Communication Security

Topics of Business organization

Philip P.
, in

Security and Loss Prevention (Sixth Edition), 2013

Communications Security

Communications security
involves defenses against the interception of advice transmissions. In the federal government, the
National Security Bureau (2000: 10)
defines communications security (COMSEC) equally follows:

Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity [i.eastward., encryption or decryption], transmission security, emission security [i.east., intercept and analysis of emanations from equipment], and physical security of COMSEC cloth.

In providing a comprehensive arroyo to protecting data assets, subfields of communications security are listed hither (Carroll, 1996: 177–277):

Line security
protects communications lines of IT systems, such as a central computer and remote terminals. Line security is constructive over lines an organization controls; a wiretap tin can occur in many locations of a line. Cryptographic security defeats wiretapping.

Transmission security
involves communications procedures that afford minimal advantage to an antagonist aptitude on intercepting data communications from It systems, telephones, radio, and other systems.

Emanation security
prevents undesired signal information emanations (eastward.thou., from estimator equipment) transmitted without wires (eastward.g., electromagnetic or acoustic) that could be intercepted by an adversary.
is the lawmaking discussion used by the National Security Bureau for the scientific discipline of eliminating undesired indicate data emanations. “Shielding,” discussed soon, is one strategy to reduce data emanations.

Technical security, also chosen
technical surveillance countermeasures, provides defenses confronting the interception of data communications from microphones, transmitters, or wiretaps.

The above methods of set on can be used together, which is i reason why communications security is a highly complex field. What follows here is primarily technical security; however,
we must not lose sight of the importance of a comprehensive arroyo to protecting information assets.

Electronic Surveillance and Wiretapping

Electronic surveillance
utilizes electronic devices to covertly heed to conversations, whereas
pertains to the interception of telephone line communications. The term “wiretapping” is becoming antiquated and it should be replaced with the term “communications tapping” because and so much electronic communications is wireless (e.m., cell phones). The private sector (e.g., private security, PIs, and citizens) are prohibited from applying these surveillance methods. Court and legislative restrictions and the actual use of electronic surveillance and wiretapping by federal, state and local police, the military machine, and the intelligence customs vary. Government
investigations operate nether college legal standards (e.g., court society based upon likely cause) than investigations involving
spies, terrorists, or other national security threats
whereby the government operates nether lower legal standards (e.g., National Security Alphabetic character issued by an FBI supervisor without court review). Considering detection is so hard, the exact extent of electronic surveillance and wiretapping is impossible to approximate, not only in criminal and intelligence investigations globally past all governments,
just besides by spies, PIs, and others. The prevalence of these activities practical illegally probably is greater than one would look.

Winter (2012)
reports that U.S. Magistrate Judge Stephen Smith, involved in approving secret warrants, estimates that thirty,000 electronic surveillance orders are canonical by federal judges each yr. Such secret orders are authorized under the Electronic Communications Privacy Deed (ECPA) of 1986 and provide law enforcement with admission to telephone calls, e-mails, texts, websites visited, and other electronic communications. The ECPA permits electronic surveillance orders to exist nonpublic through sealed court files, gag orders, and delayed-notice, although open to phone companies and other advice providers who execute the orders. Winter reports that “the residual between surveillance and privacy has shifted dramatically toward law enforcement.”

In addition, we should also consider the extent of surveillance to curb national security threats under laws such equally the Foreign Intelligence Surveillance Act, which was amended by the USA Patriot Act to include terrorism not supported past a strange government. Another issue is the demand to update these laws in light of changing applied science.

Electronic surveillance and wiretapping applied science are highly developed to the point where countermeasures have non kept up with the engineering science and methods. Consequently, only the most expertly trained and experienced specialist tin can counter this threat.

Surveillance equipment is like shooting fish in a barrel to obtain. Transmitters are independent in toys and other items found in many homes. Retailers sell FM transmitters or microphones that transmit audio, without wires, to an ordinary FM radio after tuning to the correct frequency. These FM transmitters are advertised to be used by public speakers who favor wireless microphones then they tin can walk around as they talk without existence hindered past wires; the voice is transmitted and then circulate over large speakers. They are also advertised to mind in on a infant from another room. An electronically inclined person tin simply enter a local electronics store or store online and buy all the materials necessary to make a sophisticated problems. Pre-congenital models are likewise available. One blazon applies the same global organization used by prison cell phones and information technology tin can be chosen from anywhere without information technology ringing for listening.

Miniaturization has profoundly aided spying. With the advance of the microchip, transmitters are apt to be so small that these devices tin be enmeshed in thick paper, every bit in a calendar, nether a postage stamp, or inside a blast in a wall. Bugs may exist planted as a building is nether structure, or a person may receive one hidden in a present or other item. Transmitters are capable of being operated past solar ability (i.due east., daylight) or local radio broadcast.

Bugging techniques are varied. Data from a hidden microphone can be transmitted via a radio transmitter or “wire run.” Bugs are concealed in a multifariousness of objects or carried on a person. Transmitting devices can be remotely controlled with a radio signal for turning them on and off. This makes detection hard. A device known every bit a carrier current transmitter is placed in wall plugs, lite switches, or other electrically operated components. Information technology obtains its power from the AC wire to which it is fastened. Sound systems with speakers serve every bit microphones.

Many spies use multiple systems. Multiple bugs are placed then they will exist found which, in many instances, satisfies security and management. Other bugs are more cleverly concealed.

Gruber (2006: 280–283)
notes that gun microphones are very effective. He writes that they can be aimed at a target from a significant altitude; they are used with a headset and amplifier. Gun microphones can exist seen at football game games.

Traditional telephones use wires that enable calls to travel between stationary locations. Telephone lines are available in so many places that taps are hard to find. A tap can be direct or wireless. With a straight tap, as seen in Hollywood movies, a pair of wires is spliced to a telephone line so connected to headphones or a recorder. At that place are several methods of modifying a phone so it becomes a listening device, even when information technology is hung up. For a wireless tap, an FM transmitter, similar to a room bug, is employed. The transmitter is connected to the line and and then a receiver (e.g., radio) picks up the signal. Wireless taps (and room bugs) are spotted by using special equipment. Direct taps are difficult to locate. A check of the entire line is necessary.

Today, many telephones are mobile and, because telephone traffic travels over infinite radio in several modes—for instance, cellular, microwave, and satellite—the spy’s job is made much easier and safer, since no on-premises tap is required. What is required is the proper equipment for each mode.

Diffie and Landau (2009)

Although big changes in telephony have given rising to equally big changes in wiretapping, the essentials remain the same. The interception and exploitation of communications has three basic components: accessing the signal, collecting the signal, and exfiltrating the signal. Access may come through alligator clips, a radio, or a figurer program. Exfiltration is moving the results to where they can be used. Collection may be merged with exfiltration or may involve recording or listening. The tap tin can be in the phone itself, through introduction of a bug or malware that covertly exfiltrates the telephone call, often by radio.

In one case a Mossad agent in Berne, Switzerland, was arrested subsequently he tried to tap the telephone of a Hezbollah target. His technical system was a cellular telephone device that would be activated when the target phone was put in use. The device would automatically phone call another cellular telephone where the target’due south telephone would be monitored (Concern Espionage Controls and Countermeasures Association, 2007).

Consideration must exist given to a host of methods and innovations that may be applied past a spy. These include infrared transmitters that use low-cal frequencies below the visible frequency spectrum to transmit information. This can be defeated through physical shielding ( thousand., closing the drapes). Another method, a laser listening device, “bounces” light amplification by stimulated emission of radiation off a window to receive sound from the room. Inexpensive noise masking systems can defeat this technique (Jones, 2000: 1–17).
Kaiser and Stokes (2006: 65)
write: “Newer light amplification by stimulated emission of radiation microphones are created by feeding two hair-thin strands of fiber-optic cable into the room being monitored. The microphone operates when a laser axle is sent down one of the fibers, where it bumps into a thin aluminum diaphragm and returns on the other fiber with the room conversation.” A careful search is required to observe this and other devices. Computer, e-mail, facsimile, and other transmissions are as well subject to admission by spies. A spy may muffle a recorder or
pinhole lens camera on the bounds, or wear a camera concealed in a jacket or necktie. If drawings or designs are on walls or in sight through windows, a spy stationed in some other skyscraper a few blocks away might utilise a telescope to obtain secret data, and a lip reader can raise the information gathering. Or, a window washer might appear at a window for surveillance. Another method is a spy disguised every bit a janitor to be assigned to the particular site. All of these methods by no means frazzle the skills of spies as covered earlier under “espionage techniques.”

Technical Surveillance Countermeasures

ASIS International (2007: 17)
states the following:

Technical Surveillance Countermeasures (TSCM)
refers to the use of services, equipment, and techniques designed to locate, place, and neutralize the effectiveness of technical surveillance activities (electronic eavesdropping, wiretapping, bugging, etc.). Technical surveillance countermeasures should exist a function of the overall protection strategy. Individuals inside the organisation responsible for physical security, facility security, information asset protection, telecommunications, meeting planning and information technology all have a stake in addressing these concerns.

The physical characteristics of a building have a bearing on opportunities for surveillance. Some of these factors are poor access control designs, inadequate soundproofing, mutual or shared ducts, and space higher up fake ceilings enabling access. The in-firm security team can begin countermeasures past conducting a physical search for planted devices. If a conclusion is made to contact a specialist,
but the well-nigh expertly trained and experienced consultant should exist recruited.

The Countermeasures Consultant

Organizations often recruit a countermeasures consultant to perform contract piece of work. Every bit a consumer, ask for copies of certificates of TSCM courses completed and a re-create of the insurance policy for errors and omissions for TSCM services. What equipment is used? What techniques are employed for the cost? Are sweeps and meticulous physical inspections conducted for the quoted price? Watch for scare tactics. Is the consultant really a vendor trying to sell surveillance detection devices, or a PI challenge to be a TSCM specialist? Will the consultant protect confidentiality? The interviewer should request a review of by reports to clients. Were names deleted to protect confidentiality? These questions help to avoid hiring an unqualified “expert.” One practitioner offered clients debugging services and used an expensive slice of equipment to bear sweeps. After hundreds of sweeps, he decided to take the equipment serviced. A service person discovered that the device was not working properly because it had no battery for one of its components. The surprised “expert” never realized a battery was required.

For a comprehensive countermeasures program, the competent consultant will be interested in sensitive data menses, storage, retrieval, and destruction. Actress toll will result from such an assay, but it is often cost effective.

The employer should employ a public phone off the premises to contact the consultant in society not to alert a spy to impending countermeasures. An alerted spy may remove or plow off a issues or tap and the TSCM may be less effective.

Techniques and Equipment

Detection equipment is expensive and certain equipment is subject to puffing, but useless. A visitor should purchase its own equipment only if information technology retains a well-qualified TSCM technician, many sweeps are conducted, and the in-house TSCM plan is toll-constructive.

Equipment includes the nonlinear junction detector (NLJD), costing between $10,000 and $20,000. It is capable of detecting radio transmitters, microphones, infrared and ultrasonic transmitters, recorders, video cameras, jail cell phones, remote-controlled detonators, and other subconscious electronic devices, fifty-fifty when they are non working.
Gruber (2006: 284–285)
offers the following on the NLJD. It transmits a microwave signal through its antenna and an internal receiver listens for a RF response that may hateful a device is present. NLJDs are bachelor in various power outputs to the restricted government version. The effectiveness of this equipment is poor in an area containing several electronic devices; in this example, a physical search is best.

The telephone analyzer is another tool designed for testing a diverseness of unmarried and multiline telephones, answering machines, fax machines, and intercom systems. The spectrum analyzer is still another tool. Basically, it is a radio receiver with a visual display to detect airborne radio signals. Other types of specialized equipment are on the market. Buyer beware.

In one case, a TSCM specialist was conducting a sweep in a conference room of a major corporation when a harmless looking stapler sitting among other function supplies was plant to contain a voice-activated recorder with memory. A pin-hole lense camera was then installed in the room and video showed an office worker exchanging the stapler every calendar week for a similar looking one. When confronted and interviewed, the worker revealed who was behind the spying, that he was paid $500 for each stapler containing sound, and that he just transferred three staplers to the spy during his employment of 5 months. The worker was fired, police were not contacted, the media and stockholders never knew nearly possible leaks of information, and the spy was informed near the discovery and threatened with criminal and ceremonious legal action.

Some security personnel or executives found a bug for the sole purpose of determining if the equipment of the detection specialist is constructive. This “test” can exist construed as a criminal offense. Alternatives are specially designed test transmitters, commercially available, that have no microphone pickup and therefore can be used without liability. Another technique is to identify a tape recorder with a microphone in a drawer.

A tool kit and standard forms are two additional aids for the countermeasures specialist. The tool kit consists of the common tools (eastward.g., screwdrivers, pliers, electric record) used past an electrician. Standard forms facilitate good recordkeeping and serve as a checklist. What was checked? What tests were performed? What were the readings? Where? When? Who performed the tests? Why were the tests conducted? Over a catamenia, records tin can be used to brand comparisons while helping to answer questions.

The following list offers topics of consideration for TSCM (Gruber, 2006: 277–304; Kaiser and Stokes, 2006: threescore–68):

Because a spy who learns of a TSCM search may turn off or remove his or her equipment, the TSCM specialist should be unimposing by disguising vehicles, clothes, and equipment. A peak executive may choose to found a cover story to avoid alerting anyone to the TSCM.

An early step in TSCM is a physical search for devices, first from outside the building. The physical search, both outside and within, is very of import and time-consuming. On the outside, focus on items such as utilities, wires, ductwork, and openings (e.thousand., windows). A spy tin tap into lines outside the building without needing to ever enter the building.

Inside the edifice, the TSCM technician should cheque cabling and within individual office equipment (e.g., telephones, faxes, and computers). Is at that place annihilation in the part equipment that appears odd?

The technician should be knowledgeable nearly IT systems, computers, internal network or Local Expanse Network (LAN), and a connexion to the outside or Wide Expanse Network (WAN). These systems can be bugged or tapped like telephone systems. For instance, a LAN analyzer connected to a line can read all e-mail that travels through the line. The technician should have equipment to check what is attached to lines.

Likewise traditional cable, cobweb optic cable can also exist tapped. A tap on a fiber optic cable tin be detected through an Optical Fourth dimension Domain Reflectometer.

Since devices may be hidden in walls, the technician tin employ an ultraviolet light to discover plaster repairs to walls. A NLJD or a portable 10-ray car can be used to discover devices in walls.

Items in walls that should be checked are ability outlets, telephone jacks, and network jacks. Tools to cheque these items and inside walls are a flashlight, dental mirror, and a fiber optic camera.

Plates at calorie-free switches, wall outlets, and HVAC vent covers should all be removed for the search and prior to the sweep.

If a bug or tap is found, it should be documented and photographed. Caution is brash because the device could be booby-trapped. Although constabulary could be contacted for assistance, their response and expertise will vary widely. Difficult questions surface equally to whether the device should remain and whether to utilize an OPSEC arroyo (e.grand., feed false data). Seek legal assist.

The TSCM technician frequently finds zilch unusual. Even so, 100 percentage protection is not possible. A spy may outfox the technician and the equipment. In addition, there are many ways to steal data. Security practitioners should be artistic and think like a spy.

Some other strategy to thwart listening devices is “shielding,” too called
electronic soundproofing.
Basically, copper foil or screening and carbon filament are practical throughout a room to preclude acoustical or electromagnetic emanations from leaving. Although this method is very expensive, several organizations employ it to have at least one secure room or to protect information in computers.

Equipment is available on the market that
frustrate telephone taps and listening devices. Scramblers, attached to telephones, change the vocalization equally it travels through the line. However, no device or organization is foolproof. Oft, simple countermeasures are useful. For case, an executive can wait until everybody is nowadays for an of import meeting, and and then relocate it to a previously undisclosed location. Conversants tin can operate a radio at high book during sensitive conversations, and do caution during telephone and other conversations.

Voice over Internet Protocol (VoIP) engineering is popular with organizations and commercial telephony service providers because of lower costs and efficiency. VoIP enables voice to be transported digitally via a network using Net Protocol standards. Such services may not even make contact with the traditional phone network. One concern of VoIP technology relates to its disability to provide traditional location identification (i.due east., Enhanced 911) for 911 emergency calls made to public safety agencies. Of detail interest for our discussion hither is that traditional techniques for telephone intercepts and wiretaps are more than hard with VoIP, and end-to-terminate encryption compounds the challenges for the spy (National Institute of Justice, 2006).

Every bit nosotros know, information assets can exist collected in many different means as well with concrete devices. Losses can occur through speeches and publications by employees, in company trash, and past unknowingly hiring a spy. Comprehensive, wide-based data security is necessary.

Who exercise yous think has “the edge,” those who seek information assets or those who protect them?

Search the Internet

Hither is a listing of websites relevant to this chapter:

ASIS, International:

Business Espionage Controls and Countermeasures Clan:

Centers for Disease Control and Prevention:

Constitute for a Drug-Free Workplace:

National Clan of Information Destruction, Inc.:

National Institute for Occupational Safety and Health (NIOSH):

Occupational Safety and Health Administration (OSHA):


Strategic and Competitive Intelligence Professionals:

Substance Abuse and Mental Health Services Assistants:

U.S. Department of Labor:

U.S. Section of State:

U.Southward. Drug Enforcement Administration:

Read total chapter


Layer one: The Physical Layer


Hack the Stack, 2006

The Early History of Scanning and Sniffing

Communication security
problems didn’t begin with the introduction of 802.11b or the WEP protocol. Phone systems have been hacked since the 1960s. These early hackers, called

phreakers, were mainly interested in making free long–distance telephone calls.

Early satellite TV companies were attacked by freeloaders that set upwardly their own C–band satellite dishes to intercept free HBO and Showtime. The satellite Television companies responded by implementing the videocipher encryption arrangement.

First generation cordless phones had no security and therefore, completely vulnerable to interception. While manufacturers somewhen provided ten frequencies, they were easy to intercept in the 43 to 44
MHz range. Those frequencies are shown in
Table 2.half dozen.

Tabular array 2.6.
Original Cordless Phone Frequencies

Channel Base Frequency Handset Frequency
ane 43.720
ii 43.740
3 43.820
4 43.840
5 43.920
6 43.960
seven 44.120
8 44.160
9 44.180
10 44.200

Serious phone hackers would wire a CB antenna to a cordless phone and attempt to detect vulnerable phone systems to exploit, now chosen
wardriving. Others bought off–the–shelf scanners to intercept whatsoever cordless phone calls within range. By 1994, 900
MHz phones began appearing, and while they offered more than features than their before counterparts, they offered little more than in the style of security.

The get-go cell phones, known as 1st
technology (1G) cell phones, worked at 900
MHz and were vulnerable to a variety of attacks.
is a type of cell phone set on that makes attackers’ phones appear to be legitimate. It works on specially modified phones that tumble and shift to a unlike electronic serial number (ESN) and mobile identification number (MIN) after each call. 1G cell phones are also vulnerable to cloning attacks, which required the hacker to capture the ESN and the MIN of a device. Hackers used sniffer–like equipment to capture these numbers from an active cell phone and then install them in some other telephone.

These events led the Federal Communications Commission (FCC) to pass regulations in 1994, banning the industry or import of scanners that can selection up cell–phone frequencies or be altered to receive such frequencies. The passage of Federal Law eighteen USC 1029 makes it a crime to knowingly and intentionally use cell phones that are altered in any way to allow unauthorized utilise of such services. Federal Law 18 USC 1028 Identity Theft and Supposition Deterrence addresses subscription fraud.

Cordless phone providers made it harder for hackers by switching to spread spectrum technologies, which use digital signals and operate in the 2GHz range. Current jail cell phones are in the 3G range and are much more than secure. These devices work in the 2GHz range, and use spread spectrum technologies and strong encryption.

Read full chapter


Mobile Wireless Network Security

, in

Handbook on Securing Cyber-Physical Critical Infrastructure, 2012


Security in Wireless Communications

Wireless communications security is more than challenging than normal-wired communications security. The reason being that wireless signal propagation is not guided by its medium, i.e., costless space. When information is sent by a transmitter, the wireless signal representing it goes in all directions. Even when a directional antenna is used, in any direction at to the lowest degree a pocket-size fraction of the signal spreads out and can be theoretically intercepted. The task of wireless passive listeners is facilitated because, in contrast to wired communications, they don’t need direct contact to the medium to tap a chat. Signals may travel very far. Transmitters don’t control the propagation distance of their betoken. An eavesdropper can heighten its ability to capture a signal and improve the force of a indicate, from a transmitter, by using a more sensitive receiver or a high-gain receive antenna. Active wireless attacks are eased as well because of the inherent unguided property of the medium. Reachability of a target can also be ameliorated by using amplifiers and high-gain transmit antennas. Because of the nature of the medium, wireless communications security is a harder problem to solve than wired communications security.

We examine the wireless communications security problem adopting the bespeak of view of wireless end-users, for instance in their home or work surround.
is a security characteristic required by several applications, which is about keeping cloak-and-dagger to a source and a destination the content of their message. Henceforth, we examine fulfillment of the confidentiality requirement in wireless networks used in home or work environments.

To suspension confidentiality, adversaries have to intercept traffic. From a network compages perspective, wireless traffic tin be intercepted at any of the application, frame, or signal level. At the application level, scanning and network monitoring software are readily available. With such applications, user traffic may be captured, but management letters that control the functioning of the network may not exist visible. Examples of such software are Kismet
and Wireshark
[8]. With frame level interception, almost everything may be intercepted, including control messages. Frame level interception can exist achieved in software using an application programming interface such equally Linux Package Socket (encounter Chapter 4 in Ref.
[9]). Both awarding and frame level interception are limited to the bulletin formats and encoding schemes supported by the wireless interface above which they are running. Signal level is the lowest of all and provides access to every single chip, coded in any format. Signal level interception has been greatly eased with the development and availability of depression-toll
software defined radio platforms. Notation that the same tin can be said about active attacks, i.e., attacks that involve injecting messages and signals.

Traffic intercepted past an eavesdropper may be plaintext or encrypted. There are 2 main families of encryption techniques: stream ciphers and block ciphers. WiFi/802.11 Wired Equivalent Privacy (WEP)
and Temporal Key Integrity Protocol (TKIP)
are the examples of systems that use stream ciphers. The WiFi/802.xi Counter Style with Null Block Chaining Message Hallmark Code Protocol (CCMP)
is an example of a system that uses a block aught. Stream ciphers are discussed further in
Section five.two.3, whereas block ciphers are examined in
Section 5.2.four. We also review the companion hallmark schemes in
Section v.two.5.

Read total affiliate


A Survey of Quantum Primal Distribution (QKD) Technologies

Jeffrey D.
, …
, in

Emerging Trends in ICT Security, 2014

Device contained QKD (DI-QKD)

QKD provides a fashion of increasing communications security, but information technology relies on several assumptions: (i) Alice and Bob apply truly random number generators, (ii) Alice and Bob prepare and measure the quantum states exactly every bit required by the QKD protocol, (three) Alice and Bob tin accurately bound the information that an eavesdropper gains about the key by all methods, and (iv) Alice and Bob utilize a privacy amplification algorithm that eliminates all of the eavesdropper information near the final fundamental. A major advance in combating this information leakage to the eavesdropper is a relatively new protocol known equally Device-Contained QKD (DI-QKD). This QKD protocol makes no assumptions near the hardware used by Alice, Bob, and Eve and goes and so far as to presume that Alice and Bob may accept no knowledge virtually how their hardware works. The only requirements are that Alice and Bob randomly select their measurement ground and Eve cannot influence this random option or know its results until after she can no longer human activity on the quantum states, and that Eve does not know the results of Alice’s and Bob’s measurements

The DI-QKD protocol uses a course of Artur Ekert’s 1991 entanglement-based protocol proposed past Acin, Massar, and Pironio and uses CHSH inequalities to provide security
[38]. It handles the problem that existent-life implementations differ from the ideal design. It also makes testing of components easier and covers the scenario where the quantum devices are not trusted
[39]. The protocol has been proven secure against commonage attacks every bit long as there is no leakage of classical information from Alice and Bob
[37]. Several protocols and experiments have been suggested to take advantage of DI-QKD, including using heralded qubit amplification, extending the range and key rate of normal QKD
[40], and ane that is valid against almost general attacks and based on whatsoever
arbitrary Bell inequalities, not but those based on CHSH inequalities
[41]. Unfortunately, DI-QKD requires high-efficiency near-perfect detectors and provides relatively depression fundamental rates due to the demand for the nearly-perfect detections.

Read full affiliate


https://world wide

Information technology Infrastructure

, in

Digital Forensics Processing and Procedures, 2013


Reviewing Phonation Communications Security

The process by which the Forensic Laboratory reviews vocalisation communications security is as follows:


The Information technology Director receives details almost changes to the voice communications systems from the supplier or from internal Managers.


The Information technology Manager assesses the requirements from a security perspective, taking particular notice of changes in configuration settings and access by 3rd-party suppliers.


The Information technology Manager sends an e-mail outlining his findings to the Information Security Manager, together with any recommendations, as appropriate.


The Data Security Director checks the findings and determines whether the voice communications requirements can be approved. Additional discussions are held by the Information Security Manager and any other relevant stakeholders to clarify any of the findings or recommendations.


The Data Security Manager confirms the decisions equally follows:

if approved, the Information Security Manager sends an east-mail to the It Managing director confirming that the request can exist implemented (bailiwick to whatsoever changes to the configuration, etc., that are recommended).


The request is not granted on a permanent basis. A review of the request must exist scheduled past the Information Security Director and the It Director within 12 months to ensure that the asking remains valid.

if rejected, the Information Security Manager sends an electronic mail to the IT Director outlining the reasons for rejection.

half dozen.

The IT Manager implements the modify to the voice communications system.


At the appointed time according to the review schedule, the voice communications system is assessed again to check whether it remains valid using the above procedure.

Read full chapter

URL: discipline/commodity/pii/B9781597497428000078

Filibuster-tolerant networks (DTNs) for deep-infinite communications☆

, …
, in

Advances in Delay-Tolerant Networks (DTNs) (Second Edition), 2021


Implementing a deep-space DTN solution

Having considered the requirements and challenges relating to infinite information advice, information technology is also relevant to examine how a related DTN arroyo could be realized in practice. Every bit such, this department considers the technology architecture that could be used to support a deep-infinite DTN solution, including the application requirements to receive and share the data with stakeholders, and pregnant supporting issues around security and protection of the information.

The implementation of a deep-space DTN requires conscientious consideration of the overall requirements, the stakeholders involved, and the subsequent challenges that arise. In addition to the networking requirements of the DTN, previously identified, operational aspects must also exist studied, such as providing efficient and effective access to metadata—to allow a user to know what data exists to be accessed, to provide a framework to permit authentication, dominance, and accountability of transactions, and to ensure the confidentiality and integrity of the data itself is maintained.

Unfortunately, when considering many of the mainstream and well-accepted protocols for
advice security, such equally ship layer security (TLS), their challenge–response nature renders them infeasible for use inside a DTN—as a response from ane node to another cannot be guaranteed within the required time frame. However, when considering options to allow endusers to have quick and immediate admission to relevant information and yet allow for the provision of big volumes of DTN-based datasets, two distinct approaches can be taken. Similarly to other network implementations, such every bit Universal Mobile Telecommunications Systems (UMTS—3G mobile networks) and IP Multimedia Subsystem (IMS), upon which many 4G networks are designed, signaling, or management-related data can be communicated independently of the actual content information. This separation of data responsibilities allows:

Management-based information operating on the traditional Net-based network. Operating at the application layer, this will enable users to be given access to all metadata related to the datasets, permit authentication, authorization, and accountability policies to be enforced, and ensure confidentiality and integrity of all direction-based communications using standardized protocols such as TLS.

Infinite-data information to be sent via the DTN. The bodily data itself, due to its size and configuration, will be communicated via the infinite-data DTN. It volition, therefore, be subject to the normal unpredictable operating environs of a DTN.

This separation allows a vastly simplified architecture and removes the necessity to redesign (and, chiefly, validate) network protocols, with the awarding enabling a large number of small delay-tolerant signaling-based communications to exist sent securely. The consequence of capitalizing upon the pre-existing Cyberspace infrastructure permits the use of standardized web-based components for both the delivery (via a 3-tier web awarding) and consumption of metadata (via an Net browser).

While secure delivery of all management-based information can exist accomplished utilizing pre-existing solutions, an issue does withal arises with respect to securing the space data itself. The widely adopted Bundle Protocol allows secure delivery of data; however, an open event exists with respect to the distribution and management of cryptographic keys (Symington et al.,
Scott and Burleigh, 2007;
Farrell, 2007;
Farrell et al., 2009;
Burgin and Hennessy, 2012). While, from an application-layer perspective, it would be possible to incorporate a key direction server to enable primal distribution between high-level DTN nodes (via the Cyberspace-based connectivity), this would (with large DTN networks) consequence in a significantly complex and cumbersome organisation. Electric current research is examining how best to attain this more generally, with
Menesidou and Katos (2012)
looking at the implementation of a one-pass protocol, and the utilization of computationally and communication-heavy long-term keys from which short-term session keys can be derived. However, such work has to be validated and the upshot remains unresolved.


A space-data DTN architecture

The composition and architecture of a space-data DTN can take diverse forms, but for the purposes of illustration and discussion, nosotros can consider one possible model in more detail, in order to examine how the required functionality can be accomplished (Clarke et al., 2012). A central advantage of this model is the focus upon the reuse of proven, standardized, and accepted protocols.

Fig. 3.1
illustrates the principal interactions of the key components inside a space-data DTN. In contrast to typical DTN implementations, this compages relies upon access to normal network communications (as defined by a standard Internet admission) in addition to the DTN. This capability permits the use of standard security mechanisms to protect key services—mechanisms whose operation could non be relied upon in a DTN where filibuster and disruption are nowadays.

Fig. 3.1.
Security architecture overview.

The security architecture is comprised of 4 key components:

Management Application (MA)—a web awarding that enables endusers to obtain space data. The application provides authentication, potency, and accountability services.

Data Originator (DO)—the original source of space data that is placed within the DTN. These components are assumed to be trusted.

End Users (European union)—the last destination of infinite data.

Trusted DTN nodes (TDTN) —a subset of the DTN nodes that are able to deliver space data datasets.

Notation that for simplicity and ease of understanding some DTN network connectivity between nodes is omitted from the figure. All the same, node “West” provides an indication of the interconnectivity of nodes that would actually exist within the DTN. The figure more than by and large presents three different types of network connectivity for illustration. This once more is not a definitive set, but rather an example of the interactions between the master components. Data Originators A, B, and C are all storing their datasets within the DTN network—at the Bundle layer within both the Security and Trusted DTN nodes. Consummate datasets are stored at the Trusted DTN nodes. Users A, B, and C are also downloading datasets from the DTN network from the Trusted DTN nodes. In all three examples, information is sent within the DTN to untrusted DTN nodes with security being maintained betwixt Security and Trusted DTN nodes (as specified past the Bundle Protocol security). The Management Application provides the machinery for TDTN Nodes and Users to communicate and asking datasets.
Fig. iii.ii
illustrates the network interactions that are sent when downloading infinite information from the DTN.

Fig. 3.2

Fig. 3.ii.
Data request process.

A user requests a dataset past logging into the Direction Awarding and clicking upon the available datasets. A one-time URL (with sufficiently long freshness) is generated by the Management Application and sent to the well-nigh appropriate (often this would be geographically nearest) Trusted DTN node that is currently storing the dataset. The same URL is then sent to the user so that they can directly request the data across the DTN. All communication sent across the Cyberspace-based network is secured. It should exist noted that the process relies upon a number of assumptions (which would typically agree true for the space-information scenarios that currently exist):

A procedure exists for datasets to be distributed from Information Originators onto the DTN.

A process exists for the management application to be knowledgeable of where the datasets are distributed throughout the DTN.

The management awarding, users, and trusted DTN nodes can communicate via a normal Internet-type connectedness.

In reality, the advice path indicated by (4) in
Fig. 3.2
could exist any combination of untrusted DTN nodes, security DTN nodes, and trusted DTN nodes. Indeed, for some data requests, the user might find themselves a single hop from a Trusted DTN node with the necessary datasets, whereas on other occasions the datasets might need to traverse large segments of the network.


Trusted DTN nodes

The term “Trusted DTN” is created in order to differentiate it from the concept of a Security DTN, which is already defined by the Bundle Protocol and provides the
communication security
between Security DTN nodes at the bundle layer (

Symington et al., 2011). Trusted DTN nodes are all the same Security DTN nodes, only also include boosted functionality:

Operating above the bundle layer, they provide the functionality to store (and afterward forwards) complete datasets, rather than simply bundles (as defined by the parcel protocol).

Trusted DTN nodes have standard Internet-based advice capabilities with the management awarding—that is, all management signaling information between the MA and TDTN conforms to standard Internet-based traffic weather condition and is not discipline to the filibuster and disruption that could affect a DTN network connection.

The creation of TDTN nodes, while calculation an boosted administrative layer to the architecture, serves to resolve three issues: providing efficient cryptographic back up of datasets, enabling effective cardinal management, and commitment of datasets. Unfortunately, providing datasets at the package layer would significantly increase the authoritative overhead of managing and distributing the space data. Furthermore, cryptographic support at the bundle layer would significantly increase the complexity of fundamental distribution and management. Through managing the space data as complete datasets rather than at the parcel layer, information technology is possible to minimize the administrative overhead of tracking and encrypting bundles. With TDTNs also connected to the Net, an efficient and effective mechanism exists for instructing the node to forrard information through the network.

The TDTN node incorporates functionality to process and store whole datasets. Every bit illustrated in
Fig. three.3, the compages consists of an amanuensis and database system. What the TDTN stores, for how long, and who tin can admission the information are all adamant by the Management Awarding. Although it is not included within the diagram, it is causeless that the bundle layer security functionality is providing the necessary information confidentiality and integrity services.

Fig. 3.3

Fig. 3.iii.
Trusted DTN node architecture.

The TDTN, therefore, includes all the functionality of a standard DTN node, plus the enhanced functionality of a Security DTN node, and an additional layer (every bit illustrated) that provides higher-layer access that deals with complete datasets of data rather than merely bundles.


Information Originators

The Information Originator node includes an identical set of functionality and security mechanisms to the Trusted DTN, with the additional functionality of allowing information originator owners to interface with the amanuensis, rather than operating completely autonomously as the Trusted DTN nodes do (as illustrated in
Fig. 3.iv). This functionality is required to provide the capacity of owners to upload space information into the database for distribution via the DTN.

Fig. 3.4

Fig. 3.4.
Information Originator node architecture.

The Data Originator Amanuensis continuously monitors the DO database for new space datasets. Upon identification, the agent informs the MA that such data exists—initially by automatically completing the database name and possessor fields. These are derived from the file proper name and the possessor of the Practice node. Information technology is then the responsibility of the DO owner to log in to the MA and complete the necessary metadata information regarding the dataset. Functionality within the MA will likewise allow automatic completion of this information for recurring or scheduled events. The DO owner will also configure the access rights for this dataset.


Security considerations

The suggested compages offers a number of advantages from a security perspective, enabling services for confidentiality, integrity, hallmark, authorization, and accountability. The centralized management application is fundamental to the provision of the latter three, and it is worth briefly because how these are addressed.

Authentication to the Management Application is required by ii aspects of the architecture:

People—cease users, information originators and administrators

Trusted components—data originators and trusted DTN nodes

Authentication of the trusted components can be managed past the previously stated communications security and the apply of mutual hallmark within the TLS Protocol. Authorization policies will principally control and maintain what datasets individual users are able to access. All interactions performed on the MA are subject field to accountability policies. The blazon and fourth dimension frame of the records are subject area to administrative settings, but it is suggested that all interactions, from registration to password logins and information requests to data accesses, should be logged.

The MA itself can take the form of a 3-tier web awarding: web forepart cease, dorsum-end system, and database. The database will store all information regarding the space data system. It is therefore a critical organization and a potential single point of failure. To mitigate against such issues, the MA can take the same procedural steps equally mod due east-commerce systems, as they exhibit the same potential threats and issues. The system tin can be mirrored and regularly backed upwards to protect availability.

The database will also include advisable encryption and access control policies and then as to mitigate against a variety of web-based attacks, including detection for distributed denial of service (DDoS) attacks, cross-side scripting, buffer overflows, etc., providing for confidentiality and integrity services of the metadata and account information.

Finally, the servers that volition operate the web application will exist hardened against attack through the provision of regular patching, installation, and configuration of security countermeasures and monitoring via the system ambassador.

Read full affiliate


Security in Wireless Systems

Vijay K.
, in

Wireless Communications & Networking, 2007

Security in GSM

GSM allows three-band phones to exist used seamlessly in more than 160 countries. In GSM, security is implemented in three entities:

Subscriber identity module
(SIM) contains IMSI, TMSI, PIN, MSISDN, hallmark cardinal Ki
(64-fleck), computation key (Kc) generating algorithm A8, and authentication algorithm A3. SIM is a single chip computer containing the operating arrangement (Bone), the file system, and applications. SIM is protected by a Pivot and owned by an operator. SIM applications tin be written with a SIM tool kit.

GSM handset
contains ciphering algorithm A5.

uses algorithms A3, A5, A8; Ki
and IDs are stored in the authentication heart.

Both A3 and A8 algorithms are implemented on the SIM. The operator can determine which algorithm to use. Implementation of an algorithm is independent of hardware manufacturers and network operators.

A5 is a stream zilch. It tin can be implemented very efficiently on hardware. Its pattern was never made public. A5 has several versions: A5/1 (most widely used today), A5/2 (weaker than A5/ane; used in some countries), and A5/three (newest version based on the Kasumi block goose egg).

The hallmark center contains a database of identification and authentication information for subscribers including IMSI, TMSI, location expanse identity (LAI), and authentication central (Ki). It is responsible for generating (RAND), response (RES), and ciphering key (Gc) which are stored in HLR/VLR for authentication and encryption processes. The distribution of security credentials and encryption algorithms provides additional security.

GSM uses data stored on the SIM card within the phone to provide encrypted communications and authentication. GSM encryption is just applied to communications between a mobile phone and the base of operations station. The residual of the transmission over the normal fixed network or radio relay is unprotected, where it could easily exist eavesdropped or modified. In some countries, the base station encryption facility is not activated at all, leaving the user completely unaware of the fact that the transmission is not secure.

GSM encryption is accomplished by the use of a shared underground cardinal. If this key is compromised it will exist possible for the manual to be eavesdropped and for the phone to be cloned (i.e., the identity of the phone can be copied). The shared secret key could easily exist obtained by having physical admission to the SIM, simply this would crave the assailant to get very close to the victim. However, it has been shown past enquiry that the shared underground central tin can be obtained over the air from the SIM past transmitting particular authentication challenges and observing the responses.

If the base station can be compromised then the aggressor volition be able to eavesdrop on all the transmission existence received. The assailant will too have access to the shared secret keys of all the mobile phones that use the base station, thus allowing the attacker to clone all of the phones.

Authentication in the GSM organization is achieved by the base station sending out a claiming to the mobile station. The MS uses a key stored on its SIM to ship dorsum a response that is then verified. This merely authenticates the MS, not the user.

A 64-chip primal is divided to provide data confidentiality. Information technology is not possible to encrypt all the data; for instance, some of the routing information has to be sent in articulate text.

Read full chapter


Extending OSI to Network Security


Hack the Stack, 2006

Information Security

Where does this leave the states? Physical security is needed to protect our assets from insiders and others who proceeds access.
Communication security
is a real requirement every bit encryption offers a ways to protect the confidentiality and integrity of information in storage and in transit. Signal security gives u.s. the power to forestall others from intercepting and using signals that emanate from our facility and electronic devices. Computer security provides u.s. the ability to trust our systems and the operating systems on which they are based. Information technology provides the functionality to control who has read, write, execute, or full control over our information and informational resources. Network security is another key component that has grown in importance as more and more than systems have connected to the Net. This means there is a need for availability, which tin can be easily attacked. The Distributed Deprival of Service (DDoS) attacks against Yahoo and others in 2000 are practiced examples of this.

None of the items discussed by themselves are plenty to solve all security risks. Only when combined together and examined from the point of information security can we start to build a complete picture. In order for information security to be successful, it as well requires senior management back up, practiced security policies, risk assessments, employee grooming, vulnerability testing, patch management, practiced code blueprint, and so on.

Read full chapter


https://world wide discipline/commodity/pii/B9781597491099500058

Industrial Network Protocols

Eric D.
Joel Thomas
, in

Industrial Network Security (Second Edition), 2015

Security concerns

OPC’s use of DCOM and RPC makes it highly vulnerable to attack using multiple vectors, as it is subject to the same vulnerabilities as the more ubiquitously used OLE.

Classic OPC is rooted in the Windows operating system and is therefore susceptible to attack through exploitation of any vulnerability inherent to the Bone.

Support for Windows XP with Service Pack 3 concluded on April 2014 (XP-SP2 concluded July 2010), meaning that OPC applications hosted on unsupported OSes can introduce significant gamble to the integrity of manufacturing operations and potential health, safety, and environs (HSE) impact.

OPC and related ICS vulnerabilities can be tracked via a variety of sources including the United states of america Department of Homeland Security Industrial Control Organization Cyber Emergency Response Squad (ICS-CERT) and the Open up Source Vulnerability Database (OSVDB). Many OLE and RPC vulnerabilities exist and are well known, including exploit modules for a variety of open-source and fee-based security frameworks like Metasploit and Canvas (run into
Chapter 7, “Hacking Industrial Systems”). Information technology is difficult to patch production systems within an industrial network (run across
Chapter 8, “Gamble and Vulnerability Assessments” and
Chapter 10, “Implementing Security and Access Controls”) and then many of these vulnerabilities may still be in place, even if there is an available patch from Microsoft. The SQL Slammer worm really caused global damage despite the fact that Microsoft released a patch to correct the vulnerability 6 months prior to the release of the worm.

Many basic host security concerns employ because OPC is supported on Windows. RPC requires local authentication to occur on both customer and server hosts. This requires the creation of either a local or domain-based account that can exist used by RPC for the OPC sessions. This account can innovate significant risk if it is not properly secured using a least privilege arroyo for just the essential OPC/DCOM services. This business relationship is common to all hosts utilizing OPC, and if not properly protected and managed tin can lead to a widespread compromise in big ICS architectures. Many OPC hosts utilize weak authentication, and passwords are frequently weak when hallmark is enforced. Many systems back up additional Windows services that are irrelevant to ICS systems, resulting in unnecessary processes, which ofttimes correspond to open up “listening” communication ports accessible via the network. Inadequate or nonexistent logging exacerbates these potential weaknesses by providing insufficient forensic detail should a alienation occur, every bit Windows 2000/XP auditing settings do not record DCOM connection requests by default.

Unlike the simple and unmarried-purpose fieldbus protocols discussed before, OPC must exist treated as an overall system integration framework, and implemented and maintained according to modern Bone and network security practices.

Other security concerns of OPC include the post-obit:

Legacy authentication services – Systems within industrial networks are difficult to upgrade (due to limited maintenance windows, compatibility and interoperability concerns, and other factors); insecure hallmark mechanisms remain in apply. For case, Windows 2000 LAN Manager (LM) and NT LAN Managing director (NTLM) authentication mechanisms are notwithstanding used past default in many systems (enabled by default up to and including Windows XP and 2003 Server). These and other legacy authentication mechanisms may exist vulnerable and susceptible to exploitation.

RPC vulnerabilities – OPC uses RPC making it susceptible to all RPC-related vulnerabilities, including several vulnerabilities that are exposed prior to authentication. Exploitation of underlying RPC vulnerabilities could result in capricious code execution, or DoS.

Unnecessary ports and services – OPC supports network protocols other than TCP/IP, including NetBIOS Extended User Interface (NetBEUI), Connection Oriented NetBIOS over InterNetwork parcel Exchange (IPX), and Hyper Text Transport Protocol (HTTP) Internet services.

OPC Server Integrity – It is possible to create a rogue OPC server and to use that server for disruption of service, DoS, information theft through motorcoach snooping, or the injection of malicious code.

Read full affiliate


https://world wide discipline/article/pii/B978012420114900006X

The Unified Communications Ecosystem

, in

Seven Deadliest Unified Communications Attacks, 2010

Toll Fraud

Price fraud is perhaps even less important to talk over than DoS attacks, but even so it can incur very real – and very large – costs to your visitor. This is really the 1 expanse of UC security where the financial risk is the greatest. Equally mentioned, some of the concerns here are the traditional ones like voice-mail service organization configuration, but in the brave new interconnected world of UC, nosotros take to seriously think about the call control and the signaling pathways between our unlike components.

Is it possible that a disgruntled employee could figure out a style to make free calls? And then pass that information along to someone on the outside? Is information technology possible for someone remotely to be able to connect to your organization as if they were a remote extension? Or can they connect directly to your SIP service provider and brand calls to the PSTN using your account? Are all these signaling channels locked downwards and secured? Are you logging and monitoring advisable connections?

Read total chapter

URL: discipline/article/pii/B9781597495479000016