1、 InteITTELECOSTANDAOF ITU SERICOMITU-Ton respamITU-TrnatiU-TMMUNICATRDIZATIONES X: DMUNICX.124al-timX-serional ION SECTORATA NEATIONS5 Sue bloces RecoTelecTWORAND Spplemcking lismmendommuKS, OPECURIent onts forations nicatSSuEN SYSTY framecount Suppion Ueriepplem(TEM work tering Vlementnions Xent 11
2、09/2011based oIP 11 ) ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199OPEN SYSTEMS INTERCONNECTION X.200X.299INTERWORKING BETWEEN NETWORKS X.300X.399MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599OSI NETWORKING AND SYSTEM ASP
3、ECTS X.600X.699OSI MANAGEMENT X.700X.799SECURITY X.800X.849OSI APPLICATIONS X.850X.899OPEN DISTRIBUTED PROCESSING X.900X.999INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029Network security X.1030X.1049Security management X.1050X.1069Telebiometrics X.1080X.1099SECURE APPLICATION
4、S AND SERVICES Multicast security X.1100X.1109Home network security X.1110X.1119Mobile security X.1120X.1139Web security X.1140X.1149Security protocols X.1150X.1159Peer-to-peer security X.1160X.1169Networked ID security X.1170X.1179IPTV security X.1180X.1199CYBERSPACE SECURITY Cybersecurity X.1200X.
5、1229Countering spam X.1230X.1249Identity management X.1250X.1279SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309Ubiquitous sensor network security X.1310X.1339CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519Vulnerability/state exchange X.1520X.1539Event
6、/incident/heuristics exchange X.1540X.1549Exchange of policies X.1550X.1559Heuristics and information request X.1560X.1569Identification and discovery X.1570X.1579Assured exchange X.1580X.1589For further details, please refer to the list of ITU-T Recommendations. X series Supplement 11 (09/2011) i S
7、upplement 11 to ITU-T X-series Recommendations ITU-T X.1245 Supplement on framework based on real-time blocking lists for countering VoIP spam Summary Supplement 11 to ITU-T X-series Recommendations provides a technical framework based on a real-time blocking list (RBL) for countering voice over Int
8、ernet protocol (VoIP) spam, which consists of four functional entities: a VoIP spam prevention system (VSPS), a VoIP spam prevention policy server (VSPPS), an RBL central system for VoIP spam prevention (VSP-RBL), and a user-reputation system (URS). This supplement also specifies the functionalities
9、, procedures, and interfaces of each functional entity for countering VoIP spam. History Edition Recommendation Approval Study Group 1.0 ITU-T X Suppl. 11 2011-09-02 17 Keywords RBL, URS, VoIP, VoIP spam. ii X series Supplement 11 (09/2011) FOREWORD The International Telecommunication Union (ITU) is
10、 the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing
11、Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics.
12、 The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Admin
13、istration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and complian
14、ce with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is require
15、d of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual P
16、roperty Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implemen
17、ters are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written p
18、ermission of ITU. X series Supplement 11 (09/2011) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Terms and definitions . 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this supplement . 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview of VoIP spam . 3 6.1 General aspects .
19、3 6.2 Spam flow . 3 7 Functional architecture for countering VoIP spam . 4 7.1 Overall architecture 4 7.2 VoIP spam prevention system (VSPS) . 5 7.3 VoIP spam prevention policy server (VSPPS) . 5 7.4 RBL central system for VoIP spam prevention (VSP-RBL) 6 7.5 User-reputation system (URS) . 6 7.6 Pro
20、cess for countering VoIP spam . 7 8 RBL update procedures for countering VoIP spam 8 8.1 Global RBL update procedures 8 8.2 Local RBL update procedure 8 Bibliography. 10 X series Supplement 11 (09/2011) 1 Supplement 11 to ITU-T X-series Recommendations ITU-T X.1245 Supplement on framework based on r
21、eal-time blocking lists for countering VoIP spam 1 Scope This supplement to ITU-T X.1245 provides a framework based on RBL for countering VoIP spam. The scope of this supplement consists in: defining the functional architecture for countering VoIP spam, defining four functional entities: VoIP spam p
22、revention system (VSPS), VoIP spam prevention policy server (VSPPS), RBL central system for VoIP spam prevention (VSP-RBL), and user-reputation system (URS) in the framework, describing the procedures and interfaces associated with the functional entities. Compliance with all relevant laws and regul
23、ations should be considered before adopting the anti-spam methods described in this supplement. 2 References None. 3 Terms and definitions 3.1 Terms defined elsewhere This supplement uses the following terms defined elsewhere: 3.1.1 spam b-ITU-T X.1240: The meaning of the word “spam“ depends on each
24、 national perception of privacy and what constitutes spam from the national technological, economic, social and practical perspectives. In particular, its meaning evolves and broadens as technologies develop, providing novel opportunities for misuse of electronic communications. Although there is no
25、 globally agreed definition for spam, this term is commonly used to describe unsolicited electronic bulk communications over e-mail or mobile messaging for the purpose of marketing commercial products or services. 3.1.2 spammer b-ITU-T X.1240: An entity or a person creating and sending spam. 3.1.3 s
26、pam over instant messaging (SPIM) b-ITU-T X.1244: A spam targeting users of instant messaging service. 3.2 Terms defined in this supplement This supplement defines the following terms: 3.2.1 call spam: Unwanted, automatically-dialled and pre-recorded VoIP telephone calls. 3.2.2 global RBL: A set of
27、RBLs which are integrated from local RBLs and managed by VSP-RBL. 3.2.3 inbound domain: Domain to which a call is going. 3.2.4 local RBL: A set of real-time blocking lists (RBLs) managed by a VoIP spam prevention policy server (VSPPS) in each domain. 3.2.5 outbound domain: Domain from which a call i
28、s coming out. 2 X series Supplement 11 (09/2011) 3.2.6 RBL central system for VoIP spam prevention (VSP-RBL): An entity that creates and manages the global real-time blocking list (RBL). 3.2.7 real-time blocking list (RBL): A list of IP addresses or domain names that can be a basis to block immediat
29、ely during VoIP call set-up. 3.2.8 user-reputation system (URS): An entity that calculates the VoIP spam score. 3.2.9 VoIP spam: Spam emerging over VoIP services. 3.2.10 VoIP spam prevention policy server (VSPPS): An entity that creates and manages the local RBL. 3.2.11 VoIP spam prevention system (
30、VSPS): An entity that detects and blocks VoIP spam during the call process. 4 Abbreviations and acronyms This supplement uses the following abbreviations and acronyms: ACS Auto Calling System ACTR Average Call Traffic Rate CBR Call Barring Rate CDR Call Duration Rate CERT Computer Emergency Response
31、 Team CIRT Computer Incident Response Team CRR Call Recipient Rate ICT Inter Call Time IM Instant Messaging IP Internet Protocol IPSec IP Security Protocol IVR Interactive Voice Response P2P Peer to Peer RBL Real-time Blocking List SIP Session Initiation Protocol SPIM SPam over Instant Messaging TCT
32、 Total Call Time TLS Transport Layer Security TTP Trusted Third Party URS User-Reputation System VoIP Voice over Internet Protocol VSP-RBL RBL central system for VoIP Spam Prevention VSPPS Voice Spam Prevention Policy Server VSPS Voice Spam Prevention System X series Supplement 11 (09/2011) 3 5 Conv
33、entions None. 6 Overview of VoIP spam 6.1 General aspects VoIP, like e-mail and other Internet applications, is susceptible to abuse by malicious parties that initiate unsolicited and unwanted communications. Increasingly, telemarketers, prank callers, and other telephone-system abusers, are likely
34、to target VoIP systems. VoIP spam is a kind of real-time voice spam emerging over VoIP services, such as telemarketing that includes communications with a telemarketer and interaction with the IVR system or ACS. The problem with VoIP spam is the difficulty in detecting unwanted calls; after all, it
35、can be assumed that recipients are unaware that they are victims of a VoIP spam until they answer it. As VoIP becomes more and more popular around the world, the threat of VoIP spam is also rapidly increasing. The following list describes the main characteristics of VoIP spam that have the potential
36、 to emerge as threats to VoIP service providers and users: ability to send VoIP spam in bulk and cheaply to unspecified recipients through the Internet, using equipment or software that generates calls and sends messages automatically; ability to circumvent the spam-filtering policies of service pro
37、viders because VoIP spam can be sent directly to a recipient (P2P method); inability to analyse content of voice calls. Unlike the contents of e-mails, which can be analysed before delivery to the recipient, the contents of voice calls are obviously not available for analysis beforehand. This elimin
38、ates the most effective measure that is currently in use to counter e-mail spam; the potential to be more disruptive than e-mail spam because the larger size of voice files can seriously slow down networks; ability for spammers to leave a bogus voice-mail message from a bank, thereby gaining financi
39、al/private information or asking the telephone owner to call a false number. 6.2 Spam flow There are two types of VoIP spam; one is call spam and the other is instant messaging (IM) spam. In this supplement, the VoIP protocols focus only on b-ITU-T H.323 and SIP. Clauses 6.2.1 and 6.2.2 describe the
40、 definition and call flow of each type of spam. 6.2.1 Call spam X Suppl.11(11)_F01Spammer RecipientCall setupRTP (Advertisement)Figure 1 Call spam flow Call spam refers to any of the commercial messages sent via VoIP. Due to the wide array of tools already available to spammers on the Internet, it i
41、s a potential venue for large volumes of unsolicited calls. Figure 1 describes the call spam flow. After call establishment, the spammer will send call spam created by an automatic tool to unspecified recipients. 4 X series Supplement 11 (09/2011) 6.2.2 Instant messaging (IM) spam X Suppl.11(11)_F02
42、Spammer RecipientCall setup (Advertisement)CANCELFigure 2 IM spam flow Instant messaging spam is defined as a bulk unsolicited set of instant messages containing the message that the spammer is seeking to convey. Figure 2 describes the IM spam flow. The spammer sends IM spam in a call setup message.
43、 In the case of e-mail spam, the advertisement is displayed when the e-mail is opened, and the recipient might immediately remove it by checking the title. Since the IM spam in VoIP automatically shows up on the screen in the VoIP terminal, the recipients will be forced to view the advertisement. In
44、 addition, the spammer sends IM spam at little or no cost by putting the telephone down even before a call is established. 7 Functional architecture for countering VoIP spam 7.1 Overall architecture The functional architecture for countering VoIP spam consists of two kinds of domains: outbound domai
45、n and inbound domain. The outbound domain and the inbound domain contain senders and recipients, respectively. The functional architecture consists of four kinds of functional entities as shown in Figure 3: a VoIP spam prevention system, a VoIP spam prevention policy server, an RBL central system fo
46、r VoIP spam prevention, and a user-reputation system. Both domains belong to the VoIP service provider, while VSP-RBL belongs to the trusted third party (TTP), for example CERT, CIRT, or a national authority. The functional architecture is designed to use RBL. Two kinds of RBL are used for counterin
47、g VoIP spam: local RBL and global RBL. The local RBL is created using a VoIP spam score defined in clause 7.5.1, or using a report on VoIP spam from recipients and managed by each VoIP service provider. However, the global RBL is created by integrating the local RBLs and is managed by the TTP. Durin
48、g call set-up, each call is examined by the local RBL in the VSPPS of the outbound domain and is blocked when the IP address or domain name of the sender is already listed in the local RBL. Although not blocked by VSPS based on the local RBL, a call with a VoIP spam feature is immediately blocked wh
49、en the VoIP spam score of the call calculated by URS exceeds the threshold. If the call is not blocked in the outbound domain, the VSPPS and URS of the inbound domain perform the same actions mentioned previously. Otherwise, the call is sent to one or more recipients. The procedures to counter IM spam are performed in the same manner. X series Supplement 11 (09/2011) 5 X Suppl.11(11)_F03URSLocalRBLURSLocalRBLVSPPSVSPSRecipientVSPPSVSPSSenderGlobalRBLVSP-RBLOutbound Domain Inbound DomainVoIP call f
