What do we call an attack where a person inserts themselves into the middle of a communication so that they can eavesdrop on the data being transmitted?

Publisher Summary

Eavesdropping attacks are easier and can be passive, that is, a piece of software can simply be sitting somewhere in the network path and capturing all the relevant network traffic for later analysis. The attacker does not need to have any ongoing connection to the software at all. An attacker can insert the software onto a compromised device by direct insertion or by a virus or other malware, and then come back some time later to retrieve any data that is found or trigger the software to send the data at some determined time. Modification attacks have the same need as eavesdropping attacks to get to the right point in the network, but they also have a timing requirement. The attacks are only useful if one can modify the communications stream while the communication is taking place. The attacker also has to insert software in the network path in a true man-in-the-middle (MiTM) attack where one is able to not just observe packets, but actually receive the packets, modify them, and send them on. Modification attacks could be performed by code that is inserted and left behind, particularly if the target media is text-based such as IM, but other tools do require the active participation of the attacker to get the right timing.

Eavesdropping Attacks

Eavesdropping attacks are an age old security problem. In an eavesdropping attack, the attacker passively listens to network communications to gain access to private information, such as node identification numbers, routing updates, or application sensitive data. The attacker can use this private information to compromise nodes in the network, disrupt routing, or degrade application performance. Cryptography is the standard defense against eavesdropping attacks. However, due to their limited computing power, sensors cannot efficiently process the standard cryptographic keys that are used in typical wired networks. Perrig et al. use symmetric cryptographic primitives to develop the SPINS protocols, a suite of security building blocks optimized for resource constrained sensor environments to thwart eavesdropping [4]. All the cryptographic primitives that include encryption, message authentication code (MAC), hash, and the random number generator are constructed out of a single block cipher for code reuse, and the presence of a common state between the communicating parties is exploited to reduce communication overhead. In Ref. [1], the authors propose a key management scheme for sensor networks that achieves selective distribution and revocation of keys to sensor nodes, as well as node re-keying without substantial computation and communication requirements. The key ideas in this work are probabilistic key sharing among the nodes of a random graph and simple protocols for shared key discovery, path-key establishment, key revocation, re-keying, and adding nodes to the network. In another work on key management, Zhu et al. present a protocol that is designed to support in-network processing, while providing security properties similar to those provided by pair-wise key sharing schemes [5]. The LEAP keying mechanisms also restrict the impact of a compromised node to the node's immediate network neighborhood of the compromised node. In Ref. [11], the problems addressed are coverage of the network and secure connectivity between sensors. The authors in Ref. [11] propose a set of virtual force-based movement protocols, where sensors move to realize a deployment scenario where coverage and secure connectivity between sensors are enhanced starting from an arbitrary initial deployment.

Eavesdropping

With the eavesdropping attacks mentioned in Chapter 3, “Eavesdropping and Modification,” the attacker had to get in the network path between the endpoint and the UC system or between components of the UC system in order to be able to observe the network traffic. With a distributed system, there are more network paths between components and the network paths are likely longer, which makes it easier for the attacker to get into the path or near enough to eavesdrop on the traffic, either in real-time or at a later date.

Also note that in the case of federation, the attacker could potentially learn information about your federation partners. Consider also that you need to think not only about the eavesdropping on the specific messages or media but also the aggregate patterns of who is calling whom and so on, if the control channel is not secured.

Eavesdropping Attacks

In Chapter 3, “Eavesdropping and Modification,” you learned about how the media channel could be intercepted and observed. The same attacks and the same tools can be used to observe the control channels. If you recall Figures 3.6 and 3.7 in Chapter 3, Wireshark has some easy options to let you identify VoIP calls and graph out the flow of a SIP call. Figure 4.3 shows that Wireshark also let you dig deeper into the actual contents of the SIP packets to view their contents.

Similar to the eavesdropping attacks against media channels, the attacker only needs to get to the same network segment where the control channel traffic is occurring. The attacker can then capture all the traffic on the network segment and analyze the traffic at some later time. By analyzing the control channel traffic, the attacker can potentially learn the following information:

Who is calling whom?

What are common external numbers that are being called or external IM contacts?

Presence information about who is or is not available, and any other available “rich presence” information (such as status messages about where someone is right now)

What systems are used by SIP service providers to route calls out to the public switched telephone network (PSTN)?

What gateways are used to connect to federated UC systems, to public IM networks, or to any other collaboration systems?

Usernames and passwords to external systems

Encryption keys for the encrypted Secure Real-time Transfer Protocol (SRTP) media channel (if the attacker compromises a hop in the routing path where the keying material is briefly unencrypted)

Patterns of communication sessions – volume, usage, busiest endpoints, and so on

This information may allow an attacker to gather important information about the company in and of itself, or it may give the attacker more information that he or she can use to undertake further attacks against your UC system.

Note

Do note that there are many other network analysis tools that also allow an attacker to capture and read packets. Wireshark is mentioned as an example purely because it is freely available across all the major operating systems of Windows, Mac OS X and Linux/UNIX. See the VOIPSA VoIP Security Tools list at www.voipsa.org/Resources/tools.php for more specialized scanning tools.

Loss of Privacy

The four major eavesdropping attacks are:

Trivial File Transfer Protocol (TFTP) configuration file sniffing

Traffic analysis

Conversation eavesdropping

12.1 Threats and Issues

E-mail is very susceptible to eavesdropping attacks, either in transit on the wire or at the mail relays as the mail is being forwarded. Nothing is done to protect the data in transit and the e-mail may wait on an intermediate mail relay for some time before being passed along. During that period any party with administrative access to the relay machine has access to the data in the e-mail. Authentication of e-mail is another serious concern. It is trivial to spoof e-mail by source routing fraudulent messages through authentic mail relays (which stamp their identity on the message) and the end result appears to originate from an authentic domain name. Nor is message integrity assured as the message can be changed by unauthorized parties at any time during transit. And there is no mechanism in place to determine if the message was actually received by the intended party.

Also, using a secure electronic mail program could provide a false sense of security if the encryption algorithm negotiated between two implementations is weak. It is estimated that 40-bit RC2 can be broken by brute force in a matter of hours. To worsen matters, this algorithm is often the lowest common denominator negotiated between two secure e-mail implementations.

As the user base of the Internet continues to grow, unsolicited bulk e-mail is becoming another serious problem. Often referred to as spam, such mailings constitute denial-of-service attacks on legitimate mail servers that are being subverted to distribute the spam.

Dimension I: Physical Access to the Network

In this dimension, attacks are classified based on the adversary’s level of physical access to the cellular network. Dimension I may be further classified into single infrastructure attacks (Level I–III) and cross-infrastructure cyber attacks (Level IV–V):

Level I: Access to air interface with physical device. Here the adversary launches attacks via access to the radio access network using standard inexpensive “off-the-shelf” equipment [36]. Attacks include false base station attacks, eavesdropping, and man-in-the-middle attacks and correspond to attacks previously mentioned.

Level II: Access to links connecting core service nodes. Here the adversary has access to links connecting to core service nodes. Attacks include disrupting normal transmission of signaling messages and correspond to message corruption attacks previously mentioned.

Level III: Access core service nodes. In this case, the adversary could be an insider who managed to gain physical access to core service nodes. Attacks include editing the service logic or modifying data sources, such as subscriber data (profile, security and services) stored in the service node and corresponding to corrupt service logic, data source, and node impersonation attacks previously mentioned.

Level IV: Access to links connecting the Internet and the core network service nodes. This is a cross-infrastructure cyber attack. Here the adversary has access to links connecting the core network and Internet service nodes. Attacks include editing and deleting signaling messages between the two networks. This level of attack is easier to achieve than Level II.

Level V: Access to Internet servers or cross-network servers: This is a cross-infrastructure cyber attack. Here the adversary can cause damage by editing the service logic or modifying subscriber data (profile, security and services) stored in the cross-network servers. Such an attack was previously outlined earlier in the chapter. This level of attack is easier to achieve than Level III.

5.1.1 Security model

This section describes the ROR security model. According to the security model, various queries and oracles are defined as follows:

Participants: Let Π be the set of all participants, D be the set of all doctors, C is the set of all cloud servers, and H is the set of healthcare centers. The symbol Πi denotes the ith instance of a participant Π. Any instance of a participant is called an oracle.

Partnering: Partnering is expressed by the unique session ID of the participants involved in a communication. Two instances Πi and Πj are partnered if they have the same session ID in a session.

Adversary: In this model, it is assumed that the adversary A runs in polynomial time. A has complete control on the network and can eavesdrop, block, alter, and replay the messages. The capabilities of A is defined by the queries discussed here:

Execute(Πi, Πj): In response to this query, the adversary A obtains all the messages communicated between two authorized participants Πi and Πj. It models the eavesdropping attack of A.

Send(Πi, msg): Through this query, A can transmit a message msg to an authorized participate instance Πi and also receives a corresponding reply from the participant. It models the replay attack, impersonation attack, and modification attack.

CorruptMD(P): Through this query, the adversary A extracts the information stored in the patient’s mobile device. It models the mobile device lost attack.

Test(Πi): This query represents the semantic security of the session key established by the participant Πi. The response of Πi in this test query depends on the result of an unbiased coin flip, c. A is unaware about flipped result, c. If c = 1, Πi returns the actual session key to adversary A; else if c = 0, Πi returns a random number in the same domain.

Hash(x, k): Hash oracle represents the hash operation h() and provides output k = h(x) when queried with x. When someone queries for h(x), it searches the table(x, k) and returns k if x appears in the table. Otherwise, it returns a uniformly random string k and inserts (x, k) to the table.

Biohash(x, k′): Biohash oracle represents the biohash operation hBio() and provides output k′ = hBio(x) for the input x. When someone queries for hBio(x), it returns k′ if x matches with an existing value within a threshold. Otherwise, it returns a uniformly random string k′ and inserts (x, k′) into the table.

Semantic security of the session key: Providing the earlier-discussed queries, the adversary A is challenged to determine the value of flipped result c, that is, the session key is real or random. If A distinguishes the real key and random key successfully, then the protocol fails to deliver semantic security. Let Succ represents the event in which A wins, that is, correctly distinguishes the real key and random key. The advantage of A in cracking the semantic security of protocol P is Adv Pake=|2⋅pr[Succ]− 1|. The protocol P is secure in ROR model if AdvPake is negligible.

So, the adversary does not get a nonnegligible advantage and our protocol achieves semantic security.

Wireless Encryption: WEP

When wireless networking was first designed, its primary focus was ease of implementation, and certainly not security. As any security expert will tell you, it’s extremely difficult to secure a system after the fact. WEP, the Wired Equivalent Privacy encryption scheme, initially was targeted at preventing theft-of-service and eavesdropping attacks. WEP comes in two major varieties, standard 64-bit and 128-bit encryption. 256-bit and 512-bit implementations exist, but they are not nearly as supported by most vendors. 64-bit WEP uses a 24-bit initialization vector that is added to the 40-bit key itself; combined, they form an RC4 key. 128-bit WEP uses a 104-bit key, added to the 24 bit initialization vector. 128-bit WEP was implemented by vendors once a U.S. government restriction limiting cryptographic technology was lifted.

In August of 2001, Fluhrer, Mantin, and Shamir released a paper dissecting cryptographic weaknesses in WEP’s RC4 algorithm. They had discovered that WEP’s 24-bit initialization vectors were not long enough, and repetition in the cipher text existed on busy networks. These so-called weak IVs leaked information about the private key. An attacker monitoring encrypted traffic long enough was able to recreate the private key, provided enough packets were gathered. Access Point Vendors responded by releasing hardware that filtered out the weak IVs.

However, in 2004 a hacker named Korek released a new statistical-analysis attack on WEP, which led the way to a whole new series of tools. These new wireless weapons broke WEP using merely IVs, and no longer just IVs were considered weak. On a 64-bit WEP encrypted network, an attacker need gather only around 100,000 IVs to crack in (although more certainly increases the chance of penetration) and only 500,000 to 700,000 for 128-bit WEP. On a home network, it can take days, even weeks to see enough traffic to make cracking the key possible. However, clever attackers discovered a way to stimulate network traffic by replaying encrypted network level packets at the target. By mimicking legitimate network traffic, the target network would respond over and over, causing a flood of network traffic and creating IVs at an accelerated rate. With this new attack, a 128-bit WEP network can be broken in as little as 10 minutes.

What a VPN can offer

A VPN (regardless of the type used) but specifically an SSL VPN is a good choice for making calls on a softphone when in a public area such as a coffee shop, airport, or Internet café. In this regard, the VPN tunnel will provide encrypted traffic to the far end. However, if the Wi-Fi connection is wide open, one must be careful that the initial sign-on/logon credentials may be sent in the clear and be exposed to eavesdropping. Moreover, a reconnaissance attack is possible when using public Wi-Fi access.

In general, the use of a VPN (regardless of the type) provides encrypted and authenticated connections to provide secure voice and minimizes, if not eliminates, MIM attacks and replay attacks. One should be sure to consider using such a tool when roaming or travelling anywhere away from the office.

The rationale for using a VPN is that an organization or individual looks for secure voice communications, however, with the connectivity and cost benefits of an Internet connection. So by handling the issues of a VoIP connection, a VPN provides:

Encryption that will offer secure communications. Normally a VPN will use 128- or 256-bit encryption using AES.

Authentication so that the systems will only allow authorized users to connect and use the network.

Tunnels that hide the data, encrypt the data, authenticate the user, and hide the address of the parties.

Virtually a steel pipe is created to let voice and data coexist on the Internet but keeps the rogue packets from penetrating the tunnels. Others’ packets merely bounce off the steel pipe!

Figure 3.7 is an example of the VPN designated as the steel pipe.

Thinking of the VPN as a tool then it can be summed up as providing the following as a benefit of the VPN:

Data integrity – The ideal situation is that the data (voice) cannot be manipulated by a replay or an insertion.

Add-on security – By connecting to the Internet through a VPN tunnel, the network data are all well encrypted and secured by the VPN standard; all information is very safe from an attacker’s eyes.

Message privacy – The one thing that is crucial is that an eavesdropping attack can be prevented.

Network anonymity – Through a VPN people can surf the websites in complete anonymity. Comparing this with the web proxy method, the VPN allows users to access Internet 100% anonymously.

Unblock web sites and bypass web filters – A VPN can be used to access blocked websites and bypass network filters from the local ISP, especially in some countries in which Internet censorship is applied to web browsers (such as Far East and Middle Eastern countries). This is particularly true where these countries block VoIP (e.g., Skype is blocked in China).

Authentication – The ability to ensure that the speaker is who he/she says he/she is and not an imposter.

Access controls – As the tools develop the control of access will be seen later, but suffice it to say for now, only authorized persons are allowed to access the network for voice purposes.

Audit and logging – The ability to check usage of specific VoIP trunks and services creates a powerful tool to manage and secure the network. Logging any failed and/or successful access attempts provides an indicator that an attack may be underway.

Class of service and QoS – Using the SSL VPN as seen above may in fact improve the quality of a VoIP call. Moreover, with the VPN calls can be tunneled inside a steel pipe, meaning that an impersonator cannot see what is being carried inside the pipe. Finally on this point, if there are any blocks to specific ports (5060, 5061, 1720, etc.), then the call is carried in the outer pipe using either TCP or UDP standard ports. The blocked ports are hidden inside the pipe. This rings true whenever a government is blocking the VoIP calls. So class of service and quality of service are attainable through the use of the VPN.

Reduce costs – Businesses like to use VPNs to set up multiple remote locations as a virtual local network to save the cost of renting dedicated Internet connections. The maintenance of establishing LAN connection through Internet VPN is very low compared with traditional dedicated line solutions.

Remote work – Enterprises like to provide VPN connections to employees who work from home (telecommuters) or from remote sites during business travel.