662 research outputs found
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
Network steganography is the art of hiding secret information within innocent
network transmissions. Recent findings indicate that novel malware is
increasingly using network steganography. Similarly, other malicious activities
can profit from network steganography, such as data leakage or the exchange of
pedophile data. This paper provides an introduction to network steganography
and highlights its potential application for harmful purposes. We discuss the
issues related to countering network steganography in practice and provide an
outlook on further research directions and problems.Comment: 11 page
"The Good, The Bad And The Ugly": Evaluation of Wi-Fi Steganography
In this paper we propose a new method for the evaluation of network
steganography algorithms based on the new concept of "the moving observer". We
considered three levels of undetectability named: "good", "bad", and "ugly". To
illustrate this method we chose Wi-Fi steganography as a solid family of
information hiding protocols. We present the state of the art in this area
covering well-known hiding techniques for 802.11 networks. "The moving
observer" approach could help not only in the evaluation of steganographic
algorithms, but also might be a starting point for a new detection system of
network steganography. The concept of a new detection system, called MoveSteg,
is explained in detail.Comment: 6 pages, 6 figures, to appear in Proc. of: ICNIT 2015 - 6th
International Conference on Networking and Information Technology, Tokyo,
Japan, November 5-6, 201
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
A New Covert Channel Over Cellular Network Voice Channel
Smartphone security has become increasingly more significant as smartphones become a more important part of many individuals\u27 daily lives. Smartphones undergo all computer security issues; however, they also introduce a new set of security issues as various capabilities are added. Smartphone security researchers pay more attention to security issues inherited from the traditional computer security field than smartphone-related security issues. The primary network that smartphones are connected to is the cellular network, but little effort has been directed at investigating the potential security issues that could threaten this network and its end users.
A new possible threat that could occur in the cellular network is introduced in this paper. This research proves the ability to use the cellular network voice channel as a covert channel that can convey covert information as speech, thus breaking the network policies. The study involves designing and implementing multiple subsystems in order to prove the theory. First, a software audio modem that is able to convert digital data into audio waves and inject the audio waves to the GSM voice channel was developed. Moreover, a user-mode rootkit was implemented in order to open the voice channels by stealthily answering the incoming voice call, thus breaking the security mechanisms of the smartphone.
Multiple scenarios also were tested in order to verify the effectiveness of the proposed covert channel. The first scenario is a covert communication between two parties that intends to hide their communications by using a network that is unknown to the adversary and not protected by network security guards. The two parties communicate through the cellular network voice channel to send and receive text messages. The second scenario is a side channel that is able to leak data such as SMS or the contact of a hacked smartphone through the cellular network voice channel. The third scenario is a botnet system that uses the voice channel as command and control channel (C2). This study identifies a new potential smartphone covert channel, so the outcome should be setting countermeasures against this kind of breach
Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications
Smartphones come with a variety of sensors and communication interfaces, which make them perfect candidates for mobile communication testbeds. Nevertheless, proprietary firmwares hinder us from accessing the full capabilities of the underlying hardware platform which impedes innovation. Focusing on FullMAC Wi-Fi chips, we present Nexmon, a C-based firmware modification framework. It gives access to raw Wi-Fi frames and advanced capabilities that we found by reverse engineering chips and their firmware. As firmware modifications pose security risks, we discuss how to secure firmware handling without impeding experimentation on Wi-Fi chips. To present and evaluate our findings in the field, we developed the following applications. We start by presenting a ping-offloading application that handles ping requests in the firmware instead of the operating system. It significantly reduces energy consumption and processing delays. Then, we present a software-defined wireless networking application that enhances scalable video streaming by setting flow-based requirements on physical-layer parameters. As security application, we present a reactive Wi-Fi jammer that analyses incoming frames during reception and transmits arbitrary jamming waveforms by operating Wi-Fi chips as software-defined radios (SDRs). We further introduce an acknowledging jammer to ensure the flow of non-targeted frames and an adaptive power-control jammer to adjust transmission powers based on measured jamming successes. Additionally, we discovered how to extract channel state information (CSI) on a per-frame basis. Using both SDR and CSI-extraction capabilities, we present a physical-layer covert channel. It hides covert symbols in phase changes of selected OFDM subcarriers. Those manipulations can be extracted from CSI measurements at a receiver. To ease the analysis of firmware binaries, we created a debugging application that supports single stepping and runs as firmware patch on the Wi-Fi chip. We published the source code of our framework and our applications to ensure reproducibility of our results and to enable other researchers to extend our work. Our framework and the applications emphasize the need for freely modifiable firmware and detailed hardware documentation to create novel and exciting applications on commercial off-the-shelf devices
Physical Layer Authentication Using Intelligent Reflective Surfaces
The Intelligent Reflective Surface (IRS) is one of the key technologies that will increase the coverage of cellular networks and enhance their performance at a low cost. Moreover, the IRS will improve the performance of the Channel-based Physical layer Authentication security mechanism. In this thesis, we propose an authentication scheme that takes advantage of the presence of the IRS in the IRS-assisted multiple input multiple output (MIMO) system to improve the security performance of the system. The proposed cascaded channel estimation authentication scheme has been developed and compared with a systematic channel estimation authentication scheme. We consider a non-line of sight communication between the transmitter and the receiver through the IRS. We will also demonstrate the efficiency of the proposed scheme by comparing it with one of the commonly used schemes. Moreover, we will formulate the optimal attack strategies to test the security of the proposed scheme. The performance of the proposed scheme is evaluated, and the numerical results show the merit of the proposed approach that can be adopted as a Physical layer authentication mechanism.The Intelligent Reflective Surface (IRS) is one of the key technologies that will increase the coverage of cellular networks and enhance their performance at a low cost. Moreover, the IRS will improve the performance of the Channel-based Physical layer Authentication security mechanism. In this thesis, we propose an authentication scheme that takes advantage of the presence of the IRS in the IRS-assisted multiple input multiple output (MIMO) system to improve the security performance of the system. The proposed cascaded channel estimation authentication scheme has been developed and compared with a systematic channel estimation authentication scheme. We consider a non-line of sight communication between the transmitter and the receiver through the IRS. We will also demonstrate the efficiency of the proposed scheme by comparing it with one of the commonly used schemes. Moreover, we will formulate the optimal attack strategies to test the security of the proposed scheme. The performance of the proposed scheme is evaluated, and the numerical results show the merit of the proposed approach that can be adopted as a Physical layer authentication mechanism
- …