Spam over Internet Telephony

The fusion of omnipresent telephony and the Internet has brought about Voice-over-IP (VoIP) as a very cost-efficient and location-independent new medium for voice communication. The transfer of telephony functions to the open Internet world also brings about new challenges and threats. The central ones such as call confidentiality and integrity on the level of single data packets have been addressed at an early stage in the design of the VoIP related Internet protocols (SIPS, SRTP, IPSEC). However, it is still possible that major security issues of the Internet 'spill over' to the business-critical telephony functionality.

Spam over Internet Telephony (SPIT) is viewed by many as a daunting threat in that field. SPIT is much more fatal than email spam, for the annoyance and disturbance factor is much higher. In opposition to email, where the gross of SPAM messages can be ignored and filtered without user intervention, the telephony medium is synchronous and requires immediate attention - day or night time. Furthermore, it is hard to tell whether an incoming call is urgent to the callee or SPIT, as the information yielded by the SIP signalling is scarce. Various academic groups and the industry have made some efforts to find ways to mitigate SPIT. Most ideas in that field are leaning on classical IT security concepts such as intrusion detection systems, black-/white-/greylists, Turing tests/computational puzzles, reputation systems, gatekeeper solutions, etc.

SPIT is in everyone's mouth though not yet in everyone's ears. That is, the phenomenon has not yet (as far as we know) emerged in real-world VoIP installations or networks. Only most recently have public VoIP service providers been attacked, probably in a kind of „penetration test" to prepare exploitation (September 2008, see http://www.heise.de/security/Erste-groessere-Attacke-gegen-deutsche-VoIP-Nutzer--/news/meldung/116335). The attack consisted in direct IP SPITting from a single calling number to end-users in various provider domains. This shows the power of direct IP SPIT which does not involve providers' infrastructures.

We identified the lack of a benchmark test bed for SPIT as a serious gap in the current research on the matter, and this motivated us to start working on a first tool for that. We (Andreas U. Schmidt, now at CREATE-NET, together with Nicolai Kuntze and our student Rachid El Khayari at the Fraunhofer Institute for Secure Information Technology SIT) developed a SPIT producing benchmark tool that can attack anti voice spam solutions and . With this tool it is possible for an administrator of a VoIP network to test how vulnerable his system is. The SIP XML Scenario Maker's (SXSM) main task is to simulate operations on the signalling plane of VoIP, i.e. the SIP protocol, through which voice terminals make contact and negotiate communication parameters, which is considered the main gateway for attackers. In our recent paper at the Information Security South Africa Conference (ISSA, www.infosecsa.co.za), see the ArXiv at arxiv.org/abs/0806.1610v1, we show how SXSM can be used conveniently to attack VoIP systems for instance by simulating the behaviour of known and trusted devices. The tool is available on the Google Code (http://code.google.com/p/sxsm/) under GPL v3. Currently we are starting to evaluate first SPIT protection tools and products with it.

Our conclusion from first experience and tests with SXSM is that no single SPIT prevention method alone prevents SPIT. That is why industry researchers such as NEC Europe Laboratories with their VoIPSeal software count on intelligent and adaptive combinations of various methods (http://www.nec.co.jp/press/en/0701/2602.html). But a general solution, independent of infrastructures and special prevention technology, will provide further research and innovation. The main challenge is to build trust between caller and callee in an efficient and effective (i.e. avoiding any disturbance of the callee) way, with minimal changes to the standardised infrastructure.