Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Complementing E‐Mails withp gDistinct, Geographic Location Information
in Packet‐switched IP Networks
Stephan Kubisch, Harald Widiger, Peter Danielis,J S h l Di k TiJens Schulz, Dirk Timmermann
{stephan.kubisch;peter.danielis}@uni‐rostock.de
University of RostockInstitute of Applied Microelectronics and Computer Engineering
Thomas Bahls, Daniel Duchow
{thomas.bahls;daniel.duchow}@nsn.com
Nokia Siemens NetworksNokia Siemens NetworksBroadband Access Division
Greifswald, Germany
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
OutlineOutline
1. Introduction & Motivation
2. The General IPclip Mechanism2. The General IPclip Mechanism
3. Anti‐Spam Framework using IPclip1. Modifying the E‐Mail Header
2. A Typical Mail Flowyp
3. Requirements and Constraints
4 Advantages4. Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
2
Complementing E‐Mails with Location Information in Packet‐switched IP Networks
1 Introduction & Motivation1. Introduction & Motivation• Lack of user trustworthiness in the
We do have a spam problem!
Lack of user trustworthiness in the mass‐medium InternetSpam: Masses of unsolicited bulk e‐mails delivered by SMTP
• What can be done against spam? – Detect Trace Prevent
• Available anti‐spam tools trigger on e‐mail and header content
• Data can be forged: Spammers lie!g p
• Anti‐spam examples– DomainKeys Identified Mail (DKIM) No 100% solutiony ( )– Sender Policy Framework (SPF)– SpamAssassin– … and many more
No 100% solutionout there!
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
3
Complementing E‐Mails with Location Information in Packet‐switched IP Networks
1 Introduction & Motivation1. Introduction & MotivationPublic Switched Telephone Network vs. Internet
Public Switched Telephone Network
• Line‐switched
p
Line switched
• Call number identifies access line and an address
Internet
• Packet‐switched• IP addresses are ambiguous!
SMTP and the Internet lack both TBW and TBA!How do we restore the user's belief in e‐mail services?
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
How do we restore the user s belief in e mail services?
4
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
OutlineOutline
1. Introduction & Motivation
2. The General IPclip Mechanism2. The General IPclip Mechanism
3. Anti‐Spam Framework using IPclip1. Modifying the E‐Mail Header
2. A Typical Mail Flowyp
3. Requirements and Constraints
4 Advantages4. Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
5
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
2 The General IPclip Mechanism2. The General IPclip MechanismIPclip is used to provide a useful degree of TBW in IP networks
• IPclip = IP Calling Line Identification PresentationL ti i f ti ( GPS) i dd d t h IP
p p g
• Location information (e.g., GPS) is added to each IP packet as IP option Location information in IP
h b h b h d f k– Either by the user or by the access node of an access network
GPS
User
GPS
Access Node with IPclip @ Pos (x,y)
Internet
Verified Location Information
GPS
Unverified Location Information
No Location Information
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
6
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
2 The General IPclip Mechanism2. The General IPclip MechanismWhat kind of location information do we use?
• IP header can contain IP options
• IP options show a type‐length‐value structureopt o s s o a type e gt a ue st uctu e• Location information as value part of an IP option
IP Type IP Length LatitudeIPclip Type Status FieldLatitude (cont.) Longitude
Port Access Node ID
ype e g a udec p ype S a us e dAccessPadding
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
7
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
2 The General IPclip Mechanism2. The General IPclip MechanismAccess network most reasonable place for adding/verifying LI
• Access node is the 1st trustworthy network elementU id d l i i f i l l ifi d h
p g/ y g
– User provided location information solely verified here– Access port + access node ID as complementary information
Access NetworkBroadband
AccessServer
Metro/Core Network
UserAccess Node (ID = 0xab)
Linecards
Server
ISP...Access Ports
Aggregation
IPclip
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
8
IPclip
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
2 The General IPclip Mechanism2. The General IPclip MechanismUsing IPclip for ensuring trustworthy location information (LI) in IP
• User provided LI trustworthyif within access node‘s
g p g y f ( )
(0;1) (1;1)
if within access node‘ssubscriber catchment area(SCA)
Alice sends Position (0.2;0.7)
Alice’s Flags = user provided,(SCA)
• IPclip on access node setsfl f ld d d
Eve’s Flags = network
Alice s Flags user provided, trusted
Access Node @ Position (0.5;0.5)
Alice @ Position (0.2;0.7)
flags in status field dependingon LI‘s trustworthiness Eve sends Position (1.2;1.4)
Eve s Flags network provided, untrusted
Access Node's SCA (normalized coords)
(0;0) (1;0)Eve @ Position
(0.3;0.2)Status Field
RemovalFlag
PeeringFlag
Source Flag
TrustabilityFlag
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
9
Access Node s SCA (normalized coords)Flag Flag Flag Flag
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
2 The General IPclip Mechanism2. The General IPclip MechanismUsing IPclip for ensuring trustworthy location information (LI)
• User provided LI trustworthyif within access node‘s
g p g y ( )
(0;1) (1;1)
if within access node‘ssubscriber catchment area Alice sends Position (0.2;0.7)
Alice’s Flags = user provided,Source/
TrustabilityInterpretation Status
Flags
User provided / d
User LI i
00Eve’s Flags = network
Alice s Flags user provided, trusted
Access Node @ Position (0.5;0.5)
Alice @ Position (0.2;0.7)
untrusted incorrect.
User provided / trusted
User LI correct. 01 Eve sends Position (1.2;1.4)
Eve s Flags network provided, untrusted
Network provided/ untrusted
User LI incorrectand replaced.
10
Network provided No user LI. AN‘s 11Access Node's SCA (normalized coords)
(0;0) (1;0)Eve @ Position
(0.3;0.2)
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
10
/ trusted LI added. Access Node s SCA (normalized coords)
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
OutlineOutline
1. Introduction & Motivation
2. The General IPclip Mechanism2. The General IPclip Mechanism
3. Anti‐Spam Framework using IPclip1. Modifying the E‐Mail Header
2. A Typical Mail Flowyp
3. Requirements and Constraints
4 Advantages4. Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
11
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipHow to use IPclip and location information for fighting spam?
• IPclip adds location information on layer 3 as IP option• Mail transfer agents (MTAs) terminate IP We need location
p g g p
• Mail transfer agents (MTAs) terminate IP We need locationinformation on application layer (SMTP)
The firstMTA copies location information in IP to e‐mailThe firstMTA copies location information in IP to e‐mailheader as location information in SMTPFrom -
Return-Path:
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
12
Received: from ...
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipTypical mail flow between Alice & Bob (same provider network)yp ( p )
2Access Node(IP li bl )
BobAlice4
3
MTA1
B
(IPclip-capable)
User Host
Mail Transfer Agent15
MTA2A
B Mail Transfer Agent(IPclip-capable)
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
13
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclip4 cases can be distinguished when an e‐mail arrives at an MTA
• These 4 different possibilities regarding the existence of locationinformation (LI) in IP and LI in SMTP represent our framework
g
information (LI) in IP and LI in SMTP represent our framework
LI in IP LI in SMTP Interpretation
Fi t MTAFirst MTAInsert LI in SMTP
E‐mail originates from
2
different provider domain
Not first MTAForward e‐mail
5
Something went wrongTreat with special care
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
14
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipTypical mail flow between Alice & Bob (same provider network)yp ( p )
2Access Node(IP li bl )
BobAlice4
3
MTA1
B
(IPclip-capable)
User Host
Mail Transfer Agent15
MTA2A
B Mail Transfer Agent(IPclip-capable)
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
15
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipRequirements and constraints for IPclip in this use case
• Fully IPclip‐terminated domain, e.g., a self‐contained provider network
q p
contained provider network– IPclip is mandatory at all access nodes
• IPclip capable IP stack in relevant network• IPclip‐capable IP stack in relevant networkdevices– MTAs must understand location information (LI) in IPMTAs must understand location information (LI) in IP– MTAs must copy LI in IP to e‐mail header as LI in SMTP– Mail User Agents or anti‐spam tools must understand g pLI in SMTP to take advantage of it
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
16
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipPrivacy issues – revelation of sensitive user LI?
• IPclip supports removal of location information(LI) in IP
y
(LI) in IP• IPclip‘s status field contains removal flag (RF)
RF i di t l f LI i SMTP t i i t‘ MTA
Status Field
Removal Flag (RF) Peering Flag Source Flag Trustability Flag
– RF indicates removal of LI in SMTP at recipient‘s MTA– Source and trustability flag not removed Trigger foranti‐spam mechanisms without revealing LIanti spam mechanisms without revealing LI
• Use an encrypted format for LI
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
17
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipAdvantagesg
Beneficial Aspect Explanation BenefitBeneficial Aspect Explanation Benefit
1. Tracing Spam Tracing based on geographiclocation information
More exact than WHOIS lookups of IP addresses
2. Classifying Spam Status flags are additional, More reliable classification of2. Classifying Spam Status flags are additional, trustworthy triggers for anti‐spam tools like SpamAssassin
More reliable classification ofspam
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
18
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
OutlineOutline
1. Introduction & Motivation
2. The General IPclip Mechanism2. The General IPclip Mechanism
3. Anti‐Spam Framework using IPclip1. Modifying the E‐Mail Header
2. A Typical Mail Flowyp
3. Requirements and Constraints
4 Advantages4. Advantages
4. Summary
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
19
Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks
4 Summary4. Summary• Conceptual anti‐spam framework using IPclip
• IPclip adds location information (LI, e.g., GPS) to each IP packetp
• IPclip guarantees LI’s trustworthiness (Trust‐by‐Wire)
IP li bl MTA LI i IP t il h d
• Benefits of the proposed approach
• IPclip‐capable MTAs copy LI in IP to e‐mail header as LI in SMTP
1. More precise tracing of spam by means of LI
• Benefits of the proposed approach
2. More reliable classification of spam by means oftrustworthy status flags
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
20
Complementing E‐Mails with Location Information in Packet‐switched IP Networks
Thank you! Any questions?
peter.danielis@uni‐rostock.dehttp://www.imd.uni‐rostock.de/networking
MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28
21