-
Research of Caller ID Spoofing Launch, Detection, and Defense
Authors:
Volodymyr Buriachok,
Volodymyr Sokolov,
Mahyar TajDini
Abstract:
Caller ID parodying produces the valid Caller character, in this manner deciding seem to start from another client. This apparently basic assault strategy has been utilized in the develo** communication fake and trick calls, bringing about significant financial trouble. Unfortunately, callerID spoofing is easy to implement but yet it is difficult to have protection against it. In addition, there…
▽ More
Caller ID parodying produces the valid Caller character, in this manner deciding seem to start from another client. This apparently basic assault strategy has been utilized in the develo** communication fake and trick calls, bringing about significant financial trouble. Unfortunately, callerID spoofing is easy to implement but yet it is difficult to have protection against it. In addition, there are not effective and defense solutions available right now. In this research it is suggested the CIVE (Callee Inference & VErification), a compelling and viable guard against Caller ID spoofing. This way it is described how it's possible to lunch call spoofing and between line describe how CIVE approach method can help to prevent somehow this kind of attacks. Caller ID Spoofing could cause huge financial and political issues special nowadays, when many things even sometimes authentication and verification are available by phone call, like banks approving transactions or two factor authentications and many other things. We believe critical industries specially banks and payment service providers should be protected against such vulnerabilities with their system and make an approach to prevent it, also it is very important to learn people specially who has special social place like politicians or celebrities to know such kind of attack are already exist. For this paper we implemented a call from white house to show there is no limitation and no matter whom you try to spoof, but destination which is the victim receive the call and that make this attack vector dangerous. And even modern communication and even devices like 4G and smart phones are not able to prevent or even detect this kind of attack. This study is a demonstration of the vulnerabilities available. All experiments were conducted on isolated mock-ups.
△ Less
Submitted 1 April, 2020;
originally announced April 2020.
-
Implementation of an Index Optimize Technology for Highly Specialized Terms based on the Phonetic Algorithm Metaphone
Authors:
V. Buriachok,
M. Hadzhyiev,
V. Sokolov,
P. Skladannyi,
L. Kuzmenko
Abstract:
When compiling databases, for example to meet the needs of healthcare establishments, there is quite a common problem with the introduction and further processing of names and last names of doctors and patients that are highly specialized both in terms of pronunciation and writing. This is because names and last names of people cannot be unique, their notation is not subject to any rules of phonet…
▽ More
When compiling databases, for example to meet the needs of healthcare establishments, there is quite a common problem with the introduction and further processing of names and last names of doctors and patients that are highly specialized both in terms of pronunciation and writing. This is because names and last names of people cannot be unique, their notation is not subject to any rules of phonetics, while their length in different languages may not match. With the advent of the Internet, this situation has become generally critical and can lead to that multiple copies of e-mails are sent to one address. It is possible to solve the specified problem by using phonetic algorithms for comparing words Daitch-Mokotoff, Soundex, NYSIIS, Polyphone, and Metaphone, as well as the Levenshtein and Jaro algorithms, Q-gram-based algorithms, which make it possible to find distances between words. The most widespread among them are the Soundex and Metaphone algorithms, which are designed to index the words based on their sound, taking into consideration the rules of pronunciation. By applying the Metaphone algorithm, an attempt has been made to optimize the phonetic search processes for tasks of fuzzy coincidence, for example, at data deduplication in various databases and registries, in order to reduce the number of errors of incorrect input of last names. An analysis of the most common last names reveals that some of them are of the Ukrainian or Russian origin. At the same time, the rules following which the names are pronounced and written, for example in Ukrainian, differ radically from basic algorithms for English and differ quite significantly for the Russian language. That is why a phonetic algorithm should take into consideration first of all the peculiarities in the formation of Ukrainian last names, which is of special relevance now.
△ Less
Submitted 31 October, 2019;
originally announced November 2019.
-
Men-in-the-Middle Attack Simulation on Low Energy Wireless Devices using Software Define Radio
Authors:
Mahyar TajDini,
Volodymyr Sokolov,
Volodymyr Buriachok
Abstract:
The article presents a method of organizing men-in-the-middle attack and penetration test on Bluetooth Low Energy devices and ZigBee packets using software define radio with sniffing and spoofing packets, capture and analysis techniques on wireless waves with the focus on Bluetooth. The paper contains the analysis of the latest scientific work in this area, provides a comparative analysis of SDRs…
▽ More
The article presents a method of organizing men-in-the-middle attack and penetration test on Bluetooth Low Energy devices and ZigBee packets using software define radio with sniffing and spoofing packets, capture and analysis techniques on wireless waves with the focus on Bluetooth. The paper contains the analysis of the latest scientific work in this area, provides a comparative analysis of SDRs and the rationale for the choice of hardware, gives the sequence of actions for collecting wireless data packets and data collection from ZigBee and BLE devices, and analyzes ways to improve captured wireless packet analysis techniques. For the study collected experimental setup, the results of which are analyzed in real time. The collected wireless data packets are compared with those sent. The result of the experiment shows the weaknesses of local wireless networks.
△ Less
Submitted 26 June, 2019;
originally announced June 2019.
-
Security Rating Metrics for Distributed Wireless Systems
Authors:
Volodymyr Buriachok,
Volodymyr Sokolov,
Pavlo Skladannyi
Abstract:
The paper examines quantitative assessment of wireless distribution system security, as well as an assessment of risks from attacks and security violations. Furthermore, it describes typical security breach and formal attack models and five methods for assessing security. The proposed normalized method for assessing the degree of security assurance operates with at least three characteristics, whi…
▽ More
The paper examines quantitative assessment of wireless distribution system security, as well as an assessment of risks from attacks and security violations. Furthermore, it describes typical security breach and formal attack models and five methods for assessing security. The proposed normalized method for assessing the degree of security assurance operates with at least three characteristics, which allows comparatively analyze heterogeneous information systems. The improved calculating formulas have been proposed for two security assessment methods, and the elements of functional-cost analysis have been applied to calculate the degree of security. To check the results of the analysis, the coefficient of concordance was calculated, which gives opportunity to determine the quality of expert assessment. The simultaneous use of several models to describe attacks and the effectiveness of countering them allows us to create a comprehensive approach to countering modern security threats to information networks at the commercial enterprises and critical infrastructure facilities.
△ Less
Submitted 26 June, 2019;
originally announced June 2019.
-
Low-Cost Spectrum Analyzers for Channel Allocation in Wireless Networks 2.4 GHz Range
Authors:
Volodymyr Buriachok,
Volodymyr Sokolov
Abstract:
The article introduces a new scheme of dynamic interference free channel allocation. The scheme is based on additional spectral analyzers in wireless networks IEEE 802.11. Design and implementation is presented.
The article introduces a new scheme of dynamic interference free channel allocation. The scheme is based on additional spectral analyzers in wireless networks IEEE 802.11. Design and implementation is presented.
△ Less
Submitted 22 February, 2019;
originally announced February 2019.
-
Using 2.4 GHz Wireless Botnets to Implement Denial-of-Service Attacks
Authors:
Volodymyr Buriachok,
Volodymyr Sokolov
Abstract:
This article attempts to create a software and hardware complex that can work autonomously and demonstrates the ease of implementation of attacks on denial of service on wireless networks, which in turn emphasizes the need to provide comprehensive protection of wireless networks.
This article attempts to create a software and hardware complex that can work autonomously and demonstrates the ease of implementation of attacks on denial of service on wireless networks, which in turn emphasizes the need to provide comprehensive protection of wireless networks.
△ Less
Submitted 22 February, 2019;
originally announced February 2019.