1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1247 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security Countering spam Technical framework for countering mobile messaging spam
2、Recommendation ITU-T X.1247 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND
3、 SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.109
4、9 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SEC
5、URITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 PKI related Recommendations X.1340X.1349 CYBERSECURITY INFORMATION EXCHANGE Overview o
6、f cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Ov
7、erview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the l
8、ist of ITU-T Recommendations. Rec. ITU-T X.1247 (03/2016) i Recommendation ITU-T X.1247 Technical framework for countering mobile messaging spam Summary Mobile messaging spam is proliferating dramatically along with the fast development of mobile messaging services. Unfortunately, no single measure
9、has proved to be the silver bullet against mobile messaging spam. Therefore, it is necessary to establish a practical framework for countering mobile messaging spam. Recommendation ITU-T X.1247 gives an overview of mobile messaging anti-spam processes, and proposes a technical framework for counteri
10、ng mobile messaging spam. Entity functions and processing procedures are specified in this framework. In addition, this Recommendation provides information sharing mechanisms against mobile messaging spam within the anti-spam domain and among anti-spam domains. History Edition Recommendation Approva
11、l Study Group Unique ID* 1.0 ITU-T X.1247 2016-03-23 17 11.1002/1000/12600 Keywords Anti-spam, mobile messaging spam, technical framework. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For examp
12、le, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1247 (03/2016) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardiz
13、ation Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which m
14、eets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-T
15、s purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation i
16、s voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“
17、 and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may i
18、nvolve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this R
19、ecommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent databas
20、e at http:/www.itu.int/ITU-T/ipr/. ITU 2016 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1247 (03/2016) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined
21、elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview of anti-spam mobile messaging . 3 7 Structure of anti-spam mobile messaging functions . 4 7.1 General structure 5 7.2 Reference model . 6 7.3 Functions of components 7 8 Technologies of
22、 anti-spam mobile messaging 8 8.1 User feedback mechanisms 8 8.2 Honeypot 8 8.3 Identification method by MNO 8 8.4 Additional enhancement . 9 9 Relationship between anti-spam domains 9 10 Mobile message anti-spam processing . 11 Bibliography. 14 iv Rec. ITU-T X.1247 (03/2016) Introduction Mobile mes
23、saging, including short message service and multimedia message service, is developing very fast due to its low price, high flexibility and ease of use. However, mobile messaging spam is causing disturbances to customers daily lives and has many negative effects. It is difficult to mitigate mobile me
24、ssaging spam effectively using only one solution. When a number of anti-spam technologies are applied to mobile messaging in cooperation, the harm caused by mobile messaging spam could be significantly reduced. Besides, considering that mobile messaging spam is widely spread all over the world, the
25、cooperation among multiple anti-spam domains may lead to a much lower cost and to higher efficiency. Therefore, it is necessary to establish an open framework which accommodates various solutions and supports collaboration mechanisms. The framework is compatible with most anti-spam technologies and
26、it is not limited to particular technical details. The procedures involved in this framework shall require consent to be explicitly granted by the end user of the mobile device and shall conform to national regulations and laws. Rec. ITU-T X.1247 (03/2016) 1 Recommendation ITU-T X.1247 Technical fra
27、mework for countering mobile messaging spam 1 Scope This Recommendation provides a technical framework for countering mobile messaging spam. In this framework, entity functions and processing procedures are specified. The procedures involved in this framework shall require consent to be explicitly g
28、ranted by the end user of the mobile device and must conform to national regulations and laws. In addition, this Recommendation provides information sharing mechanisms against mobile messaging spam within an anti-spam domain and among anti-spam domains. This Recommendation is applicable for short me
29、ssage service (SMS) and multimedia message service (MMS). 2 References None. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 SMS spam b-ITU-T X.1242: Spam sent via SMS. 3.1.2 spam b-ITU-T X.1240: The meaning of the word “spam“ depends o
30、n each national perception of privacy and what constitutes spam from the national technological, economic, social and practical perspectives. In particular, its meaning evolves and broadens as technologies develop, providing novel opportunities for misuse of electronic communications. Although there
31、 is no globally agreed definition for spam, this term is commonly used to describe unsolicited electronic bulk communications over e-mail or mobile messaging for the purpose of marketing commercial products or services. 3.1.3 spammer b-ITU-T X.1240: An entity or a person creating and sending spam. 3
32、.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 anti-spam domain: An independent system which includes an anti-spam management function, an anti-spam monitoring function, an anti-spam processing function and a mobile messaging client. NOTE Functions in
33、the anti-spam domain are subject to the operators unified management. 3.2.2 anti-spam filtering entity: Equipment or system which applies anti-spam measures to filter mobile messages according to filtering rules. It can block the spam, mark messages as suspicious or send messages to the recipient. 3
34、.2.3 anti-spam management functions: A group of functions which are applied to administer and supervise the anti-spam domain, including communicating with other anti-spam domains to share information on spam, generating new filtering rules from spam analysis and delivering them to anti-spam processi
35、ng functions. 2 Rec. ITU-T X.1247 (03/2016) 3.2.4 anti-spam monitoring functions: A group of functions which are applied to monitor and analyse the filtering result of anti-spam processing domain, including validating the suspicious spam captured by honeypot, analysing spam data, generating spam sta
36、tistics and spam analysis results. 3.2.5 anti-spam processing functions: A group of functions which are applied to process mobile messages with filtering rules and policies. It processes messages by blocking spam, sending with special mark or sending messages to the recipient. 3.2.6 false negative:
37、A mobile message spam was erroneously processed as non-spam by filtering system. 3.2.7 false positive: A message was erroneously identified as spam by filtering system. 3.2.8 filtering rules: A set of rules of countering algorithms which are deployed by the anti-spam filtering entity, such as blackl
38、ists/whitelists, similarity threshold and statistical threshold. The filtering rules may also include user-specified filtering rules. 3.2.9 mobile messaging client: The mobile message service subscriber. 3.2.10 mobile messaging spam: Unsolicited electronic communications over mobile messaging servic
39、es, typically consisting of short message service (SMS) spam and multimedia message service (MMS) spam. 3.2.11 multimedia message spam (MMS) spam: Spam sent via MMS. 3.2.12 reporting service: A service which provides to collecting and aggregating subscribers spam report under user permission, regula
40、tions and national laws. 3.2.13 spam analysis report: The analysed result represents the performance of filtering system. It should include false negative/positive rate of filtering, characteristic of message spam, trends of spam and other analysis. 3.2.14 spam statistics: The aggregated spam data r
41、epresents the extent of spam under certain constraint conditions, such as a time interval in an anti-spam domain. It should include the amount of message spam within, entering or leaving domains, proportion of different types of spam, spammer list and other statistical data of spam. 3.2.15 suspiciou
42、s spam: The undetermined mobile message which is suspected of spam. 3.2.16 user report: A complaint from a subscriber receiving spam mobile message. In general, the report may include the receiving time of spam, the mobile subscriber international integrated services digital network/public switched
43、telephone network (ISDN/PSTN) number (MSISDN) of sender and recipient, etc. This report includes information about message incorrectly marked as mobile spam or not marked when it should have been i.e., false positive, false negative. 4 Abbreviations and acronyms This Recommendation uses the followin
44、g abbreviations and acronyms: AO Application Originated AMgmt Anti-spam Mobile messaging management function Amon Anti-spam mobile messaging monitoring function APr Anti-spam mobile messaging Processing function GGSN Gateway GPRS Supporting Node GPRS General Packet Radio Service HPLMN Home Public La
45、nd Mobile Network HTTP HyperText Transfer Protocol Rec. ITU-T X.1247 (03/2016) 3 ISDN Integrated Services Digital Network MAP Mobile Application Part MMS Multimedia Message Service MMSC Multimedia Message Service Centre MNO Mobile Network Operator MO Mobile Oriented MSC Mobile Switching Centre MSISD
46、N Mobile Subscriber International ISDN/PSTN Number MT Mobile Terminated PSTN Public Switched Telephone Network SMPP Short Message Peer-to-Peer SMS Short Message Service SMSC Short Message Service Centre UICC Universal Integrated Circuit Card VPLMN Visited Public Land Mobile Network WAP Wireless Appl
47、ication Protocol 5 Conventions None. 6 Overview of anti-spam mobile messaging As shown in Figure 6-1, short message service (SMS) spam can be created mostly in two ways. One way is that the spammers use spam tools to send bulk messages through sending normal point-to-point short messages with many a
48、cquired or duplicated universal integrated circuit cards (UICC). The other way is that the spammers make use of bulk message sending services offered by service providers by using the operators short message gateway interfaces. Since operators have no effective technical and managerial supervision m
49、echanism on the short message gateway interface, it can be easily utilized by spammers. According to messaging forwarding direction, there are two procedures for the spammers to create SMS spam, named mobile oriented (MO)/application originated (AO) procedure and mobile terminated (MT) procedure. In the MO procedure, the spam generated by spam tools is sent to the short message service centre (SMSC) through related entities of the senders network. In the AO procedure, the short message injected int
