DYNAMIC DATA EXFILTRATION OVER COMMON PROTOCOLS VIA SOCKET LAYER PROTOCOL CUSTOMIZATION

Obfuscated data exfiltration perpetrated by malicious actors presents a significant threat to organizations looking to protect sensitive data. Socket layer protocol customization presents the potential to enhance obfuscated data exfiltration by providing a protocol-agnostic means of embedding targeted data within application payloads of established socket connections. Fully evaluating and characterizing this technique will serve as an important step in the development of suitable mitigations. This thesis evaluated the performance of this method of data exfiltration through experimentation to determine its viability and identify its limitations. The evaluation assessed the effectiveness of exfiltration via socket layer customization with various application protocols and characterized its use to determine the most suitable protocols. Basic host-based and network-based security controls were introduced to test the exfiltration method’s ability to bypass typical security controls implemented to prevent data exfiltration. The experimentation results indicate that this exfiltration method is both viable and applicable across multiple application protocols. It proved flexible enough in its design and configuration to bypass basic host-based access controls and general network intrusion prevention system packet inspection. Deep packet inspection was identified as a potential solution; however, the required inspection and filtering granularity might make implementation infeasible.Office of Naval Research, Arlington, VA 22203-1995Outstanding ThesisPetty Officer First Class, United States NavyApproved for public release. Distribution is unlimited

Economic Development Potential through IP Telephony for Namibia

IP telephony, economic growth, telecommunications, ICT, Granger causality, Namibia

Using decoys to block SPIT in the IMS

Includes bibliographical references (leaves 106-111)In recent years, studies have shown that 80-85% of e-mails sent were spam. Another form of spam that has just surfaced is VoIP (Voice over Internet Telephony) spam. Currently, VoIP has seen an increasing numbers of users due to the cheap rates. With the introduction of the IMS (IP Multimedia Subsystem), the number of VoIP users are expected to increase dramatically. This calls for a cause of concern, as the tools and methods that have been used for blocking email spam may not be suitable for real-time voice calls. In addition, VoIP phones will have URI type addresses, so the same methods that were used to generate automated e-mail spam messages can be employed for unsolicited voice calls. Spammers will always be present to take advantage of and adapt to trends in communication technology. Therefore, it is important that IMS have structures in place to alleviate the problems of spam. Recent solutions proposed to block SPIT (Spam over Internet Telephony) have the following shortcomings: restricting the users to trusted senders, causing delays in voice call set-up, reducing the efficiency of the system by increasing burden on proxies which have to do some form of bayesian or statistical filtering, and requiring dramatic changes in the protocols being used. The proposed decoying system for the IMS fits well with the existing protocol structure, and customers are oblivious of its operation

Rapidly deployable satellite communications for emergency situations: the WISECOM trials

This paper presents a general overview of the WISECOM (Wireless Infrastructure over Satellite for Emergency Communications) system, focusing on the trials performed on a specifically developed demonstrator during a live simulation of a disaster event. The WISECOM system is intended to rapidly deploy a complete communications infrastructure in the early hours after a disaster occurs through the integration of several terrestrial networks, such as GSM, WiFi, WiMAX and TETRA, with satellite systems, such as Inmarsat BGAN and DVB-RCS. In order to test the fulfilment of the different capabilities that are required by the system, a demonstrator has been designed, implemented and finally used in a simulation scenario. The architecture of the developed demonstrator is described introducing two versions of the system intended to be used in the different phases after the disaster event. The work details the different capabilities tested on the WISECOM demonstrator, before and during the live simulation, taking into account the drawbacks of already existing solutions for communication in emergency scenarios and analysing the achieved improvements. The main aim of the system is to provide victims and members of rescue forces with voice and data services, such as transmission of images and Location Based Services, in order to improve the coordination of rescue operations and reduce the necessary time until victims receive a proper treatment

A New covert channel over RTP

In this thesis, we designed and implemented a new covert channel over the RTP protocol. The covert channel modifies the timestamp value in the RTP header to send its secret messages. The high frequency of RTP packets allows for a high bitrate covert channel, theoretically up to 350 bps. The broad use of RTP for multimedia applications, including VoIP, provides plentiful opportunities to use this channel. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. Using the reference implementation of this covert channel, bitrates of up to 325 bps were observed. Speed decreases on less reliable networks, though message delivery was flawless with up to 1% RTP packet loss. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP

An emergency communication system based on software-defined radio

Wireless telecommunications represent an important asset for Public Protection and Disaster Relief (PPDR) organizations as they improve the coordination and the distribution of information among first responders in the field. In large international disaster scenarios, many different PPDR organizations may participate to the response phase of disaster management. In this context, PPDR organizations may use different wireless communication technologies; such diversity may create interoperability barriers and degrade the coordination among first time responders. In this paper, we present the design, system integration and testing of a demonstration system based on Software Defined Radio (SDR) technology and Software Communication Architecture (SCA) to support PPDR operations with special focus on the provision of satellite communications. This paper describes the main components of the demonstration system, the integration activities as well as the testing scenarios, which were used to evaluate the technical feasibility. The paper also describes the main technical challenges in the implementation and integration of the demonstration system. Finally future developments for this technology and potential deployment challenges are presented.JRC.G.6-Digital Citizen Securit

Secure mobile VoIP

The rapid growth of computing, the Internet and telecommunications systems have resulted in a broad range of ways to communicate and access information. Voice over Internet Protocol (VoIP) is a Computer Telephony Integration (CTI) solution that transports voice traffic over a data network as an alternative to the Plain Old Telephone Service (POTS). VoIP products promise converged telecommunications and data services that are cheaper, more versatile and provide higher voice quality as compared to traditional offerings. Although VoIP products are rapidly gaining market share with home users, uptake in the enterprise market has remained slow as a result of security and mobility concerns. This paper addresses the issues surrounding VoIP security and mobility through the integration of robust security features into a lightweight VoIP protocol that is tailored for mobile devices. A theoretical approach is realized with the development of a software prototype whose security and mobility properties are analyzed

A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments

Includes abstract.Includes bibliographical references (leaves 134-140).Voice and data have been traditionally carried on different types of networks based on different technologies, namely, circuit switching and packet switching respectively. Convergence in networks enables carrying voice, video, and other data on the same packet-switched infrastructure, and provides various services related to these kinds of data in a unified way. Voice over Internet Protocol (VoIP) stands out as the standard that benefits from convergence by carrying voice calls over the packet-switched infrastructure of the Internet. Although sharing the same physical infrastructure with data networks makes convergence attractive in terms of cost and management, it also makes VoIP environments inherit all the security weaknesses of Internet Protocol (IP). In addition, VoIP networks come with their own set of security concerns. Voice traffic on converged networks is packet-switched and vulnerable to interception with the same techniques used to sniff other traffic on a Local Area Network (LAN) or Wide Area Network (WAN). Denial of Service attacks (DoS) are among the most critical threats to VoIP due to the disruption of service and loss of revenue they cause. VoIP systems are supposed to provide the same level of security provided by traditional Public Switched Telephone Networks (PSTNs), although more functionality and intelligence are distributed to the endpoints, and more protocols are involved to provide better service. A new design taking into consideration all the above factors with better techniques in Intrusion Detection are therefore needed. This thesis describes the design and implementation of a host-based Intrusion Detection System (IDS) that targets VoIP environments. Our intrusion detection system combines two types of modules for better detection capabilities, namely, a specification-based and a signaturebased module. Our specification-based module takes the specifications of VoIP applications and protocols as the detection baseline. Any deviation from the protocol’s proper behavior described by its specifications is considered anomaly. The Communicating Extended Finite State Machines model (CEFSMs) is used to trace the behavior of the protocols involved in VoIP, and to help exchange detection results among protocols in a stateful and cross-protocol manner. The signature-based module is built in part upon State Transition Analysis Techniques which are used to model and detect computer penetrations. Both detection modules allow for protocol-syntax and protocol-semantics awareness. Our intrusion detection uses the aforementioned techniques to cover the threats propagated via low-level protocols such as IP, ICMP, UDP, and TCP

ACUTA Journal of Telecommunications in Higher Education

In This Issue To VolP or Not to VolP Preparing Your Campus for a VolP Conversion Strategic Planning in the College and University Ecosystem: The Common Denominators Advertorial: Going Wireless at Fiber Speeds Open-Source VolP for Colleges and Universities Institutional Excellence Award Honorable Mention The Naval Postgraduate School Interview President\u27s Message From the Executive Director Here\u27s My Advic