Spam and the Limits of Interpersonal Collaboration - PowerPoint PPT Presentation

1 / 56

About This Presentation

Title:

Spam and the Limits of Interpersonal Collaboration

Description:

An e-mail-only solution, hard as it is, won't do. ... How email works (simplified) The rest of us have idiosyncratic service providers ... – PowerPoint PPT presentation

Number of Views:44

Avg rating:3.0/5.0

Slides: 57

Provided by: timgil4

Learn more at: https://cs.nyu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Spam and the Limits of Interpersonal Collaboration

1
Spam and the Limits of Interpersonal
Collaboration

Nathaniel S. Borenstein
IBM Distinguished Engineer
Lotus Chief Antispam Strategist

2
Spam How bad is it really?

1 concern of messaging buyers surveyed.
Each cost estimate is bigger than the last.
Tens or Hundreds of billions?
30 cents for each 100 of GNP?
Bottom line its very, very, very, bad,
and it is absolutely getting worse!
and it is fundamentally unsolvable.
This talk is about long term strategy.
No date/feature/product promises here, sorry!

3
Spam isnt just spam

Spam may be inevitable in open interpersonal
electronic communication the scourge of the
Internet era, a hard limit on human
collaboration.
SPIM, SPIT, blog spam, wiki spam, RSS spam,
Spam and viruses are inseparable.
Phishing is a particularly nasty spam subtype.
An e-mail-only solution, hard as it is, wont do.
It will never be eliminated, only kept in check.

4
Spam is a game, not a puzzle

Puzzles are solved by algorithms
When you edit a document, no one is actively
trying to sabotage you
Games are played by opponents
The spam game has very complex rules
An active adversary changes everything
Lets look at some of the rules

5
How email works (simplified)
How we think of it
6
How email works (simplified)
We all have ISPs
7
How email works (simplified)
Some of us have corporate firewalls data centers
8
How email works (simplified)
The rest of us have idiosyncratic service
providers
9
How email works (simplified)
Of course, our ISPs need firewalls
10
How email works (simplified)
And lets not forget the email relays
11
How email works (simplified)
which come in very heterogeneous flavors
12
How email works (simplified)
and often conceal malicious and clueless parties
13
How email works (simplified)
Then there are opaque routers we cant even see
14
How email works (simplified)
CAs
So we need trusted 3rd parties, like CAs
15
How email works (simplified)
Blacklists
Trusted Data
CAs
CAs
or someone trusted to track a blacklist
16
How email works (simplified)
Filters
Filters
Trusted Data
Blacklists
CAs
CAs
or to filter our email based on its content,
etc.
17
How email works (simplified)
Compliance
Compliance
Filters
Filters
Trusted Data
Blacklists
CAs
CAs
And we need to prove WE arent spammers!
18
How email works (simplified)
Compliance
Compliance
Filters
Filters
Blacklists
Trusted Data
CAs
CAs
The spammers ignore any rules, of course
19
How email works (simplified)
Compliance
Compliance
Filters
Filters
Blacklists
Trusted Data
CAs
CAs
as do the good guys
20
How email works (simplified)
Compliance
Compliance
Filters
Filters
Blacklists
Trusted Data
CAs
CAs
and the vigilantes
21
More complexity ?More vulnerabilities

Not always, but usually
The world is NOT getting simpler
Ever more paths to deception
Ever more sophisticated protection needed
If theres an end in sight, I sure dont see it!

22
Many Techniques can be Helpful

No Silver Bullets, though
Most introduce additional problems
and concerns.
Each has fanatical supporters
who disagree.
The illusion of the best is the enemy of the
good.
Multiple approaches must work well
together!

23
A Single Vendor Solution is an Illusion

New innovations are constantly needed
They cant always come from a single company
(No matter what they claim!)
Users are best served by an open antispam
ecosystem that avoids vendor lock-in
Vendors should help maximize your productivity,
not monopolize your software dollars.

24
IBM Antispam Strategy

Lead the creation of a Comprehensive Model of
Spam Control
Build the best platform for integrating multiple
cooperating technologies
Contribute antispam innovations to the community
where possible.
Engage fully in education, standards, and other
community efforts.

25
Its still a lot harder than it sounds

Cooperative voting by heterogeneous software, for
example
Not much architectural cooperation is visible
among the antispam vendors.
Were inviting them to start.

26
Comprehensive Antispam ModelDraft 0.0.1 Lets
abstract away the details
S
R
27
and we have a series of separate steps over time
Lets abstract away the details
S
R
28
Bad things can happen at any step,but in
practice, most bad things happen in the sender
or receivers organization.
S
R
29
Each message transmission can be expressed as a
vector through the dimensions of time, trust,
and transmission between human minds
S
R
30
If the world were perfect
S
R
31
Filters The Tools you Hate to Love

Filters were our first line of defense.
Today they are our last line of defense.
Were going to need them for a long time.
But they will get much more powerful.

32
A simple filter
Filtering Agent
S
R
Trash
33
A simple filter
Filtering Agent
S
R
Can occur anywhere, Can happen more than
once, Typically twice S and Rs enterprise
Trash
34
An open architecture requires tight integration
to be efficient
SA1
S
R
Fi
Fo
SA2
SA3
Trash
35
An open architecture requires tight integration
to be efficient
SA1
S
R
Fi
Fo
SA2
SA3
Heterogeneous Scoring Agents Cooperatively
Filtering
Trash
36
Email Authentication Technologies

Reliable identity is key to identifying spam.
But Domain identity suffices!
There are many good technologies
DomainKeys, Identified Internet Mail
SPF, Sender-ID, FairUCE
S/MIME, PGP
Biometrics and more
Multiple identity technologies must coexist.

37
Message Verification (simplified)
V1Vn
SA1
S
R
Fi
Fo
SA2
SA3
Sender appends verification information, in hope
of bypassing filters. Verification includes
many payment systems.
Trash
38
Recipient-Driven Verification
V1Vn
C/R
SA1
S
R
Fi
Fo
SA2
SA3
Includes Challenge/Response, computational
challenges, and some payment schemes
Trash
39
Trashing Spam is Too Good for It
V1Vn
C/R
SA1
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
Before we trash it, we might -- archive it,
or -- report it to some jurisdiction(s)
.. Jn
40
Humans dont use protocols
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
Clarity demands differentiating Person to
Person and User Agent to User Agent
.. Jn
41
The Passage of Time Means More Complexity
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
I sell real Estate Viagra!
.. Jn
42
The Passage of Time Means More Complexity
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
I sell real Estate Viagra!
.. Jn
There are new spammers out there!
43
The Passage of Time Means More Complexity
I understand PGP but not S/MIME
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
I sell real Estate Viagra!
.. Jn
There are new spammers out there!
44
The Passage of Time Means More Complexity
I understand PGP but not S/MIME
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
I used to be a spammer but Ive reformed!
T/T
I sell real Estate Viagra!
.. Jn
There are new spammers out there!
45
The Passage of Time Means More Complexity
I understand PGP but not S/MIME
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
I used to be a spammer but Ive reformed!
T/T
I sell real Estate Viagra!
.. Jn
There are new spammers out there!
No he hasnt!
46
Needed a Distributed Spam-related Data Store
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
.. Jn
DSDS
47
Whats a DSDS?
A shared data model, access protocol, access
controls, and spam-related data, including
reputation services
48
DSDS is one major missing piece
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
.. Jn
DSDS
49
But when all is said and done,educating wetware
is what helps most!
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
.. Jn
DSDS
50
And lets not forget the roleof law (and
politics)!
V1Vn
C/R
SA1
R U A
S U A
S
R
Fi
Fo
SA2
SA3
J1 J2
T/T
.. Jn
DSDS
51
The IBM Antispam Strategy (reprise)