1 / 16

Collaborative policy development at M3AAWG VTASIG and LAP DNC

ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014). Collaborative policy development at M3AAWG VTASIG and LAP DNC. Hein Dries-Ziekenheiner VIGILO (itu@vigilo.nl). Introduction. VIGILO www.vigilo.nl M3AAWG (Mobile Messaging Malware Anti Abuse Workgroup) www.m3aawg.org

avedis
Download Presentation

Collaborative policy development at M3AAWG VTASIG and LAP DNC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014) Collaborative policy development at M3AAWG VTASIG and LAP DNC Hein Dries-Ziekenheiner VIGILO (itu@vigilo.nl)

  2. Introduction • VIGILO • www.vigilo.nl • M3AAWG (Mobile Messaging Malware Anti Abuse Workgroup) • www.m3aawg.org • LAP (London Action Plan) • www.londonactionplan.org

  3. VTASIG • Formed out of M3AAWG membership • Larger (North American, European carriers, ISPs, Senders) • In co-operation with LAP (especially DNC group) • Text book definition: public private partnership

  4. VTASIG • Goal: bring down complaints on Voip abuse • Robocalls • Illegal telemarketing • Fraud • Policy development for three phases: • Short term • Mid term • Long term

  5. Short term • *50 -> CDRs to regulator • Next hop • Find Originator of abuse (enforcement) • Charge back? • Agency determines applicability • Consumer Carrier “Charges Back” upstream carriers • VoIP, Cable-Co, Telco and OTT must adhere to abuse reporting standard • Honeypots • Trace back (P-ANI)

  6. Charge-Back Model *50 M3AAWG 30th General Meeting | San Francisco, February 2014 Agencies Regulators CDR Sharing $5/call Bad CDR’s In or Out of Band Abuse Reporting / Billing Charge Back Charge Back $12/call $10/call $15 / Call Initiates *50

  7. (P)Honey Pots • Goal: gather intelligence using honey pots • Currently: large data set gathered from TNs that were abandoned for abuse CDRs of incoming calls(+1) • CRTC Working on receiving regular numbers from telco’s (more +1) • Georgia Tech: currently working on data to gather information and actionable intelligence

  8. Honey Pots

  9. Honey Pots

  10. Mid term • Do Not Call list • Abuse from outside SS7 network • Intended mostly for VOIP->SS7 gateways • Compares CgPN to list of “Do not Spoof” (SS7 based consumer) numbers

  11. Mid Term • User initiated blocking? • Taking away legal/regulatory barriers

  12. Mid Term • RFC 3325 P-Asserted-Identity • PAI Header for carriers to assert identiy (CID) of user • Also for privacy options • Creates a Trusted domain • Subject to common spec(T) • Could even work in hybrid networks (SS7/VOIP with SS7/ISUP trust bits)

  13. Mid Term

  14. Mid Term • User initiated blocking? • Taking away legal/regulatory barriers

  15. Long term • STIR • Others will present on this • M3AAWG/LAP follow development • Consider implications

  16. Conclusions and recommendations No silver bullet International co-operation (PPP) required National level: keep eye out for complaint levels ..And respond with Best Practices defined internationally For regulators: join LAP Industry: join M3AAWG Together:VTASIG Brussels, Montreal, Boston, SF Further info: itu@vigilo.nl www.vigilo.nl

More Related