Micro protocol engineering for unstructured carriers: On the embedding of steganographic control protocols into audio transmissions

Network steganography conceals the transfer of sensitive information within unobtrusive data in computer networks. So-called micro protocols are communication protocols placed within the payload of a network steganographic transfer. They enrich this transfer with features such as reliability, dynamic overlay routing, or performance optimization --- just to mention a few. We present different design approaches for the embedding of hidden channels with micro protocols in digitized audio signals under consideration of different requirements. On the basis of experimental results, our design approaches are compared, and introduced into a protocol engineering approach for micro protocols.Comment: 20 pages, 7 figures, 4 table

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

An intelligent radio access network selection and optimisation system in heterogeneous communication environments

PhDThe overlapping of the different wireless network technologies creates heterogeneous communication environments. Future mobile communication system considers the technological and operational services of heterogeneous communication environments. Based on its packet switched core, the access to future mobile communication system will not be restricted to the mobile cellular networks but may be via other wireless or even wired technologies. Such universal access can enable service convergence, joint resource management, and adaptive quality of service. However, in order to realise the universal access, there are still many pending challenges to solve. One of them is the selection of the most appropriate radio access network. Previous work on the network selection has concentrated on serving the requesting user, but the existing users and the consumption of the network resources were not the main focus. Such network selection decision might only be able to benefit a limited number of users while the satisfaction levels of some users are compromised, and the network resources might be consumed in an ineffective way. Solutions are needed to handle the radio access network selection in a manner that both of the satisfaction levels of all users and the network resource consumption are considered. This thesis proposes an intelligent radio access network selection and optimisation system. The work in this thesis includes the proposal of an architecture for the radio access network selection and optimisation system and the creation of novel adaptive algorithms that are employed by the network selection system. The proposed algorithms solve the limitations of previous work and adaptively optimise network resource consumption and implement different policies to cope with different scenarios, network conditions, and aims of operators. Furthermore, this thesis also presents novel network resource availability evaluation models. The proposed models study the physical principles of the considered radio access network and avoid employing assumptions which are too stringent abstractions of real network scenarios. They enable the implementation of call level simulations for the comparison and evaluation of the performance of the network selection and optimisation algorithms

Performance analysis and application development of hybrid WiMAX-WiFi IP video surveillance systems

Traditional Closed Circuit Television (CCTV) analogue cameras installed in buildings and other areas of security interest necessitates the use of cable lines. However, analogue systems are limited by distance; and storing analogue data requires huge space or bandwidth. Wired systems are also prone to vandalism, they cannot be installed in a hostile terrain and in heritage sites, where cabling would distort original design. Currently, there is a paradigm shift towards wireless solutions (WiMAX, Wi-Fi, 3G, 4G) to complement and in some cases replace the wired system. A wireless solution of the Fourth-Generation Surveillance System (4GSS) has been proposed in this thesis. It is a hybrid WiMAX-WiFi video surveillance system. The performance analysis of the hybrid WiMAX-WiFi is compared with the conventional WiMAX surveillance models. The video surveillance models and the algorithm that exploit the advantages of both WiMAX and Wi-Fi for scenarios of fixed and mobile wireless cameras have been proposed, simulated and compared with the mathematical/analytical models. The hybrid WiMAX-WiFi video surveillance model has been extended to include a Wireless Mesh configuration on the Wi-Fi part, to improve the scalability and reliability. A performance analysis for hybrid WiMAX-WiFi system with an appropriate Mobility model has been considered for the case of mobile cameras. A security software application for mobile smartphones that sends surveillance images to either local or remote servers has been developed. The developed software has been tested, evaluated and deployed in low bandwidth Wi-Fi wireless network environments. WiMAX is a wireless metropolitan access network technology that provides broadband services to the connected customers. Major modules and units of WiMAX include the Customer Provided Equipment (CPE), the Access Service Network (ASN) which consist one or more Base Stations (BS) and the Connectivity Service Network (CSN). Various interfaces exist between each unit and module. WiMAX is based on the IEEE 802.16 family of standards. Wi-Fi, on the other hand, is a wireless access network operating in the local area network; and it is based on the IEEE 802.11 standards

Internet of Underwater Things and Big Marine Data Analytics -- A Comprehensive Survey

The Internet of Underwater Things (IoUT) is an emerging communication ecosystem developed for connecting underwater objects in maritime and underwater environments. The IoUT technology is intricately linked with intelligent boats and ships, smart shores and oceans, automatic marine transportations, positioning and navigation, underwater exploration, disaster prediction and prevention, as well as with intelligent monitoring and security. The IoUT has an influence at various scales ranging from a small scientific observatory, to a midsized harbor, and to covering global oceanic trade. The network architecture of IoUT is intrinsically heterogeneous and should be sufficiently resilient to operate in harsh environments. This creates major challenges in terms of underwater communications, whilst relying on limited energy resources. Additionally, the volume, velocity, and variety of data produced by sensors, hydrophones, and cameras in IoUT is enormous, giving rise to the concept of Big Marine Data (BMD), which has its own processing challenges. Hence, conventional data processing techniques will falter, and bespoke Machine Learning (ML) solutions have to be employed for automatically learning the specific BMD behavior and features facilitating knowledge extraction and decision support. The motivation of this paper is to comprehensively survey the IoUT, BMD, and their synthesis. It also aims for exploring the nexus of BMD with ML. We set out from underwater data collection and then discuss the family of IoUT data communication techniques with an emphasis on the state-of-the-art research challenges. We then review the suite of ML solutions suitable for BMD handling and analytics. We treat the subject deductively from an educational perspective, critically appraising the material surveyed.Comment: 54 pages, 11 figures, 19 tables, IEEE Communications Surveys & Tutorials, peer-reviewed academic journa

Power control for WCDMA

This project tries to introduce itself in the physical implementations that make possible the denominated third generation mobile technology. As well as to know the technology kind that makes possible, for example, a video-call in real time. During this project, the different phases passed from the election of WCDMA like the access method for UMTS will appear. Its coexistence with previous network GSM will be analyzed, where the compatibility between systems has been one of the most important aspects in the development of WCDMA, the involved standardization organisms in the process, as well as the different protocols that make the mobile communications within a network UTRAN possible. Special emphasis during the study of the great contribution that has offered WCDMA with respect to the control of power of the existing signals will be made. The future lines that are considered in the present, and other comment that already are in their last phase of development in the field of the mobile technology. UMTS through WCDMA can be summarized like a revolution of the air interface accompanied by a revolution in the network of their architecture

Cross-VM network attacks & their countermeasures within cloud computing environments

Cloud computing is a contemporary model in which the computing resources are dynamically scaled-up and scaled-down to customers, hosted within large-scale multi-tenant systems. These resources are delivered as improved, cost-effective and available upon request to customers. As one of the main trends of IT industry in modern ages, cloud computing has extended momentum and started to transform the mode enterprises build and offer IT solutions. The primary motivation in using cloud computing model is cost-effectiveness. These motivations can compel Information and Communication Technologies (ICT) organizations to shift their sensitive data and critical infrastructure on cloud environments. Because of the complex nature of underlying cloud infrastructure, the cloud environments are facing a large number of challenges of misconfigurations, cyber-attacks, root-kits, malware instances etc which manifest themselves as a serious threat to cloud environments. These threats noticeably decline the general trustworthiness, reliability and accessibility of the cloud. Security is the primary concern of a cloud service model. However, a number of significant challenges revealed that cloud environments are not as much secure as one would expect. There is also a limited understanding regarding the offering of secure services in a cloud model that can counter such challenges. This indicates the significance of the fact that what establishes the threat in cloud model. One of the main threats in a cloud model is of cost-effectiveness, normally cloud providers reduce cost by sharing infrastructure between multiple un-trusted VMs. This sharing has also led to several problems including co-location attacks. Cloud providers mitigate co-location attacks by introducing the concept of isolation. Due to this, a guest VM cannot interfere with its host machine, and with other guest VMs running on the same system. Such isolation is one of the prime foundations of cloud security for major public providers. However, such logical boundaries are not impenetrable. A myriad of previous studies have demonstrated how co-resident VMs could be vulnerable to attacks through shared file systems, cache side-channels, or through compromising of hypervisor layer using rootkits. Thus, the threat of cross-VM attacks is still possible because an attacker uses one VM to control or access other VMs on the same hypervisor. Hence, multiple methods are devised for strategic VM placement in order to exploit co-residency. Despite the clear potential for co-location attacks for abusing shared memory and disk, fine grained cross-VM network-channel attacks have not yet been demonstrated. Current network based attacks exploit existing vulnerabilities in networking technologies, such as ARP spoofing and DNS poisoning, which are difficult to use for VM-targeted attacks. The most commonly discussed network-based challenges focus on the fact that cloud providers place more layers of isolation between co-resided VMs than in non-virtualized settings because the attacker and victim are often assigned to separate segmentation of virtual networks. However, it has been demonstrated that this is not necessarily sufficient to prevent manipulation of a victim VM’s traffic. This thesis presents a comprehensive method and empirical analysis on the advancement of co-location attacks in which a malicious VM can negatively affect the security and privacy of other co-located VMs as it breaches the security perimeter of the cloud model. In such a scenario, it is imperative for a cloud provider to be able to appropriately secure access to the data such that it reaches to the appropriate destination. The primary contribution of the work presented in this thesis is to introduce two innovative attack models in leading cloud models, impersonation and privilege escalation, that successfully breach the security perimeter of cloud models and also propose countermeasures that block such types of attacks. The attack model revealed in this thesis, is a combination of impersonation and mirroring. This experimental setting can exploit the network channel of cloud model and successfully redirects the network traffic of other co-located VMs. The main contribution of this attack model is to find a gap in the contemporary network cloud architecture that an attacker can exploit. Prior research has also exploited the network channel using ARP poisoning, spoofing but all such attack schemes have been countered as modern cloud providers place more layers of security features than in preceding settings. Impersonation relies on the already existing regular network devices in order to mislead the security perimeter of the cloud model. The other contribution presented of this thesis is ‘privilege escalation’ attack in which a non-root user can escalate a privilege level by using RoP technique on the network channel and control the management domain through which attacker can manage to control the other co-located VMs which they are not authorized to do so. Finally, a countermeasure solution has been proposed by directly modifying the open source code of cloud model that can inhibit all such attacks

Communication and time distortion

Communication systems always suffer time distortion. At the physical layer asynchrony between clocks and motion-induced Doppler effects warp the time scale, while at higher layers there are packet delays. Current wireless underwater modems suffer a significant performance degradation when communication platforms are mobile and Doppler effects corrupt the transmitted signals. They are advertised with data rates of a few kbps, but the oil and gas industry has found them useful only to around 100 bps. In our work, time-varying Doppler is explicitly modeled, tracked and compensated. Integrated into an iterative turbo equalization based receiver, this novel Doppler compensation technique has demonstrated unprecedented communication performance in US Navy sponsored field tests and simulations. We achieved a data rate of 39kbps at a distance of 2.7km and a data rate of 1.2Mbps at a distance of 12m. The latter link is capable of streaming video in real-time, a first in wireless underwater communication. Time distortion can also be intentional and be used for communication. We explore how much information can be conveyed by controlling the timing of packets when sent from their source towards their destination in a packet-switched network. By using Markov chain analysis, we prove a lower bound on the maximal channel coding rate achievable at a given blocklength and error probability. Finally, we propose an easy-to-deploy censorship-resistant infrastructure, called FreeWave. FreeWave modulates a client's Internet traffic into acoustic signals that are carried over VoIP connections. The use of actual VoIP connections allows FreeWave to relay its VoIP connections through oblivious VoIP nodes, hence keeping the FreeWave server(s) unobservable and unblockable. When the VoIP channel suffers packet transfer delays, the transmitted acoustic signals are time distorted. We address this challenge and prototype FreeWave over Skype, the most popular VoIP system