Eavesdropping on Satellite Telecommunication Systems

While communication infrastructures rapidly intertwine with our daily lives, public understanding of underlying technologies and privacy implications is often limited by their closed-source nature. Lacking the funding and resources of corporations and the intelligence community, developing and expanding this understanding is a sometimes tedious, but nonetheless important process. In this sense, we document how we have decrypted our own communication in the Thuraya satellite network. We have used open-source software to build on recent work which reverse-engineered and cryptanalized both stream ciphers currently used in the competing satellite communication standards GMR-1 and GMR-2. To break Thuraya’s encryption (which implements the GMR-1 standard) in a real-world scenario, we have enhanced an existing ciphertext-only attack. We have used common and moderately expensive equipment to capture a live call session and executed the described attack. We show that, after computing less than an hour on regular PC-hardware, we were able to obtain the session key from a handful of speech data frames. This effectively allows decryption of the entire session, thus demonstrating that the Thuraya system (and probably also SkyTerra and TerreStar, who are currently implementing GMR-1) is weak at protecting privacy

Block Ciphers - Focus On The Linear Layer (feat. PRIDE): Full Version

The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count

Effect of remote ischemic conditioning on atrial fibrillation and outcome after coronary artery bypass grafting (RICO-trial)

Background: Pre- and postconditioning describe mechanisms whereby short ischemic periods protect an organ against a longer period of ischemia. Interestingly, short ischemic periods of a limb, in itself harmless, may increase the ischemia tolerance of remote organs, e.g. the heart (remote conditioning, RC). Although several studies have shown reduced biomarker release by RC, a reduction of complications and improvement of patient outcome still has to be demonstrated. Atrial fibrillation (AF) is one of the most common complications after coronary artery bypass graft surgery (CABG), affecting 27-46% of patients. It is associated with increased mortality, adverse cardiovascular events, and prolonged in-hospital stay. We hypothesize that remote ischemic pre- and/or post-conditioning reduce the incidence of AF following CABG, and improve patient outcome.Methods/design: This study is a randomized, controlled, patient and investigator blinded multicenter trial. Elective CABG patients are randomized to one of the following four groups: 1) control, 2) remote ischemic preconditioning, 3) remote ischemic postconditioning, or 4) remote ischemic pre- and postconditioning. Remote conditio

Implementation and evaluation of a multi-level mental health promotion intervention for the workplace (MENTUPP): study protocol for a cluster randomised controlled trial

Background Well-organised and managed workplaces can be a source of wellbeing. The construction, healthcare and information and communication technology sectors are characterised by work-related stressors (e.g. high workloads, tight deadlines) which are associated with poorer mental health and wellbeing. The MENTUPP intervention is a flexibly delivered, multi-level approach to supporting small- and medium-sized enterprises (SMEs) in creating mentally healthy workplaces. The online intervention is tailored to each sector and designed to support employees and leaders dealing with mental health difficulties (e.g. stress), clinical level anxiety and depression, and combatting mental health-related stigma. This paper presents the protocol for the cluster randomised controlled trial (cRCT) of the MENTUPP intervention in eight European countries and Australia. Methods Each intervention country will aim to recruit at least two SMEs in each of the three sectors. The design of the cRCT is based on the experiences of a pilot study and guided by a Theory of Change process that describes how the intervention is assumed to work. SMEs will be randomly assigned to the intervention or control conditions. The aim of the cRCT is to assess whether the MENTUPP intervention is effective in improving mental health and wellbeing (primary outcome) and reducing stigma, depression and suicidal behaviour (secondary outcome) in employees. The study will also involve a process and economic evaluation. Conclusions At present, there is no known multi-level, tailored, flexible and accessible workplace-based intervention for the prevention of non-clinical and clinical symptoms of depression, anxiety and burnout, and the promotion of mental wellbeing. The results of this study will provide a comprehensive overview of the implementation and effectiveness of such an intervention in a variety of contexts, languages and cultures leading to the overall goal of delivering an evidence-based intervention for mental health in the workplace

Achieving Anonymity Against Major Face Recognition Algorithms

An ever-increasing number of personal photos is stored online. Thistrendcanbeproblematic, becausefacerecognition software can undermine user privacy in unexpected ways. Face de-identification aims to prevent automatic recognition of faces thus improving user privacy, but previous work alters the image in a way that makes them indistinguishable for both computers and humans, which prevents a widespread use. We propose a method for de-identification of images that effectivelypreventsface recognition software (usingthemost popular and effective algorithms) from identifying people, but still allows human recognition. We evaluate our method experimentally by adapting the CSU framework and using the FERET database. We show that we are able to achieve strong de-identification while maintaining reasonable image quality. 1

Practical cryptanalysis of real-world systems

Diese Arbeit beschäftigt sich mit praktischen Angriffen auf vier global eingesetzte Systemen (GSM, GMR-1, GMR-2 und SV3060), deren kryptographischen Mechanismen bislang größtenteils unbekannt waren. Konkret werden eine Hardwarearchitektur und ein mathematischer Trick untersucht, um existierende Angriffe auf die in GSM eingesetzte Chiffre A5/1 zu beschleunigen. Danach werden die Chiffren der Satellitentelefonie-Standards GMR-1 und GMR-2 vorgestellt, beide Verfahren wurden aus Satellitentelefonen extrahiert. Die Chiffren werden analysiert und effizient gebrochen. Eine praktische Demonstration zeigt, dass auf die Sprachverschlüsselung in GMR-1 nicht vertraut werden sollte. Schließlich wird das digitale Schließsystem SV3060 betrachtet und das eingesetzte Authentifikationsverfahren analysiert. Das Ausnutzen von vier verschiedenen Schwächen in dem Verfahren ermöglicht praktikable Angriffe, die das unautorisierte Öffnen von Türschlössern erlauben

Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards

Abstract-There is a rich body of work related to the security aspects of cellular mobile phones, in particular with respect to the GSM and UMTS systems. To the best of our knowledge, however, there has been no investigation of the security of satellite phones (abbr. satphones). Even though a niche market compared to the G2 and G3 mobile systems, there are several 100,000 satphone subscribers worldwide. Given the sensitive nature of some of their application domains (e.g., natural disaster areas or military campaigns), security plays a particularly important role for satphones. In this paper, we analyze the encryption systems used in the two existing (and competing) satphone standards, GMR-1 and GMR-2. The first main contribution is that we were able to completely reverse engineer the encryption algorithms employed. Both ciphers had not been publicly known previously. We describe the details of the recovery of the two algorithms from freely available DSP-firmware updates for satphones, which included the development of a custom disassembler and tools to analyze the code, and extending prior work on binary analysis to efficiently identify cryptographic code. We note that these steps had to be repeated for both systems, because the available binaries were from two entirely different DSP processors. Perhaps somewhat surprisingly, we found that the GMR-1 cipher can be considered a proprietary variant of the GSM A5/2 algorithm, whereas the GMR-2 cipher is an entirely new design. The second main contribution lies in the cryptanalysis of the two proprietary stream ciphers. We were able to adopt known A5/2 ciphertext-only attacks to the GMR-1 algorithm with an average case complexity of 2 32 steps. With respect to the GMR-2 cipher, we developed a new attack which is powerful in a known-plaintext setting. In this situation, the encryption key for one session, i.e., one phone call, can be recovered with approximately 50-65 bytes of key stream and a moderate computational complexity. A major finding of our work is that the stream ciphers of the two existing satellite phone systems are considerably weaker than what is state-ofthe-art in symmetric cryptography