Private Communication Detection via Side-Channel Attacks

Private communication detection (PCD) enables an ordinary network user to discover communication patterns (e.g., call time, length, frequency, and initiator) between two or more private parties. Analysis of communication patterns between private parties has historically been a powerful tool used by intelligence, military, law-enforcement and business organizations because it can reveal the strength of tie between these parties. Ordinary users are assumed to have neither eavesdropping capabilities (e.g., the network may employ strong anonymity measures) nor the legal authority (e.g. no ability to issue a warrant to network providers) to collect private-communication records. We show that PCD is possible by ordinary users merely by sending packets to various network end-nodes and analyzing the responses. Three approaches for PCD are proposed based on a new type of side channels caused by resource contention, and defenses are proposed. The Resource-Saturation PCD exploits the resource contention (e.g., a fixed-size buffer) by sending carefully designed packets and monitoring different responses. Its effectiveness has been demonstrated on three commercial closed-source VoIP phones. The Stochastic PCD shows that timing side channels in the form of probing responses, which are caused by distinct resource-contention responses when different applications run in end nodes, enable effective PCD despite network and proxy-generated noise (e.g., jitter, delays). It was applied to WiFi and Instant Messaging for resource contention in the radio channel and the keyboard, respectively. Similar analysis enables practical Sybil node detection. Finally, the Service-Priority PCD utilizes the fact that 3G/2G mobile communication systems give higher priority to voice service than data service. This allows detection of the busy status of smartphones, and then discovery of their call records by correlating the busy status. This approach was successfully applied to iPhone and Android phones in AT&T's network. An additional, unanticipated finding was that an Internet user could disable a 2G phone's voice service by probing it with short enough intervals (e.g., 1 second). PCD defenses can be traditional side-channel countermeasures or PCD-specific ones, e.g., monitoring and blocking suspicious periodic network traffic

Contributions to Improve Cognitive Strategies with Respect to Wireless Coexistence

Cognitive radio (CR) can identify temporarily available opportunities in a shared radio environment to improve spectral efficiency and coexistence behavior of radio systems. It operates as a secondary user (SU) and accommodates itself in detected opportunities with an intention to avoid harmful collisions with coexisting primary user (PU) systems. Such opportunistic operation of a CR system requires efficient situational awareness and reliable decision making for radio resource allocation. Situational awareness includes sensing the environment followed by a hypothesis testing for detection of available opportunities in the coexisting environment. This process is often known as spectral hole detection. Situational knowledge can be further enriched by forecasting the primary activities in the radio environment using predictive modeling based approaches. Improved knowledge about the coexisting environment essentially means better decision making for secondary resource allocation. This dissertation identifies limitations of existing predictive modeling and spectral hole detection based resource allocation strategies and suggest improvements. Firstly, accurate and efficient estimation of statistical parameters of the radio environment is identified as a fundamental challenge to realize predictive modeling based cognitive approaches. Lots of useful training data which are essential to learn the system parameters are not available either because of environmental effects such as noise, interference and fading or because of limited system resources particularly sensor bandwidth. While handling environmental effects to improve signal reception in radio systems has already gained much attention, this dissertation addresses the problem of data losses caused by limited sensor bandwidth as it is totally ignored so far and presents bandwidth independent parameter estimation methods. Where, bandwidth independent means achieving the same level of estimation accuracy for any sensor bandwidth. Secondly, this dissertation argues that the existing hole detection strategies are dumb because they provide very little information about the coexisting environment. Decision making for resource allocation based on this dumb hole detection approach cannot optimally exploit the opportunities available in the coexisting environment. As a solution, an intelligent hole detection scheme is proposed which suggests classifying the primary systems and using the documented knowledge of identified radio technologies to fully understand their coexistence behavior. Finally, this dissertation presents a neuro-fuzzy signal classifier (NFSC) that uses bandwidth, operating frequency, pulse shape, hopping behavior and time behavior of signals as distinct features in order to xii identify the PU signals in coexisting environments. This classifier provides the foundation for bandwidth independent parameter estimation and intelligent hole detection. MATLAB/Simulink based simulations are used to support the arguments throughout in this dissertation. A proof-of-concept demonstrator using microcontroller and hardware defined radio (HDR) based transceiver is also presented at the end.</p