A New Covert Channel Over Cellular Network Voice Channel

Smartphone security has become increasingly more significant as smartphones become a more important part of many individuals\u27 daily lives. Smartphones undergo all computer security issues; however, they also introduce a new set of security issues as various capabilities are added. Smartphone security researchers pay more attention to security issues inherited from the traditional computer security field than smartphone-related security issues. The primary network that smartphones are connected to is the cellular network, but little effort has been directed at investigating the potential security issues that could threaten this network and its end users. A new possible threat that could occur in the cellular network is introduced in this paper. This research proves the ability to use the cellular network voice channel as a covert channel that can convey covert information as speech, thus breaking the network policies. The study involves designing and implementing multiple subsystems in order to prove the theory. First, a software audio modem that is able to convert digital data into audio waves and inject the audio waves to the GSM voice channel was developed. Moreover, a user-mode rootkit was implemented in order to open the voice channels by stealthily answering the incoming voice call, thus breaking the security mechanisms of the smartphone. Multiple scenarios also were tested in order to verify the effectiveness of the proposed covert channel. The first scenario is a covert communication between two parties that intends to hide their communications by using a network that is unknown to the adversary and not protected by network security guards. The two parties communicate through the cellular network voice channel to send and receive text messages. The second scenario is a side channel that is able to leak data such as SMS or the contact of a hacked smartphone through the cellular network voice channel. The third scenario is a botnet system that uses the voice channel as command and control channel (C2). This study identifies a new potential smartphone covert channel, so the outcome should be setting countermeasures against this kind of breach

Reducing vulnerability to forced labor and trafficking of short-term, low-skilled women migrant workers in the South Asia to Middle East corridor

Millions of female migrants experience various forms of exploitative and unsafe conditions when migrating for employment and income generation, both in countries of origin and in destination countries. Vulnerabilities increased further due to the Covid-19 pandemic, causing income and job losses, entrapment in countries of destination without financial or social support and stigmatization upon return. One of the key migration routes travelled by millions of migrants is from South Asia to the Middle East. We examine this migration route for low-skilled female migrant workers highlighting the impacts of interventions along the migration pathway to determine the effectiveness of alternative mechanisms for reducing forced labour and trafficking. We draw lessons from the literature as well as from interviews with key informants in the field, including academics, development partners, NGO workers, and policymakers, to identify promising interventions that successfully reduce the vulnerability of women migrants. We find that, while Covid-19 has increased migrant vulnerability, it has also exposed the current system’s violations in facilitating trafficking and exacerbating poor working conditions

Project BeARCAT : Baselining, Automation and Response for CAV Testbed Cyber Security : Connected Vehicle & Infrastructure Security Assessment

Connected, software-based systems are a driver in advancing the technology of transportation systems. Advanced automated and autonomous vehicles, together with electrification, will help reduce congestion, accidents and emissions. Meanwhile, vehicle manufacturers see advanced technology as enhancing their products in a competitive market. However, as many decades of using home and enterprise computer systems have shown, connectivity allows a system to become a target for criminal intentions. Cyber-based threats to any system are a problem; in transportation, there is the added safety implication of dealing with moving vehicles and the passengers within

Communicating Women Empowerment for Socio-Ecological Challenges in a Multi-Lingual Society: Nigeria’s Example

Ecological problems result from deep-seated social ills of the society, vividly illustrated by economic slump, malnutrition, deforestation, air, urban  and oil pollutions, urban violence, water borne diseases, housing problem and insecurity all of which breathe more life into poverty. In most cases, women, a significant segment of the society are the most vulnerable in time of ecological crises. Using secondary data, this study traced women’s vulnerability to the age-long gender discriminatory culture and lopsided political structure which oftentimes place women at a disadvantaged position. With theoretical hindsight, the study discovered that given appropriate motivation and empowerment inform of access to quality education, paid employment, capital assets and land, women could break the web of poverty and record significant victory over socio-ecological adversity. The study observed that to achieve maximum success in women’s capacity building against socio-ecological problems, there must be strategic communication efforts through the various mass media organs to persuade the government to incorporate women empowerment into its policies and programs and also to influence positive belief and discourage negative attitudinal disposition to women among the various ethnic components. This evidently will enthrone a just society where everybody can compete and contribute to the socio-economic development and environmental sustainability. Key Words: Communication, Women Empowerment, Socio-ecology, Multilingualis

Cognitive Radio Network with a distributed control channel and quality-of-service solution

The proliferation of wireless access and applications to the Internet and the advent of a myriad of highly evolved portable communication devices; creates the need for an efficiently utilized radio spectrum. This is paramount in the licensed and unlicensed radio frequency bands, that spawn an exponential growth in Dynamic Spectrum Access (DSA) research, Cognitive Radio (CR) and Cognitive Radio Networks (CRN) research. DSA research has given way to the paradigm shift toward CR with its dynamic changes in transmission schemas. This paradigm shift from a fixed and centralized frequency spectrum environment has morphed into a dynamic and decentralized one. CR provides wireless nodes the capability to adapt and exploit the frequency spectrum. The spectrum information obtained is scanned and updated to determine the channel quality for viability and a utilization/availability by the licensed (primary) user. To take advantage of the CR capabilities, previous research has focused on a Common Control Channel(CCC) for the control signals to be used for spectrum control. This utilization generates channel saturation, extreme transmission overhead of control information, and a point of vulnerability. The traditional designs for wireless routing protocols do not support an ad hoc multi-hop cognitive radio network model. This research focuses on a real world implementation of a heterogeneous ad hoc multi-hop Cognitive Radio Network. An overall model, coined Emerald, has been designed to address the architecture; the Medium Access Control layer, E-MAC; and the network layer, E-NET. First, a Medium Access Control(MAC) layer protocol is provided to avoid the pitfalls of a common control channel. This new design provides CRNs with network topology and channel utilization information. Spectrum etiquette, in turn, addresses channel saturation, control overhead, and the single point of vulnerability. Secondly, a routing model is proposed that will address the efficiency of an ad hoc multi-hop CRN with a focus on the Quality-of-Service(QoS) of the point-to-point as well as end-to-end communication. This research has documented weaknesses in spectrum utilization; it has been expanded to accommodate a distributed control environment. Subsets of the model will be validated through Network Simulator-2(NS/2) and MatLab© simulations to determine point-to-point and end-to-end communications

Gender-sensitive Risks and Options Assessment for Decision making (ROAD) to support WiF2

The Gender-Sensitive Risks and Options Assessment for Decision Making (ROAD) to Support WiF-2 (ROAD migration project), a partnership coordinated by the International Food Policy Research Institute (IFPRI), Australian National University, American University Beirut, Lincoln University, and University of Dhaka, evaluated the ILO-DFID Partnership Programme on Fair Recruitment and Decent Work for Women Migrant Workers in South Asia and the Middle East (Work in Freedom, Phase 2 project [WiF-2]), which operated from 2018 to 2023. The WiF-2 project specifically aimed “to reduce vulnerability to trafficking and forced labour of women and girls across migration pathways leading to the care sector and textiles, clothing, leather and footwear industries (TCLFI) of South Asia and Arab States” (ToC WiF-2)

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Maritime Deception and Concealment: Concepts for Defeating Wide-Area Oceanic Surveillance-Reconnaissance-Strike Networks

Deception and concealment can help mitigate the risks that an adversary might cripple U.S. forward maritime forces in a massive, war-opening strike, achieve in the first days or weeks some fait accompli, or inflict severe losses on maritime forces as they maneuver within a contested zone to retake the initiative