Wed, 17 February 2010
In this podcast we discuss the emerging threat of steganography in voice over IP.
This is really interesting - is it something that is already happening? Currently, this seems to be confined to research labs. The primary reference for this podcast is an IEEE Spectrum article by three professors - Józef Lubacz, Wojciech Mazurczyk & Krzysztof Szczypiorsk - at Warsaw University of Technology. This is part of their ongoing research, as part of the Network Security Group, to identify emerging threats and develop countermeasures.
Before we delve into this new topic, lets provide the audience with a little background. First what is steganography - sounds like a dinosaur?
Yeah - the Stegosaurus. I'm not sure how or if the two are related; we'll leave that one for the Paleontologists in the audience.
Steganography is something that has been around a long time - some say as far back as 440 BC. While encryption takes our message and scrambles it, so that an unintended recipient cannot read it, steganography attempts to hide or obscure that a message even exists. The researchers refer to steganography as "meta-encryption." Another useful analogy they use is to refer to the secret message and the carrier within which it is hidden.
Can you give us some examples?
If we start in ancient times, we can point to examples of shaving a messengers head, tattooing a message on their head, letting the hair grow back and sending them off. Other examples include using invisible ink or even writing on boiled eggs with an ink that penetrates the shell and can be read by peeling the egg. Simon Singh's "The Code Book" is a great read that details the history of encrypting and obscuring information.
What about some more modern examples?
When we refer to modern steganography we are usually referring to digital steganography. Digital steganography takes advantage of digital data by (for example) hiding a message within images, audio, or video files. In this case the image, audio or video file is the carrier. The larger the file (image, audio or video) the larger message it can carry. The researchers contend that a single 6-minute mp3 audio file, say roughly 30 megabytes in size, could be used to conceal every play written by Shakespeare.
So how does this work?
Say you and I wanted to communicate using steganography. We would each download one of the hundreds of freely available stego apps. You would take a fairly innocuous image file, use the software to embed a message into that file, and send me the altered file. To anyone else, this would just look like a photo you're sharing with a friend, but because I know there's a hidden message, I open with the same stego app and read the hidden message. You could also add a password to further protect the message.
So how do we stop this?
This is a specialized field called "steganalysis." The simplest way to detect a hidden message is to compare the carrier file - our innocuous image - to the original. A file that is larger than the original is a red flag. This of course presupposes that you have access to the original file. In most cases, this will not be the case, so instead, we look for anomalies. Is the audio file significantly larger than a 3-minute audio file should be? We can also use spectrum analysis or look for inconsistencies in the way the data has been compressed.
How would spectrum analysis help?
Some steganography techniques try to take our digital data and modify the least-siginificant bit. In our digital data the LSB often just shows up as noise and doesn't effect the image, audio, or video quality. A spectrum analyzer would help us to compare the "noise" in an unaltered sample and to try and identify anomalies.
Wow - that's scary stuff. What about Voice over IP[is this part OK]?
Voice over IP or ("voype") is a transmission technology that enables us to deliver voice communications over IP networks such as the Internet. This is an alternative to using the traditional PSTN or public switched telephone network for voice communications. In VoIP, we take our analog voice signal convert it to a digital signal and "chop" it up into smaller pieces called IP packets. These packets are sent over our data network and reassembled at the destination. To understand packet-switched networks, consider the US Postal system – our packets are analogous to postal letters or parcels, numbered, sent across a network and re-assembled at the receiving end. Packets do not follow the same path from source to destination and may even arrive out of sequence. In VoIP, it's more important that we transmit our data quickly, so we forego the numbering or sequencing.
So what about this new class of steganography?
One of the disadvantages of existing techniques is the size limitation of the carriers. If someone tries to put to large a message into an audio file, it becomes easier to detect. With VoIP, our message is hidden among the packets - even bits - of voice data being transmitted. In a sense, older technologies used a digital file as the carrier, while these new, emerging techniques use the communication protocol itself as the carrier. The size of the hidden message is only limited by the length of the call. While detecting a hidden message in a physical file is not trivial, the difficulty of finding a hidden message increases an order of magnitude when there is no physical file to examine. The researchers are calling this new class of steganography - "network steganography."
So how does network steganography work? The researchers have developed three methods that all manipulate the IP or Internet Protocol and take advantage of the fact that this is a connectionless and unreliable protocol. Network steganography exploits errors (data corruption and lost packets) that are inherent in the Internet Protocol.
What are the three methods?
The three methods or flavors of network steganography that the researchers have developed are:
Briefly, LACK hides a message in packet delays, HICCUPS disguises a message as noise, and Protocol Steganography uses unused fields in the IP protocol to hide information.
So let's talk a little bit more about each - first LACK.
VoIP traffic is very time sensitive - if a voice packet (about 20 milliseconds of conversation) is delayed, we can continue our conversation without significantly effecting the call quality. Once the delayed packet does arrive at the receiver, it's already too late; the packet is useless and is either dropped or discarded. That's the way VoIP is designed to work. LACK intentionally delays some packets and adds the "steganograms" in these intentionally delayed packets. To an unintended recipient, these packets appear to be late and are discard, but to the party you're communicating with they are retained and decoded to extract a hidden message. LACK is a simple technique that is hard to detect.
What about HICCUPS?
HICCUPS works on wireless local area networks and takes advantage of corrupted packets. Normally, in a wireless network, we check for corrupted data by examining the checksum of a received packet. If the checksum doesn't match what we expect, we discard the packet. HICCUPS hides our message - the steganograms - in these seemingly "corrupted" packets. Unintended recipients will discard these packets, but our cohort knows to look for these "corrupted" packets and to retain and examine them. This method is difficult to use, because it requires a NIC card that can generate incorrect checksums. It is also difficult to detect.
Okay what about Protocol Steganography?
Here, we're hiding our message in the actual header fields of the IP packet. In particular, we're hiding information in unused, optional or even partial fields. To make it even harder to detect, we could use fields that frequently change.
So, should we be worried?
I don't think so. The majority of the steganography applications seem to be focused on altering images, which appears to be the easiest form of steganography. While the techniques these researchers have developed are technically feasible, I'm not sure that they're easily implemented. There has been lots of speculation regarding terrorist organizations using steganography to communicate however, no one has been able to document that this has actually happened. That said, I have no doubt that these groups are exploring ways to mask their communications and that the NSA has developed and uses a wide arrays of tools and countermeasures for steganography. |
Mon, 15 February 2010
On January 14, 2010 we hosted Online Impact 2010 in the Springfield Technical Community College (STCC) Technology Park. This was the second business and industry Online Impact event held at STCC - we had the first one in June 2009. Both events focused on the use of social media sites like Twitter, LinkedIn and Facebook to reach out to customers and prospects. We had an excellent half-day of panels and workshop sessions that focused on social media tips and tactics. This podcast is a recording of the first panel, moderated by Dave Sweeney from viz-bang.com. I won’t introduce the panelists – Dave does it as part of the podcast. We’re already planning the next Online Impact event – watch our website at ictcenter.org for details. |
Sun, 7 February 2010
In this podcast, Setta McCabe from WTCC 90.7 FM and Gordon talk about social media on her weekly radio program. During the show they discussed blogging, Twitter, Facebook, LinkedIn and other social media applications. This is a recording of the interview. We’ve left Setta’s intro and exit pieces but have removed the public service announcements. Setta is great - and the interview was a lot of fun. We hope you enjoy listening.
|
Mon, 1 February 2010
Intro: Apple says the tablet-style iPad computer represents a whole new category of consumer electronic devices. In this podcast Mike reviews the technical specifications of the device and gives his first impressions.
Let's start by looking at the Tech Specs of the new iPad
Size - How big is this thing?
The iPad is about 7 and a half inches wide; 9 and a half inches high; and a sleek looking 1/2 inch thick. There are two models one with WiFi only and the other with Wifi and 3G. The Wifi only model weighs 1.5 pounds - interestingly, the 3G radio adds another 10th of a pound.
What about the hardware? Some people are referring to this thing as a big iPhone or iPod Touch?
On the surface, that would appear to be true, but as we'll discuss later, it's not that simple. The iPad has the same dock connector as the iPhone, so many of the existing accessories should still work. Also included are a headphone jack, speaker, microphone, and SIM card tray for the 3G model. The buttons replicate the iPhone (on/off, mute, volume up and down, and home).
What about the screen?
The screen is 9.7 inches diagonally, with a glossy fingerprint resistant coating. The screen is about the size of two iPhones stacked and oriented horizontally.The resolution is 1024 by 768 which amounts to 132 pixels per inch, compared to the iPhone, which is 480-by-320-pixels with a density of 163 ppi. The smaller density could result in losing some sharpness or clarity as text/objects are scaled up - although people who have used it rave about the display. And obviously, the screen supports multi-touch.
What about capacity?
Following along the lines of the iPhone, the iPad is available with 16, 32 and 64 GB flash drives.
Does the iPad have senors like the iPhone?
Like the iPhone, the iPad contains a 3-axis accelerometer and an ambient light senor, which automatically adjusts the brightness of the display. The only sensor not present is the proximity sensor - but I don't expect people to hold this to their face to face call.
What about wireless?
As we already discussed, there are two models available (WiFi and WiFI+3G). The WiFi supports older 802.11a, b, and g standards, as well as the newer-faster 802.11n. The fact that it supports 802.11a leads me to believe that the 802.11n is dual-mode, meaning that it will support both 2.4 GHz and 5 GHz frequencies. The 3G - at least for now - is still AT&T's 3G, which theoretically could approach speeds of 7.2 Mbps (HSDPA). Unfortunately, AT&T's High-Speed Downlink Packet Access is not yet widely available. Probably in 2011.
What about other carriers?
There was a lot of speculation of this event including announcements regarding the end of AT&T exclusive iPhone deal and the addtion of other carriers - most notably Verizon Wireless. This may happen in time for the next version of the iPhone - in June or July. The iPad does use a micro-SIM card that you could swap with another carriers. It would of course have to be a GSM network. I think people also need to realize that a Verizon iPhone is not a technically insignificant task. Verizon's wireless network uses CDMA rather than GSM, which would require an entirely new phone with a CDMA-radio.
Bluetooth?
The iPad supports Bluetooth 2.1 +EDR (Enhanced Data Rate) which is a pretty speedy 3 MBps - at least compared to earlier 1MBps versions.I expect future versions of the iPad will eventually go to Bluetooh 3.0 +HS, which at 24 MBits will make the iPad the center of home entertainment and media systems - just a thought - no inside knowledge here.
What about GPS?
Unfortunately the iPad doesn't have a GPS radio. The WiFi -only model tries to use the location of wifi hotspots to triangulate location, while the WiFI+3G model supports assisted GPS and Cellular triangulation. Interestingly, like the iPhone 3GS, the iPad includes a digtial compass - personally, I would rather have GPS than a compass.
Battery Life?
As you know, Apple has been doing a lot to improve battery life on the MacBook and MacBook Pro line of laptops. It seems like some of this technology has made its way into the iPad, which they are rating at 10 hours (surfing the web with WiFI, watching videos, or listening to music). When people get these in their hands, I'm sure we'll see more realistic numbers - I would think in the 5-7 hour range.
What about the processor?
Here's where it gets interesting. In April of 2008, Apple purchased a small "boutique" microprocessor design company P.A. Semi. Since that time, Apple has been able to use that new=found expertise to design and build a new 1GHz Apple A4 custom-designed, high-performance, low-power system-on-a-chip. Based on reports I've read on the speed and responsiveness of the system, this new chip has made a difference. It will be interesting to learn more about the actual chip, but I expect we'll see the same chip running in a new iPhone by June or July.
What about the software?
The iPad seems to be running version 3.2 of the iPhone OS. The latest beta of the iPhone SDK is based on 3.2 and includes an iPad simulator. Since the iPad uses the iPhone OS, it is a closed ecosystem much like the iPhone - meaning you can't install any applications you want, as you might on a PC or traditional Mac computer. Instead you are dependent on the iPhone app store for app. Virtually all of the over 140,000 existing apps will run on the iPad - I would expect that apps that depend on iPhone-specific hardware (cellular radio, camera, GPS) will not run on an iPad. iPhone apps will run in native mode in a small window on the iPad and will include a 2x button, which will allow one to double the size of the app. Apple uses a technique call pixel-doubling to achieve this without losing the fidelity of the app. Developers can use the SDK to develop iPad-specific versions of their apps, which can take advantage of the increased screen real estate and will as the room to integrate more expansive multi-touch gestures. Apple demo re-written version of their iWork office suite (Keynote, Pages, and Numbers). These apps have been completely re-written with the iPad in mind and will be available for $10 each. The new apps look pretty slick!
What about what's missing?
Multi-tasking is something that many people were hoping for. Although it's not part of the 3.2 OS, some think it may be announced as part of iPhone OS 4.0 for a June/July launch. I wouldn't hold my breath. One of my students does multi-tasking on a jailbroken iPhone and tells me it kills the battery.
In terms of hardware, there was lots of speculation about a front-facing webcam or even two cameras. I think a webcam for this sort of device makes sense - turns it into a great web conferencing device. A traditional iPhone-like camera doesn't make as much sense. Imagine trying trying to hold a 10x8 1.5 pound device and take photos - seems clunky. Developers reviewing the new beta (3.2) of the iPhone SDK have noticed references to a camera in the SDK, making it likely that a camera of some sort was planned for this device, but didn't make it into the final build. Some are hopeful that a camera will even show up when this product ships - that would be a nice surprise, but more likely, I think we'll see a front-facing camera in IPad 2.0. Additional speculation included 2 dock connectors, so the device could be docked in portrait or landscape - in the the end just one dock connector for portrait docking.
The iPad has no video out port, so there's a dock connector adapter available that purpose, as well as adapters for SD cards and USB devices. If you feel limited by text entry on a virtual keyboard, you can also purchase an optional dock with keyboard, and the iPad will purportedly be compatible with Apple's Bluetooth keyboard.
So, what do you think - is this going to go down in history as a revolutionary device?
I think it's unfortunate that there was so much hype surrounding this device. No device could live up to all those expectations. In my opinion, this seems today like an evolutionary device, but I think when we look back we will realize the revolutionary nature of the iPad. Clearly it will have all started with the iPhone, but I think the iPad is what Steve Jobs has been working toward all along - we saw a glimmer of that vision in the iPhone, but the iPad and its' successors are the full fruition of that vision. Fundamentally, what I think we're seeing is an inflection point in the historical arc of computing. I'll try to explain it, but I'm still working out the details myself. To date, if you wanted to use a computer, you had to immerse yourself in the details of filesystems, filetypes, settings, configuration, etc. While the hierarchy of files and folders serves as a good metaphor for navigating a computers contents and accessing applications, that GUI interface is sill just an extension of the command line we thought we left behind with DOS. What the iPhone introduced and the iPad now extends is a User Interface where files, folders, and the file system are all obfuscated - they all become abstractions that the generic user doesn't have to worry about or even be aware exist. Your mother and my mother don't want to be troubled by navigating a filesystem to find a document or an application - they just want to tap and run their application or open their document. As this paradigm shift moves forward, there will be users like me and you that will still want and need a filesystem, files and folders, but I think the average user will increasingly move toward this sort of simplified user interface. I've excerpted some interesting thoughts from a variety of pundits.
John Gruber makes the comparison between a car with a manual transmission and one with an automatic transmission: Used to be that to drive a car, you, the driver, needed to operate a clutch pedal and gear shifter and manually change gears for the transmission as you accelerated and decelerated. Then came the automatic transmission. With an automatic, the transmission is entirely abstracted away. The clutch is gone. To go faster, you just press harder on the gas pedal. That’s where Apple is taking computing. A car with an automatic transmission still shifts gears; the driver just doesn’t need to know about it. A computer running iPhone OS still has a hierarchical file system; the user just never sees it. Jim Stogdill build on Gruber's metaphor, comparing the iPad to the move from traditional autos to the Prius: The automobile went through a similar evolution. From eminently hackable to hood essentially sealed shut. When the automobile was new, you HAD to be a mechanic to own one. Later, being a mechanic gave you the option of tinkering and adapting it to your specific interests. In fact, that's how most people up until about 1985 learned to be mechanics. The big changes came with the catalytic converter and electronic ignition (and warranty language to match). Now the automobile has reached the point in its development where you don't even have to know whether it has a motor or an engine to use it, but to tinker at all requires highly specialized skills. one particularly telling phrase: It's been a long time since most of us have used our computers to do anything approaching "computing," but the iPad explicitly leaves the baggage behind, leaps the conceptual gulf, and becomes something else entirely. Something consumery, media'ish, and not in the least bit intimidating. Steven Frank discusses Old World versus New World computing and distills Apple's gambit into a few bullets: The bet is roughly that the future of computing: · has a UI model based on direct manipulation of data objects · completely hides the filesystem from the user · favors ease of use and reduction of complexity over absolute flexibility · favors benefit to the end-user rather than the developer or other vendors · lives atop built-to-specific-purpose native applications and universally available web apps Andy Ihnatko's hands-on with the iPad is also worth a read.
Category:podcasts
-- posted at: 5:03pm EDT
|