Channel Based Relay Attack Detection Protocol

A relay attack is a potentially devastating form of a man-in-the-middle attack, that can circumvent any challenge-response authentication protocol. A relay attack also has no known cryptographic solution. This thesis proposes the usage of reciprocal channel state information in a wireless system to detect the presence of a relay attack. Through the usage of an open source channel state information tool, a challenge-response authentication Channel Based Relay Attack Detection Protocol is designed and implemented using IEEE 802.11n (WiFi) in detail. The proposed protocol adapts ideas from solutions to other problems, to create a novel solution to the relay attack problem. Preliminary results are done to show the practicality of using channel state information for randomness extraction. As well, two novel attacks are proposed that could be used to defeat the protocol and other similar protocols. To handle these attacks, two modifications are given that only work with the Channel Based Relay Attack Detection Protocol

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

ToR K-Anonymity against deep learning watermarking attacks

It is known that totalitarian regimes often perform surveillance and censorship of their communication networks. The Tor anonymity network allows users to browse the Internet anonymously to circumvent censorship filters and possible prosecution. This has made Tor an enticing target for state-level actors and cooperative state-level adversaries, with privileged access to network traffic captured at the level of Autonomous Systems(ASs) or Internet Exchange Points(IXPs). This thesis studied the attack typologies involved, with a particular focus on traffic correlation techniques for de-anonymization of Tor endpoints. Our goal was to design a test-bench environment and tool, based on recently researched deep learning techniques for traffic analysis, to evaluate the effectiveness of countermeasures provided by recent ap- proaches that try to strengthen Tor’s anonymity protection. The targeted solution is based on K-anonymity input covert channels organized as a pre-staged multipath network. The research challenge was to design a test-bench environment and tool, to launch active correlation attacks leveraging traffic flow correlation through the detection of in- duced watermarks in Tor traffic. To de-anonymize Tor connection endpoints, our tool analyses intrinsic time patterns of Tor synthetic egress traffic to detect flows with previ- ously injected time-based watermarks. With the obtained results and conclusions, we contributed to the evaluation of the security guarantees that the targeted K-anonymity solution provides as a countermeasure against de-anonymization attacks.Já foi extensamente observado que em vários países governados por regimes totalitários existe monitorização, e consequente censura, nos vários meios de comunicação utilizados. O Tor permite aos seus utilizadores navegar pela internet com garantias de privacidade e anonimato, de forma a evitar bloqueios, censura e processos legais impostos pela entidade que governa. Estas propriedades tornaram a rede Tor um alvo de ataque para vários governos e ações conjuntas de várias entidades, com acesso privilegiado a extensas zonas da rede e vários pontos de acesso à mesma. Esta tese realiza o estudo de tipologias de ataques que quebram o anonimato da rede Tor, com especial foco em técnicas de correlação de tráfegos. O nosso objetivo é realizar um ambiente de estudo e ferramenta, baseada em técnicas recentes de aprendizagem pro- funda e injeção de marcas de água, para avaliar a eficácia de contramedidas recentemente investigadas, que tentam fortalecer o anonimato da rede Tor. A contramedida que pre- tendemos avaliar é baseada na criação de multi-circuitos encobertos, recorrendo a túneis TLS de entrada, de forma a acoplar o tráfego de um grupo anonimo de K utilizadores. A solução a ser desenvolvida deve lançar um ataque de correlação de tráfegos recorrendo a técnicas ativas de indução de marcas de água. Esta ferramenta deve ser capaz de correla- cionar tráfego sintético de saída de circuitos Tor, realizando a injeção de marcas de água à entrada com o propósito de serem detetadas num segundo ponto de observação. Aplicada a um cenário real, o propósito da ferramenta está enquadrado na quebra do anonimato de serviços secretos fornecidos pela rede Tor, assim como os utilizadores dos mesmos. Os resultados esperados irão contribuir para a avaliação da solução de anonimato de K utilizadores mencionada, que é vista como contramedida para ataques de desanonimi- zação

Framework for botnet emulation and analysis

Criminals use the anonymity and pervasiveness of the Internet to commit fraud, extortion, and theft. Botnets are used as the primary tool for this criminal activity. Botnets allow criminals to accumulate and covertly control multiple Internet-connected computers. They use this network of controlled computers to flood networks with traffic from multiple sources, send spam, spread infection, spy on users, commit click fraud, run adware, and host phishing sites. This presents serious privacy risks and financial burdens to businesses and individuals. Furthermore, all indicators show that the problem is worsening because the research and development cycle of the criminal industry is faster than that of security research. To enable researchers to measure botnet connection models and counter-measures, a flexible, rapidly augmentable framework for creating test botnets is provided. This botnet framework, written in the Ruby language, enables researchers to run a botnet on a closed network and to rapidly implement new communication, spreading, control, and attack mechanisms for study. This is a significant improvement over augmenting C++ code-bases for the most popular botnets, Agobot and SDBot. Rubot allows researchers to implement new threats and their corresponding defenses before the criminal industry can. The Rubot experiment framework includes models for some of the latest trends in botnet operation such as peer-to-peer based control, fast-flux DNS, and periodic updates. Our approach implements the key network features from existing botnets and provides the required infrastructure to run the botnet in a closed environment.Ph.D.Committee Chair: Copeland, John; Committee Member: Durgin, Gregory; Committee Member: Goodman, Seymour; Committee Member: Owen, Henry; Committee Member: Riley, Georg

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

Design and development of a software architecture for seamless vertical handover in mobile communications

In this work I firstly present an overview on current wireless technology and network mobility focusing on challenges and issues which arise when mobile nodes migrate among different access networks, while employing real-time communications and services. In literature many solutions propose different methods and architectures to enhance vertical handover, the process of transferring a network communication between two technologically different points of attachment. After an extensive review of such solutions this document describes my personal implementation of a fast vertical handover mechanism for Android smartphones. I also performed a reliability and performance comparison between the current Android system and my enhanced architecture which have both been tested in a scenario where vertical handover was taking place between WiFi and cellular network while the mobile node was using video streaming services. Results show the approach of my implementation to be promising, encouraging future works, some of which are suggested at the end of this dissertation together with concluding remarks

Screen Printed Security-Button for Radio Frequency Identification Tags

Radio frequency identi cation (RFID) security is a relevant matter. The wide spread of RFID applications in the general society and the persistent attempts to safeguard it con rm it, especially since its use involves payments and the store or transmission of sensitive information. In this contribution, we present an innovative solution for improving the security of RFID passive tags through the use of a screen printed button, that allows the reception and transmission only when a certain level of physical pressure normal to its plane is applied. The materials and fabrication technology used demonstrate an easy to implement and cost-effective system, valuable in several scenarios where the user has straight contact with the tags and where its usage is direct and intentional.This work was supported by the fellowship under Grant 2020-MSCA-IF-2017-794885-SELFSENS