Vijay Arvind Balasubramaniyan
Research
Creating robust, scalable, highly available components to provide feature rich VoIP capabilities
A growing class of applications, including VoIP, IM and Presence are
enabled by the Session Initiation Protocol (SIP). To support the rich
functionality required by these applications, resource consumption at a
SIP server varies widely based on request type, state maintained and
routing actions. In addition each call setup utilizes network resources
and is affected by latency, bandwidth and other QoS parameters. We are
trying to determine the cost contributions of each of these blocks on
the performance of SIP components to create a scalable and highly
availabled topography of SIP servers.
The first part of our work has experimentally evaluated the resource
consumption of functionality blocks such as parsing, state maintenance
and memory processing within a representative SIP server, OpenSER, for
different use case scenarios and thus proposed key insights into
mechanisms to increase SIP server scalability. The next part of out
work is twofold
- See the effect of services such as authentication and forking on scalability
- See the effect of network QoS on call setup and call quality
CallRank: Combating VoIP spam using call duration
Voice over Internet Protocol (VoIP) systems relies on an IP network to set up voice calls and transmit voice packets. The growing popularity of VoIP, the relatively low cost of access to IP networks, and the vulnerabilities that exist in systems connected to such networks makes VoIP an attractive tool for spammers. Spammers and telemarketers will use SPIT to make unsolicited calls and to send voice mails for the same purposes for which email spam is currently used. In fact SPIT would be more difficult to handle because of the real-time processing requirements of voice calls. Places which have mature VoIP markets like Japan and Germany have reported many incidents of VoIP spam.
The first stage of voice communication is call setup, a handshake mechanism between the caller and the call recipient after which the phones start ringing. At this stage the only information available is the identity of the caller and the call recipient. It is only after the call recipient accepts the call, that voice media is exchanged. A spam engine that filters based on the media content, however successful it is, will not be able to prevent the phone from constantly ringing. In addition voice packets, unlike email, must be delivered to the user synchronously. Any delay in delivery due to spam engine processing will result in degraded call quality. Thus, an effective method for dealing with SPIT must rely on the identity of the caller rather than call content. However, determining the exact identity of a user on the internet is a hard problem. It is, instead, sufficient if we are able to differentiate between a legitimate caller and a spammer. Our focus is on developing a scheme that achieves this goal.
CallRank is a novel mechanism built around call duration, to differentiate between a legitimate user and a spammer. The approach is motivated by the simple observation that a legitimate user typically makes and receives calls and many of the calls last for significant durations. On the other hand a spammer's/telemarketer's goal is to deliver information to as many people as possible by making a large number of relatively brief calls. A spammer will typically receive no calls or receive a much smaller number of calls. Therefore, the difference in call patterns is that, for a spammer, the call pattern is largely unidirectional while it is bidirectional for legitimate users. We take advantage of this difference in call patterns and use call duration to create call credentials that callers can provide to call recipients as proof of an implicit level of trust.
The following simple scenario shows how our call credential based approach can be used to identify spammers. Assume that Alice makes a call to Bob. If Bob picks up the phone and talks to Alice a call credential can be generated, after completion of the call, signifying that Bob and Alice trust each other enough to have talked for the duration of their call. There are several ways in which call credentials can be created when calls are made. For example, when Alice calls Bob and talks to him for time t, she can create a call credential and provide it to Bob. It is also possible that the recipient of the call, Bob, generates a call credential for Alice or both generate call credentials for each other. CallRank explores a mechanism where a caller provides a call credential to the call recipient when he makes a call to the call recipient. Therefore in our scenario Alice creates a call credential and presents it to Bob and also records that she has spoken to Bob. Following this if Bob talks to Charlie for 15 minutes and then hands a credential capturing this information to Charlie, say CCBC. At a later point in time if Charlie tries to call Alice then he presents CCBC to Alice at call setup time and Alice can accept the call since she knows Bob. Thus for any call we use call credentials to determine Social Network (SN) linkages between the caller and call recipient, thus enabling us to distinguish between legitimate users and spammers.
Social network linkages might not always exist and in such a scenario we also use call duration along with the Eigentrust algorithm to develop a global view of the reputation of all users who either belong to, or interact with a domain. Therefore, for a spammer to be successful in a system that employs CallRank, he must get other legitimate users to call and speak to him for significantly long durations. We believe this will be extremely hard as people will rarely call up a spammer. If they inadvertently do make a call to a spammer, the conversation will not last for very long. CallRank thus provides a VoIP system the necessary robustness against spammers.
Due to the embedded call duration and freshness information in the tokens, the token scheme reveals potentially sensitive information. We are now working on a transferable privacy preserving token system.
Lei Kong, Vijay Arvind Balasubramaniyan, and Mustaque Ahamad. A Lightweight Scheme for Securely and Reliably Locating SIP Users. In Proc. IEEE/IFIP Network Operations & Management Symposium, Vancouver, Canada, April 2006. pdf
Vijay A. Balasubramaniyan, Mustaque Ahamad, and Haesun Park. CallRank: Using Call Duration, Social Networks and PageRank to combat SPIT. In Proc. Fourth Conference on Email and Anti-Spam, Mountain View, California, August 2007. pdf
Vijay A. Balasubramaniyan, Arup Acharya, Mustaque Ahamad, Mudhakar Srivatsa, Italo Dacosta and Charles P. Wright. SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability. Accepted at the 28th International Conference on Distributed Computing Systems (ICDCS 2008), Beijing, China, June 2008. pdf
Italo Dacosta, Vijay Balasubramaniyan, Mustaque Ahamad and Patrick Traynor, Improving Authentication Performance of Distributed SIP Proxies, Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), Atlanta, USA, July 2009.
Vijay A. Balasubramaniyan, Arup Acharya, Mustaque Ahamad, and Charles P. Wright. A method and apparatus for autonomically regulating ratio of stateful to stateless transaction processing for increasing scalability in a network of SIP servers. Filed in April 2007.
Vijay A. Balasubramaniyan, Mustaque Ahamad, Haesun Park. CallRank: Combating SPIT Using Call Duration, Social networks and Global Reputation. Provisional patent filed in August 2007.