Transcript projects.csail.mit.edu

Complementing E-Mails with
Distinct, Geographic Location Information
in Packet-switched IP Networks
Stephan Kubisch, Harald Widiger, Peter Danielis,
Jens Schulz, Dirk Timmermann
{stephan.kubisch;peter.danielis}@uni-rostock.de
University of Rostock
Institute of Applied Microelectronics and Computer Engineering
Thomas Bahls, Daniel Duchow
{thomas.bahls;daniel.duchow}@nsn.com
Nokia Siemens Networks
Broadband Access Division
Greifswald, Germany
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27-28
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Outline
1. Introduction & Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
1.
2.
3.
4.
Modifying the E-Mail Header
A Typical Mail Flow
Requirements and Constraints
Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
2
Complementing E-Mails with Location Information in Packet-switched IP Networks
1. Introduction & Motivation
• Lack of user trustworthiness in the
mass-medium Internet
 Spam: Masses of unsolicited bulk
e-mails delivered by SMTP
We do have a
spam problem!
• What can be done against spam?
– DetectTracePrevent
• Available anti-spam tools trigger on
e-mail and header content
• Data can be forged: Spammers lie!
• Anti-spam examples
–
–
–
–
DomainKeys Identified Mail (DKIM)
Sender Policy Framework (SPF)
SpamAssassin
… and many more
No 100% solution
out there!
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
3
Complementing E-Mails with Location Information in Packet-switched IP Networks
1. Introduction & Motivation
Public Switched Telephone Network vs. Internet
Public Switched Telephone Network
• Line-switched
• Call number identifies access line and an address
Internet
• Packet-switched
• IP addresses are ambiguous!
SMTP and the Internet lack both TBW and TBA!
How do we restore the user's belief in e-mail services?
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
4
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Outline
1. Introduction & Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
1.
2.
3.
4.
Modifying the E-Mail Header
A Typical Mail Flow
Requirements and Constraints
Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
5
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
2. The General IPclip Mechanism
IPclip is used to provide a useful degree of TBW in IP networks
• IPclip = IP Calling Line Identification Presentation
• Location information (e.g., GPS) is added to each IP
packet as IP option  Location information in IP
– Either by the user or by the access node of an access network
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
6
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
2. The General IPclip Mechanism
What kind of location information do we use?
• IP header can contain IP options
IP Header
IP Options
...
UDP, TCP, ...
• IP options show a type-length-value structure
• Location information as value part of an IP option
IP Type
Latitude (cont.)
Port
IP Length
IPclip Type
Longitude
Access Node ID
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
Status Field
Latitude
Access
Padding
7
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
2. The General IPclip Mechanism
Access network most reasonable place for adding/verifying LI
• Access node is the 1st trustworthy network element
– User provided location information solely verified here
– Access port + access node ID as complementary information
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
8
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
2. The General IPclip Mechanism
Using IPclip for ensuring trustworthy location information (LI) in IP
• User provided LI trustworthy
if within access node‘s
subscriber catchment area
(SCA)
• IPclip on access node sets
flags in status field depending
on LI‘s trustworthiness
Status Field
Removal
Flag
Peering
Flag
Source
Flag
Trustability
Flag
Access Node's SCA (normalized coords)
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
9
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
2. The General IPclip Mechanism
Using IPclip for ensuring trustworthy location information (LI)
• User provided LI trustworthy
if within access node‘s
subscriber catchment area
Source /
Trustability
Interpretation
Status
Flags
User provided /
untrusted
User LI
incorrect.
00
User provided /
trusted
User LI correct.
01
Network provided /
untrusted
User LI incorrect
and replaced.
10
Network provided /
trusted
No user LI. AN‘s
LI added.
11
Access Node's SCA (normalized coords)
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
10
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Outline
1. Introduction & Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
1.
2.
3.
4.
Modifying the E-Mail Header
A Typical Mail Flow
Requirements and Constraints
Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
11
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
How to use IPclip and location information for fighting spam?
• IPclip adds location information on layer 3 as IP option
• Mail transfer agents (MTAs) terminate IP  We need location
information on application layer (SMTP)
 The first MTA copies location information in IP to e-mail
header as location information in SMTP
From - <timestamp>
Return-Path: <[email protected]>
Received: from ...
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
12
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Typical mail flow between Alice & Bob (same provider network)
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
13
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
4 cases can be distinguished when an e-mail arrives at an MTA
• These 4 different possibilities regarding the existence of location
information (LI) in IP and LI in SMTP represent our framework
LI in IP
LI in SMTP
Interpretation
First MTA
 Insert LI in SMTP
2
E-mail originates from
different provider domain
Not first MTA
 Forward e-mail
5
Something went wrong 
Treat with special care
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
14
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Typical mail flow between Alice & Bob (same provider network)
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
15
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Requirements and constraints for IPclip in this use case
• Fully IPclip-terminated domain, e.g., a selfcontained provider network
– IPclip is mandatory at all access nodes
• IPclip-capable IP stack in relevant network
devices
– MTAs must understand location information (LI) in IP
– MTAs must copy LI in IP to e-mail header as LI in SMTP
– Mail User Agents or anti-spam tools must understand
LI in SMTP to take advantage of it
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
16
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Privacy issues – revelation of sensitive user LI?
• IPclip supports removal of location information
(LI) in IP
• IPclip‘s status field contains removal flag (RF)
Status Field
Removal Flag (RF)
Peering Flag
Source Flag
Trustability Flag
– RF indicates removal of LI in SMTP at recipient‘s MTA
– Source and trustability flag not removed  Trigger for
anti-spam mechanisms without revealing LI
• Use an encrypted format for LI
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
17
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Advantages
Beneficial Aspect
Explanation
Benefit
1. Tracing Spam
Tracing based on geographic
location information
More exact than WHOIS
lookups of IP addresses
2. Classifying Spam
Status flags are additional,
trustworthy triggers for antispam tools like SpamAssassin
More reliable classification of
spam
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
18
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Outline
1. Introduction & Motivation
2. The General IPclip Mechanism
3. Anti-Spam Framework using IPclip
1.
2.
3.
4.
Modifying the E-Mail Header
A Typical Mail Flow
Requirements and Constraints
Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
19
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
4. Summary
• Conceptual anti-spam framework using IPclip
•
IPclip adds location information (LI, e.g., GPS) to
each IP packet
•
IPclip guarantees LI’s trustworthiness (Trust-by-Wire)
•
IPclip-capable MTAs copy LI in IP to e-mail header as
LI in SMTP
• Benefits of the proposed approach
1. More precise tracing of spam by means of LI
2. More reliable classification of spam by means of
trustworthy status flags
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
20
Complementing E-Mails with Location Information in Packet-switched IP Networks
Thank you! Any questions?
[email protected]
http://www.imd.uni-rostock.de/networking
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
21
Complementing E-Mails with Location Information in Packet-switched IP Networks
1. Introduction & Motivation
Trust models for garantueeing trustworthiness of a user
Trust-by-Wire (TBW)
• Trusted interrelationship between a user and his/her
geographic location
• Example: Given in Public Switched Telephone Network (PSTN)
Trust-by-Authentication (TBA)
• Verification of user identity by means of safe information, e.g.,
passwords
• Example: Applied in the Internet
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
22
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Possibilities for an e-mail sender in adding location information
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
23
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
3. Anti-Spam Framework using IPclip
Can location information (LI) in SMTP be forged?
• Yes, but forged LI in SMTP can be detected
• First MTA knows it is the first one
– LI in SMTP options may not exist at the first MTA
– LI in IP only exists at first MTA
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
24
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Mail flows between Alice, Bob & Peter (different provider nets)
Status Field
Removal Flag
Peering Flag
Source Flag
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
Trustability Flag
25
Complementing E-Mails with Distinct, Geographic Location Information in Packet-switched IP Networks
Comparison DKIM, SPF, IPclip
Why IPclip, differences/benefits compared to DKIM, SPF
DKIM
SPF
IPclip
Performance impact
associated with
scanning, encrypting
and decrypting
messages
Internet domain
owner must publish a
complete list of every
allowed network path
Packet processing in wire speed
No „forwarding problem“
No 100 % spam
protection
No 100 % spam
protection
Another trigger for
classifying/tracing spam
MIT 2008 Spam Conference, Cambridge,
MA, USA, March 27-28
26