Kayote Fights Spit
Kayote is co-sponsoring the event and will be presenting a paper entitled “Proposal for a SPIT Prevention Security Model”, to provide a framework for handling SPIT – a phenomenon that could result in millions of unwanted, automated calls being placed to VoIP phones, 24 hours a day. More details about the initiative are available at www.spitprevention.net.
The threat of SPIT looms just over the horizon, with the ever growing popularity of VoIP offerings worldwide providing an attractive user base at the disposal of malicious parties capable of mounting attacks with minimal resources and expenditure. As VoIP technology becomes more widely deployed, it is becoming apparent that security concerns are of primary importance to widespread adoption of VoIP – particularly in full IP to IP communication scenarios.
"VoIP security issues are complex and evolving," commented Baruch Sterman, CEO of Kayote Networks. "SPIT will differ from conventional email SPAM in that telephone calls are immediately invasive. There is no content to mine or inbox to filter and the Caller ID of the call will appear legitimate. Our security initiative provides the tools to profile the call and determine if it is acceptable to the recipient and to pass that information to network elements such as a firewall or Session Border Controller to allow them to filter, reject, or divert suspicious calls accordingly.
“SPIT has not yet brought any businesses to a standstill, but it is clear that existing filters are not engineered to address voice-related security,” said Jon Arnold, Principal of J Arnold & Associates. “VoIP adoption is accelerating, and enterprises need to be looking for solutions today to ensure that they are adequately equipped to prevent SPIT attacks from crippling their IP telephony systems."
Typically, VoIP end users are customers of an ITSP or part of an enterprise. In either case, the end users can usually communicate directly IP to IP with other users within the same organization (perhaps even between enterprise local branches). Security issues in this case can be fully addressed by the providing organization which secures its own “walled garden” behind a perimeter guarding firewall, and so, are not generally seen as problematic. Interconnectivity between organizations, however, presents complex security and trust concerns. Security solutions therefore become both essential and more complicated.
“VoIP users will wake up to 200 messages in their voicemail box, of which the vast majority will be SPIT, entirely unsolicited calls, typically selling totally unwanted ‘medical items’,” commented Eli Katz, CEO and founder of XConnect. “This is a nightmare scenario for VoIP customers and will severely damage the usability of the new generation of cross border, end-to-end IP communications. We launched XConnect to bridge the VoIP islands and create a new-world vision of pure IP communications and security issues, especially SPIT, were top of our agenda. We worked with Kayote to design systems with special heuristics that comprehensively identify and block the spam, enabling a more protected VoIP interconnect world to evolve.”
The conference, “Securing VoIP: Harmonizing Technology and Policy”, is the second in a series of workshops and aims to engage government stakeholders, academic researchers and industry in discussions about the technical challenges and implications to policy and law of securing VoIP networks.
XConnect Global Networks Ltd.
Check Point Software Technologies Ltd.
Kayote Networks Inc.