Henning Shulzrinne’s talk: “VoIP: Not your Grandma’s Phone Anymore”

Given my interest in the security aspects of VoIP, I decided to attended a talk by Henning Shulzrinne (CS@Columbia), the inventor of RTP, SIP, and a mojor proponent of VoIP. His talk was interesting because it pointed to the transitions that are happening now, in the world of telephony, some of them quite inconspicuously. The interesting things I gathered from the talk were:

1. A system they have developed in their lab at Columbia called the ‘presence’ system which essentially tries to build in context-awareness into the mobile telephony experience by accepting or rejecting calls based on things such as the activity the user is currently engaged in (in a meeting, driving, etc.) and the identity of the calling party. Their architecture employs a trusted server that acts as a proxy for the user being called. The end user’s device constantly senses or learns the users availability and willingness to receive incoming communications and updates this on the server. They have also developed ways to address the inevitable privacy problem that arises from having to constantly update your personal attributes on a central server.

2. He also spoke briefly about what he termed ‘the need for glue’ which is a metaphor for requiring ways to allow the many computing devices around us to communicate. I have heard this pitch before in a number of ‘high-level’ presentations, thrown in along with the idea of the ‘internet of things’. It appears to me that these ideas are yet to take off in a proper way and what’s really hindering their progress is a tangible use case. There have been limited success stories in my opinion, such as (i) using mobile phones for context sensing (see Microsoft’s ‘Tag’ technology for instance) and phone cameras for reading barcodes etc. and (ii) some limited success in home-networking. My guess is that there is a lot of room for progress in this area, as long as people are able to come up with interesting, tangible use cases and benefits.

“Software radio and the future of wireless security”

I found this interesting talk abstract at the Blackhat conference program. The talk was delivered by Micheal Ossman who works as an information security researcher, at the institute for telecommunications sciences, U.S. Dept. of commerce. I have been thinking of this issue for some time, particularly from the point of view of GSM radio signals and the possibly nasty things that can be done with a software GSM receiver.

Radios are everywhere. We use them daily in car stereos, cordless phones, car key fobs, proximity access cards, laptops, television tuners, garage door openers, mobile phones, and headsets, to name a few. To build one of these radio devices in the traditional manner, you would need some electronic components (including, in many cases, a microprocessor), a soldering iron, and a fairly advanced knowledge of electronic circuit design. All that is changing, however, with the emergence of software radio. The digital technologies that revolutionized the audio world over last thirty years are now bringing the same revolution to the radio world. General purpose computers are becoming fast enough to function as sophisticated radio devices with minimal hardware peripherals. In the future, all radios will be software radios, and all practical wireless security tools will be implemented with software radio.

This presentation will describe the state of software radio, discuss future trends, and point out current and future applications of software radio technologies to wireless security research. Particular attention will be given to tools and resources that are available today, helping attendees without a background in RF technology to get started in the field. Practical attacks will be demonstrated using GNU Radio and the Universal Software Radio Peripheral.

Mobicom paper accepted!

My Mobicom paper has officially been accepted – now that the several rounds of changes and formatting issues have been fixed (I was both surprised and amazed as the painstaking detail with which ACM perused the paper; IEEE standards fall pale in comparison).

The paper is titled ‘Radio-telepathy: Extracting Secret Bits from an Unauthenticated Wireless Channel’. In this paper, I teamed up with some folks over at InterDigital to build a system that can use the received signal from 802.11 cards to ‘extract’ bits at the two ends of a wireless channel, in such a way that a third user cannot infer any useful information about the bits that were extracted. The idea is to enable generation of identical bit sequences at the two ends, which can then be used as cryptographic keys for encrypting future communications. What is more, these keys can be refreshed at regular intervals using channel information that the 802.11 system can extract from regular received packets.

The system we proposed provides an analog of quantum cryptography for ‘everyday wireless channels’. While QC relies on the quantum physics behind photons, our proposed system relies on two simple, somewhat surprising but verifiable properties of the wireless medium: (1) The channel decorrelates in space very quickly – over distances of the oder of a wavelength (a few cm for 802.11) and (2) The wireless channel is, toa good extent, reciprocal. This means that although it is continuously changing in time, at a fixed instant of time and at a  fixed frequency, the channel behaves in exactly the same way, irrespective of whether Alice transmits and Bob receives, or vice-versa. In practice, it is hard to have both users transmit and receive simultaneously, so there is a small time-delay between transmissions in the two directions. However, if this delay is small, then the channel only has a chance to change by a small amount and is still heavily correlated.

The most notable point about our algorithm is that it provides information theoretic secrecy. This means that the secrecy of the keys extracted is unconditional – it does not depend upon the assumption of a computationally bounded adversary or the computational hardness of a mathematical problem.

I’m looking forward to attending the conference in September. There are a number of other very interesting papers in wireless and otherwise.

Tracking 100,000 cellphones without consent

The cover story on the latest issue of Nature talks about a study that tracked the locations of 100,000 cellphone users for six months without their consent. The best part is the article doesn’t even mention the location privacy issue associated with the study, which was conducted for the purpose of inferring upon people’s movement patterns.

Linus sequence

The sequence composed of 1s and 2s obtained by starting with the number 1, and picking subsequent elements to avoid repeating the longest possible substring. The first few terms are 1, 2, 1, 1, 2, 2, 1, 2, 1, 1, 2, 1, 2, 2, … (Sloane’s A006345). The Sally sequence gives the length of the run that was avoided. (From Wolfram’s Mathworld)

Commercial localization in shopping malls using GNURadio

I came across a company named Path Intelligence that is selling equipment to track consumer’s locations passively using their cellphone signals inside shopping centers, malls, etc. ostensibly for the purpose of tracking consumer behavior. Apparently, their ‘equipment’ is centered around the GNUradio platform and uses triangulation based schemes for localization. What is interesting to me is that:

(1) They manage to use signals from cellphone even when the phone is not in a voice call (There must be some beacons!?)
(2) They manage to simultaneously localize multiple phones.
(3) The company website claims accuracy of 1-2 meters

It appears that early adopters of their solution are in the UK. A large mall can be covered by 20 of their ‘boxes’.

The Privacy issue:
“The Information Commissioner’s Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset’s IMEI code – a unique number given to every device so that the network can recognise it.”

So they don’t just track the pure signal but they also demodulate the IMEI code – a reverse lookup may reveal IMEI -> Phone number -> identity but would probably require the cooperation of the carrier. Unlike MAC addresses in 802.11 networks, the IMEI cannot be changed as easily. From a privacy perspective, it appears that the IMEI is therefore a really bad thing (it is unencrypted) as it could potentially allow one to be spied upon (location traces, etc etc.) There are various other privacy issues especially when such a technology is put into effect without having shoppers sign disclosure forms. The page on slashdot has many interesting user comments.
Some links are here, here and here.

Here is an email from Toby Oliver, the owner and CEO of Path Intelligence explaining the technology in an effort to allay concerns.

Here is a particularly insightful comment from Slashdot that brings out the ‘value’ of location information rather than worrying about privacy:

“My shop usage data have great financial value (otherwise the shops wouldn’t pay to install surveillance systems) and the shop’s surveillance is involuntary – I am not given a choice whether to allow them track me or not, except if I avoid transmitting wireless signals while near their shop. As the data collection is not voluntary and my shop usage data have financial value, I demand payment from shops using this system. I want a share of my shop usage data’s financial value.”

I think this makes a good case for researching PHY-layer based location privacy. Having simple omni transmitters is equivalent to relinquishing one’s privacy as well as volunteering usage data for free.

Deanonymizing data

Anonymity is a big deal these days. And it should be, because the proliferation of personal computing devices with multiple radio interfaces places individual privacy in question. Consider the problem of de-anonymizing the Netflix database released for the Netflix prize project. A recent paper from U. Texas showed that the records released as part of the database were not anonymous at all and given a little bit of side information, allowed easy identification of individual records in a simple way.

It is clear that some information must be removed from a database or a set of trajectories in order to prevent re-identification. But WHAT part of the information to remove is not so clear! I am pretty sure information theory must have something useful to say about this problem. In particular, the Information Bottleneck Method of Tishby et al might be useful place to look for answers. Pending job for the summer.

Wireless Localization – problems and challenges

Wireless Localization
=============

1. The localization information must be given to the right ‘people’ (at the right time) – this relates to security and privacy issues

2.  It is important to carefully think about the roles and players in any localization system to avoid future engineering blunder in terms of securty, privacy and correct flow of informaiton, economic incentives, etc.

3. A number of legal/social isues exist: do the owners of a ’space’ (e.g. a college campus) have the right to know what wireless devices are in that space.

4. These issues are important to consider from an engineering persepcitve even though they may be left to ‘lawyers’ later so that we are able to provide ‘knobs’ or ‘controls’ from an engineering point of view that would allow us to implement flexible functionalities.

5. Players/roles: Users, Network operators, Space owners, Govt. , Application (incl. app. service provider), –> Who gets what information in important!

6. Key distictions: Algorithm and PHY-layer measurements

7. Collecting training data and updating it from time to time is a big problem — costly. So if we can come up witha method that avoids this that would be great!

Future challeneges:

8. Defining contracts between the players
9. Leveraging existing communication infrastructure
10. Improving the phy layer – cheap way to getr better PHY layer informationm (time, angle, RTT, RSSet, etc)
11. Connecting the ‘islands’ -> Interfacing different localization technologies/systems

Others:

1. The economics of wireless localization / network localization

2. Bootstrapping localization using non-fixed infrastructure – i.e. using clients themselves for localizing other clients to get a relative map of locations.

Dealing with an active intereferer in secret-key agreement

I gave a talk at the 3rd Rutgers-Helsinki PhD student workshop today and got some useful feedback from Marco Gruteser. He came up with the following attack: What is Eve transmits a oulse signal that momentarily causes the received signal at Alice as well as Bob to go above the threshold level q_+ ? This would allow Eve a way of forcing Alice and Bob to generate certain bits at certain instants of time. How can this be avoided. There seems to be a mounting pile of active attacks that I need to address. Perhaps I should consider working on addressing ‘active attacks in secret key agreement’. Some of the active attacks are clearly protocol-specific (Ee inserts a message of some sort that appears in the prorcol) and some are purely at the physical layer – of the type suggested by Marco for example. IT would be intresting to study what is possible and whayt is impossible from the point of view of an adversary messing things up.

Delay helps enhance PHY-layer spoofing detection

The standard technique for employing the physical layer to detect a spoofing attack is to construct a hypothesis test that tests some characteristic(s) of the received signal against the recent history of received symbols. Using a likelihood ratio test, the problem is transformed into a simple comparison of a test statistic with a suitably tuned threshold. However, the appraoch suffers from poor ROC performance – that is, it results in high false alarm probabilities for required detection probabilities, especially if the transmitter is mobile.

Intuitively, this problem arises because we have only one symbol to base the decision on – the most recent one. If instead, we were able to tolerate a delay, by creating an out-going queue of received messages, the amount of information available to make the decision could be increased. This would help lower the false alarm rate for any given detection rate.

Allowing a delay before declaring an authentication failure has another advantage to declaration based on a single bad received symbol. The latter approach allows Eve to continue masquerading as the legitimate transmitter in the event of a miss detection. This is because the test statistic is based only on the most recent received symbol [See Xiao et al.] so a single miss detection ensure that Eve goes undetected.