This week at the 3GSM World Congress in Barcelona, NEC will be demonstrating its new solution for blocking spam over Internet telephony, also known as SPIT. The technology, called VoIP SEAL, uses a variety of methods to detect and block SPIT before it reaches its destination.
Juergen Quittek of NEC Europe’s Network Laboratories says the challenges presented by SPIT and by e-mail spam are equally unpredictable. “The better our defense methods get, the better the techniques of the spammer will become—so I wouldn’t say that we are prepared for every development in the future,” he says.
Still, Quittek says some key methods help to block incoming SPIT, starting with tests to determine how many calls a remote phone may be making. “If you’re an operator, you can see how often the phone calls others,” he says. “If there’s a regular pattern or if you’ve called too often, then you just don’t assume human or common behavior—and then we classify this caller as a potential source of SPIT.”
The system also uses a Turing test to determine whether a caller is a spammer or not. While the easiest way to do this might be to ask all callers to press a key sequence, say, 5-6, on their phone before the call is connected, Quittek says that NEC, as a Japanese company, has to be particularly concerned about politeness—especially since SPIT isn’t yet a huge problem.
Instead, VoIP SEAL uses a long greeting message, then checks for callers who (or which) start talking before the greeting is done. “If the caller interrupts you significantly while you’re speaking, it’s either a very impolite person, or it’s a machine,” Quittek says. “In both cases, there’s a good reason not to forward the call!”
Alternatively, VoIP SEAL can technically establish the call, opening voice channels in both directions, while still transmitting a ringing sound. “So a human caller would just assume, ‘Oh, the phone is still ringing’ and would not start talking,” Quittek says. “But the spammer, which doesn’t analyze on a logical level the input it gets on the voice channel, would not be able to recognize this.”
VoIP SEAL uses a modular structure to make it easier to update and customize the system. “We need to be flexible in order to be able to respond quickly to new threats, and in order to be able to customize whatever we do well to a given application area or a given scenario,” Quittek says.
Each module-based detection method, Quittek says, contributes a score to the overall method of evaluating SPIT—and each operator can weigh that score according to their preferences. “So you can plug things together and customize your SPIT prevention system,” he says.
Looking forward, Quittek says, the growth of SPIT is all but inevitable, considering that spam phone calls are increasing in frequency even using traditional telephony. “And there, a spammer has to pay a lot for the call,” he says. “It’s cheap for a single call, but if you want to reach millions of customers, the cost factor is about 1,000 compared to doing it over the Internet.”
Quittek says VoIP SEAL is available now—it can be delivered and integrated into any NEC system within two to three months.