This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The application-level traffic analysis attacks target at disclosing sensitive information at the application level. Song et al. found that it is possible to interkeystroke timing information despite encryption and authentication mechanisms used in SSH. SSH sends out each keystroke in one separate packet during the interactive mode. Based on the interkeystroke timing information, they demonstrated that it was possible to reveal passwords used in SSH logins and provide a quantitative analysis for identifying the webpage even if encryption and anonymizing proxies used. They took advantage of the fact that a number of HTTP features such as the number and size of objects can be used as signatures to identify webpages with some accuracy. Unless the anonymizer addresses this, these signatures are visible to the adversary. Herrmann et al. proposed text mining techniques to identify websites with the normalized frequency distribution of observable IP packet sizes. Lu et al. showed the feasibility of website finger printing based on packet ordering information. Wright et al. showed packet size information of VoIP packets can be used by an adversary to identify a spoken phrase in VoIP calls. It was shown that packet size information of VoIP packets could also be used to detect languages in conversations even the conversations were encrypted.
In today's world the major contribution of networking is concentrated in the file encryption techniques and privacy techniques. Less technology is available to maintain the privacy of the speech file. Hence more advanced technique will spoil the originality of the file sufficient care should be taken in approaching the speech file transaction by the same time enormous amount of hacking is taken place to collapse the file. A modern approach is utilized to overcome the above real problems.
The application level traffic analysis attacks target at disclosing sensitive information at the application level. Song et al. Found that despite encryption and authentication mechanisms used in SSH, it is possible to obtain interkeystroke timing information from SSH packets. SSH sends out each keystroke in one separate packet during the interactive mode. Base on the interkeystroke timing information, they demonstrated that it was possible to reveal passwords used in SSH Logins. Herrmann et al. proposed to identify websites by applying common text mining techniques to the normalized frequency distribution of observable IP packet sizes. Lu et al. showed the feasibility of website fingerprinting based on packet ordering information. Wright et al. Showed packet size information of Voip packets can be used by an adversary to identify a spoken phrase in Voip calls. In, it was shown that packet size information of Voip packets could also be used to detect languages used in conversations even the conversations were encrypted.
The application level traffic analysis attack classified into two categories based on features of the network traffic used in these attacks. Most existing application level traffic analysis attacks are based on packet size information. proposed approaches to counter traffic analysis attacks on Voip calls and their approaches are based on modifying packet sizes. Only a few application level traffic analysis attacks are based on packet timing only. Example is the keystroke detection based on SSH packets.
The main drawback of the existing approaches is based on the packet sizes.
In this proposed system a modern detection method is utilized to create high security and privacy value. In modern approach first background suppression is created, then the suppressed file is meant for classification separating noise and music. The classification process is done through the tandem algorithm. Through this a dummy file has been created to generate a dummy traffic. These steps will be controlled by rumour riding algorithm where it splits the suppressed file and dummy file in separate ways. If the dummy consits of noise fie means won't reach the destination. If the dummy file consists any music or any other speech means it will reach the authenticated person.
1.3 LITERATURE SURVEY
1.3.1 Internet Audio cast
The audio cast included all the general sessions plus a few working group breakout sessions. Unlike listening to a radio broadcast, the remote participants could also talk back, as was demonstrated during a brief technical presentation on the experiment. Though the audio transmission was not perfect, it worked well enough in both directions that remote participants were able to ask cogent questions and engage in the discussions during the working group sessions.
This event was a demonstration of technology developed and tested in the DARTnet research test bed network. It was a pilot experiment that we hope will be expanded at future IETF meetings to reach more destinations and to include video, images, and shared whiteboards along with audio. This is a step toward a more distributed IETF, a goal Dave Farber and Jack Haverty challenged the community to pursue during a discussion on the IETF mailing list last fall.
Three key elements enabled the audio cast:
â€¢ Readily-available hardware and software to generate and receive audio packets at the endpoints.
â€¢ IP multicast routing to replicate the packets efficiently for distribution to a large number of recipients.
â€¢ Real-time network performance, in this case achieved only by selecting uncongested networks with sufficient bandwidth.
The first IETF audio cast was an interesting and valuable experiment both for the experimenters and the participants. Though there were some problems, the results were good enough to suggest that the experiment be continued for future IETF meetings. There are several open issues that provide promising areas for additional work:
â€¢ Better real-time performance measurement tools.
â€¢ New application hardware example. Video cards, software, shared whiteboards, and protocols.
â€¢ Real-time traffic support resource management.
â€¢ Ubiquitous multicast routing support.
â€¢ Meeting site networking and studio facilities.
Meanwhile, small-scale experiments with packet audio and video are encouraged in order to learn more about the protocol requirements. You can participate see the appendix for details.
It achieves efficient audio packet retrieval.
The results were good enough to suggest that the experiment be continued for future IETF meetings.
Audio transmission is difficult.
1.3.2 A Free Codec for Free Speech.
Speex is now evolving into a complete toolkit for voice over IP VoIP development, including algorithms for noise cancellation, acoustic echo cancellation and adaptive jitter buffering. This allows a developer without any signal processing knowledge to implement a VoIP client. In the meantime, Speex is being ported to architectures without a floating-point unit, allowing Speex to be used in embedded devices equipped with a fixed-point CPU or DSP.
The use of Speex for Voip imposes the following requirements:
The frame size and algorithmic delay must be small
Both the encoder and decoder must run in real-time with limited resources
The effect of lost packets during transmission must be minimized
The codec must support both narrowband and wideband
Multiple bit-rates and quality settings must be supported to take into account different connection speeds
Good compression must be achieved while avoiding known speech coding patents .In this project, the origin and design goals of the Speex speech codec were presented. Also, a description of the CELP algorithm and its implementation in Speex was given. Some guidelines for programming with libspeex and choosing the right encoding options were provided in order to help developers make better use of Speex in applications.
Good compression is achieved
evolving into a complete toolkit for voice over IP.
1.3.3 Attacks in Low-Latency Mix-Based Systems.
A mix is a communication proxy that attempts to hide the correspondence between its incoming and outgoing messages. Routing communication through a chain of mixes is a powerful tool for providing unlink ability of senders and receivers despite observation of the network by a global eavesdropper and the corruption of many mix servers on the path. A mix can use a variety of techniques for hiding the relationships between its incoming and outgoing messages. In particular, it will typically transform them cryptographically, delay them, reorder them, and emit additional dummy messages in its output. But mainly for high-latency systems, Anonymous email or voting applications that do not require efficient processing. In practice, such systems may take hours to deliver a message to its intended destination.
Users desire anonymity for more interactive applications, such as web browsing, online chat, and file-sharing, all of which require a low-latency connection. A number of low-latency mix-based protocols for unlikable communications have been proposed, including ISDN-Mixes, Onion Routing, Tarzan, Web Mixes, and Freedom . Unfortunately, there are a number of known attacks on these systems that take advantage of weaknesses in mix-based protocols when they are used for low-latency applications.
The attack it considers here is timing analysis, where an attacker studies the timings of messages moving through the system to find correlations. This kind of analysis might make it possible for two attacker mixes owned or compromised by the attacker to determine that they are on the same communication path. In some systems, this allows these two attacker mixes to match the sender with her destination. Unfortunately, it is not known precisely how vulnerable these systems are in practice and whether an attacker can successfully use timing analysis for these types of attacks. For example, some research has assumed that timing analysis is possible when dummy messages are not used, though this has not been carefully examined.
This project significantly clarifies the threat posed to low-latency mix systems by timing attacks through detailed simulations and analysis. It shows that timing attacks are a serious threat and are easy to exploit by a well-placed attacker. It also measures the effectiveness of previously proposed defenses such as cover traffic and the impact of path length on the attack. Finally, it introduces a new variation of cover traffic that better defends against the attacks it considers, and demonstrates this through our analysis. Our results are based primarily on simulations of a set of attacking mixes that attempt to perform timing attacks in a realistic network setting.
Timing analysis against users of anonymous communications systems can be effective in a wide variety of network and system conditions, and therefore poses a significant challenge to the designer of such systems.
This project presented a study of both timing analysis attacks and defenses against such attacks. It has shown that, under certain assumptions, the conventional use of cover traffic is not effective against timing attacks. Furthermore, intentional packet dropping induced by attacker-controlled mixes can nullify the effect of cover traffic altogether. It proposed a new cover traffic technique, defensive dropping, to obstruct timing analysis. Our results show that end-to-end cover traffic augmented with defensive dropping is a viable and effective method to defend against timing analysis in low-latency systems.
It significantly clarifies the threat posed to low-latency mix systems.
Attacker studies the timings of messages moving through the system.
2. WORK DONE IN PHASE ONE
2.1 System Design
Speech privacy in a node
Constant Bit Rate
Decrypt the data using Hang over
2.11 ANALYSIS OF SYSTEM
FIGURE 1 ARCHITECTURE DIAGRAM
3.1 Data Flow Diagram
Encrypt the data
Decrypt the data
Figure 2 Dataflow diagram
Voice Activity Detection
5. A. HMM dataset
5. B. Man in the middle attack
4. MODULE DESCRIPTION
4.1 Network Design:
In speech communications, an analog voice signal is first converted into a voice data stream by a chosen codec. Typically in this step, compression is used to reduce the data rate. The voice data stream is then packetized in small units of typically tens of milliseconds of voice, and encapsulated in a packet stream over the Internet.
Voice data stream
Voice signalLevel 0
Voice data streamLevel1
4.2 Voice Activity Detection:
Voice Activity Detection (VAD), also called Silence suppression is designed to further save bandwidth. The main idea of the silence suppression technique is to disable voice packet transmissions when silence is detected. To prevent the receiving end of a speech communication from suspecting that the speech communication stops suddenly, comfort noise is generated at the receiving end. Silence suppression is a general feature supported in codec's, speech communication software, and protocols such as RTP.
Disable voice packets
Voice packets generated by constant bit rate (CBR) codecs are of the same size. Encryption can pad voice packets to the same size during the encryption process, and packets in anonymity networks such as Tor are of the same size to prevent traffic analysis attacks based on packet size information.
4.3 Modern Detection Approach
In modern detection approach a new processing technique has been be implemented for voice process model. The modern detection approach flows with various process.
4.3.1 Background suppression
In this phase the voice file is processed to separate the exact pitch from external.
From the output of above phase the noise, music and third party speech is classified using a modern approach called tandem algorithm.
4.3.3 Fake Traffic
From the classified approach a dummy file has been created using the silent file and classified file.
4.3.4 Rumor Riding
By implementing this mechanism the fake file and the suppressed file will transmit in different path. If the fake file is depend on noise then the packets are omitted as dead packets. If the file is based upon any music or third party file then it gets appended to the authenticated users at the end of session.
4.4 Hangover Mechanism
Hangover techniques are used in silence detectors to avoid sudden end-clipping of speeches. During hangover time, voice packets are still transmitted even when the frame energy is below the energy threshold. Traditional silence detectors use fixed-length hangover time. For modern silence detectors such as G.729B, the length of hangover time dynamically changes according to the energy of previous frames and noise.
4.5 Attacker Model
This module describes how the attacker intersecting using possible ways in our speech transaction and how the project reconfigure itself to tolerate the attacks.
5.5.1 HMM dataset
In this phase a HMM trained dataset is generated which is utilized to identify speaker dependency.
5.5.2 Man in the middle attack
In this project a man in the middle attack is embossed to describe the attacker effect in the network in hacking the file.
Tabulation For Algorithm
This module evaluates the detection performance with four metrics. Detection rate, false negative rate, false positive rate, and percentage of traces which can be tested. The two metrics, the false negative rate and the false positive rate used in performance evaluation, are calculated on the test traces. The last metric, percentage of traces which can be tested, is needed because for certain group of labeled traces, it is impossible to find a threshold .so that both the false negative rate and the false positive rate on the labeled traces are below a given tolerance.
Percentage of Trace
False Positive Rate
False Negative Rate
Figure 3 Performance Evaluation
Modern Detection approach
A modern detection method is utilized to create high security and privacy value. In modern approach first background suppression is created, then the suppressed file is meant for classification separating noise and music.
Remove the background noise and music using silent suppression. The voice packets to saving bandwith and transmits the signal.
To classify the speech who is user and idenfiy the attackers prevent the speech communications between both parties.
5.1.3fake traffic assignment
The classification process is done through the tandem algorithm. Through this a dummy file has been created to generate a dummy traffic.
These steps will be controlled by rumour riding algorithm where it splits the suppressed file and dummy file in separate ways. If the dummy consits of noise file means won't reach the destination. If the dummy file consists any music or any other speech means it will reach the authenticated person.
CONCLUSION& FUTURE WORK
There are many challenges in the speech communications over the Internet such as easy prediction and high bandwidth size. This project proposes a new class of passive traffic analysis attacks to compromise privacy of speech communications. In the existing, the application level traffic analysis attacks are only based on packet size information. The proposed traffic analysis attacks include not only packet size information but also comprise the timing information of the packet. The proposed traffic analysis attacks can detect speakers of encrypted speech communications with high detection rates. In proposed work the hidden markov model is used for detecting the speaker dependency and constant bit ratio is utilized to append the bit to convert the voice file into original voice format. Due to this the bandwidth and network traffic is not reduced. In future work in order to replace the HMM technique the Gaussian Mixture Model for gaining more privacy. Online Conversation also will be included in the future that means the speech will be packetized and encrypted at the time of talking without any manual operation. By utilizing the GMM technique the bandwidth utilization can be highly reduced further noise filtration, speech segmentation can be enhanced to overcome the limitation.