS over UMTS to LTE
• IMS is a key part for seamless mobility and mobile-fixed
convergence
© 2008 Institute of Broadband Communications
12
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
13
Vienna University of Technology
But why should this happen in IMS?
"There can't be a threat, because
• IMS is a closed system only using SIP for
signalling
• Handheld phones are closed-down devices
• Every call is either authenticated by CSCF component or is transfered from another trusted
provider
• There is no anonymity in the IMS"
© 2008 Institute of Broadband Communications
14
Vienna University of Technology
Closed system with manipulatable user
equipment
IMS is a closed system only using SIP for
signalling
• ... but lot of signalling and intelligence is located
at the client
– providers outsource important signalling parts to a
device, they cannot rule anymore when given to the
clients
– if you hack the SIP-stack on the mobile, you may can
manipulate/irritate the core components
© 2008 Institute of Broadband Communications
15
Vienna University of Technology
Closed system with manipulatable user
equipment (II)
Handheld phones are locked devices
Really?
• Apples iPhone
• Symbian based mobiles
• all other kinds of smartphones
They protect the stack against unwanted
access, but it is just a question of time
when the first trojan is dispatched
© 2008 Institute of Broadband Communications
16
Vienna University of Technology
Closed system with manipulatable user
equipment (III)
Every call is either authenticated by CSCF component or is transfered from another
trusted provider
Possible threat
• A trojan create calls using the owners
credentials
• The SPIT-flood will be
– initiated by the spitter, but
– delivered by the trojan-infected mobiles
– with the owners account data
© 2008 Institute of Broadband Communications
17
Vienna University of Technology
What are the results?
Results in
• calls with a valid P-Asserted-Identity:-URI and
reliable authenticated against the CSCF
• undistinguishable for the called party from a 'real'
call
• annoying amount of automatically generated
incoming calls
• inextpectable costs for the trojan-infected client
• both results in a loss of reliance against the own
provider
© 2008 Institute of Broadband Communications
18
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
19
Vienna University of Technology
Avoiding the Spit/SpIMS - Threat
Strategies to protect ...
AS
MRF
Mr
ISC
Sh
Caller
SBC
Mw
P-CSCF
Cx
Mw
Mw
Cx
S-CSCF
HSS
Mw
Mi
Mw
Callee
SBC
P-CSCF
I-CSCF
BGC-F
I-CSCF
© 2008 Institute of Broadband Communications
20
Vienna University of Technology
Overview
•
•
•
•
•
Introduction into Spit
IMS - Overview
Is there a Spit-Threat in IMS at all?
Strategies to avoid Spit in IMS
Summary and Outlook
© 2008 Institute of Broadband Communications
21
Vienna University of Technology
Summary and Outlook
• Spam is here
• Spit will come
• Spit using IMS - who knows ...
Our research topics
• We developed a Spit-analysing toolkit
implemented in a SIP Proxy
• We will integrate this solution into an IMScapable Application Server and later in a SBC
© 2008 Institute of Broadband Communications
22
Vienna University of Technology
Questions?
Thanks for your attention!
Institute of
Broadband Communications
Favoritenstrasse 9-11/388
A 1040 Vienna
tel: +43 1 58801 38846
[email protected]
http://www.ibk.tuwien.ac.at
Michael HIRSCHBICHLER
© 2008 Institute of Broadband Communications
23
Vienna University of Technology
References
• Saverio Niccolini - “SPIT prevention: state of the art and research
challenges”
• J. Rosenberg, C.Jennings, "RFC5239 - The Session Initiation
Protocol (SIP) and Spam"
• H. Tschofenig, H. Schulzrinne, et.al. "A Framework to tackle Spam
and Unwanted Communication for Internet Telephony"
© 2008 Institute of Broadband Communications
24
Vienna University of Technology