Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Timing Attacks on PIN Input in VoIP Networks: Short paper
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. (Datavetenskap)
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (Datavetenskap)
2011 (English)In: Detection of Intrusions and Malware, and Vulnerability Assessment: 8th International Conference, DIMVA 2011 / [ed] Holz, Thorsten; Bos, Herbert, Berlin: Springer Berlin/Heidelberg, 2011, 75-84 p.Conference paper, (Refereed)
Abstract [en]

To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.

Place, publisher, year, edition, pages
Berlin: Springer Berlin/Heidelberg, 2011. 75-84 p.
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 6739
Keyword [en]
authorisation - cryptography - delays - Internet telephony
National Category
Computer Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-11963DOI: 10.1007/978-3-642-22424-9_5ISI: 000303367200005ISBN: 978-3-642-22423-2 (print)OAI: oai:DiVA.org:kau-11963DiVA: diva2:507198
Conference
DIMVA 2011, The 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Note

Ingår i projekt1?

Ingår i projekt

Om publikationen ingår i ett projekt, ange projektets namn. För att ange flera projekt, klicka på Ytterligare projekt.

x

Available from: 2012-03-02 Created: 2012-03-02 Last updated: 2016-02-22Bibliographically approved
In thesis
1. Unwanted Traffic and Information Disclosure in VoIP Networks: Threats and Countermeasures
Open this publication in new window or tab >>Unwanted Traffic and Information Disclosure in VoIP Networks: Threats and Countermeasures
2012 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The success of the Internet has brought significant changes to the telecommunication industry. One of the remarkable outcomes of this evolution is Voice over IP (VoIP), which enables realtime voice communications over packet switched networks for a lower cost than traditional public switched telephone networks (PSTN). Nevertheless, security and privacy vulnerabilities pose a significant challenge to hindering VoIP from being widely deployed. The main object of this thesis is to define and elaborate unexplored security and privacy risks on standardized VoIP protocols and their implementations as well as to develop suitable countermeasures. Three research questions are addressed to achieve this objective:

Question 1:  What are potential unexplored threats in a SIP VoIP network with regard to availability, confidentiality and privacy by means of unwanted traffic and information disclosure?

Question 2:  How far are existing security and privacy mechanisms sufficient to counteract these threats and what are their shortcomings?

Question 3:  How can new countermeasures be designed for minimizing or preventing the consequences caused by these threats efficiently in practice?

Part I of the thesis concentrates on the threats caused by "unwanted traffic", which includes Denial of Service (DoS) attacks and voice spam. They generate unwanted traffic to consume the resources and annoy users. Part II of this thesis explores unauthorized information disclosure in VoIP traffic. Confidential user data such as calling records, identity information, PIN code and data revealing a user's social networks might be disclosed or partially disclosed from VoIP traffic. We studied both threats and countermeasures by conducting experiments or using theoretical assessment. Part II also presents a survey research related to threats and countermeasures for anonymous VoIP communication.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2012. 32 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2012:28
Keyword
SIP, VoIP, security, Denial of Service, Vulnerability analysis, timing attacks, Spam, DTMF, SIP, RTP
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-13408 (URN)978-91-7063-432-1 (ISBN)
Public defence
2012-09-14, 1 B 306, Universitetsgatan 2, Karlstad, 10:15 (English)
Opponent
Supervisors
Available from: 2012-08-28 Created: 2012-05-29 Last updated: 2012-08-28Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Zhang, GeFischer-Huebner, Simone
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 294 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf