Collaborative policy development at M3AAWG VTASIG and LAP DNC
description
Transcript of Collaborative policy development at M3AAWG VTASIG and LAP DNC
Geneva, Switzerland, 2 June 2014
Collaborative policy development at M3AAWG VTASIG and LAP DNC
Hein Dries-ZiekenheinerVIGILO ([email protected])
ITU Workshop on “Caller ID Spoofing”
(Geneva, Switzerland, 2 June 2014)
Geneva, Switzerland, 2 June 2014 2
Introduction
VIGILOwww.vigilo.nl
M3AAWG (Mobile Messaging Malware Anti Abuse Workgroup)
www.m3aawg.org
LAP (London Action Plan)www.londonactionplan.org
Geneva, Switzerland, 2 June 2014 3
VTASIG
Formed out of M3AAWG membershipLarger (North American, European carriers, ISPs, Senders)In co-operation with LAP (especially DNC group)
Text book definition: public private partnership
Geneva, Switzerland, 2 June 2014 4
VTASIG
Goal: bring down complaints on Voip abuse
RobocallsIllegal telemarketing Fraud
Policy development for three phases:Short termMid termLong term
Geneva, Switzerland, 2 June 2014 5
Short term
*50 -> CDRs to regulatorNext hop
Find Originator of abuse (enforcement)
Charge back?Agency determines applicabilityConsumer Carrier “Charges Back” upstream carriersVoIP, Cable-Co, Telco and OTT must adhere to abuse reporting standard
HoneypotsTrace back (P-ANI)
Charge-Back Model
*50
M3AAWG 30th General Meeting | San Francisco, February 2014
Initiates*50
AgenciesRegulatorsAgencies
Regulators CDR Sharing
Charge Back
Bad CDR’s
$10/call$12/call
$15 / Call
$5/call
Charge Back
In or Out of Band Abuse Reporting / Billing
Geneva, Switzerland, 2 June 2014 7
(P)Honey Pots
Goal: gather intelligence using honey pots
Currently: large data set gathered from TNs that were abandoned for abuse CDRs of incoming calls(+1)CRTC Working on receiving regular numbers from telco’s (more +1)
Georgia Tech: currently working on data to gather information and actionable intelligence
Geneva, Switzerland, 2 June 2014 8
Honey Pots
Geneva, Switzerland, 2 June 2014 9
Honey Pots
Geneva, Switzerland, 2 June 2014 10
Mid term
Do Not Call listAbuse from outside SS7 networkIntended mostly for VOIP->SS7 gatewaysCompares CgPN to list of “Do not Spoof” (SS7 based consumer) numbers
Mid Term
User initiated blocking?Taking away legal/regulatory barriers
Geneva, Switzerland, 2 June 2014 11
Mid Term
RFC 3325 P-Asserted-IdentityPAI Header for carriers to assert identiy (CID) of userAlso for privacy optionsCreates a Trusted domainSubject to common spec(T)Could even work in hybrid networks (SS7/VOIP with SS7/ISUP trust bits)
Geneva, Switzerland, 2 June 2014 12
Mid Term
Geneva, Switzerland, 2 June 2014 13
Mid Term
User initiated blocking?Taking away legal/regulatory barriers
Geneva, Switzerland, 2 June 2014 14
Geneva, Switzerland, 2 June 2014 15
Long term
STIROthers will present on this
M3AAWG/LAP follow developmentConsider implications
Geneva, Switzerland, 2 June 2014 16
Conclusions and recommendations
No silver bulletInternational co-operation (PPP) requiredNational level: keep eye out for complaint levels..And respond with Best Practices defined internationally
For regulators: join LAPIndustry: join M3AAWG Together:VTASIGBrussels, Montreal, Boston, SF
Further info:[email protected]