Princip hlasové komunikace v IP sítích a její bezpečnost / Voice-over-IP principle and security problems

Bořuta, Petr

January 2008

This master’s thesis deals with security properties of protocols used for VoIP systems. In the first part, there is a description of most commonly used protocols and structure of VoIP systems. This part also discuss signaling and transport protocols. The second part of this paper describes techniques of ensuring quality of services. The next part presents SIP messages and communication. Last part of this paper overviews security risks of VoIP protocol. Practical part of this thesis describes creation of a testing VoIP network, on which several attacks has been made, fallowed by securing of mentioned VoIP network. Result of this thesis is evaluation of security risks connected to VoIP communication.

Analýza bezpečnosti bezdrátových sítí / Analysis of the wireless network security

Bencel, Jozef

January 2009

This master's thesis deals with security of wireless network standard 802.11. There are described security mechanisms as hide SSID, MAC address filtering, WEP, WPA, WPA2 protocols. There are described also the most often kinds of attacks (Denial of Service, disclosure WEP key, Man-in-the-Middle). The work contains investigation of used security mechanisms in wireless networks in parts of Brno. There were used NetStumbler and inSSIDer applications for this measurement. The last part of work contains measurement of security mechanisms (WEP, WPA, WPA2) effect to transfer rate from the point of view of the end user. The measurement was realized with Iperf application.

Metody zajištění bezpečnosti VoIP provozu Open source PBX / Security provisions of VoIP traffic in Open source PBX

Chalás, Jaroslav

January 2010

Main goal of creating the Open Source project and GPL licence are free sources and applications available for a wide public. Competent communities are responsible for support and upgrade of Open source based applications and softwares, which are created on a voluntary bases. Due to this fact an implementation depends on plenty others publicly available libraries and applications, which sometimes complicate the installation process itself. Successfully created VoIP connection is two-phase based process. Signalization is necessary in the first place, which might be supported with H.323 or SIP. After call parameter negotiation – voice codec, cipher code, ports etc, the second phase takes over to transfer voice. Theoretical part of this thesis describes SIP, H.323, MGCP, RTP and IAX protocols, as well as secure ways of signalization and voice stream part of the call. These might be SIPS, SRTP, ZRTP and IPsec. In thesis Open Source Asterisk PBX is well described, when mentioning its options, features and community support. I put near options available for particular releases and introduce attacks and abuses which are possible to perform on the VoIP system in general, together with available, no cost and working tools to perform the attacks with. Practical part focuses on possibilities to generate experimental attacks on individual systen parts with exact definition of what the consequences are. Based on the overall analyse of achieved results I conclude three solutions as autoinstallation linux packages. These „deb“ packages consist of specific Asterisk release required to meet the security needs, ready-to-test configuration and guide to follow with correct options to set. Final security possibilities requires hardening on application layer, where Iptables takes its part. „Linux firewall“ as some express Iptables are configured to reflect VoIP system parameters and protect from DoS attacks.

Zabezpečení VoIP sítí a jejich testování / Protection of VoIP networks and their testing

Ulický, Ivan

January 2013

Main goal of creating this diploma thesis is existence of increasingly amount of potential threats against IP voice networks (VoIP). The thesis is devoted to testing of various types of attacks and provides some possible solutions for this systems as well. The work points out to a various types of current attacks against either insecure or very little secure structures. The theoretical part is dedicated to analyse and description of wide spectrum of VoIP protocols including signaling protocols (SIP, IAX2), transport protocols (RTP, RTCP) and security protocols (SRTP, ZRTP, IPsec, SDES). Further attention is dedicated to the one of possible open source IP PBX solutions called Asterisk. There is shown a variety of possible attacks against this system due to its openness, because open systems always tend to be more susceptible for various attacks as they need an advanced administration and endless need for searching of new trends in area of security. The last block of the theoretical part is focused on common threats and types of attacks against VoIP networks. The practical part is about design and creation of web application called ,,VoIP Hacks using PHP” written in PHP scripting language and ist main task is to execute three basic attacks: eavesdropping, call drop and call flood. There is also a possibility of port scanning of selected network which is added as supplementary part of this application. The application can be comfortably managed from web browser user interface. All captured data can be displayed directly into the web browser. Tests of the application were performed on Google Chrome and Mozzila Firefox browsers. There is an accent placed on cooperation between the application and terminal linux programmes such as Tshark, BYE Teardown, INVITE flooder or Nmap, which all accept commands from web interface and interpret gained output values back to the web browser.

Analysis of Topology Poisoning Attacks in Software-Defined Networking

Thanh Bui, Tien

January 2015

Software-defined networking (SDN) is an emerging architecture with a great potentialto foster the development of modern networks. By separating the controlplane from the network devices and centralizing it at a software-based controller,SDN provides network-wide visibility and flexible programmability to networkadministrators. However, the security aspects of SDN are not yet fully understood.For example, while SDN is resistant to some topology poisoning attacks inwhich the attacker misleads the routing algorithm about the network structure,similar attacks by compromised hosts and switches are still known to be possible.The goal of this thesis is to thoroughly analyze the topology poisoning attacksinitiated by compromised switches and to identify whether they are a threat toSDN. We identify three base cases of the topology poisoning attack, in which theattack that requires a single compromised switch is a new variant of topologypoisoning. We develop proof-of-concept implementations for these attacks inemulated networks based on OpenFlow, the most popular framework for SDN.We also evaluate the attacks in simulated networks by measuring how muchadditional traffic the attacker can divert to the compromised switches. A widerange of network topologies and routing algorithms are used in the simulations.The simulation results show that the discovered attacks are severe in many cases.Furthermore, the seriousness of the attacks increases according to the number oftunnels that the attacker can fabricate and also depends on the distance betweenthe tunnel endpoints. The simulations indicate that network design can help tomitigate the attacks by, for example, shortening the paths between switches in thenetwork, randomizing regular network structure, or increasing the load-balancingcapability of the routing strategy.

Software-defined networking

OpenFlow

Topology poisoning attack

Mobile Devices Attacks / Mobile Devices Attacks

Trebula, Peter

January 2007

Táto práca sa zaoberá bezpečnostnými architektúrami v mobilných zariadeniach a rôznymi formami útokov proti nim. V prvej časti je úvod do bezpečnosti mobilných zariadení a bezpečnostné riziká súvisiace s mobilnými zariadeniami. Sú tu uvedené slabé miesta vo WLAN sieťach a úvod do Bluetooth technológie aj s rizikami. V druhej časti je predstavenie produkčného testovania, ktoré sa využíva u spoločnosti Nokia a popis jednotlivých testov používaných na vyskúšanie funkčnosti zariadení. Rovnako sa v nej nachádza popis architektúry, ktorou sú mobilné zariadenia u spoločnosti Nokia zabezpečené voči rôznym formám útokov viažucim sa na inštalovanie softwaru a testovanie.

Calculating Malware Severity Rating using Threat Tree Analysis

Malhotra, Asheer

09 May 2015

Malware analysts and researchers around the world are looking for innovative means of malware detection and classification. However, one concept of malware analysis that lacks focus is the rating of malware based on their feature set and capabilities. Malware severity rating is needed in order to prioritize the utilization of resources towards the analysis of a malware by an organization. This thesis proposes the utilization of threat trees for calculating malware severity using a goal oriented approach. This approach is applied to a set of sophisticated malware to study its contribution towards articulation of a useful severity rating.

rating

attack trees

malware

threat trees

Attacking Computer Security Using Peripheral Device Drivers

King, Michael Aaron

01 May 2010

Detection of malicious logic on a hardware device is difficult to detect. This thesis proposes a device driver that emulates a hardware device and that device’s software driver. This device driver attacks the target system by accessing the hard disk in order to perform read and write transactions without the knowledge of the operating system or intrusion detection/prevention software. The attacks performed by the driver compromise the confidentiality, integrity, and availability of data on the target system’s disk drive. The attacks performed by the device driver have a less than one percent impact on system performance. This thesis, while tested in a Windows environment, applies to other operating systems (such as Linux/Unix, etc.) and thus has major implications for a wide range of users.

device driver

hardware

computer security

attack

Drone Swarms in Adversarial Environment

Akula, Bhavana Sai Yadav

01 December 2023

Drones are unmanned aerial vehicles (UAVs) operated remotely with the help of cameras, GPS, and on-device SD cards. These are used for many applications including civilian as well as military. On the other hand, drone swarms are a fleet of drones that work together to achieve a special goal through swarm intelligence approaches. These provide a lot of advantages such as better coverage, accuracy, increased safety, and improved flexibility when compared to a single drone. However, the deployment of such swarms in an adversarial environment poses significant challenges. This work provides an overview of the current state of research on drone swarms in adversarial environments including algorithms for swarming formation of robotic attack drones with their strengths and weaknesses as well as the attack strategies used by attackers. This work also outlines the common adversarial counter-attack methods to disrupt drone attacks consisting of detection and destruction of drone swarms along with their drawbacks, a counter UAV defense system, and splitting large-scale drones into unconnected clusters. After identifying several challenges, an optimized algorithm is proposed to split the large-scale drone swarms more efficiently.

Algorithms

Counter-Attack

Drone Swarms

Drones

UAV

Automating security processing of Integration flows : Automating input processing for Attack Simulations using Meta Attack Language and Common Vulnerability and Exposures

Henriksson, Erik, Engberg, Klas

January 2022

In our ever evolving society security becomes more and more important as a lot of our lives move online. Performing security analysis of IT-systems is a cumbersome process requiring extensive domain knowledge and tailored analysis per system. Research shows that manual tasks are error prone. In this thesis we have implemented an automation of performing security analysis of integration flows, building on an earlier project between KTH and SAP. To perform the analysis Common Vulnerability and Exposure-records containing information about vulnerabilities are connected to relevant parts of the system utilizing Meta Attack Language. The vulnerabilities are weighted according to their impact and then attack simulations are performed in the program SecuriCAD. Automating the input for the attack simulations removes an earlier manual task. Utilizing coreLang which is an implementation of MAL that is generally applicable means that the automated process can be used to perform analysis on integration flows in general. Domain knowledge is still needed to configure the automated process. More work can be done in the future to continue automating further tasks in the process. More work can also be done on visualizing security analysis to make the results more available to a general audience / I dagens ständigt expanderande värld som snabbt utvecklas blir säkerhet allt viktigare allteftersom mer av våra liv flyttar in på Internet. Att utföra säkerhetsanalyser av IT-system är en omständlig process som kräver extensiv kunskap om domänen och ofta skräddarsydda lösningar per system. Forskning visar att manuella arbetsuppgifter leder till fler fel än automatiserade processer. I det här examensarbetet har vi implementerat automatisering av säkerhetsanalyser baserade på integrationsflöden. Examensarbetet bygger vidare på ett tidigare projekt mellan KTH och SAP. För att utföra analysen används sårbarheter dokumenterade genom Common Vulnerability and Exposure. Dessa sårbarheter kopplas till relevanta delar av systemet genom användning av Meta Attack Language. Sårbarheterna är viktade i relation till deras påverkan och attacksimuleringar utförs sedan i verktyget SecuriCAD. Automatiseringen av indata i denna process eliminerar en tidigare manuell arbetsuppgift. Användandet av coreLang vilket är en generellt applicerbar implementation av MAL betyder att den automatiserade processen kan appliceras på generalistiska integrationsflöden. Kunskap om domänden behövs fortfarande för att konfigurera den automatiserade processen. I framtiden kan processen utvecklas genom att automatisera andra delar i processen av en säkerhetsanalys. Mer jobb kan även göras för att utveckla visualiseringen av analyserna för att tillgängliggöra resultaten för en bredare publik.

Attack Simulations

Integration Flows

Meta Attack Language

securiCAD.

Attack Simulations

Integration Flows

Meta Attack Language

securiCAD.

Computer and Information Sciences

Data- och informationsvetenskap