Analysis and Mitigation of Recent Attacks on Mobile Communication Backend

2014 aasta viimases kvartalis demonstreeriti mitmeid edukaid rünnakuid mobiilsidevõrkude vastu. Need baseerusid ühe peamise signaaliprotokolli, SS7 väärkasutamisel. Ründajatel õnnestus positsioneerida mobiilseadmete kasutajaid ja kuulata pealt nii kõnesid kui ka tekstisõnumeid. Ajal mil enamik viimase aja ründeid paljastavad nõrkusi lõppkasutajate seadmete tarkvaras, paljastavad need hiljutised rünnakud põhivõrkude endi haavatavust. Teadaolevalt on mobiilsete telekommunikatsioonivõrkude tööstuses raskusi haavatavuste õigeaegsel avastamisel ja nende mõistmisel. Käesolev töö on osa püüdlusest neid probleeme mõista. Töö annab põhjaliku ülevaate ja analüüsib teadaolevaid rünnakuid ning toob välja võimalikud lahendused. Rünnakud võivad olla väga suurte tagajärgedega, kuna vaatamata SS7 protokolli vanusele, jääb see siiski peamiseks signaaliprotokolliks mobiilsidevõrkudes veel pikaks ajaks. Uurimustöö analüüs ja tulemused aitavad mobiilsideoperaatoritel hinnata oma võrkude haavatavust ning teha paremaid investeeringuid oma taristu turvalisusele. Tulemused esitletakse mobiilsideoperaatoritele, võrguseadmete müüjatele ning 3GPP standardi organisatsioonile.In the last quarter of 2014, several successful attacks against mobile networks were demonstrated. They are based on misuse of one of the key signaling protocol, SS7, which is extensively used in the mobile communication backend for signaling tasks such as call and mobility management. The attackers were able to locate the mobile users and intercept voice calls and text messages. While most attacks in the public eye are those which exploits weaknesses in the end-device software or radio access links, these recently demonstrated vulnerabilities exploit weaknesses of the mobile core networks themselves. Understandably, there is a scramble in the mobile telecommunications industry to understand the attacks and the underlying vulnerabilities. This thesis is part of that effort. This thesis presents a broad and thorough overview and analysis of the known attacks against mobile network signaling protocols and the possible mitigation strategies. The attacks are presented in a uniform way, in relation to the mobile network protocol standards and signaling scenarios. Moreover, this thesis also presents a new attack that enables a malicious party with access to the signaling network to remove lost or stolen phones from the blacklist that is intended to prevent their use. Both the known and new attacks have been confirmed by implementing them in a controlled test environment. The attacks are serious because SS7, despite its age, remains the main signaling protocol in the mobile networks and will still long be required for interoperability and background compatibility in international roaming. Moreover, the number of entities with access to the core network, and hence the number of potential attackers, has increased significantly because of changes in regulation and opening of the networks to competition. The analysis and new results of this thesis will help mobile network providers and operators to assess the vulnerabilities in their infrastructure and to make security-aware decisions regarding their future investments and standardization. The results will be presented to the operators, network-equipment vendors, and to the 3GPP standards body

CSIS: Cloud Service Identification System

To meet the need of the computational power, most of the users may go for a cloud based services for its scalability, flexibility and reliability. Cloud services have become an integral part of IT and analytical enterprises. Owing to increase in necessity of commercial cloud products being readily available, it has become extremely difficult for users to identify suitable cloud services. This paper proposes the recommender system precisely designed for the discovery of cloud services. Though there is an exponential increase in demand for cloud services, the amount of research done in this particular field is abysmal. Cloud Service Identification System (CSIS) crawls through Internet, identifies cloud services and stores them in a database. The user’s search query is processed and recommends cloud services accurately

Health Disparities in Turner Syndrome: UTHealth Turner Syndrome Research Registry

AIM: Turner Syndrome (TS) is caused by partial or complete absence of the second sex chromosome in a phenotypic female. TS is associated with recognizable congenital anomalies and chronic health conditions. The principal objective of this study was to evaluate the health-related knowledge and insight of participants. METHODS: In 2015, we founded the UTHealth Turner Syndrome Research Registry for longitudinal follow-up of individuals with TS. Study participants were recruited from UTHealth Houston clinics and the Turner Syndrome Society of the United States. Participants completed a questionnaire about demographics, karyotype, congenital anomalies, health history, frequency of contact with care providers, and knowledge of care providers about TS. RESULTS: Forty percent of registry participants indicated that they did not know their karyotypes. Knowledge of karyotype, which can predict clinical outcomes in TS, markedly varied by self-reported race and ethnicity but not by age. Participants also reported significant gaps in routine medical and gynecologic care. CONCLUSION: We identified knowledge gaps and health disparities that could benefit from improved provider and patient education

Evaluation of granisetron as an antiemetic in patients undergoing abdominal hysterectomy under spinal anaesthesia

Background: PONV most common complications related to surgery and anaesthesia despite major advances in spinal, epidural and combined spinal-epidural anesthesia techniques IONV are still present in a significant number of patients. Ondansetron, used for controlling PONV induced by chemotherapy or radiation. Recently 5HT3 receptor antagonist granisetron has more potent, selective and longer acting activity than ondansetron. Granisetron is more active for control of PONV in cisplatin induced vomiting than ondansetron. It also reduces PONV in strabismus repair, tonsillectomy, and general surgeries, it has less side effects as compared to ondansetron. Objective of the study was to study efficacy and safety of granisetron and compare it with ondansetron for prevention of IONV and PONV.Methods: 80 ASA grade I and II women undergoing abdominal hysterectomy under spinal anaesthesia were studied. Patients in group A received injection granisetron 2 mg and group B injection ondansetron 4 mg,10 minutes prior to induction of spinal anaesthesia. Main outcome measures were occurrence of nausea, retching or vomiting in intraoperative and postoperative period at 6, 12, 18 and 24 hours’ post-surgery. The response of patient to therapy and side effects were evaluated in both groups. The results were analyzed by ‘z’ test (p<0.5) considered significant.Results: Demographic characteristics of both groups were comparable patients in granisetron (80%) had more complete response as compared to ondansetron (47.5%). Adverse effects were lower in granisetron group.Conclusions: Granisetron 2 Mg has better efficacy and safety profile than ondansetron 4 Mg

Immunity Tests of a Class-D Audio Amplifier.

Title: Immunity Tests of a Class-D Audio Amplifier. By Siddharth Inani, Raghul Prakash, Yuichiro Suzuki, Krister Ulvog, Fiyi Ogunkoya Abstract This work tests the immunity of a Class-D Audio Amplifier which uses the Texas Instruments TPA3122D2 integrated circuit. Its output signal performance and integrity when exposed to a controlled electric field source was investigated. This study was conducted to determine the best PCB layout practices for digital switching circuits that operate at high frequencies which would lead to better EMC design practices. A high intensity E-field near-field probe was designed and constructed and applied to different points on the printed circuit board of the amplifier. E-Field intensities and output signal distortion were measured using calibrated near-field probes, a spectrum analyzer, and an oscilloscope. The results indicated that as the intensity of the E-field increased, the signal integrity of the integrated circuit of the Amplifier was increasingly affected and the signal output of the Amplifier was severely distorted. Also, it was found that the output waveform was distorted when the E-field source was of high frequency but at relatively low frequencies the coupling capacitor that we added at Stage 1 of the circuitry was able to shunt out the noise

Man-in-the-Machine : Exploiting Ill-Secured Communication Inside the Computer

Peer reviewe

Role of Organochlorine Pesticides in Chronic Kidney Diseases of Unknown Etiology

Chronic kidney disease (CKD) contributes to a significant burden on the healthcare system and economy worldwide. In the last two decades, a new form of CKD: chronic kidney disease of unknown etiology (CKDu) in which the disease is not attributed to known causes has emerged as a major health issue in different geographical areas over the world mainly from farming community and has become a global concern today. Despite intense and numerous research works dedicated to CKDu, very little is known with certainty regarding its etiology and the pathophysiology behind its development. Recent evidences are emerging in favor of possible role of agrochemicals and pesticides in the pathogenesis of CKDu. Organochlorine pesticides (OCPs) due to their longer half-life and lipophilic nature persist long in the environment and are known to be biomagnified through food chain. Some study reports by the authors and a few others constitute the important body of evidences depicting the association between chronic exposures to OCPs and occurrence of CKDu through environmental contamination in farming as well as non-farming communities in different geographical areas around the globe