Henning Shulzrinne’s talk: “VoIP: Not your Grandma’s Phone Anymore”

Given my interest in the security aspects of VoIP, I decided to attended a talk by Henning Shulzrinne (CS@Columbia), the inventor of RTP, SIP, and a mojor proponent of VoIP. His talk was interesting because it pointed to the transitions that are happening now, in the world of telephony, some of them quite inconspicuously. The interesting things I gathered from the talk were:

1. A system they have developed in their lab at Columbia called the ‘presence’ system which essentially tries to build in context-awareness into the mobile telephony experience by accepting or rejecting calls based on things such as the activity the user is currently engaged in (in a meeting, driving, etc.) and the identity of the calling party. Their architecture employs a trusted server that acts as a proxy for the user being called. The end user’s device constantly senses or learns the users availability and willingness to receive incoming communications and updates this on the server. They have also developed ways to address the inevitable privacy problem that arises from having to constantly update your personal attributes on a central server.

2. He also spoke briefly about what he termed ‘the need for glue’ which is a metaphor for requiring ways to allow the many computing devices around us to communicate. I have heard this pitch before in a number of ‘high-level’ presentations, thrown in along with the idea of the ‘internet of things’. It appears to me that these ideas are yet to take off in a proper way and what’s really hindering their progress is a tangible use case. There have been limited success stories in my opinion, such as (i) using mobile phones for context sensing (see Microsoft’s ‘Tag’ technology for instance) and phone cameras for reading barcodes etc. and (ii) some limited success in home-networking. My guess is that there is a lot of room for progress in this area, as long as people are able to come up with interesting, tangible use cases and benefits.

Published in:  on April 21, 2009 at 6:41 pm Leave a Comment

“Software radio and the future of wireless security”

I found this interesting talk abstract at the Blackhat conference program. The talk was delivered by Micheal Ossman who works as an information security researcher, at the institute for telecommunications sciences, U.S. Dept. of commerce. I have been thinking of this issue for some time, particularly from the point of view of GSM radio signals and the possibly nasty things that can be done with a software GSM receiver.

Radios are everywhere. We use them daily in car stereos, cordless phones, car key fobs, proximity access cards, laptops, television tuners, garage door openers, mobile phones, and headsets, to name a few. To build one of these radio devices in the traditional manner, you would need some electronic components (including, in many cases, a microprocessor), a soldering iron, and a fairly advanced knowledge of electronic circuit design. All that is changing, however, with the emergence of software radio. The digital technologies that revolutionized the audio world over last thirty years are now bringing the same revolution to the radio world. General purpose computers are becoming fast enough to function as sophisticated radio devices with minimal hardware peripherals. In the future, all radios will be software radios, and all practical wireless security tools will be implemented with software radio.

This presentation will describe the state of software radio, discuss future trends, and point out current and future applications of software radio technologies to wireless security research. Particular attention will be given to tools and resources that are available today, helping attendees without a background in RF technology to get started in the field. Practical attacks will be demonstrated using GNU Radio and the Universal Software Radio Peripheral.

Published in:  on August 7, 2008 at 3:44 pm Leave a Comment

Mobicom paper accepted!

My Mobicom paper has officially been accepted – now that the several rounds of changes and formatting issues have been fixed (I was both surprised and amazed as the painstaking detail with which ACM perused the paper; IEEE standards fall pale in comparison).

The paper is titled ‘Radio-telepathy: Extracting Secret Bits from an Unauthenticated Wireless Channel’. In this paper, I teamed up with some folks over at InterDigital to build a system that can use the received signal from 802.11 cards to ‘extract’ bits at the two ends of a wireless channel, in such a way that a third user cannot infer any useful information about the bits that were extracted. The idea is to enable generation of identical bit sequences at the two ends, which can then be used as cryptographic keys for encrypting future communications. What is more, these keys can be refreshed at regular intervals using channel information that the 802.11 system can extract from regular received packets.

The system we proposed provides an analog of quantum cryptography for ‘everyday wireless channels’. While QC relies on the quantum physics behind photons, our proposed system relies on two simple, somewhat surprising but verifiable properties of the wireless medium: (1) The channel decorrelates in space very quickly – over distances of the oder of a wavelength (a few cm for 802.11) and (2) The wireless channel is, toa good extent, reciprocal. This means that although it is continuously changing in time, at a fixed instant of time and at a  fixed frequency, the channel behaves in exactly the same way, irrespective of whether Alice transmits and Bob receives, or vice-versa. In practice, it is hard to have both users transmit and receive simultaneously, so there is a small time-delay between transmissions in the two directions. However, if this delay is small, then the channel only has a chance to change by a small amount and is still heavily correlated.

The most notable point about our algorithm is that it provides information theoretic secrecy. This means that the secrecy of the keys extracted is unconditional – it does not depend upon the assumption of a computationally bounded adversary or the computational hardness of a mathematical problem.

I’m looking forward to attending the conference in September. There are a number of other very interesting papers in wireless and otherwise.

Published in:  on July 29, 2008 at 6:47 pm Leave a Comment

Linus sequence

The sequence composed of 1s and 2s obtained by starting with the number 1, and picking subsequent elements to avoid repeating the longest possible substring. The first few terms are 1, 2, 1, 1, 2, 2, 1, 2, 1, 1, 2, 1, 2, 2, … (Sloane’s A006345). The Sally sequence gives the length of the run that was avoided. (From Wolfram’s Mathworld)

Published in:  on May 29, 2008 at 9:06 pm Leave a Comment
Tags:

Wireless Localization – problems and challenges

Wireless Localization
=============

1. The localization information must be given to the right ‘people’ (at the right time) – this relates to security and privacy issues

2.  It is important to carefully think about the roles and players in any localization system to avoid future engineering blunder in terms of securty, privacy and correct flow of informaiton, economic incentives, etc.

3. A number of legal/social isues exist: do the owners of a ’space’ (e.g. a college campus) have the right to know what wireless devices are in that space.

4. These issues are important to consider from an engineering persepcitve even though they may be left to ‘lawyers’ later so that we are able to provide ‘knobs’ or ‘controls’ from an engineering point of view that would allow us to implement flexible functionalities.

5. Players/roles: Users, Network operators, Space owners, Govt. , Application (incl. app. service provider), –> Who gets what information in important!

6. Key distictions: Algorithm and PHY-layer measurements

7. Collecting training data and updating it from time to time is a big problem — costly. So if we can come up witha method that avoids this that would be great!

Future challeneges:

8. Defining contracts between the players
9. Leveraging existing communication infrastructure
10. Improving the phy layer – cheap way to getr better PHY layer informationm (time, angle, RTT, RSSet, etc)
11. Connecting the ‘islands’ -> Interfacing different localization technologies/systems

Others:

1. The economics of wireless localization / network localization

2. Bootstrapping localization using non-fixed infrastructure – i.e. using clients themselves for localizing other clients to get a relative map of locations.

Published in:  on May 14, 2008 at 9:36 pm Comments (1)

Location Privacy

I attended some interesting talks at the 3rd Rutgers-Helsinki PhD Student Workshop on Spontaneous and Pervasive Networking (phew!) today. In particular, a talk by Marco Gruteser reviewing location privacy for various applications caught my eye. Location based services have been much talked about and are expected to take off (any moment now) in a big way. This introduces the problem of preserving user-privacy. Marco talked about an interesting class of problems that deal with preserving the privacy of location traces. The idea is as follows: Each mobile client periodically transmits its location to a central server, which then forwards this information on to a application service provider (ASP) that provides some location-based service to the user. (Think DASH!) However, the user wishes to conceal its identity to the ASP. Hence we would like to make it impossible (or very hard) to infer the user’s identity from observing location updates.

Marco’s group has proposed a centralized processing architecture for solving the problem, wherein the location updates from all users are first ‘anonymized’ by a central server (call it the ‘location broker’) by what can be termed verious signal processing techniques such as dropping a few samples, shifting the time stamps a bit, etc. Note that the degree of location privacy granted to a user is a coupled function of the information about other users that is revealed by the location broker to the ASP.

An interesting extension of the problem would be to engineer a system wherein the availability of a location broker cannot be guaranteed and users wish to solve the problem themselves, i.e. a distributed architecture for the problem of location privacy/ praivacy of location traces. Ostensibly, this would require some cooperation /message passing between the mobile clients because intuitively, the degree of anonymity enjoyed by a user is a function of the user density in its surroundings. Something to think about..

Published in:  on May 5, 2008 at 10:14 pm Leave a Comment
Tags:

Eavesdropping on your bluetooth headset

Here’s an interesting video from Joshua Wright showing how a bluetooth headset can be eavesdropped on from a distance. The interesting thing is you only need a high gain antenna at the attacker’s end.

Published in:  on April 22, 2008 at 11:12 pm Leave a Comment
Tags:

Hello world!

This blog will serve as a place for penning my thoughts on research in physical layer security and reporting interesting findings. Here is an inline latex formula: \alpha + \beta \geq \int_{-q}^{\infty} f(x) dx. And here is one displayed as a separate line:

I(X_a; Y_b) \geq I(X_a; Y_b | Z_e)

This is pretty neat!.

Published in:  on April 10, 2008 at 4:50 pm Comments (1)
Tags: