Peter Danielis ShlS Di kDi - uni-rostock.de · 2008. 4. 28. · • Locationinformationas valuepart ofan IP option IP Type IP Length IPclip Type Status Field Latitude Latitude (cont.)

Complementing E‐Mails withp gDistinct, Geographic Location Information

in Packet‐switched IP Networks

Stephan Kubisch, Harald Widiger, Peter Danielis,J S h l Di k TiJens Schulz, Dirk Timmermann

{stephan.kubisch;peter.danielis}@uni‐rostock.de

University of RostockInstitute of Applied Microelectronics and Computer Engineering

Thomas Bahls, Daniel Duchow

{thomas.bahls;daniel.duchow}@nsn.com

Nokia Siemens NetworksNokia Siemens NetworksBroadband Access Division

Greifswald, Germany

MIT 2008 Spam Conference, Cambridge, MA, USA, March 27‐28

Complementing E‐Mails with Distinct, Geographic Location Information in Packet‐switched IP Networks

OutlineOutline

1. Introduction & Motivation

2. The General IPclip Mechanism2. The General IPclip Mechanism

3. Anti‐Spam Framework using IPclip1. Modifying the E‐Mail Header

2. A Typical Mail Flowyp

3. Requirements and Constraints

4 Advantages4. Advantages

4. Summary


2

Complementing E‐Mails with Location Information in Packet‐switched IP Networks

1 Introduction & Motivation1. Introduction & Motivation• Lack of user trustworthiness in the

We do have a spam problem!

Lack of user trustworthiness in the mass‐medium InternetSpam: Masses of unsolicited bulk e‐mails delivered by SMTP

• What can be done against spam? – Detect Trace Prevent

• Available anti‐spam tools trigger on e‐mail and header content

• Data can be forged: Spammers lie!g p

• Anti‐spam examples– DomainKeys Identified Mail (DKIM) No 100% solutiony ( )– Sender Policy Framework (SPF)– SpamAssassin– … and many more

No 100% solutionout there!


3


1 Introduction & Motivation1. Introduction & MotivationPublic Switched Telephone Network vs. Internet

Public Switched Telephone Network

• Line‐switched

p

Line switched

• Call number identifies access line and an address

Internet

• Packet‐switched• IP addresses are ambiguous!

SMTP and the Internet lack both TBW and TBA!How do we restore the user's belief in e‐mail services?


How do we restore the user s belief in e mail services?

4


OutlineOutline







4. Summary


5


2 The General IPclip Mechanism2. The General IPclip MechanismIPclip is used to provide a useful degree of TBW in IP networks

• IPclip = IP Calling Line Identification PresentationL ti i f ti ( GPS) i dd d t h IP

p p g

• Location information (e.g., GPS) is added to each IP packet as IP option Location information in IP

h b h b h d f k– Either by the user or by the access node of an access network

GPS

User

GPS

Access Node with IPclip @ Pos (x,y)

Internet

Verified Location Information

GPS

Unverified Location Information

No Location Information


6


2 The General IPclip Mechanism2. The General IPclip MechanismWhat kind of location information do we use?

• IP header can contain IP options

• IP options show a type‐length‐value structureopt o s s o a type e gt a ue st uctu e• Location information as value part of an IP option

IP Type IP Length LatitudeIPclip Type Status FieldLatitude (cont.) Longitude

Port Access Node ID

ype e g a udec p ype S a us e dAccessPadding


7


2 The General IPclip Mechanism2. The General IPclip MechanismAccess network most reasonable place for adding/verifying LI

• Access node is the 1st trustworthy network elementU id d l i i f i l l ifi d h

p g/ y g

– User provided location information solely verified here– Access port + access node ID as complementary information

Access NetworkBroadband

AccessServer

Metro/Core Network

UserAccess Node (ID = 0xab)

Linecards

Server

ISP...Access Ports

Aggregation

IPclip


8

IPclip


2 The General IPclip Mechanism2. The General IPclip MechanismUsing IPclip for ensuring trustworthy location information (LI) in IP

• User provided LI trustworthyif within access node‘s

g p g y f ( )

(0;1) (1;1)

if within access node‘ssubscriber catchment area(SCA)

Alice sends Position (0.2;0.7)

Alice’s Flags = user provided,(SCA)

• IPclip on access node setsfl f ld d d

Eve’s Flags = network

Alice s Flags user provided, trusted

Access Node @ Position (0.5;0.5)

Alice @ Position (0.2;0.7)

flags in status field dependingon LI‘s trustworthiness Eve sends Position (1.2;1.4)

Eve s Flags network provided, untrusted

Access Node's SCA (normalized coords)

(0;0) (1;0)Eve @ Position

(0.3;0.2)Status Field

RemovalFlag

PeeringFlag

Source Flag

TrustabilityFlag


9

Access Node s SCA (normalized coords)Flag Flag Flag Flag


2 The General IPclip Mechanism2. The General IPclip MechanismUsing IPclip for ensuring trustworthy location information (LI)

• User provided LI trustworthyif within access node‘s

g p g y ( )

(0;1) (1;1)

if within access node‘ssubscriber catchment area Alice sends Position (0.2;0.7)

Alice’s Flags = user provided,Source/

TrustabilityInterpretation Status

Flags

User provided / d

User LI i

00Eve’s Flags = network

Alice s Flags user provided, trusted

Access Node @ Position (0.5;0.5)

Alice @ Position (0.2;0.7)

untrusted incorrect.

User provided / trusted

User LI correct. 01 Eve sends Position (1.2;1.4)

Eve s Flags network provided, untrusted

Network provided/ untrusted

User LI incorrectand replaced.

10

Network provided No user LI. AN‘s 11Access Node's SCA (normalized coords)

(0;0) (1;0)Eve @ Position

(0.3;0.2)


10

/ trusted LI added. Access Node s SCA (normalized coords)


OutlineOutline







4. Summary


11


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipHow to use IPclip and location information for fighting spam?

• IPclip adds location information on layer 3 as IP option• Mail transfer agents (MTAs) terminate IP We need location

p g g p

• Mail transfer agents (MTAs) terminate IP We need locationinformation on application layer (SMTP)

The firstMTA copies location information in IP to e‐mailThe firstMTA copies location information in IP to e‐mailheader as location information in SMTPFrom -

Return-Path:


12

Received: from ...


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipTypical mail flow between Alice & Bob (same provider network)yp ( p )

2Access Node(IP li bl )

BobAlice4

3

MTA1

B

(IPclip-capable)

User Host

Mail Transfer Agent15

MTA2A

B Mail Transfer Agent(IPclip-capable)


13


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclip4 cases can be distinguished when an e‐mail arrives at an MTA

• These 4 different possibilities regarding the existence of locationinformation (LI) in IP and LI in SMTP represent our framework

g

information (LI) in IP and LI in SMTP represent our framework

LI in IP LI in SMTP Interpretation

Fi t MTAFirst MTAInsert LI in SMTP

E‐mail originates from

2

different provider domain

Not first MTAForward e‐mail

5

Something went wrongTreat with special care


14


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipTypical mail flow between Alice & Bob (same provider network)yp ( p )

2Access Node(IP li bl )

BobAlice4

3

MTA1

B

(IPclip-capable)

User Host

Mail Transfer Agent15

MTA2A

B Mail Transfer Agent(IPclip-capable)


15


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipRequirements and constraints for IPclip in this use case

• Fully IPclip‐terminated domain, e.g., a self‐contained provider network

q p

contained provider network– IPclip is mandatory at all access nodes

• IPclip capable IP stack in relevant network• IPclip‐capable IP stack in relevant networkdevices– MTAs must understand location information (LI) in IPMTAs must understand location information (LI) in IP– MTAs must copy LI in IP to e‐mail header as LI in SMTP– Mail User Agents or anti‐spam tools must understand g pLI in SMTP to take advantage of it


16


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipPrivacy issues – revelation of sensitive user LI?

• IPclip supports removal of location information(LI) in IP

y

(LI) in IP• IPclip‘s status field contains removal flag (RF)

RF i di t l f LI i SMTP t i i t‘ MTA

Status Field

Removal Flag (RF) Peering Flag Source Flag Trustability Flag

– RF indicates removal of LI in SMTP at recipient‘s MTA– Source and trustability flag not removed Trigger foranti‐spam mechanisms without revealing LIanti spam mechanisms without revealing LI

• Use an encrypted format for LI


17


3 Anti Spam Framework using IPclip3. Anti‐Spam Framework using IPclipAdvantagesg

Beneficial Aspect Explanation BenefitBeneficial Aspect Explanation Benefit

1. Tracing Spam Tracing based on geographiclocation information

More exact than WHOIS lookups of IP addresses

2. Classifying Spam Status flags are additional, More reliable classification of2. Classifying Spam Status flags are additional, trustworthy triggers for anti‐spam tools like SpamAssassin

More reliable classification ofspam


18


OutlineOutline







4. Summary


19


4 Summary4. Summary• Conceptual anti‐spam framework using IPclip

• IPclip adds location information (LI, e.g., GPS) to each IP packetp

• IPclip guarantees LI’s trustworthiness (Trust‐by‐Wire)

IP li bl MTA LI i IP t il h d

• Benefits of the proposed approach

• IPclip‐capable MTAs copy LI in IP to e‐mail header as LI in SMTP

1. More precise tracing of spam by means of LI

• Benefits of the proposed approach

2. More reliable classification of spam by means oftrustworthy status flags


20


Thank you! Any questions?

peter.danielis@uni‐rostock.dehttp://www.imd.uni‐rostock.de/networking


21

Documents

Peter Danielis ShlS Di kDi - uni-rostock.de · 2008. 4. 28. · • Locationinformationas valuepart ofan IP option IP Type IP Length IPclip Type Status Field Latitude Latitude (cont.)