Cybersecurity experts in ITU-T’s Study Group 17 are exploring available methodologies to mitigate denial of service (DoS) attacks and short message service (SMS) spam by determining the origin of electronic communications when this becomes necessary. The work will also better enable settlements for carrying traffic over IP networks, and provide consumer protection from cyber crimes such as stalking and child pornography.
Specifically the group is working on a new Recommendation ITU-T Trace back use case and capabilities (temporarily designated X.tb-ucc). The work is in its early stages and collecting use cases and methodologies from which technical needs will be determined.
Currently there are many ways to find out the origin of network traffic, but it is possible to “spoof” source addresses. The new work will examine the diverse R&D accomplished over the past several years in many research institutions and consider the needs for operators and users for a trusted means of determining the source of traffic.
For example, telecoms operators are keen to find trusted trace back mechanisms where phantom traffic could be costing them millions of dollars a year. SMS and VOIP (voice over IP) traffic often comes from Internet gateways, and operators may claim a right to charge the originators for delivering it. Consumers are also seeking trusted CallerID capabilities globally that constitute one form of trusted traceback.
Many companies and institutions have provided input material.
Experts anticipate that the resulting Recommendation should describe a broad array of use-cases, as well as generally support the very substantial body of existing legal, regulatory, and industry business requirements for traceback worldwide, including the protection of personal information. The implementation in individual countries is as always subject to requirements specific to national jurisdiction.