The slides from MDSec's presentation at HackInTheBox KUL 2013. The presentation describes attacks that can be used to deduce spoken conversations from encrypted VoIP communications. The presentation uses Skype as a case study.
44Con 2014: GreedyBTS - Hacking Adventures in GSMiphonepentest
This presentation examines insecurities in the 2.5G GSM protocol and demonstrates GreedyBTS; a platform for fingerprinting and exploiting cellular devices, including interception of SMS and voice data.
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.
The document discusses modifying a Motorola C123 phone to perform passive listening on GSM networks and turn the phone into a basic base transceiver station (BTS). It provides background on GSM, describes dumping the phone's DSP firmware to analyze it, implementing custom tasks to perform passive listening, and work in progress on proof-of-concept efforts to transmit synchronization bursts and dummy traffic to function as a BTS. The presentation concludes by thanking contributors to open source GSM projects.
This document discusses open sourcing GSM baseband firmware to allow for free cellphone firmware, security research of cellphone networks, and disruptive competition. It notes challenges include closed chipset and network equipment industries and lack of learning materials. It promotes GSM due to its simplicity, worldwide deployment, and hackable hardware. It introduces the Osmocom project which produces open source GSM baseband software and describes its features and code structure.
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
This document discusses how location tracking attacks can be carried out in LTE networks using the Interworking Functionality (IWF). It summarizes that while LTE offers good security on the air interface, the Diameter protocol is as insecure as SS7 when it comes to location disclosure attacks. The document shows how SS7 attacks can be ported to LTE/Diameter networks using IWFs, allowing an attacker to obtain a victim's IMSI and track their location down to the cell ID level. It concludes by recommending countermeasures like adhering to security standards and efficient filtering to prevent such IWF-based location tracking attacks.
GSM is a 2G mobile communication system that provides voice and data services. It uses TDMA and FDMA to allow multiple users to access the network simultaneously. The key components of a GSM network are the radio subsystem including the BTS, BSC and MS; the network and switching subsystem including the MSC, HLR, VLR; and the operation subsystem including the OMC, AuC and EIR. GSM provides services like telephony, SMS, and data transmission using bearer channels while ensuring security, anonymity and authentication of users.
The GSM network architecture consists of three major subsystems: the network and switching subsystem (NSS), the base station subsystem (BSS), and the operation and support subsystem (OSS). The BSS is composed of the base transceiver station (BTS), base station controller (BSC), and transcoder (TCU/TRAU). The BTS handles radio transmission/reception, the BSC manages radio resources and handles radio call processing, and the TCU converts between GSM and PSTN/ISDN formats. The NSS contains the mobile switching center (MSC), home location register (HLR), visitor location register (VLR), and equipment identity register (EIR), which manage subscriber
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community and have been extensively discussed for years. However, my smartphone’s settings do not provide the means to shut down the GSM radio to prevent my phone from connecting to a potentially insecure GSM access point. Instead, I have the option to turn off LTE, the fastest mobile network.
This is not the only confusing aspect of mobile network security. Given LTE’s mutual authentication and strong encryption scheme result, there is a general assumption that LTE rogue base stations are not possible. However, before the connection authentication step, any mobile device implicitly trusts (and exchanges a substantial amount of messages with) any LTE base station, legitimate or not, that advertises itself with the right parameters. Such implicit trust and unprotected messages can be exploited to block mobile devices and track their location.
Finally, it is generally assumed that Stingrays and IMSI catchers are expensive equipment that require downgrading the connection of mobile devices to GSM. However, a basic fully-LTE IMSI catcher can be implemented by means of low-cost software radio and slight modification of a well known open-source implementation of the LTE stack.
This talk will present an exploration of the security of LTE networks, as well as experimentation results of passive eavesdropping threats, LTE protocol exploits to block mobile devices and a location leak that allows tracking mobile devices as the connection is handed off from tower to tower.
44Con 2014: GreedyBTS - Hacking Adventures in GSMiphonepentest
This presentation examines insecurities in the 2.5G GSM protocol and demonstrates GreedyBTS; a platform for fingerprinting and exploiting cellular devices, including interception of SMS and voice data.
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.
The document discusses modifying a Motorola C123 phone to perform passive listening on GSM networks and turn the phone into a basic base transceiver station (BTS). It provides background on GSM, describes dumping the phone's DSP firmware to analyze it, implementing custom tasks to perform passive listening, and work in progress on proof-of-concept efforts to transmit synchronization bursts and dummy traffic to function as a BTS. The presentation concludes by thanking contributors to open source GSM projects.
This document discusses open sourcing GSM baseband firmware to allow for free cellphone firmware, security research of cellphone networks, and disruptive competition. It notes challenges include closed chipset and network equipment industries and lack of learning materials. It promotes GSM due to its simplicity, worldwide deployment, and hackable hardware. It introduces the Osmocom project which produces open source GSM baseband software and describes its features and code structure.
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
This document discusses how location tracking attacks can be carried out in LTE networks using the Interworking Functionality (IWF). It summarizes that while LTE offers good security on the air interface, the Diameter protocol is as insecure as SS7 when it comes to location disclosure attacks. The document shows how SS7 attacks can be ported to LTE/Diameter networks using IWFs, allowing an attacker to obtain a victim's IMSI and track their location down to the cell ID level. It concludes by recommending countermeasures like adhering to security standards and efficient filtering to prevent such IWF-based location tracking attacks.
GSM is a 2G mobile communication system that provides voice and data services. It uses TDMA and FDMA to allow multiple users to access the network simultaneously. The key components of a GSM network are the radio subsystem including the BTS, BSC and MS; the network and switching subsystem including the MSC, HLR, VLR; and the operation subsystem including the OMC, AuC and EIR. GSM provides services like telephony, SMS, and data transmission using bearer channels while ensuring security, anonymity and authentication of users.
The GSM network architecture consists of three major subsystems: the network and switching subsystem (NSS), the base station subsystem (BSS), and the operation and support subsystem (OSS). The BSS is composed of the base transceiver station (BTS), base station controller (BSC), and transcoder (TCU/TRAU). The BTS handles radio transmission/reception, the BSC manages radio resources and handles radio call processing, and the TCU converts between GSM and PSTN/ISDN formats. The NSS contains the mobile switching center (MSC), home location register (HLR), visitor location register (VLR), and equipment identity register (EIR), which manage subscriber
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community and have been extensively discussed for years. However, my smartphone’s settings do not provide the means to shut down the GSM radio to prevent my phone from connecting to a potentially insecure GSM access point. Instead, I have the option to turn off LTE, the fastest mobile network.
This is not the only confusing aspect of mobile network security. Given LTE’s mutual authentication and strong encryption scheme result, there is a general assumption that LTE rogue base stations are not possible. However, before the connection authentication step, any mobile device implicitly trusts (and exchanges a substantial amount of messages with) any LTE base station, legitimate or not, that advertises itself with the right parameters. Such implicit trust and unprotected messages can be exploited to block mobile devices and track their location.
Finally, it is generally assumed that Stingrays and IMSI catchers are expensive equipment that require downgrading the connection of mobile devices to GSM. However, a basic fully-LTE IMSI catcher can be implemented by means of low-cost software radio and slight modification of a well known open-source implementation of the LTE stack.
This talk will present an exploration of the security of LTE networks, as well as experimentation results of passive eavesdropping threats, LTE protocol exploits to block mobile devices and a location leak that allows tracking mobile devices as the connection is handed off from tower to tower.
VoLTE Flows and legacy CS network. Basic call routing to and from CS network using BGCF, MGCF, MGW. ENUM role in routing. IMS Cetralized Services (IMC) and SRVCC scenarios.
1) The document discusses the evolution of cellular networks from 1G to 4G and some of their key architectures and technologies. It covers early analog 1G networks like AMPS and the transition to digital 2G networks like GSM.
2) GSM network architecture is explained including the base station subsystem, network switching subsystem, and operation support subsystem. Security mechanisms in GSM like authentication using SIM cards and encryption of user data is also summarized.
3) Mobile IP is introduced as a solution for allowing mobile hosts to stay reachable as they move between networks. It works by having the mobile host register its new location with its home agent, which can then forward packets to the mobile host's current foreign agent and location
Mobile technology refers to devices that allow access to information from any location. This document discusses two mobile technologies: GSM and CDMA.
GSM uses FDMA and TDMA to allow multiple users to share the available frequency band. It provides international roaming and good call quality. CDMA uses direct sequence spread spectrum to allow multiple users to use the entire available spectrum simultaneously. It provides higher capacity than GSM and other technologies. Both have advantages and disadvantages depending on users' needs.
This document provides a summary of lectures on cellular networks given at the Department of Electrical Engineering at University of Qatar. It discusses the basics of cellular networks including multiple access techniques used like FDMA, TDMA, and CDMA. It describes the evolution of cellular technologies from 1G to 4G including GSM, 3G, HSPA, and LTE. Key aspects covered include network architecture, frequency bands, protocols, and mobility management in cellular systems.
The document provides information on the evolution of wireless networks from 1G to 3G. It discusses the key components and architecture of cellular systems including base stations, mobile switching centers and their connection to the public switched telephone network. It also compares the differences between wireless and wired networks, and describes some of the limitations of early wireless networking. Finally, it covers topics like traffic routing, circuit switching, packet switching and the X.25 protocol.
5g technology is a unique combination of high speed internet access , low latency , high reliability & seamless coverage which will support no. of vehicles & transport infrastructure. 5G platform will impact many industries like automotive , entertainment, agriculture , manufacturing and IT. As per the research forecast “IOT will account for one quarter of the global 41 million 5G connections in 2024”, out of these ¾ of the devices will be auto industry via embedded vehicle connections.
There are wide range of applications that will benefit from 5G ultra fast networks and real time responsiveness of the network.These properties of 5G technology are very important for many applications of IOT e.g self driven cars , intelligent transportation which demands very low latency .This will be a great boom for interactive mobile gaming which is bandwidth hungry application. 5G technology enables us to control more devices remotely in various applications where real time network performance is critical, like remote control of vehicles. It focuses on worker safety as well as monitoring environment. 5G technology is not focusing on improving speed , but this will prove best in evolution of business etc. IOT in 5G have excelled in connecting number of phones , tablets and other devices, however connecting cars , meters, sensors require more advanced business models.
This document provides an overview of the architecture of a GSM network. It describes the key components including the mobile station consisting of the terminal and SIM card. It outlines the base station subsystem containing the BTS and BSC. It also explains the network and switching subsystem which manages communication between mobile users and includes databases like HLR, VLR, EIR, and MSC to store subscriber information and handle switching functions.
Mobile networks use radio frequencies to allow cellular devices to connect to a network of base stations. Base stations transmit and receive signals within assigned frequency bands to serve mobile terminals in a given coverage area. As terminals move between areas covered by different base stations, the network performs handoffs to transfer service to the closest base station. This study examines how mobility on public transportation impacts the performance of HSPA cellular networks in delivering bandwidth-intensive applications to mobile users.
Mobile networks use radio frequencies to allow cellular devices to connect to a network of base stations. Base stations transmit and receive signals within assigned frequency bands to serve mobile terminals in a given coverage area. As terminals move between areas covered by different base stations, the network performs handoffs to transfer service to the closest base station. A study measured the impact of mobility on HSPA networks, finding that mobility reduced available bandwidth for users on public transportation due to increased handoffs and interference between cells.
The document discusses cellular network basics and the evolution of cellular network generations from 0G to 4G. It covers key aspects of 2G cellular networks including GSM standards, channels, frequencies, architecture involving mobile stations, base station subsystems, switching subsystems, and location and handoff procedures. It also provides an overview of 3G networks and the transition from 2G technologies like GSM to 3G standards like UMTS, discussing services and performance improvements with each generation.
The document discusses cellular network basics and the evolution of cellular network generations from 0G to 4G. It covers key aspects of 2G cellular networks including GSM standards, channels, frequencies, architecture involving mobile stations, base station subsystems, switching subsystems, and location and handoff procedures. It also provides an overview of 3G networks and the transition from 2G technologies like GSM to 3G standards like UMTS, discussing services and performance improvements with each generation.
The document provides an overview of the Global System for Mobile communications (GSM) network. It discusses why GSM was chosen, including factors like deregulation, competition, customer needs, and technological advances. The core sections describe GSM's system architecture, including the mobile station, base station subsystem, network switching subsystem, and their components. Call flows and key services like teleservices, bearer services, and supplementary services are also outlined.
This document provides an overview of UMTS network architecture and components. It describes the key elements of the UMTS Release 99 core network, including the circuit switched and packet switched domains. It also discusses the radio access network (UTRAN) and its components such as the radio network controller (RNC) and Node B. Finally, it summarizes the functions of the mobile switching center (MSC) and media gateway (MGW) in the UMTS network.
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
The document describes how to intercept mobile phone conversations and intercept text messages by exploiting vulnerabilities in the SS7 protocol. It explains how to collect a target's private information from the HLR like IMSI and location. It then shows how an attacker can spoof being an MSC or HLR to intercept calls and SMS, or conduct denial of service attacks by monopolizing the network's resources through endless signaling requests. The goal is to illustrate real threats to mobile network security from vulnerabilities in SS7 and inter-network connectivity.
The document provides an introduction to the Global System for Mobile Communications (GSM) digital cellular network. It describes that GSM networks use digital technology and operate across international boundaries in a consistent manner. It then discusses key aspects of GSM including its frequencies, features, network components, and how frequency reuse allows for increased call capacity.
GSM was developed in 1991 as the first digital cellular network standard used by mobile phones. It has become the global standard for mobile communications, operating in over 219 countries. While intended to be secure, GSM has vulnerabilities that allow different types of attacks on various parts of the network. The network structure includes the base station subsystem, network and switching subsystem, and optional GPRS core network which allows packet-based internet connections.
GSM is the most widely used mobile network standard in the world. It has evolved over time through technologies like GPRS, EDGE, and 3G to increase data speeds. EDGE (Enhanced Data rates for GSM Evolution) improves on GPRS by using more advanced modulation like 8-PSK to achieve higher data rates of up to 473kbps. While an upgrade from GPRS, EDGE remains compatible with existing GSM networks and requires only software and hardware upgrades to BTS. It provides broadband-like speeds and supports both packet-switched and circuit-switched data services. EDGE saw widespread adoption and helped delay the rollout of costly 3G networks while meeting the growing demand for mobile data
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
This document provides information on various intranet, extranet, and wide area network (WAN) technologies. It discusses unified threat management (UTM), content distribution networks (CDN), software-defined networking (SDN), metropolitan area networks (MAN), and common WAN concepts and technologies including CSU/DSU, switching, frame relay, X.25, and asynchronous transfer mode (ATM).
The document provides an overview of the Network Coding Research Group (NWCRG) and its activities. It discusses network coding and its potential benefits. It outlines several open research areas related to applying network coding in packet networks like the Internet. It also proposes a functional decomposition of a network coding system into areas like coding, reliability, and congestion control.
VoLTE Flows and legacy CS network. Basic call routing to and from CS network using BGCF, MGCF, MGW. ENUM role in routing. IMS Cetralized Services (IMC) and SRVCC scenarios.
1) The document discusses the evolution of cellular networks from 1G to 4G and some of their key architectures and technologies. It covers early analog 1G networks like AMPS and the transition to digital 2G networks like GSM.
2) GSM network architecture is explained including the base station subsystem, network switching subsystem, and operation support subsystem. Security mechanisms in GSM like authentication using SIM cards and encryption of user data is also summarized.
3) Mobile IP is introduced as a solution for allowing mobile hosts to stay reachable as they move between networks. It works by having the mobile host register its new location with its home agent, which can then forward packets to the mobile host's current foreign agent and location
Mobile technology refers to devices that allow access to information from any location. This document discusses two mobile technologies: GSM and CDMA.
GSM uses FDMA and TDMA to allow multiple users to share the available frequency band. It provides international roaming and good call quality. CDMA uses direct sequence spread spectrum to allow multiple users to use the entire available spectrum simultaneously. It provides higher capacity than GSM and other technologies. Both have advantages and disadvantages depending on users' needs.
This document provides a summary of lectures on cellular networks given at the Department of Electrical Engineering at University of Qatar. It discusses the basics of cellular networks including multiple access techniques used like FDMA, TDMA, and CDMA. It describes the evolution of cellular technologies from 1G to 4G including GSM, 3G, HSPA, and LTE. Key aspects covered include network architecture, frequency bands, protocols, and mobility management in cellular systems.
The document provides information on the evolution of wireless networks from 1G to 3G. It discusses the key components and architecture of cellular systems including base stations, mobile switching centers and their connection to the public switched telephone network. It also compares the differences between wireless and wired networks, and describes some of the limitations of early wireless networking. Finally, it covers topics like traffic routing, circuit switching, packet switching and the X.25 protocol.
5g technology is a unique combination of high speed internet access , low latency , high reliability & seamless coverage which will support no. of vehicles & transport infrastructure. 5G platform will impact many industries like automotive , entertainment, agriculture , manufacturing and IT. As per the research forecast “IOT will account for one quarter of the global 41 million 5G connections in 2024”, out of these ¾ of the devices will be auto industry via embedded vehicle connections.
There are wide range of applications that will benefit from 5G ultra fast networks and real time responsiveness of the network.These properties of 5G technology are very important for many applications of IOT e.g self driven cars , intelligent transportation which demands very low latency .This will be a great boom for interactive mobile gaming which is bandwidth hungry application. 5G technology enables us to control more devices remotely in various applications where real time network performance is critical, like remote control of vehicles. It focuses on worker safety as well as monitoring environment. 5G technology is not focusing on improving speed , but this will prove best in evolution of business etc. IOT in 5G have excelled in connecting number of phones , tablets and other devices, however connecting cars , meters, sensors require more advanced business models.
This document provides an overview of the architecture of a GSM network. It describes the key components including the mobile station consisting of the terminal and SIM card. It outlines the base station subsystem containing the BTS and BSC. It also explains the network and switching subsystem which manages communication between mobile users and includes databases like HLR, VLR, EIR, and MSC to store subscriber information and handle switching functions.
Mobile networks use radio frequencies to allow cellular devices to connect to a network of base stations. Base stations transmit and receive signals within assigned frequency bands to serve mobile terminals in a given coverage area. As terminals move between areas covered by different base stations, the network performs handoffs to transfer service to the closest base station. This study examines how mobility on public transportation impacts the performance of HSPA cellular networks in delivering bandwidth-intensive applications to mobile users.
Mobile networks use radio frequencies to allow cellular devices to connect to a network of base stations. Base stations transmit and receive signals within assigned frequency bands to serve mobile terminals in a given coverage area. As terminals move between areas covered by different base stations, the network performs handoffs to transfer service to the closest base station. A study measured the impact of mobility on HSPA networks, finding that mobility reduced available bandwidth for users on public transportation due to increased handoffs and interference between cells.
The document discusses cellular network basics and the evolution of cellular network generations from 0G to 4G. It covers key aspects of 2G cellular networks including GSM standards, channels, frequencies, architecture involving mobile stations, base station subsystems, switching subsystems, and location and handoff procedures. It also provides an overview of 3G networks and the transition from 2G technologies like GSM to 3G standards like UMTS, discussing services and performance improvements with each generation.
The document discusses cellular network basics and the evolution of cellular network generations from 0G to 4G. It covers key aspects of 2G cellular networks including GSM standards, channels, frequencies, architecture involving mobile stations, base station subsystems, switching subsystems, and location and handoff procedures. It also provides an overview of 3G networks and the transition from 2G technologies like GSM to 3G standards like UMTS, discussing services and performance improvements with each generation.
The document provides an overview of the Global System for Mobile communications (GSM) network. It discusses why GSM was chosen, including factors like deregulation, competition, customer needs, and technological advances. The core sections describe GSM's system architecture, including the mobile station, base station subsystem, network switching subsystem, and their components. Call flows and key services like teleservices, bearer services, and supplementary services are also outlined.
This document provides an overview of UMTS network architecture and components. It describes the key elements of the UMTS Release 99 core network, including the circuit switched and packet switched domains. It also discusses the radio access network (UTRAN) and its components such as the radio network controller (RNC) and Node B. Finally, it summarizes the functions of the mobile switching center (MSC) and media gateway (MGW) in the UMTS network.
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
The document describes how to intercept mobile phone conversations and intercept text messages by exploiting vulnerabilities in the SS7 protocol. It explains how to collect a target's private information from the HLR like IMSI and location. It then shows how an attacker can spoof being an MSC or HLR to intercept calls and SMS, or conduct denial of service attacks by monopolizing the network's resources through endless signaling requests. The goal is to illustrate real threats to mobile network security from vulnerabilities in SS7 and inter-network connectivity.
The document provides an introduction to the Global System for Mobile Communications (GSM) digital cellular network. It describes that GSM networks use digital technology and operate across international boundaries in a consistent manner. It then discusses key aspects of GSM including its frequencies, features, network components, and how frequency reuse allows for increased call capacity.
GSM was developed in 1991 as the first digital cellular network standard used by mobile phones. It has become the global standard for mobile communications, operating in over 219 countries. While intended to be secure, GSM has vulnerabilities that allow different types of attacks on various parts of the network. The network structure includes the base station subsystem, network and switching subsystem, and optional GPRS core network which allows packet-based internet connections.
GSM is the most widely used mobile network standard in the world. It has evolved over time through technologies like GPRS, EDGE, and 3G to increase data speeds. EDGE (Enhanced Data rates for GSM Evolution) improves on GPRS by using more advanced modulation like 8-PSK to achieve higher data rates of up to 473kbps. While an upgrade from GPRS, EDGE remains compatible with existing GSM networks and requires only software and hardware upgrades to BTS. It provides broadband-like speeds and supports both packet-switched and circuit-switched data services. EDGE saw widespread adoption and helped delay the rollout of costly 3G networks while meeting the growing demand for mobile data
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
This document provides information on various intranet, extranet, and wide area network (WAN) technologies. It discusses unified threat management (UTM), content distribution networks (CDN), software-defined networking (SDN), metropolitan area networks (MAN), and common WAN concepts and technologies including CSU/DSU, switching, frame relay, X.25, and asynchronous transfer mode (ATM).
The document provides an overview of the Network Coding Research Group (NWCRG) and its activities. It discusses network coding and its potential benefits. It outlines several open research areas related to applying network coding in packet networks like the Internet. It also proposes a functional decomposition of a network coding system into areas like coding, reliability, and congestion control.
This document discusses LoRa/LoRaWAN technology. It begins with an overview of LoRa modulation technique and LoRaWAN protocol. It then covers topics like end device activation methods (ABP and OTAA), deployment models (community network, IoT operator, system integrator), and a demonstration of an "IoT village" using ThingsLog devices and The Things Network.
The document provides an overview of wide area network (WAN) technologies and routing concepts. It defines static and dynamic routing, and covers common dynamic routing protocols like RIP and OSPF. The document also describes WAN technologies such as X.25, Frame Relay, ATM, SONET/SDH, FDDI, DSL, broadband cable, and POTS/PSTN. It provides details on T-carrier systems and their international counterparts. The summary concludes with resources for additional learning on networking fundamentals and the MTA 98-366 exam.
This document provides an overview of wide area network (WAN) technologies and routing. It defines routing as managing data flow between network segments and hosts. Routers use routing tables and IP addresses to determine the path for sending data. Dynamic routing protocols like RIP and OSPF dynamically determine routes and update them when network changes occur. Common WAN technologies discussed include Frame Relay, X.25, ATM, SONET, FDDI, and various types of DSL. The document also covers topics like interior gateway protocols, exterior gateway protocols, virtual circuits, and leased lines.
Multiplexing and demultiplexing techniques allow the simultaneous transmission of multiple signals across a single data link. When the bandwidth of a medium is greater than the needs of connected devices, multiplexing can be used to share the link and improve transmission efficiency. At the transmitter, multiplexing involves framing data, adding overhead information, and rate matching. At the receiver, demultiplexing requires data retiming, frame recovery, and parsing. Synchronization is important and is achieved through carrier recovery, clock recovery, and frame recovery. Multiplexing hierarchies like T1 and E1 are commonly used standards.
This document discusses confidentiality using symmetric encryption. It covers key topics like placement of encryption, traffic analysis, key distribution issues and solutions, and generating random numbers. Placement of encryption can be at the link level or end-to-end. Key distribution is a challenge for symmetric encryption, as both parties need to securely share a key. Common approaches involve physical delivery, use of a trusted third party, or deriving new keys from old keys. Generating true randomness is difficult, so pseudorandom number generators are often used instead to produce cryptographically secure random numbers.
MPLS is a forwarding scheme designed to speed up IP packet forwarding by using fixed length labels in packet headers to determine forwarding instead of long IP addresses. MPLS provides fast failure restoration through approaches like local protection which uses label stacking to allow a single bypass tunnel to protect multiple primary label switched paths (LSPs). Frame Relay is a public WAN technology based on packet switching that establishes virtual circuits between user ports to transport variable length data frames. It offers advantages over leased lines like more efficient use of bandwidth and topology flexibility but does not guarantee frame delivery. Asynchronous Transfer Mode (ATM) is a cell switching standard using small fixed size packets to efficiently multiplex different types of digital traffic like voice, data and images.
PWL Seattle #16 - Chord: A Scalable Peer-to-peer Lookup Protocol for Internet...Tristan Penman
Slides from a talk for Papers We Love in Seattle. This talk introduces the Chord protocol and its underlying concept, while also looking at its historical context.
This document discusses various internet network technologies and protocols. It describes wide area networks that connect across large geographical areas using circuit switching, packet switching, frame relay, or asynchronous transfer mode. Packet switching breaks data into packets that are transmitted individually over the network, while circuit switching establishes a dedicated communications path. Frame relay and ATM aim to improve on packet switching by reducing overhead. The document also discusses local area networks, protocol architecture, protocol data units, standards organizations, and tasks to research standards and translate sections of a reference book.
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala
Quantum computing is said to break the Internet by making the underlying encryption ineffective. This session, hosted by ICON@Cisco tells you how Quantum cryptography, which has the potential to protect the Internet, works.
This document provides an overview of Voice over Internet Protocol (VoIP) technology. It describes how VoIP works by converting voice signals to digital data that is transmitted over the Internet using packet switching. Common VoIP protocols like SIP and H.323 are discussed along with VoIP components like softphones, gateways, and codecs. Advantages of VoIP include low cost and flexibility, while disadvantages include reliability issues and lack of service during power outages. The document recommends that most VoIP issues will be addressed by 2008 when it will gain widespread consumer acceptance.
The document proposes an architecture for establishing a distributed IP-PBX communication system using multiple voice registers on different platforms and integrating both packet-switched and circuit-switched networks. It provides background on telecommunication technologies and protocols as well as an example case study of implementing the proposed architecture for a nationwide organization with distributed regional offices connected over an IP network. The case study demonstrates configuration of an Asterisk server and Cisco routers to enable voice communication between the regional branches using both the IP network and public switched telephone network.
Networking began in the 1960s when the US Department of Defense developed early computer networks to withstand a nuclear attack. The document then discusses the basics of networking including definitions of networking and common network types. It also explains the OSI model and its seven layers. Finally, it provides examples of DCS networks from Siemens and ABB that incorporate both Ethernet networks and high-speed serial networks to connect control system devices.
This document proposes enhancing the security of wireless networks using physical layer protection. It discusses weaknesses in conventional encryption systems and proposes encrypting data at the physical layer instead of the MAC layer. This is done by using physical layer transforms like XOR, scrambling, or phase shifting based on a cipher stream. Encrypting at the physical layer makes the decrypted data difficult for hackers to record. Simulation results show the proposed techniques do not degrade communication performance for modulation schemes up to QAM-16 over AWGN channels. Future work includes analyzing different error coding schemes' effects on hacking complexity and exploring joint encryption and error coding.
This document discusses selecting technologies and devices for enterprise networks. It covers remote access technologies like PPP, ISDN, cable modems and DSL. For WANs it discusses leased lines, SONET, Frame Relay and ATM. Selection criteria for remote access devices, VPN concentrators, routers and WAN service providers are provided. Key factors include business needs, cost, performance, security, manageability, supported protocols and geographical coverage.
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...Mathavan N
This document provides an overview of the syllabus for a cognitive radio course. It discusses key topics like SDR architecture, computational processing resources, and interface topologies. The SDR architecture utilizes a radio front end, modem, cryptographic security function, and application function. Computational resources include GPPs, DSPs, and FPGAs to process signals efficiently. Interface topologies in SDR aim to standardize connections between hardware and software components to allow for plug-and-play functionality.
This document provides an overview of the syllabus for the Cognitive Radios course offered by RMK College of Engineering and Technology. It discusses key topics that will be covered including SDR architecture, channel coding and decoding, RF access, IF processing, channel sets, multiple personalities, evolution support, joint control, and top level component interfaces. Standard interfaces in SDR systems are also described such as analog stream, source bit stream, clear bit streams, protected bit stream, IF waveform, RF waveform, and network interface.
Similar to Practical Attacks Against Encrypted VoIP Communications (20)
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
How to Get CNIC Information System with Paksim Ga.pptx
Practical Attacks Against Encrypted VoIP Communications
1. Prac%cal
A)acks
Against
Encrypted
VoIP
Communica%ons
HITBSECCONF2013:
Malaysia
Shaun
Colley
&
Dominic
Chell
@domchell
@mdseclabs
2. Agenda
• This
is
a
talk
about
traffic
analysis
and
paHern
matching
• VoIP
background
• NLP
techniques
• StaNsNcal
modeling
• Case
studies
aka
“the
cool
stuff”
3. Introduc%on
• VoIP
is
a
popular
replacement
for
tradiNonal
copper-‐wire
telephone
systems
• Bandwidth
efficient
and
low
cost
• Privacy
has
become
an
increasing
concern
• Generally
accepted
that
encrypNon
should
be
used
for
end-‐to-‐end
security
• But
even
if
it’s
encrypted,
is
it
secure?
4. Why?
• Widespread
accusaNons
of
wiretapping
• Leaked
documents
allegedly
claim
NSA
&
GCHQ
have
some
“capability”
against
encrypted
VoIP
• “The
fact
that
GCHQ
or
a
2nd
Party
partner
has
a
capability
against
a
specific
the
encrypted
used
in
a
class
or
type
of
network
communica@ons
technology.
For
example,
VPNs,
IPSec,
TLS/SSL,
HTTPS,
SSH,
encrypted
chat,
encrypted
VoIP”.
5. Previous
Work
• LiHle
work
has
been
done
by
the
security
community
• Some
interesNng
academic
research
– Uncovering
Spoken
Phrases
in
Encrypted
Voice
over
IP
CommunicaNons:
Wright,
Ballard,
Coull,
Monrose,
Masson
– Uncovering
Spoken
Phrases
in
Encrypted
VoIP
ConversaNons:
Doychev,
Feld,
Eckhardt,
Neumann
• Not
widely
publicised
• No
proof
of
concepts
7. VoIP
Communica%ons
• Similar
to
tradiNonal
digital
telephony,
VoIP
involves
signalling,
session
iniNalisaNon
and
setup
as
well
as
encoding
of
the
voice
signal
• Separated
in
to
two
channels
that
perform
these
acNons:
– Control
channel
– Data
channel
8. Control
Channel
• Operates
at
the
applicaNon-‐layer
• Handles
call
setup,
terminaNon
and
other
essenNal
aspects
of
the
call
• Uses
a
signalling
protocol
such
as:
– Session
IniNaNon
Protocol
(SIP)
– Extensible
Messaging
and
Presence
Protocol
(XMPP)
– H.323
– Skype
9. Control
Channel
• Handles
sensiNve
call
data
such
as
source
and
desNnaNon
endpoints,
and
can
be
used
for
modifying
exisNng
calls
• Typically
protected
with
encrypNon,
for
example
SIPS
which
adds
TLS
• Ocen
used
to
establish
the
the
direct
data
connecNon
for
the
voice
traffic
in
the
data
channel
10. Data
Channels
• The
primary
focus
of
our
research
• Used
to
transmit
encoded
and
compressed
voice
data
• Typically
over
UDP
• Voice
data
is
transported
using
a
transport
protocol
such
as
RTP
11. Data
Channels
• Commonplace
for
VoIP
implementaNons
to
encrypt
the
data
flow
for
confidenNality
• A
common
implementaNon
is
Secure
Real-‐
Time
Transport
Protocol
(SRTP)
• By
default
will
preserve
the
original
RTP
payload
size
• “None
of
the
pre-‐defined
encryp@on
transforms
uses
any
padding;
for
these,
the
RTP
and
SRTP
payload
sizes
match
exactly.”
13. Codecs
• Used
to
convert
the
analogue
voice
signal
in
to
a
digitally
encoded
and
compressed
representaNon
• Codecs
strike
a
balance
between
bandwidth
limitaNons
and
voice
quality
• We’re
mostly
interested
in
Variable
Bit
Rate
(VBR)
codecs
14. Variable
Bitrate
Codecs
• The
codec
can
dynamically
modify
the
bitrate
of
the
transmiHed
stream
• Codecs
like
Speex
will
encode
sounds
at
different
bitrates
• For
example,
fricaNves
may
be
encoded
at
lower
bitrates
than
vowels
15.
16. Variable
Bitrate
Codecs
• The
primary
benefit
from
VBR
is
a
significantly
beHer
quality-‐to-‐bandwidth
raNo
compared
to
CBR
• Desirable
in
low
bandwidth
environments
– Cellular
– Slow
WiFi
18. Natural
Language
Processing
• Research
techniques
borrowed
from
NLP
and
bioinformaNcs
• Primarily
the
use
of:
– Profile
Hidden
Markov
Models
– Dynamic
Time
Warping
19. Hidden
Markov
Models
• StaNsNcal
model
that
assigns
probabiliNes
to
sequences
of
symbols
• TransiNons
from
Begin
state
(B)
to
End
state
(E)
• Moves
from
state
to
state
randomly
but
in
line
with
transiNon
distribuNons
• TransiNons
occur
independently
of
any
previous
choices
20. Hidden
Markov
Models
• The
model
will
conNnue
to
move
between
states
and
output
symbols
unNl
the
End
state
is
reached
• The
emiHed
symbols
consNtute
the
sequence
Image
from
hHp://isabel-‐drost.de/hadoop/slides/HMM.pdf
21. Hidden
Markov
Models
• A
number
of
possible
state
paths
from
B
to
E
• Best
path
is
the
most
likely
path
• The
Viterbi
algorithm
can
be
used
to
discover
the
most
probable
path
• Viterbi,
Forward
and
Backward
algorithms
can
all
be
used
to
determine
probability
that
a
model
produced
an
output
sequence
22. Hidden
Markov
Models
• The
model
can
be
“trained”
by
a
collecNon
of
output
sequences
• The
Baum-‐Welch
algorithm
can
be
used
to
determine
probability
of
a
sequence
based
on
previous
sequences
• In
the
context
of
our
research,
packet
lengths
can
be
used
as
the
sequences
23. Profile
Hidden
Markov
Models
• A
variaNon
of
HMM
• Introduces
Insert
and
Deletes
• Allows
the
model
to
idenNfy
sequences
with
Inserts
or
Deletes
• ParNcularly
relevant
to
analysis
of
audio
codecs
where
idenNcal
uHerances
of
the
same
phrase
by
the
same
speaker
are
unlikely
to
have
idenNcal
paHerns
24. Profile
Hidden
Markov
Models
• Consider
a
model
trained
to
recognise:
A
B
C
D
• The
model
can
sNll
recognise
paHerns
with
inser&on:
A
B
X
C
D
• Or
paHerns
with
dele&on:
A
B
C
25. Dynamic
Time
Warping
• Largely
replaced
by
HMMs
• Measures
similarity
in
sequences
that
vary
in
Nme
or
speed
• Commonly
used
in
speech
recogniNon
• Useful
in
our
research
because
of
the
temporal
element
• A
packet
capture
is
essenNally
a
Nme
series
26. Dynamic
Time
Warping
• Computes
a
‘distance’
between
two
Nme
series
–
DTW
distance
• Different
to
Euclidean
distance
• The
DTW
distance
can
be
used
as
a
metric
for
‘closeness’
between
the
two
Nme
series
27. Dynamic
Time
Warping
-‐
Example
• Consider
the
following
sequences:
– 0
0
0
4
7
14
26
23
8
3
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
– 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
5
6
13
25
24
9
4
2
0
0
0
0
0
• IniNal
analysis
suggests
they
are
very
different,
if
comparing
from
the
entry
points.
• However
there
are
some
similar
characterisNcs:
– Similar
shape
– Peaks
at
around
25
– Could
represent
the
same
sequence,
but
at
different
Nme
offsets?
30
25
20
15
Series1
10
Series3
5
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
29. Side
Channel
A)acks
• Usually
connecNons
are
peer-‐to-‐peer
• We
assume
that
encrypted
VoIP
traffic
can
be
captured:
– Man-‐in-‐the-‐middle
– Passive
monitoring
• Not
beyond
the
realms
of
possibility:
– “GCHQ
taps
fibre-‐opNc
cables”
hHp://www.theguardian.com/uk/2013/jun/21/gchq-‐cables-‐
secret-‐world-‐communicaNons-‐nsa
– “China
hijacked
Internet
traffic”
hHp://www.zdnet.com/china-‐hijacked-‐uk-‐internet-‐traffic-‐says-‐
mcafee-‐3040090910/
31. Side
Channel
A)acks
• Source
and
DesNnaNon
endpoints
– Educated
guess
at
language
being
spoken
• Packet
lengths
• Timestamps
32. Side
Channel
A)acks
• So
what?......
• We
now
know
VBR
codecs
encode
different
sounds
at
variable
bit
rates
• We
now
know
some
VoIP
implementaNons
use
a
length
preserving
cipher
to
encrypt
voice
data
35. Skype
Case
Study
• ConnecNons
are
peer-‐to-‐peer
• Uses
the
Opus
codec
(RFC
6716):
“Opus
is
more
efficient
when
opera@ng
with
variable
bitrate
(VBR)
which
is
the
default”
• Skype
uses
AES
encrypNon
in
integer
counter
mode
• The
resulNng
packets
are
not
padded
up
to
size
boundaries
37. Skype
Case
Study
• Although
similar
phrases
will
produce
a
similar
paHern,
they
won’t
be
idenNcal:
– Background
noise
– Accents
– Speed
at
which
they’re
spoken
• Simple
substring
matching
won’t
work!
38. Skype
Case
Study
• The
two
approaches
we
chose
make
use
of
the
NLP
techniques:
– Profile
Hidden
Markov
Models
– Dynamic
Time
Warping
39. Skype
Case
Study
• Both
approaches
are
similar
and
can
be
broken
down
in
the
following
steps:
– Train
the
model
for
the
target
phrase
– Capture
the
Skype
traffic
– “Ask”
the
model
if
it’s
likely
to
contain
the
target
phrase
40. Skype
Case
Study
-‐
Training
• To
“train”
the
model,
a
lot
of
test
data
is
required
• We
used
the
TIMIT
Corpus
data
• Recordings
of
630
speakers
of
eight
major
dialects
of
American
English
• Each
speaker
reads
a
number
of
“phoneNcally
rich”
sentences
41. Skype
Case
Study
-‐
TIMIT
“Why
do
we
need
bigger
and
beHer
bombs?”
42. Skype
Case
Study
-‐
TIMIT
“He
ripped
down
the
cellophane
carefully,
and
laid
three
dogs
on
the
Nn
foil.”
44. Skype
Case
Study
-‐
Training
• To
collect
the
data
we
played
each
of
the
phrases
over
a
Skype
session
and
logged
the
packets
using
tcpdump
for((a=0;a<400;a++)); do /
Applications/VLC.app/Contents/MacOS/
VLC --no-repeat -I rc --play-and-exit
$a.rif ; echo "$a " ; sleep 5 ; done !
45. Skype
Case
Study
-‐
Training
• PCAP
file
containing
~400
occurrences
of
the
same
spoken
phrase
• “Silence”
must
be
parsed
out
and
removed
• Fairly
easy
-‐
generally,
silence
observed
to
be
less
than
80
bytes
• Unknown
spikes
to
~100
during
silence
phases
46. Skype
Case
Study
-‐
Silence
Short
excerpt
of
Skype
traffic
of
the
same
recording
captured
3
Nmes,
each
separated
by
5
seconds
of
silence:
47. Skype
Case
Study
-‐
Silence
Approach
to
idenNfy
and
remove
the
silence:
– Find
sequences
of
packets
below
the
silence
threshold,
~80
bytes
– Ignore
spikes
when
we’re
in
a
silence
phase
(i.e.
20
conNnuous
packets
below
the
silence
threshold)
– Delete
the
silence
phase
– Insert
a
marker
to
separate
the
speech
phases
–
integer
222,
in
our
case
– This
leaves
us
with
just
the
speech
phases…..
49. Skype
Case
Study
–
PHMM
A)ack
• Biojava
provides
a
useful
open
source
framework
– Classes
for
Profile
HMM
modeling
– BaumWelch
for
training
– A
dynamic
matrix
programming
class
(DP)
for
calling
into
Viterbi
for
sequence
analysis
on
the
PHMM
• We
chose
this
library
to
implement
our
aHack
50. Skype
Case
Study
–
PHMM
A)ack
• Train
the
ProfileHMM
object
using
the
Baum
Welch
• Query
Viterbi
to
calculate
a
log-‐odds
• Compare
the
log-‐odds
score
to
a
threshold
• If
above
threshold
we
have
a
possible
match
• If
not,
the
packet
sequence
was
probably
not
the
target
phrase
51. Skype
Case
Study
–
DTW
A)ack
• Same
training
data
as
PHMM
• Remove
silence
phases
• Take
a
prototypical
sequence
and
calculate
DTW
distance
of
all
training
data
from
it
• Determine
a
typical
distance
threshold
• Calculate
DTW
distance
for
test
sequence
and
compare
to
threshold
• If
the
distance
is
within
the
threshold
then
likely
match
54. Skype
Case
Study
–
Post
Tes%ng
Cypher:
“I
don’t
even
see
the
code.
All
I
see
is
blonde,
bruneHe,
red-‐head”
55. PHMM
Sta%s%cs
• Recall
rate
of
approximately
80%
• False
posiNve
rate
of
approximately
20%
• PhoneNcally
richer
phrases
will
yield
lower
false
posiNves
• TIMIT
corpus:
“Young
children
should
avoid
exposure
to
contagious
diseases”
56. DTW
Results
• Similarly
to
PHMM
results,
~80%
recall
rate
• False
posiNve
rate
of
20%
and
under
–
again,
as
long
as
your
training
data
is
good.
57. Silent
Circle
-‐
Results
• Not
vulnerable
–
all
data
payload
lengths
are
176
bytes
in
length!
59. Preven%on
• Some
guidance
in
RFC656216
• Padding
the
RTP
payload
can
provide
a
reducNon
in
informaNon
leakage
• Constant
bitrate
codecs
should
be
negoNated
during
session
iniNaNon
60. Further
work
• Assess
other
implementaNons
– Google
Talk
– Microsoc
Lync
– Avaya
VoIP
phones
– Cisco
VoIP
phones
– Apple
FaceTime
• According
to
Wikipedia,
uses
RTP
and
SRTP…Vulnerable?
• Improvements
to
the
algorithms
-‐
Apply
the
Kalman
filter?
61. Conclusions
• Variable
bitrate
codecs
are
unsafe
for
sensiNve
VoIP
transmission
• It
is
possible
to
deduce
spoken
conversaNons
in
encrypted
VoIP
• VBR
with
length
preserving
encrypted
transports
like
SRTP
should
be
avoided
• Constant
bitrate
codecs
should
be
used
where
possible