Martin Mikulec

Creating Covert Channel Using SIP

Sending VoIP (Voice Over IP) by default requires two protocols:SIP and RTP. First one is used for establishing and changing the settings of the session and second one for exchanging voice packets. The main aim of this paper is to calculate the maximum number and type of SIP messages that can be transferred during established VoIP call without detection and raising an alarm from IDS (Intrusion detection system). Finally, we calculated Steganography bandwidth, amount of data in these messages that can be used for transfer of hidden content. Also, this paper deals with Snort IDS settings for raising alarm, traditional ones by using hard-coded rules and usage of anomaly detection plugin. Results of experiment are provided.

Neural network classifier of attacks in IP telephony

Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

Using DNS amplification DDoS attack for hiding data

This paper concerns available steganographic techniques that can be used for sending hidden data through public network. Typically, in steganographic communication it is advised to use popular/often used method for sending hidden data and amount of that data need to be high as much as possible. We confirmed this by choosing a Domain Name System (DNS) as a vital protocol of each network and choosing Distributed denial of service (DDoS) attacks that are most popular network attacks currently represented in the world. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols fields and is known for IP, UDP or TCP protocols, but has never been applied to DNS (Domain Name Server) which are the fundamental part of network communications. The second explains the usage of DNS Amplification DDoS Attack to send seamlessly data through public network. The calculation that was performed to estimate the total amount of data that can be covertly transferred by using these technique, regardless of steganalysis, is included in this paper.

Predictive model for determining the quality of a call

In this paper the predictive model for speech quality estimation is described. This model allows its user to gain the information about the speech quality in VoIP networks without the need of performing the actual call and the consecutive time consuming sound file evaluation. This rapidly increases usability of the speech quality measurement especially in high load networks, where the actual processing of all calls is rendered difficult or even impossible. This model can reach its results that are highly conformant with the PESQ algorithm only based on the network state parameters that are easily obtainable by the commonly used software tools. Experiments were carried out to investigate whether different languages (English, Czech) have an effect on perceived voice quality for the same network conditions and the language factor was incorporated directly into the model.

The Interactions of SOAP-Based Web Services for Recording and Replaying Video Files

The paper deals with the extended capability of a multimedia server to control a video transaction remotely. The presented paper is a result of applied research and is a contribution into the INDECT portal which integrates the interactions of SOAP-based web services. The project aims at developing the tools for enhancing the security of citizens and protecting the confidentiality of recorded and stored information and is a part of the 7 th FP EU. We describe a multimedia handling controlled by the client application via web services. We have developed JAVA based software that allows remote control of SW PBX Asterisk through web services and AMI interface. Video files are recorded by smartphones and saved in a repository on the server. The list of stored files is generated automatically and users can replay a particular video file from the server. The names in this list are read to users by means of a speech synthesis. Subsequently, DTMF key input is used to enable making the right choice.

Real time round trip delay time measurement methodology between remote VoIP Operators

The paper deals with real time round trip measurement methodology. In contrast with probe-based methods, the new methodology tries to use an existing VoIP Operator infrastructure without any hardware or software installation into the infrastructure. The measurement is based on packet payload comparison and timestamp evaluation. The results of the measurement can be used as an external monitoring tool of VoIP infrastructure between VoIP Operators or for call admission control functions.

A performance analysis in energy harvesting full-duplex relay

In this paper, we consider the impact of some factors at the relay node for the amplify-and-forward and decode-and-forward modes based on the energy harvesting in full-duplex relaying networks. Specially, the closed-form expression of their outage probability and throughput is illustrated. Moreover, we appraise the systems performance in terms of the outage probability and throughput which depend on the noise at nodes as well as the distance between them.

Building GSM network in extreme conditions

The paper is focused on the building ad-hoc GSM network based on open source software and low-cost hardware. The created Base Transmission Station can be deployed and put into operation in a few minutes in a required area to ensure private communication between connected GSM mobile terminals. The convergence between BTS station and the other networks is possible through IP network. The paper tries to define connection parameters to provide sufficient quality of voice service between the GSM network and IP Multimedia Subsystem. The paper brings practical results of voice call quality measurement between users inside BTS station mobile network and users inside IP Multimedia Subsystem network. The calls are simulated by low-cost embedded solution for speech quality measurement in GSM network. This tool is under development of our laboratory and allows automatic speech quality measurement of any GSM or UMTS mobile network. The Perceptual Evaluation of Speech Quality method is used to get final comparable results. The communication between BTS station and connected networks has to be secured against the interception from the third party. The influence of the securing method for quality of service is presented in detail. Paper, apart from the quality of service measurement section, describes technical requirements for successful interconnection between BTS and IMS networks. The authentication, authorization and accounting methods in roaming between BTS and IMS system are presented too.

Vulnerabilities in GSM technology and feasibility of selected attacks

Global System for Mobile communication (GSM) is the most widespread technology for mobile communications in the world and serving over 7 billion users. Since first publication of system documentation there has been notified a potential safety problem’s occurrence. Selected types of attacks, based on the analysis of the technical feasibility and the degree of risk of these weaknesses, were implemented and demonstrated in laboratory of the VSB-Technical University of Ostrava, Czech Republic. These vulnerabilities were analyzed and afterwards possible attacks were described. These attacks were implemented using open-source tools, software programmable radio USRP (Universal Software RadioPeripheral) and DVB-T (Digital Video Broadcasting – Terrestrial) receiver. GSM security architecture is being scrutinized since first public releases of its specification mainly pointing out weaknesses in authentication and ciphering mechanisms. This contribution also summarizes practically proofed and used scenarios that are performed using opensource software tools and variety of scripts mostly written in Python. Main goal of this paper is in analyzing security issues in GSM network and practical demonstration of selected attacks.

Wireless information and energy harvesting for bidirectional relay channels: Tradeoff between relay distance and optimal throughput

In this paper, we illustrate performance analysis for three and four time slot transmission schemes (3TS and 4TS) for two-way amplify-and-forward (AF) relaying channels for power transfer protocol and wireless data, in which the energy harvesting (EH) relay node helps to interchange information between two nodes. We derive the throughput and the approximate expressions of outage probability of the 3TS, 4TS transmission schemes and compare these results with the distance allocation number between source node to relay and relay to destination node, and the large scale path loss in order to calculate the optimal throughput. This result depicts that relaying scheme has high opportunities to significantly enhance the performance of systems. In the numerical results, we can see that the performance throughput declines when the distance of both sources rises. Especially, when the distance allocation number increases, the throughput trend decreases for both 3TS and 4TS.