Peter Hannay

Using Traffic Analysis to Identify the Second Generation Onion Router

Anonymous networks provide security for users by obfuscating messages with encryption and hiding communications amongst cover traffic provided by other network participants. The traditional goal of academic research into these networks has been attacks that aim to uncover the identity of network users. But the success of an anonymous network relies not only on its technical capabilities, but on adoption by a large enough user base to provide adequate cover traffic. If anonymous network nodes can be identified, the users can be harassed, discouraging participation. Tor is an example of widely used anonymous network which uses a form of Onion Routing to provide low latency anonymous communications. This paper demonstrates that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.

Geo Forensics: Classes of locational data sources for embedded devices

A number of devices, web services and applications are being released with, or updated to be locationally aware. The use of location data can be used for a wide variety of purposes, including navigation, social networking, data mining and providing localised content. This location data has potential for establishing a locational history for these devices. The sources of this location data exceed the global positioning system (GPS) based data, including pre- and post-incident triangulation of mobile and cell towers, images and network histories. This paper proposes a classification framework ranking the reliability of potential evidence. This ranking is dependent on the intended purpose of the mechanism involved the generation of such. The classification classes proposed are implicit, connectivity based and metadata, each representing a different level of confidence and identifying features.

On 802.11 Access Point Locatability and Named Entity Recognition in Service Set Identifiers

The 802.11 active service discovery mechanism requires the transmission of various attributes in a plain text. These attributes can be collected using passive monitoring and can be used to enumerate the preferred network list (PNL) of client devices. In this paper, we focus on the information that can be obtained using the service set identifiers (SSIDs) that make up the PNL. First, we describe a simple model based on a wireless access point geolocation technique to gauge the potential device locatability using data available on WiGLE.net. Second, we look at additional information that can be extracted from the SSID strings. Our hypothesis is that the entities of potential interest, such as locations and personal names contained within SSIDs, can be recognized in an automated fashion. Using two freely available pretrained named entity recognizers, we were able to identify up to 49% of SSIDs as possibly carrying entities of interest based on multiple data sets. We also show that extracted attributes can be used as an inference basis for additional inference attacks, which presents further opportunities in forensic and intelligence contexts.

Discovering trends for the development of novel authentication applications for dementia patients

We aim at creating ease in authentication process through non-password-based authentication scheme for the Dementia patients. The chronic neuro-degenerative disease leaves the patients with memory recall/loss issues. With ever growing rich list of assistive technologies, that bring ease in patient’s daily life i.e. remote Electrocardiography and peripheral capillary oxygen saturation monitoring, remote blood glucose level monitoring applications etc. These assistive technologies are ubiquitous, seamless, immersed in the background, often remotely monitored, and the most intimate applications that run very close to the patient’s physiology. In this paper, we investigate the existing technologies and discover the trends to build Yet Another Authentication Method (YAAM). The YAAM is going to extract a distinctive image from a patient’s viewfinder and securely transform it into authentication token that are supported by the Geo-location, relative proximity of surrounding smart objects etc. that we call security-context. The authentication tokens are only generated on the fly when token context is right for the image stream captured by the wearable camera. The results presented in this paper not only present the pros and cons of the existing alternative authentication technologies, they also aide in the development of the YAAM prototype.

Service Set Identifier Geolocation for Forensic Purposes: Opportunities and Challenges

We discuss the use of selected passive wireless device fingerprinting and prior location inference techniques from a forensic perspective. With specific focus on 802.11 signals, we examine how fingerprints based on the Preferred Network List (PNL) enumerations can be utilized to obtain the locational dimension. This dimension may act as a bridge between the digital fingerprint and the physical world. Using a data set of 147,944 network names contextualized to a particular geographical area, we discuss the associated opportunities, challenges and limitations.

Building a dataset for image steganography

Spontaneous ad hoc networks are distinguished by rapid deployment for a specific purpose, with no forward planning or pre-design in their topology. Often these networks will spring up through necessity whenever a network is required urgently but briefly. This may be in a disaster recovery setting, military uses where often the network is unplanned but the devices are pre-installed with security settings, educational networks or networks created as a one-off for a meeting such as in a business organisation. Generally, wireless networks pose problems for forensic investigators because of the open nature of the medium, but if logging procedures and preplanned connections are in place, past messages, including nefarious activity can often be easily traced through normal forensic practices. However, the often urgent nature of the spontaneous ad hoc communication requirements of these networks leads to the acceptance onto the network of anyone with a wireless device. Additionally, the identity of the network members, their location and the numbers within the network are all unknown. With no centre of control of the network, such as a central server or wireless access point, the ability to forensically reconstruct the network topology and trace a malicious message or other inappropriate or criminal activity would seem impossible. This research aims to demonstrate that forensic reconstruction is possible in these types of networks and the current research provides initial results for how forensic investigators can best undertake these investigations.

Controlled Android Application Execution for the IoT Infrastructure

Android malware has grown in exponential proportions in recent times. Smartphone operating systems such as Android are being used to interface with and manage various IoT systems, such as building management and home automation systems. In such a hostile environment the ability to test and confirm device health claims is important to preserve confidentiality of user data. This paper describes a study to determine whether an Android device could be secured to prevent malware from executing in parallel with trusted applications. The research also sought to determine whether the system image could be protected from unauthorised modifications. A prototype scheme for meeting the above requirements was developed and tested. It was observed that the prototype succeeded in preventing unauthorised modification to the system image of the test device. However, the prototype failed to prevent unauthorised IPC calls when in single process mode.