Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 122 123 [124] 125 126 ... 249
1846
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 28, 2012, 01:48 am »
Quote
For better voice quality,
Alice can use low-latency anonymity networks such as Tor [3] and JAP [4].

Something tells me these researchers dont know what they're talking about.

VOIP over TCP(the only protocol tor supports) is problematic because TCP will keep retrying old packets and delaying new ones. In a voice conversation if a bit of info was lost then it is better to just play what is coming next and forgetting about it, that is why UDP is used.

Real time protocols don't really play well with anonymizing networks. Far better to just use chat.

At this moment I am working on a chat client/server that opens a tor hidden service to facilitate secure communication.

Sounds like Tor Chat (or libertes cables system). This is a flawed design, hidden services have much less anonymity than regular Tor clients and having chat protocols where two parties both run as hidden services decreases the anonymity of both of them. It would be better for anonymity if they communicated through a hidden service as regular Tor clients.

1847
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 28, 2012, 01:18 am »
Quote
For better voice quality,
Alice can use low-latency anonymity networks such as Tor [3] and JAP [4].

Something tells me these researchers dont know what they're talking about.

You could use Tor or JAP to route encrypted voice streams, although Tor is not able to route UDP. They are not claiming that using a low latency anonymity network improves voice quality over not using an anonymizer at all, simply that when it comes to anonymity networks routing VOIP anything other than a low latency network will totally destroy the voice quality (to the point of being impossible to use, I imagine). A lot of encrypted voice services provide their own 'anonymity networks' in the form of what are essentially high bandwidth VPNs , these solutions will give less of a hit to voice quality than networks such as Tor or even JAP, but they are also more limited in the amount of anonymity they can provide. There has actually been a fairly substantial amount of research done on anonymizing and deanonymizing VOIP streams, although to be fair none of it seems particularly unique to VOIP (judging from the little I have read regarding this particular aspect of anonymity).

Encrypted voip works by encrypting each UDP packet on its own. I have sniffed such traffic and was able to graph the data volume over time. I then used that data volume to synth a sound based on the volume over time.

The result was a bit like listening to Charlie Brown's parents, "wa wa waaa wa wawawawa".

I could not make out words but I could hear the pauses between the words and sentences. I could tell one side talked faster and the other slower. Granted this was about 4 years ago, perhaps they have something better now.

This can be avoided by sending dummy traffic to create a consistent volume, this however dramatically increases the required bandwidth.

Encrypting a real time protocol has special challenges.

If you had a trained classifier and used it to analyze the pauses (which can be determined via interpacket timing) you would quite possibly be able to determine the language being spoken and possibly even be able to pick out certain phrases or words. The paper I previously linked to shows that analysis of these pauses is enough to identify a previously fingerprinted speaker with high probability, and even to pick out previously fingerprinted words and phrases of a given speaker. I would hypothesize that even if there is not a previously created fingerprint of a particular individuals encrypted VOIP speech, that a classifier could be used to gain information about encrypted VOIP streams via interpacket timing characteristics. I believe that the speed of speech in itself would be useful for determining or at least narrowing in on the language being spoken. Different languages are spoken with varying average speeds and thus being able to determine the rate of speech should by itself help in identifying the spoken language with better than random chance probability.

Of course before you will be able to learn anything from the pauses you will need to have a substantial database of speech samplings in various languages. You would then see the average interpacket timing for each of the languages, and then after obtaining a sample of an encrypted VOIP stream you would use the classifier to see which of the previously fingerprinted languages the sample most closely matches. I highly suspect that this technique will have better than random chance probability of correctly identifying the spoken language.

1848
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 27, 2012, 09:03 am »
some excerpts (I have only skimmed through the full paper)

Quote
In this thesis, we propose a class of passive traffic analysis attacks to com-
promise privacy of Skype calls and SIP-Based VoIP calls. The proposed attacks
are based on application-level features extracted from VoIP call traces. The proposed
attacks are evaluated by extensive experiments over different types of networks includ-
ing commercialized anonymity networks and our campus network. The experiments
show that the proposed traffic analysis attacks can detect speeches and speakers of
SIP based VoIP calls with 0.65 and 0.32 detection rate respectively, about 70-fold and
35-fold improvement over random guess. For Skype calls, the speech detection rate
and speaker detection rate are 0.33 and 0.44, about 30-fold and 15-fold improvement
over random guess. Countermeasures are proposed to mitigate the proposed traffic
analysis attacks by camouflaging. The proposed countermeasures can largely mitigate
the traffic analysis attacks and does not cause significant degradation on quality of
VoIP calls.

Quote
The proposed traffic analysis attacks exploit silence suppression. Different
people have different talk patterns in terms of talk spurts and silence gaps. For
example, some persons speak very fast with only a couple of short silence gaps while
some speak with long silence gaps. As shown in Figure 1, an eavesdropper can learn
a speaker’s talk pattern from packet timing. Based on talk patterns learned from
packet timing, the proposed traffic analysis attacks can detect speeches or speakers
of encrypted VoIP calls with high accuracy.

Quote
The typical attack scenario focused in this chapter is as follows: An adversary
may want to detect whether the target speaker, say Alice, is communicating with
Bob now or not based on the previous encrypted VoIP calls made by Alice. The
previous calls may use different codecs than the one Alice using now. The adversary
may collect VoIP packets at any point on the path from Alice to Bob and may also
want to detect the content of the conversation, such as a partial speech in previous
calls.
Comparing with previous researches, the proposed attacks do not require si-
multaneous access to both sides of the links connected to Alice and Bob. Traces
of calls used in detection can be collected at different time and in different network
environment and these calls possibly made with different codecs.

In this chapter, we also assume Alice uses mass-market VoIP services to com-
municate with Bob as shown in Figure 2. In other words, we assume SIP and RTP
are used as the signaling protocol and the transport protocol respectively. To protect
confidentiality of her VoIP calls, we assume Alice encrypts her VoIP packets by using
secure versions of the RTP protocol such as SRTP [2] and ZRTP used in Zphone [1].
To better protect privacy of her calls, we assume Alice routes these encrypted
VoIP calls through anonymity networks as shown in Figure 2. For better voice quality,
Alice can use low-latency anonymity networks such as Tor [3] and JAP [4].


Quote
We focus on passive attacks in this thesis. In other words, the attacks launched
by the adversary will not disturb existing network traffic. In comparison with active
attacks, the proposed attacks are harder to detect. We assume that the adversary
11
only has access to the links directly connected to participants of VoIP calls. This
assumption is widely used in traffic analysis attacks such as attacks on anonymity
networks and tracing VoIP calls [5, 8, 29, 30]. We do not assume the adversary as a
global attacker because rerouting techniques used in anonymity networks make global
attacks too costly to be practical. The threat model is weaker than threaten models
defined for traditional privacy-related traffic analysis attacks: The threat model does
not require simultaneous access to the links connected to participants of a VoIP
call which may not be feasible for international VoIP calls. Instead we assume the
adversary can collect traces of VoIP calls made by Alice in advance and use these
collected traces to detect whether Alice is a participant in the VoIP conversation
of interest. Our model is similar as the model for identifying a human being by
fingerprints: Fingerprints of human beings are collected in advance through driver
license applications. To identify a specific person, the fingerprint of interest such
as a fingerprint in a crime scene will be compared against the person’s fingerprints
collected in advance.
The threat model assumes the detections are based on different VoIP calls. So
the speaker identification should also be independent of the voice content of VoIP
calls.

Quote
The proposed traffic analysis attacks are based on packet timing information.
As described in Section 3.1.2, silence suppression enables adversaries to recover talk
patterns in terms of talk spurts and silence gaps from packet timing. Adversaries can
create a Hidden Markov Model (HMM) to model Alice’s talk pattern recovered from
SIP-Based encrypted VoIP calls made by her. When adversaries want to determine
which SIP-Based encrypted VoIP call is made by Alice, adversaries can check talk
patterns recovered from the call of interest against Alice’s model.
The proposed attacks can be divided into two phases: the training phase and
the detection phase as shown in Figure 3. The two steps in the training phase are
feature extraction and HMMs training. The detection phase consists of three steps:
feature extraction, speech detection or speaker detection, and intersection attack.
The last step, intersection attack, is optional. We describe the details of each step
below.


The input and output of the feature extraction step are raw traces of VoIP calls
and feature vectors respectively. The feature vector used in the proposed attacks is
where n is the length of a feature vector, tsi and sgj denote the length of the ith talk
spurt and the jth silence gap respectively.
Talk spurts and silence gaps are differentiated by a silence threshold Tsilence : If
an inter-packet time is larger than the threshold, the inter-packet time is declared as
a silence gap. Otherwise the inter-packet time is declared as a part of one talk spurt.
Obviously the threshold Tsilence is critical to overall detection performance. We
did initial experiments to investigate the suitable range of the threshold for detection:
We feed voice signals to VoIP clients and collect VoIP packets generated by VoIP
clients. Different values of the threshold Tsilence are used to determine silence gaps.
Actual silence gaps can be found by checking marker bits in RTP packets which
indicate the start of talk spurts2 . We evaluate a value of the threshold by two metrics:
false positive rate and false negative rate. False positive rate is the fraction of talk
spurts that were erroneously declared as silence gaps. False negative rate is the
fraction of silences gaps that are erroneously declared as talk spurts. The experiment
results with different codecs3 are shown in Figure 4.
We can observe that for a wide range of the threshold Tsilence , both the false
positive rate and the false negative rate are low: When Tsilence is larger than 70ms,
the false positive rate is below 10% for all the codecs. The false negative rate is below
20% when Tsilence is less than 100ms. The wide range is because of the big difference
between inter-packet time of silence gaps and inter-packet time of talk spurts: Silence
gaps are in order of seconds. Inter-packet time during talk spurts is usually around
packetization delay of 20ms or 30ms for most codecs.
We can also observe that increasing the threshold Tsilence decreases the false
positive rate and increases the false negative rate. The changes in these two rates
are again because the inter-packet time during silence gaps is larger than inter-packet
time during talk spurts.

A big challenge in feature extraction is to filter out noise caused by random net-
work delays in silence tests. Random network delays can cause errors in silence tests
especially at receiving side: Because of random packet delays, inter-packet time dur-
ing talk spurts can become larger than the threshold Tsilence . The main idea of filtering
noise in silence tests is to determine a silence gap based on N successive inter-packet
intervals instead of one inter-packet interval. The silence test with filtering techniques
works as follows: If one inter-packet interval is larger than the threshold Tsilence , we
declare a new silence gap only when none of the following ⌊
Tsilence
packetization delay
⌋ − 14
inter-packet intervals are shorter than a threshold Tspurt, used to filter out long inter-
packet intervals caused by network delays. The rationale behind the new silence tests
method is that: If an inter-packet interval is erroneously declared as a silence gap
because network delays increase the length of the inter-packet interval, then following
inter-packet intervals must likely be shorter than normal inter-packet intervals during
talk spurts. The new silence tests can improve silence detection performance in terms
of the false positive rate. The filtering does not focus on false negative errors because:
(a) The false negative rate changes very little when Tsilence changes. (b) We take into
account false negative errors in choices of HMM structures.

Quote
Our experiments clearly show that the proposed traffic analysis attacks can
greatly compromise privacy of VoIP calls. The detection rates for speech detection
and speaker detection are 70-fold and 35-fold improvement over random guess. Higher
detection rate can be achieved with more training traces.
Comparable detection performances are achieved for both traces collected by
sending side and receiving side. It is an indication that when the threshold is large
enough, feature extracted in the proposed attacks are largely independent of network
dynamics.
The framework proposed in this chapter, including extracting application-level
features from network traffic traces and statistical analysis of extracted application-
level feature by HMMs, can be potentially used to infer other sensitive information
at application level. For example, the framework can be potentially used to detect
speaker’s emotion during a call suppose the speaker’s talk behavior can change signif-
icantly when the speaker’s mood changes. The framework may also be used to detect
different types of speeches such as seminar talk, conversation between two parties,
and classroom discussion. One of our future works is to explore the potential of the
framework experimentally and theoretically.



1849
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 27, 2012, 08:49 am »
Just use a prepaid. This reeks of hushmail.h,

Encrypted voice is certainly far better than nothing, but all kinds of fingerprinting attacks can gather information from encrypted voice streams. The CIA has been able to identify the language being spoken for some years now, even when the actual voice content is encrypted. There are also attacks that can pick out entire phrases and words through the encryption. This is because different languages / sentences create different interpacket timing characteristics that can be fingerprinted, and encryption doesn't hide the time delay between various packets of voice data. To protect from this sort of attack you will need to pad the voice data stream.

I take it this is different from the attacks described on Phil Zimmermann's Zfone project homepage, where he advised people not to use variable compression codecs?

Quote
Q: What if I use a Variable Bit Rate (VBR) codec? Won't that leak information?

A: Johns Hopkins University researchers have observed that when voice is compressed with a variable bit-rate (VBR) codec, the packet lengths vary depending on the types of sounds being compressed. This leaks a lot of information about the content even if the packets are encrypted, regardless of what encryption protocol is used. We strongly recommend that you avoid using VBR codecs if you want to make a secure phone call. Most codecs are not VBR, so it's not hard to avoid using VBR. If you plan to use Zfone with a VoIP client, open the preference panel in the VoIP client and disable the VBR codecs from the menu.

Some codecs have a VBR mode and a non-VBR mode, so you should disable the VBR mode. If you are the implementor of a VoIP client, you can disable the VBR feature while still allowing the codec to be used. But if you are the end user, most VoIP clients do not have preference panels that allow such fine granularity of control, so you will be lucky to be able to just disable the whole codec. Some VoIP clients don't allow the user any choice at all about what codecs are used.

Some safe non-VBR codecs include GSM 6.10, iLBC, G.711 (A-LAW, u-LAW, and PCMU), G.722, and G.726. It's not a problem if the codec adapts the bit rate to the available channel bandwidth. The dangerous codecs are the ones that change their bit rate depending on the type of sound being compressed.

Skype's VBR codec leaks information regardless of the quality of the encryption, which may allow phrases to be identified with an accuracy of 50-90%.

Let me be clear about this leakage of information-- it doesn't leak any cryptographic key material, and it doesn't help the attacker actually break the crypto. The VBR codec is leaking information about the content of the voice packets, because some sounds compress more than other sounds. By looking at how much each packet of sound was compressed, which can be inferred by the packet size, it is possible to infer something about what kind of sound it is, like a vowel, or a sharp consonant. This undermines the usefulness of the encryption. Some phrases can be identified with an accuracy of 50% to 90%. This is a serious vulnerability.

Fortunately, not too many codecs use VBR. Speex has a VBR-capable codec, and some VoIP applications that use Speex allow the user to choose which codecs to enable. iSAC is a commercially licensed VBR codec, used by Skype, Google Talk, and Gizmo. This means that Skype is vulnerable to VBR leakage regardless of the quality of Skype's built-in crypto. Sadly, this also means Gizmo and Google Talk are not the safest VoIP clients to use with Zfone. And it appears the user cannot disable the use of this codec in those products. Microsoft's RT Audio also appears to be a VBR codec, and is used in Microsoft Office Communicator.

It also appears that voice activity detection (VAD) leaks information about the content of the conversation, but to a far lesser extent than VBR. This effect can be mitigated by lengthening the VAD "hangover time" by about 1 to 2 seconds. That would sharply reduce the information leakage, but it may be something that only the VoIP application developer can do, if the VAD parameters are tunable. For an end user, a simpler solution would be to avoid the use of VAD, if this is feasible in your situation. Examples of codecs that use VAD include AMR and G.722.2. If it's not convenient to avoid all VAD codecs, keep in mind that the leakage from VAD is much less than the leakage from VBR.

Some researchers have suggested that the VAD hangover time should be lengthened by a random amount. For example, a random normal distribution over the range of 1 to 2 seconds. Most codecs that use VAD only allow a fixed amount of VAD hangover to be easily configured. It remains unclear whether a random hangover time is worth the extra effort. This requires further research.

Source: http://www.zfoneproject.org/faq.html

encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob is the paper I was originally thinking of , and indeed I remembered incorrectly by thinking that they were focusing on information leaked through interpacket timing characteristics rather than variable packet sizes. However, interpacket timing characteristics can actually leak information as well, I did a little searching and found this research paper for example: etd.ohiolink.edu/send-pdf.cgi/Lu%20Yuanchao.pdf?csu1260222271 which shows how interpacket timing characteristics can be analyzed with traffic classifiers in an attempt to identify the speakers of an encrypted voice chat (provided the attacker has encrypted VOIP samples from a pool of potential suspects and wants to later be able to link encrypted VOIP streams to them). They also claim to be able to identify encrypted speech from the target so long as they have a sample reference of encrypted speech + plaintext to compare it to (note that the same speech encrypted twice would produce different ciphertexts if any sane cryptosystem is being used, so the data is leaking via interpacket timing).

It is VERY likely that more information than just the speaker + previously sampled ciphertext:plaintext phrases will leak via interpacket timing characteristics. I have done a (very) little google-fu looking for research papers to back this but so far this is all I have been able to find. However, we can extrapolate from the research done on encrypted website fingerprinting that both variable packet size AND interpacket timing characteristics will leak information about the encrypted payload, and the most successful classifiers will likely take both data points into consideration. I would be surprised if the language spoken and possibly even non-sampled phrases cannot be identified with interpacket timing fingerprinting alone.

1850
Liberty,

I see your point about *government* just becoming the default 'response' for everyone as in  "I dunno, the government should just take care of it ... ".   I get it; nothing should have that much power over everyone, lest we all become so reliant on it that we can't imagine life without it. I get it bro. That kind of logic is sound.

BUT - in the meantime, who's gonna build a practical transportation system of roads and infrastructure? Who will setup reliable schools nationwide? For God's sake man - who will subsidize my electrical bill ??!!
A series of loose knit entrepreneurs who believe in nothing other than making a profit - OR - some kind or elected representative from my neighborhood ( HINT - you get a say in what happens with one of those choices.)

Now don't get me wrong - I'm not for everything being government run, in my mind the ONLY things government should be involved in are roads, education, hospitals, a judiciary and a BASIC welfare safely net so that those of us who don't succeed will not starve.
In other words - only things that work for the clear benefit of us all, everything else should be left to private industry to sort out.

In my world, we're not afraid of our government because we control it; we keep it in check constantly by participating in the communities where we live, making sure that our opinions are expressed by the freedoms we are guaranteed, and we really are guaranteed them! Publish any opinion you want in any media outlet and you will never get arrested for it (as long as your not preaching hate, death and destruction Duhh !!)

Publish a picture of a flashing 16 year old and text saying that it should be legal to do so and tell me how that works out for you.

1851
Off topic / Re: Torchat
« on: October 27, 2012, 12:57 am »
Torchat is total trash

1852
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 26, 2012, 11:16 pm »
Actually I believe that silentcircle actually does attempt to protect from traffic analysis in the form of routing all of the encrypted communications through their servers (making it appear to anyone monitoring you as if you are communicating with them instead of the party you are communicating with). If they are pressured by law enforcement this is the information that they will quickly give up, although if their software is proprietary nobody knows if they have  backdoored the crypto software.

1853
Security / Re: Silent Circle: A Cryptography Godsend?
« on: October 26, 2012, 11:07 pm »
Just use a prepaid. This reeks of hushmail.h,

Prepaid phones and encrypted phones serve two different purposes. Encrypted phones protect the content of intercepted  communications by scrambling (encrypting) the voice communications so that they can only be decrypted with a secret key. Prepaid phones sort of protect from targeted communications interception because if the attacker doesn't know the phone to target they may not be able to intercept communications from/to it (of course they may just intercept all communications, but then the problem is finding a needle in a haystack). Encrypted phones don't inherently protect you from traffic analysis, if an attacker determines your phone number they can see who you call and who calls you but they cannot determine what you say. Frequently switching prepaid phones does protect some from traffic analysis as the attacker will need to find your new number to continue being able to determine who is calling you and who you are calling. You can probably meet both goals by using an encrypted phone with frequently switched anonymously obtained SIMs though.

Both of these systems for communications have flaws. Law enforcement agencies can identify when you switch your phone very quickly simply by monitoring the numbers that you are known to call and seeing when a new number calls these numbers. They can with high probability determine your new number in this way. The only way around this is for everyone you communicate with to frequently switch their numbers. Actually protecting from having your phone identified is quite hard to pull off if you try to accomplish it by switching the number frequently. Encrypted voice is certainly far better than nothing, but all kinds of fingerprinting attacks can gather information from encrypted voice streams. The CIA has been able to identify the language being spoken for some years now, even when the actual voice content is encrypted. There are also attacks that can pick out entire phrases and words through the encryption. This is because different languages / sentences create different interpacket timing characteristics that can be fingerprinted, and encryption doesn't hide the time delay between various packets of voice data. To protect from this sort of attack you will need to pad the voice data stream.

My suggestion is to stick with encrypted text messages if you must use a phone. Better yet, use a smartphone that can use pidgin OTR and stick to using pidgin via Tor for your communications. This will protect the content of your communications as strong encryption is used on the text, and it will protect you from traffic analysis as the data is routed through Tor. If you absolutely need encrypted voice (hint: you do not), I would look into whispersys.

1854
outgoing bank wire via exchangers can be anonymous :)

1855
Philosophy, Economics and Justice / Re: Nullification is your duty
« on: October 26, 2012, 01:41 am »
You say that I cannot okay murder just because drugs are involved, I say you cannot okay kidnapping , armed robbery, home invasion and assault just because the state is involved.

1856
who needs anonymous bank accounts when you can get anonymous ATM cards or use bank wire via exchangers. I wouldn't trust a cash out service that operates on a drug forum or a fraud forum.

1857
Philosophy, Economics and Justice / Re: Nullification is your duty
« on: October 25, 2012, 04:03 am »
How does it feel being a terrorist?

Jury nullification is legal. It isn't illegal to nullify for someone who has killed someone.

1858
Philosophy, Economics and Justice / Re: Nullification is your duty
« on: October 25, 2012, 02:46 am »
The crackhead is guilty of killing a would be kidnapper / armed robber. Good for him, he asserted his right to be free.

1859
Security / Re: Tor is SO SLOOWWW! How to speed it up?
« on: October 25, 2012, 02:05 am »
Hidden services are so much faster today than ever before. People who complain about Tor speeds these days really must have ADHD.

1860
Pretty interesting and actually scary vision of revolution. First we get DEA and other goverment 'opressors' then who? Anyone who disagrees with us doing drugs? Your parents, priests?

People are free to their opinions. Disapprove of drug use all your like, preach against it even. You should  be free to do this, anyone who prevents you from doing these things is no friend of mine. However, as soon as you start to ATTACK drug users, murder them or send them to prisons to die, then you are the enemy and you deserve nothing except a hollow point bullet through your brain. First we get the guilty law enforcement agents and other government oppressors and then we are free and there is nobody else to get!

Quote
And as far as I know in most western countries you can't punish someone after the law changes for something that he did according to the earlier law(unless it is genocide or homicide).

So you are saying first we change the law to allow the killing of the corrupted law enforcement and politicians? Sounds fine to me!

Quote
I'm from post communistic country, where more than half of population belonged to a party, worked as secret police or worked with secret police. Most of them did so just to get along without problems or fear, some of them because they actually believed in the system. And here comes 90s when communism goes down the shitter and we have to do something with all these people who helped to oppress others. There were couple of ways to do it(Germany and Czech Republic did it pretty well) my country chose the worst way(mostly due to heads of opposition being secret service themselves) so now the people who were in power are still in power and in the end not even people who gave orders to shoot at protestors were held responsible. Yet the question was/is who, how and why should we punish for oppression when more than half of the people in the country were responsible for it.

If 80% of people steal they are still wrong and are worthy of being punished by the 20% who they steal from.

Quote
Anyways funny thing is that someone here claims that SR is being anarchist, with escrow, moderation, ratings etc. it is far from being an anarchy. Most organized crime(as in going against the law not morally/philosophically crime) is far from being an anarchy.

You have a misunderstanding of what Anarchy is. Anarchy does not mean the lack of organization, it means the lack of a state.

Pages: 1 ... 122 123 [124] 125 126 ... 249