Using Secure Real-time Padding Protocol to Secure Voice-over-IP from Traffic Analysis Attacks

Mohanty, Saswat

2011 May 1900

Voice Over IP (VoIP) systems and transmission technologies have now become the norm for many communications applications. However, whether they are used for personal communication or priority business conferences and talks, privacy and confidentiality of the communication is of utmost priority. The present industry standard is to encrypt VoIP calls using Secure Real-time Transport Protocol (SRTP), aided by ZRTP, but this methodology remains vulnerable to traffic analysis attacks, some of which utilize the length of the encrypted packets to infer the language and spoken phrases of the conversation. Secure Real-time Padding Protocol (SRPP) is a new RTP profile which pads all VoIP sessions in a unique way to thwart traffic analysis attacks on encrypted calls. It pads every RTP or SRTP packet to a predefined packet size, adds dummy packets at the end of every burst in a controllable way, adds dummy bursts to hide silence spurts, and hides information about the packet inter-arrival timings. This thesis discusses a few practical approaches and a theoretical optimization approach to packet size padding. SRPP has been implemented in the form of a library, libSRPP, for VoIP application developers and as an application, SQRKal, for regular users. SQRKal also serves as an extensive platform for implementation and verification of new packet padding techniques.

Traffic Analysis

Padding

SRPP

VoIP

Security

Privacy and Anonymity

A Metric for Anonymity based on Subjective Logic

Bni, Asmae

January 2014

Anonymity metrics have been proposed to evaluate anonymity preserving systems by estimating the amount of information displayed by these systems due to vulnerabilities. A general metric for anonymity that assess the latter systems according to the mass and quality of information learned by an attacker or a collaboration of attackers is proposed here. The proposed metric is based on subjective logic, a generalization of evidence and probability theory. As a consequence, we proved based on defined scenarios that our metric provide a better interpretation of uncertainty in the measure and it is extended to combine various sources of information using subjective logic operators. Also, we demonstrate that two factors: trust between collaborating attackers and time can influence significantly the metric result when taking them into consideration.

Anonymity

subjective logic

trust

IDeM: an identity-driven middleware for interoperable and heterogeneous systems

FERRAZ, Felipe Silva

09 September 2016

Submitted by Rafael Santana (rafael.silvasantana@ufpe.br) on 2017-08-30T18:59:54Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Thesis_final_v8_final.pdf: 3606329 bytes, checksum: 9eb076ad648eb48bf1a1cac89fb53d9b (MD5) / Made available in DSpace on 2017-08-30T18:59:54Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Thesis_final_v8_final.pdf: 3606329 bytes, checksum: 9eb076ad648eb48bf1a1cac89fb53d9b (MD5) Previous issue date: 2016-09-09 / In mid-2000s, for the first time in human history, urban cities started to harbor more than half of world's population. The concept of Smart Cities emerged in such context. Smart Cities can be defined as an urban environment where innovative services under an available infrastructure are provided to citizens with the use of information technology (IT). However, even though people use and take advantage of available information, there is a natural resistance to disclosure and expose personal data, which will get known by other citizens and businesses. This generates a sense of insecurity and privacy loss. This thesis explores information security issues related to identity and identifier management and proposes a solution that guarantees the privacy and anonymity of users within interoperable and heterogeneous environments. This thesis proposes a solution based on the creation of a multi identity environment, in which a user has different identities, for different systems using the same identifier, that way it is possible to connect with different services, solutions and others, using the same login but having different representations within each solution, that will guarantee privacy, different level of security and interoperability. The proposed solution is demonstrated through the creation of a middleware within the context of smart cities. Finally, this thesis presents a set of experiments that use the proposed middleware to protect citizens’ sensitive data. / Em meados dos anos 2000, pela primeira vez na história da humanidade, as grandes cidades começaram a abrigar mais da metade da população mundial. É no contexto dessa mudança que surge o conceito de Smart Cities, tal conceito pode ser definido como um ambiente urbano onde, com uso de tecnologia da informação, serviços inovadores e com infraestrutura disponível, são fornecidos para os cidadãos. Em contra ponto a essa dinâmica está o fato de que essas mesmas pessoas, que fazem uso das informações, tem uma resistência natural relacionada a divulgação de seus dados, e que estes sejam expostos e conhecidos por demais cidadões e empresas, gerando um cenário de insegurança e perda de privacidade. Este trabalho explora problemas de segurança da informação relacionados a gerenciamento de identidade e identificadores, propõe a criação de uma solução que permita manter a privacidade e o anonimato de usuários, ainda que anônimo, dentro de ambientes interoperáveis e heterogêneos. Essa tese propõe um solução baseada na creação de um ambiente multi identidade, no qual um usuário terá diferentes identidades, para diferentes sistemas, usando o mesmo identificador, dessa forma é possivel garantir a conexão com diferentes serviços, soluções e outros componentes, usando o mesmo login, por exemplo, porém tendo diferentes representações em cada solução, isso garantirá, entre outros, privacidade, diferentes niveis de segurança e interoperabilidade. Tal solução será descrita na forma de um middleware explorado dentro do contexto de cidades inteligente. Por fim, este trabalho apresentará um conjuntos de experimentos que utilizam o middleware, para proteger dados confidenciais dos cidadãos.

Is this your smart phone? : On connecting MAC-addresses to a specific individual using access point data

Vesterlund, Martin, Wiklund, Viktor

January 2015

Context. The potential to track individuals become greater and greater in the society today. We want to develop a method that is easy to understand so more people can participate in the discussion about the collection, and storing, of seemingly non-invasive device data and personal integrity. Objectives. In this work we investigate the potential to connect a WiFi enabled device to a known individual by analysing log files. Since we want to keep the method as simple as possible we choose to not use machine learning because this might add unnecessary layers of complexity. Methods. The conducted experiments were performed against a test group consisting of six persons. The dataset used consisted of authentication logs from a university WiFi-network collected during a month and data acquired by capturing WiFi-traffic. Results. We were able to connect 67% of the targeted test persons to their smart phones and 60% to their laptops. Conclusions. In this work we conclude that a device identifier in combination with data that can tie it to a location at a given time is to be seen as sensitive information with regard to personal integrity. We also conclude that it is possible to create and use an easy method to connect a device to a given person.

Surveillance mechanisms

Network privacy and anonymity

Social aspects of security and privacy

Mobile devices

Communication Systems

Kommunikationssystem

Computer Sciences

Datavetenskap (datalogi)