Giancarlo De Maio

SECR3T: Secure End-to-End Communication over 3G Telecommunication Networks

Nowadays the use of video conference tools from mobile devices is becoming more widespread. Unfortunately, solutions based only on the security features inherited from the operator infrastructure cannot be blindly trusted. Therefore, the need for secure communication tools is rapidly increasing. Currently, voice and video communication tools are considered unreliable when used in either a mobile context or under poor signal strength conditions. This is particularly true for IP connections routed on the Packet-Switched Domain (PSD) over 3G mobile networks. This paper presents the design and the implementation of SECR3T (Secure End-to-End Communication over 3G Telecommunication Networks), a fully-fledged secure communication system for mobile devices based on the native Circuit-Switched Domain (CSD) of 3G networks. To the authors knowledge, this is the first solution for secure communication over the CSD of 3G networks. The security schemes implemented by SECR3T include mutual end-to-end authentication as well as data encryption. The adopted end-to-end security mechanisms have been embedded within the native 3G-324M protocol and do not require any form of interaction with the mobile network operator. Relying on the CSD, SECR3T provides a better QoS with respect to the PSD based solutions for 3G networks. It also requires less power consumption as the user is registered once on the Base Station (BS), with the handset not having to implement any heavy keep-alive protocols. In order to prove the effectiveness of the adopted strategy, a prototype was implemented to compare its performance with the well-known PSD solutions. Subsequently, the authors experimentally evaluated the security strengths and the impacts produced on the user experience with respect to traditional tools using CSD.

On the Construction of a False Digital Alibi on the Android OS

Digital evidence can determine either the conviction or acquittal of a suspect. In the latter case, such information constitutes a digital alibi. It has been recently shown how it is possible to set up a common PC in order to produce digital evidence in an automatic and systematic manner. Such traces are indistinguishable post-mortem from those left by human activity, thus being exploitable to forge a digital alibi. Modern smart phones are becoming more and more similar to PCs, due both to their computational power as well as their capacity to produce digital evidence, local or remote, which can assume a probative value. However, smart phones are still substantially different from common PCs, with OS limitations, lack of tools and so on, thus making it difficult to adopt the same techniques proposed for PCs to forge a digital alibi on a mobile device. In this paper novel techniques to create a false digital alibi on a smart phone equipped with the Android OS are presented. In particular, it is possible to simulate human interaction with a mobile device using a software automation, with the produced traces being indistinguishable post-mortem from those left by a real user. Moreover, it will be shown that advanced computer skills are not required to forge a digital alibi on an Android device, since some of the presented techniques can be easily carried out by non-savvy users. This emphasizes how the probative value of digital evidence should always be evaluated together with traditional investigation techniques.

Automatic, Selective and Secure Deletion of Digital Evidence

The secure deletion of sensitive data can improve user privacy in many contexts and, in some extreme circumstances, keeping some information private can determine the life or death of a person. In fact, there are still several countries where freedom of expression is limited by authoritarian regimes, with dissidents being persecuted by their government. Recently, some countries have begun to make an effort to aid these people to communicate in a secure way, thus helping them to gain freedom. In this context, the present work can be a contribution in spreading the free use of Internet and, in general, digital devices. In countries where freedom of expression is persecuted, a dissident who would like to spread (illegal) information by means of the Internet should take into account the need to avoid as many traces as possible of his activity, in order to mislead eventual forensics investigations. In particular, this work introduces a methodology to delete a predetermined data set from a digital device in a secure and fast way, for example, with a single click of the mouse. All the actions required to remove the unwanted evidence can be performed by means of an automation, which is also able to remove traces about its execution and presence on the system. A post-mortem digital forensics analysis of the system will never reveal any information that may be referable to either the deleted data set or automation process.

Automated construction of a false digital alibi

Recent legal cases have shown that digital evidence is becoming more widely used in court proceedings (by defense, accusation, public prosecutor, etc.). Digital tracks can be left on computers, phones, digital cameras as well as third party servers belonging to Internet Service Providers (ISPs), telephone providers and companies that provide services via Internet such as YouTube, Facebook and Gmail. This work highlights the possibility to set up a false digital alibi in a fully automatic way without any human intervention. A forensic investigation on the digital evidence produced cannot establish whether such traces have been produced through either human activity or by an automated tool. These considerations stress the difference between digital and physical - namely traditional - evidence. Essentially, digital evidence should be considered relevant only if supported by evidence collected using traditional investigation techniques. The results of this work should be considered by anyone involved in a Digital Forensics investigation, due to it demonstrating that court rulings should not be based only on digital evidence, with it always being correlated to additional information provided by the various disciplines of Forensics Sciences.

The AVQ Algorithm: Watermarking and Compression Performances

In this paper we review the Adaptive Vector Quantization algorithm for lossy image compression, introduced by Constantinescu and Storer. AVQ combines the potentiality of a dictionary-based algorithm to process input in single-pass with the potentiality of Vector Quantization to approximate data. We discuss an open-source implementation and report the achieved results by this implementation with different size of the dictionary. Subsequently, we consider the problem of the copyright protection in multimedia contents, by focusing our attention on the Digital Watermarking. In addition we describe an approach for this algorithm that permits to improve the robustness of digital invisible watermarks. The proposed approach consists of spreading the watermark into the image during the compression process. We assume that the compression algorithm is aware of the positions of the watermarks: when the algorithm identifies the block containing the watermark, then this block is encoded in loss less mode and is spread all over the image.

The Forensic Analysis of a False Digital Alibi

In recent years the relevance of digital evidence in Courts disputes is growing up and many cases have been solved thanks to digital traces that addressed investigations on the right way. Actually in some cases digital evidence represented the only proof of the innocence of the accused. In such a case this information constitutes a digital alibi. It usually consists of a set of local and Internet activities performed through a digital device. It has been recently shown how it is possible to setup a common PC in order to produce digital evidence in an automatic and systematic manner. Such traces are indistinguishable upon a forensic post-mortem analysis from those left by human activity, thus being exploitable to forge a digital alibi. In this paper we verify the undetectability of a false digital alibi by setting up a challenge. An alibi maker team set up a script which simulated some human activities as well as a procedure to remove all the traces of the automation including itself. The verification team received the script and executed it on its own PCs. The verification team could perform not only a usual post-mortem analysis but also a deeper forensic analysis. Indeed, they knew all the details of the script and the original state of the PC before running it. The verification confirmed that a well-constructed false digital alibi is indistinguishable from an alibi based on human activities.

PExy: The Other Side of Exploit Kits

The drive-by download scene has changed dramatically in the last few years. What was a disorganized ad-hoc generation of malicious pages by individuals has evolved into sophisticated, easily extensible frameworks that incorporate multiple exploits at the same time and are highly configurable. We are now dealing with exploit kits.

A Novel Methodology to Acquire Live Big Data Evidence from the Cloud

In the last decade Digital Forensics has experienced several issues when dealing with network evidence. Collecting network evidence is difficult due to its volatility. In fact, such information may change over time, may be stored on a server out jurisdiction or geographically far from the crime scene. On the other hand, the explosion of the Cloud Computing as the implementation of the Software as a Service (SaaS) paradigm is pushing users toward remote data repositories such as Dropbox, Amazon Cloud Drive, Apple iCloud, Google Drive, Microsoft OneDrive. In this paper is proposed a novel methodology for the collection of network evidence. In particular, it is focused on the collection of information from online services, such as web pages, chats, documents, photos and videos. The methodology is suitable for both expert and non-expert analysts as it “drives” the user through the whole acquisition process. During the acquisition, the information received from the remote source is automatically collected. It includes not only network packets, but also any information produced by the client upon its interpretation (such as video and audio output). A trusted-third-party, acting as a digital notary, is introduced in order to certify both the acquired evidence (i.e., the information obtained from the remote service) and the acquisition process (i.e., all the activities performed by the analysts to retrieve it). A proof-of-concept prototype, called LINEA, has been implemented to perform an experimental evaluation of the methodology.

A review of security attacks on the GSM standard

The Global Systems for Mobile communications (GSM) is the most widespread mobile communication technology existing nowadays. Despite being a mature technology, its introduction dates back to the late eighties, it suffers from several security vulnerabilities, which have been targeted by many attacks aimed to break the underlying communication protocol. Most of these attacks focuses on the A5/1 algorithm used to protect over-the-air communication between the two parties of a phone call. This algorithm has been superseded by new and more secure algorithms. However, it is still in use in the GSM networks as a fallback option, thus still putting at risk the security of the GSM based conversations. The objective of this work is to review some of the most relevant results in this field and discuss their practical feasibility. To this end, we consider not only the contributions coming from the canonical scientific literature but also those that have been proposed in a more informal context, such as during hacker conferences.

Security issues and attacks on the GSM standard: A review

The Global Systems for Mobile communications (GSM) is actually the most widespread mobile communication technology existing nowadays. Despite being a mature technology, its introduction dates back to the late eighties, it suffers from several security vulnerabilities, which have been targeted by many attacks aimed to break the underlying communication protocol. Most of these attacks focuses on the A5/1 algorithm used to protect over-the-air communication between the two parties of a phone call. This algorithm has been superseded by new and more secure algorithms. However, it is still in use in the GSM networks as a fallback option, thus still putting at risk the security of the GSM based conversations. The objective of this work is to review some of the most relevant results in this field and discuss their practical feasibility. To this end, we consider not only the contributions coming from the canonical scientific literature but also those that have been proposed in a more informal context, such as during hacker conferences.