Threat Analysis of the Session Initiation Protocol Regarding Spam

Abstract

Voice over Internet protocol (VoIP) is becoming increasingly popular due to its significant advantages regarding cost and support of enhanced multimedia services. Despite of the substantial advantages of using the Internet as the transmission medium for voice calls, we can foresee many undesirable uses, especially in terms of spam. VoIP technology may provide new means for the transmission of bulk unsolicited messages and calls (spam over Internet telephony - SPIT), mainly due to the reduced cost compared to traditional telephony. Therefore, mechanisms are essential to address the SPIT problem, while maintaining the advantages of VoIP technology. In this paper we conduct a comprehensive threat analysis that addresses the ascendant VoIP protocol, the session initiation protocol, in terms of its vulnerability regarding SPIT deliverance. Our analysis introduces the requirements that the mechanisms dealing with the SPIT phenomenon should take into account, in order to be feasible and efficient.