Talk:Eavesdropping

Untitled

What's with the "Eavesdropping-Sarah Jackson"? It makes a great deal of no sense at all.

I am not sure if the belly buster paragraph and picture, the Canadian and the Chinese historical anectodes are useful. They seem out of place. I think they should either be removed entirely or put into some larger context. The Belly buster drill for example, might be moved to the surveillance page. --lenehey

Seems the text about the belly buster was removed but the image left in. I changed the text under the image so it now at least makes sense, but I don't think it belongs there at all. — Preceding unsigned comment added by 77.23.76.68 (talk) 15:32, 4 April 2012 (UTC)

What is the superstition of the black dot? This should be explained or sourced. D Boland (talk) 01:45, 20 August 2008 (UTC)

Possible additions to Network Eavesdropping

Source: Bonguet A, Bellaiche M: A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing Future Internet 9: 43, 2017 The source is a scholarly article on cloud computing; denial-of-service, network eavesdropping, security, and countermeasures. The purpose of this paper is to evaluate cloud computing as a model and how eavesdropping attacks can happen. The article starts with an abstract explaining what cloud computing and Denial-of-Service is. Then the introduction explains the features of cloud computing including large-scale, resource-pooling, network access, on-demand self-service. It also highlights that users do not own the computing servers and their data can be accessed by different devices(smartphone, computer). Then it goes on about the security in cloud computing when developing services, such as isolating users’ individual data, implementing authentication mechanisms. It goes on about integrity where traffic hijacking can eavesdrop on activities and transactions, manipulate data, redirect users to illegitimate sites, and more. Later on, it discusses design experiments used to evaluate DoS defenses. Works related to the classification of security, identifying possible attacks and attackers are discussed. Active attackers may attack by sending signals to users, while passive attackers may just eavesdrop, so that victims may not be aware that their machine is being watched or monitored. Passive attackers may launch eavesdropping attacks to capture communication. Virtual Machine Monitor(VMM) is proposed as a detector to monitor the attacks, and the Intrusion Detection Systems(IDS) examines network traffic and user behaviors so they will be alerted when an attack occurs. They talked about other systems as well and moved on to how to evaluate defense systems. I think the source is reliable because 55 sources are referenced, and the source is not biased because it is informing readers and not putting any opinions. This source is useful because it introduces new concepts to monitoring network eavesdropping and brings in different ideas and criteria. The targeting audience is people who want to learn more about cloud computing and models to deal with network attacks. I think the reading level of the article is low such that a beginner in learning about network security will understand it pretty well. This article did not shape any of my arguments since I don’t have one and this article is more of explaining concepts.

Source: Li X, Wang Q, Dai H-N, Wang H: A Novel Friendly Jamming Scheme in Industrial Crowdsensing Networks against Eavesdropping Attack Sensors 18: 1938, 2018 The source is a scholarly article on a proposal of an anti-eavesdropping attack. It starts with introducing friendly-jamming schemes as a promising approach to enhance network security so that it can generate a jamming signal to increase the noise level at the eavesdropper, making the eavesdropper fail to wiretap the communications. Then it introduces the model that focuses on uplinking transmission from sensor devices to the receiver and explains how the model can help with jamming eavesdroppers, and impacts of it. I think the source is reliable because 31 sources are referenced, and the source is not biased because it is informing readers and not putting any opinions. This source is useful because it introduces an anti-eavesdropping model to jam eavesdroppers. I think the article is useful for people that want to learn how to propose an anti-eavesdropping attack model or any models regarding network security. The targeting audience is people who want to learn more about anti-eavesdropping and a model to deal with network attacks. I think the reading level of the article is low such that a beginner in learning about network security will understand it pretty well. This article did not shape any of my arguments since I don’t have one and this article is more of explaining concepts.

Source: Chakravarty, S., Portokalidis, G., Polychronakis, M., and Keromytis, A., 2014. Detection and analysis of eavesdropping in anonymous communication networks. International Journal of Information Security, 14(3), pp.205-220. The source is a scholarly article on detecting and analyzing eavesdropping in communication networks. It starts by defining anonymous communication networks and how eavesdropping happens. It goes on by describing many services and protocols relying on non-encrypted communication so that malicious users or parties can easily eavesdrop or collect information and data from other users. This leads to the discussion on detecting these misbehaviors like transmission of decoy traffic that contains easily reusable and sensitive information via all nodes of the network to decoy servers under their control. Then, it describes honeypots which are the detected activities of some eavesdropping incidents, they have added honeypots to the system, and Beacon-bearing decoy documents that contain fake sensitive information so when eavesdroppers open it, it will be triggered. The article then explains their model and implementation, and some eavesdropping incidents. I think the source is reliable because it used 56 different sources. I think the source is not biased because it presents a model and defines technical terms so it does not include opinions. I think the source is useful for people that are trying to learn about detecting and analyzing eavesdropping in anonymous communication networks and or people that want to learn more models for detecting network eavesdropping attacks. The targeting audience is people that are interested to learn models to detect and analyze network eavesdroppers. I think the reading level is simple so that new learners or people that do not know much about network eavesdropping can understand the article. This article does not shape my arguments because I am not trying to find any arguments or thoughts from it, and this article just presents a model.

Source: Chakravarty, S., 2014. Traffic Analysis Attacks And Defenses In Low Latency Anonymous Communication. [online] Cs.columbia.edu. The source is a scholarly article on assumptions and network eavesdropping attacking models. It starts with identifying the attacks and describing important assumptions and attacker models. Then it explains anonymous network communication systems, attacks and defends against it, and detects eavesdropping by Tor Exit Nodes. It then describes traffic analysis against anonymity networks using remote bandwidth estimation such as threat model and attack approach and evaluations of it. Then, it describes traffic analysis against anonymity networks using flow records, such as network monitoring, and again a model and evaluation of it. It then determines potential adversaries of anonymity networks, specifically eavesdrop detection in anonymity networks. The system model, implementation, results, and future works. I think this source is reliable because it covers a different model and has many resources(over 50). Also, I think this source is unbiased because it describes the model, evaluations, and discusses future ideas. I think the article is useful for people that want to compare different models that find network eavesdroppers or for people that want to learn more about it. The targeted audience is people who are interested in how different eavesdropping detecting models work and their findings and results of it. This article is slightly harder than the previous three sources just because of its length and because it covers a few models compared to only focusing on one which might be a little more to handle, especially for beginners. I think this article does not shape my arguments because I am trying to learn more about network eavesdropping and I am not trying to form any opinions on it or opinions on networking eavesdropping attacking models.

Source: Wang, Y., Zheng, N., Xu, M., Qiao, T., Zhang, Q., Yan, F., and Xu, J., 2019. Hierarchical Identifier: Application to User Privacy Eavesdropping on Mobile Payment App. Sensors, 19(14), p.3052. The source is a scholarly article on mobile payment apps and users of those apps' privacy might be eavesdropped on or collected by attackers, which this article considers a way to monitor these actions and monitor people’s privacy on the app. This article first introduces the problem of security and privacy as an important factor for app users and developers, and topics on identification and privacy have been discussed a lot in recent years. It then explains that a hierarchical identification system is created to classify financial transaction actions in mobile payment apps via encrypted network traffic. It identifies traffic data and extracts features that can characterize user actions on the app. It discusses mobile app identification and user action identification. Later, it characterizes network traffic on the mobile payment app, like the description of user actions and steps, traffic characteristics on the app, overview of the system’s framework, traffic mirroring, traffic segmentation, feature extraction, classifying algorithm design, hierarchical identification, and ends with evaluations on data description. I think this source is reliable because it uses 29 different sources in it. I think the source is unbiased because it describes mobile payment apps and eavesdropping which does not mention any arguments on it. This article will be useful for people who are curious about mobile payment apps and how secure they are and how people are trying to create a better system to monitor eavesdropper in those payment apps. I think the article is targeted towards people that have some knowledge of network security and eavesdropping issues because it does not define eavesdropping but goes straight specifically to mobile payment apps issues on network security. This also shows that the article is not as easy to read as the previous sources because of that. I think this article does not shape my arguments because I do not have an opinion on how mobile payment apps should have a certain security model and I am still learning about network eavesdropping.

Source: Abiodun, Esther Omolara, et al, (2020). “Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp” Wireless Personal Communications, 112(4), pp. 2533–2556. This source is a scholarly article on the honey encryption (HE) scheme for reinforcing the security of instant messaging systems, specifically WhatsApp. It starts by introducing instant messaging and why this technology is becoming popular, including speed, applications, and usability. Then, it explains how eavesdropping can happen during the transmission of the messages. After that, it explains several systems implementing secure encryption schemes and explains WhatsApp uses the Advanced Encryption Standard-256 for security. However, the article states that a problem is that messages are transmitted using ASCII, so an eavesdropper can easily decrypt the message. A loophole that was mentioned is that hackers can access group chats and share false news easily, as well as put in bugs when users do video calls, and more. This leads to the discussion on Honey encryption (HE) on conventional cryptosystems, where HE schemes can facilitate secure communication between users. The design, building blocks, and algorithm of the HE scheme are discussed, and experimental results on the proposed HE scheme are reported. Fifty-three sources are referred to and stated at the end of the article, so this scholarly article is reliable. This scholarly article is easy to read because it uses simple wordings and if there are technological words used, it is explained. In addition to that, it is also very relevant to the majority of the population because many of us are using instant messaging systems like Facebook, WhatsApp, or Snapchat. The targeted audience is people that are interested in learning about the security scheme used for instant messaging systems and how it works. The advantages and disadvantages of the HE scheme are discussed in the article which shows that the source is not biased. This scholarly article is useful for research on network eavesdropping because this source explains how some people eavesdrop through instant messaging systems, and how the HE scheme is used to prevent eavesdroppers to succeed in their actions.

Source: Cecconello Stefano, Compagno Alberto, Conti Mauro, Lain Daniele, Tsudik Gene, (2019). “Skype & Type: Keyboard Eavesdropping in Voice-over-IP” ACM Transactions on Privacy and Security, 22(4), pp. 1-34. This source is a scholarly article on keyboard eavesdropping on Skype and Type. It starts by introducing what voice-over-IP (VOIP) software is. Then it explains Skype & Type (S&T) that is a new keyboard acoustic eavesdropping attack using VOIP. After that, it mentions differences with the preliminary version of the S&T and organization that overviews keyboard eavesdropping. Attacks using sound emanations are stated as well as other emanations like non-acoustic side-channels. It also describes how typing on a keyboard causes electrical components to emit electromagnetic waves that can let eavesdroppers recover original keystrokes. Then, it describes the system model that acts out how the attacker retrieves private information from users through eavesdropping using VOIP software, as well as some images to show the process. It concludes by expressing the high accuracy of eavesdropping through VOIP and S&T, and that it can be easily implemented in different systems. This scholarly article is reliable because it references forty-five sources, and it is not biased because it explains how eavesdropping happens using voice-over-IP and keyboards. Moreover, the scholarly article is useful for people who want a general sense of how eavesdropping works using VOIP, and for people who do not have much background knowledge of models for network eavesdropping. The targeted audience is people who want to learn about network eavesdropping through VOIP or keyboard acoustic attacks, and new learners for network eavesdropping. Also, the reading level is easy because it explains concepts thoroughly and has clear images to show how the eavesdropping process goes as well as sentences to explain. This scholarly article is useful for the research on network eavesdropping because it shows the model that the eavesdroppers use and it is unique. It also shows a side of how eavesdroppers eavesdrop and not how models are built to attack eavesdroppers.

Source: Chauhan R, Kaur H, Chang V, (2020). “An Optimized Integrated Framework of Big Data Analytics Managing Security and Privacy in Healthcare Data” Wireless Personal Communications, pp. 1-22. This source is a scholarly article about managing security and privacy in healthcare data. Big data analytics is brought up in the beginning and explains how it may be concerning maintaining the privacy and security of healthcare patient’s data. It mentions that big data analytics can be efficient and effective, as well as secure and private. Eavesdropping of patient’s health records happens when attackers illegally attack the communication network, and cryptographic protocols are suggested. Then, the article discusses the framework for privacy in big data analytics, including data capture, data pre-processing, medical data and privacy-preserving data mining, predictive data analytics, and the results of the framework. The source is reliable as it references forty-two resources, and is unbiased because it discusses the framework of a model in providing security and privacy for storing personal data, and does not include any opinions in it. This scholarly article is easy to comprehend because it uses simple wordings and there are no technical words used. It also describes their method very detailedly with organized sections and a diagram that shows the flow. Moreover, healthcare is something everyone is involved in, and possibly every person’s health care information is stored in a database so it is relevant to everyone and makes the reading more engaging. It also shows that it is useful reading for people that want to know more about how their personal medical information can be potentially stored and protected. The targeted audience is people who want to learn about potential ways of storing a large amount of data with a high-security level or people who want to learn about how healthcare data is stored. This scholarly article helps research network eavesdropping because it explains how big data analytics can provide a secure way of storing a large amount of personal data and preventing eavesdropper from collecting data illegally.

Source: Li D, Zhou H, Yang W, (2019). “Privacy-Preserving Consensus over a Distributed Network against Eavesdropping Attacks” Electronics 8(966), pp. 1-25. This source is a scholarly article on privacy-preserving consensus based on the increasing risk of data leaks on the network. A consensus protocol with privacy-preserving function is introduced in the beginning, and its privacy-preserving effects are measured and analyzed. This article focuses on networks of embedded devices like sensor networks and social networks that require independent consensus decision-making and is especially vulnerable to eavesdropping attacks. Then, a criterion is proposed to measure the degree of network privacy leaks when an eavesdropper attempts to attack the network. In addition to that, networks with ring topology and small-world topology are considered so that an eavesdropping strategy that can maximize the probability of privacy leaks. Then, it ends with verifying the derived results by numerical examples. This scholarly article is reliable because it refers to thirty-eight different resources. It also is unbiased because it explains a protocol and privacy preservation in typical networks. However, the reading level is very difficult and is hard to comprehend. This is because this scholarly article includes many mathematical expressions and graphs that require a heavy math background that many people may not have. It also had proofs of math theorems that are hard to understand and does not include enough explanation to understand as a beginner. People that have a deeper understanding of network eavesdropping and the actual mathematical part of it would learn more in this article and think that it is relevant to their learning. Hence, the targeted audience is people that have a mathematical and computer science background that wants to learn more about the proofs and the mathematical side of how privacy-preserving functions and protocols can help secure and prevent network eavesdropping. This scholarly article does not help with researching network eavesdropping because it is too difficult to understand and does not include enough information that explains the mathematical proofs.

Source: Potnuru, Mani. (2011). “Limits of Federal Wiretap Act's Ability to Protect Against Wi-Fi Sniffing” SSRN Electronic Journal, 111, pp 1-29. This source is a scholarly journal article about the Federal Wiretap Act that is stated to be protected against Wi-Fi sniffing and examines the Act on its ability and effectiveness. It starts with introducing the Wi-Fi technology landscape with Google and explaining that Google used “packet sniffing” to eavesdrop on users by intercepting and decoding network communications. It then mentions how “hotspots” in public places allow hackers to packet sniff easily. Then, it shows how intercepting network communications violates the Federal Wiretap Act using different parts of the Act, which leads to the discussion of the Act may only protect private Wi-Fi communications and may not apply to unsecured Wi-Fi communications. After that, it discusses applying it to the real world, facing configuration issues, and what a Wi-Fi user expects. The journal article ends with the need for amending the Wiretap Act. This source is reliable because it refers to over a hundred resources, and is slightly biased towards eavesdropping or packet sniffing is negative since it discusses a law that protects people’s privacy on the internet. It is easy to comprehend as it explains the act thoroughly, as well as the advantages and disadvantages of the law. The journal article also uses simple words to explain the Act, and when there are difficult concepts, there will be an explanation to it. The targeted audience is people that want to know about a law that attempts to protect people’s privacy while using Wi-Fi, or people that are interested to learn about how eavesdroppers use a loophole in the law to illegally retrieve Wi-Fi user’s information. This scholarly journal article helps with research on network eavesdropping because it provides information on how the law is protecting Wi-Fi user’s privacy and provides insight on amends to the law that can increase the effectiveness of it.

What does this sentence mean??

Resolved

"the eavesdrop was also sometimes called the eavesdrop" Am I reading that right? Dabizi (talk) 16:58, 9 November 2010 (UTC)

Since Dabizi's post it has been changed to "the eavesdropper was also sometimes called the eavesdrop". Mitch Ames (talk) 05:16, 25 June 2012 (UTC)

Voice over Internet Protocol

VoIP is obviously also vulnerable to security flaws with the protocol or implementations(application/servers), themselves. And yes, it's true of any protocol.

So, at least 3 possible ways to attack VoIP: 1) Spyware on the client's end. Could also include physical devices. 2) MITM attacks on the protocol (including built-in wiretaps at servers between users). 3) Attacking the client itself, using what is known as 'exploits'.

I think this should be moved to an article on wiretapping and just point to it as a modern example. 75.70.89.124 (talk) 23:31, 28 June 2013 (UTC)