This mobile phone security system detects Signaling System 7 (SS7) redirection attacks during phone calls. SS7 is a global network that links together mobile phones, but unfortunately, hackers can abuse necessary functions of SS7 to reroute phone calls, track locations and intercept SMS messages. These attacks are difficult to identify due to the lack of detection techniques, so existing practices often fail to determine intended targets. Additionally, conventional carrier-based approaches neglect to inform consumers of incidents in real time. The universal impact of these attacks, noted in telecommunication networks across the globe, highlights the need for a for a user-side detection system.

Researchers at the University of Florida have developed a consumer-friendly, SS7-based detection system which alerts users about attempts to reroute their calls or eavesdrop on them. This is the first detection system that informs users when their calls are being covertly attacked.

Application

Mobile phone security system that detects and alerts users of rerouting and eavesdropping attacks using audio-based distance bounding

Advantages

Prevents eavesdropping, enabling secure communications and privacy to government users, companies and other organizations who place sensitive phone calls
Operates during the targeted points of a phone call, improving existing attack identification systems
Adapts to multiple production methods, allowing manufactures to include as part of either hardware or software
Utilizes a strong detection mechanism, informing users of call monitoring or rerouting

Technology

This security system uses audio-based distance bounding by transmitting cryptographically generated audio challenges and responses between cell phones while on a call. By measuring the time it takes for a signal to travel a return journey from one mobile phone to another, this application can securely estimate the round trip travel time (RTT) over the audio channel. Rerouting attacks add significant latency to call audio and cause abnormally high RTTs. This system therefore uses its estimated RTT to determine if a call is being attacked. Furthermore, the challenges and responses are encoded, meaning they cannot be imitated by hackers seeking to obscure their presence.

Efficient Identification and Content Authentication for Phone Calls

Cryptographically Authenticates Phone Calls for Secure Personal and Professional Communications

This application cryptographically verifies the identity of callers to ensure that phone calls are authentic, assuring users that their information is safe. Financial, medical, or other personal information is commonly communicated through phone calls or other telephony technology. In 2014, 17.6 million Americans lost an estimated total of $8.6 billion in fraudulent phone scams, most of which were a result of caller ID spoofing. Telephony advancement is failing to meet the need for more secure and trustworthy communication channels. Caller identity is currently verified through look-up services or biometrics, such as voice recognition, but neither protect against forgery.

Researchers at the University of Florida have developed the AuthentiCall system, which cryptographically authenticates both parties on a call. AuthentiCall can be implemented on both personal and professional communications servers or as a cellular application.

Application

Authentication system that verifies financial, medical, and personal information is communicated securely, decreasing privacy issues and phone fraud

Advantages

Detects 99 percent of tampered audio calls, increasing the integrity and security of conversations
Initiates call monitoring within the first second, preventing redirection of calls to an adversary
Installs easily on servers or cellular devices, providing protection for corporations, businesses, and individuals

Technology

The AuthentiCall system uses cryptography to provide stronger authentication through the coding and decoding of secure messages in data and audio channels. Cryptographic authentication is more secure than the other available methods, because it provides end-to-end authentication between the callers. The use of formally verified protocols, which bind data and audio channels, provides a stronger guarantee of the integrity of conversations that occur over traditional phone networks. This authentication occurs within the first second after a call is answered, and continuously refreshes during the duration of the call. AuthentiCall detects tampered audio, spoofing calls, or unverifiable identities.

Convenient Caller ID Verification Protocol for All Telephony Networks

AuthLoop Allows Efficient Cryptographic Authentication via Voice Channel

This caller ID verification system allows efficient authentication through the voice data channel, improving consumer security on phone calls occurring on any combination of available telephony networks. Sensitive information, including banking and credit card account authorizations, as well as confidential identity data, is exchanged via telephone networks daily. Legacy “Caller ID” is often the only information exchanged to verify identity between callers, and this information can be easily manipulated. This can allow a third party to pose as a banking institution or law enforcement agency in order to obtain a victim’s sensitive information. Caller ID “spoofing” enables global consumer fraud of more than $2 billion per year. Robust caller identity verification has been available only between devices with active internet connections, such as phones using VoIP networks. Since this excludes phones operating on the mobile and “land-line” networks, as well as any calls placed across multiple telephony networks, the vast majority of callers cannot be authenticated. Researchers at the University of Florida have created AuthLoop, a technique that can perform caller ID verification using strong cryptography via the telephone voice channel. This technique is effective during calls placed on any combination of available telephony networks and may provide a dramatic reduction in telephone-related fraud.

Application

Efficient cryptographic authentication protocol that utilizes voice data channel to provide convenient caller ID verification across all telephony networks

Advantages

Provides real-time verification of caller identity and proof that verified parties remain on the call, reducing user risk of identity fraud
Utilizes voice-channel data transmission, allowing implementation within and across all available telephony networks
Employs a bandwidth-optimized authentication protocol, allowing caller verification within nine seconds

Technology

This technique is capable of providing authentication of a caller’s identity throughout a phone call, utilizing a codec-agnostic modem that allows for transmission of data through audio channels. In this system, an end user (i.e. the consumer) requests a certificate containing a cryptographic key from the caller (i.e. a call center), which provides a value to the end user that is used to calculate a series of verification values. If the verification results conflict with the telephone number provided by the caller, the caller’s asserted identity is rejected. This process is repeated throughout the call to ensure that the caller remains on the line, prohibiting “man in the middle” attacks. The addition of this protocol to new and existing devices may dramatically reduce the risk of consumer fraud via telephony networks.

Ransomware Protection through Data Transformation Monitoring

Anti-Malware System Indicator Automatically Detects Malware Based on User Data Changes

This anti-ransomware system indicator monitors an end user?s data to automatically detect malware based on changes to that data. Data breaches occur when sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or otherwise used by an unauthorized user. Data breaches have severe legal, economic, social, and security implications. The annual cost of data breaches is estimated to exceed $2 trillion in 2019. As a result, the global cybersecurity market is estimated to grow to $170 billion by 2020. Available technologies are unable to consistently detect ransomware, resulting in the widespread loss of more than $18 million annually. Researchers at the University of Florida have developed a malware detection system for detecting ransomware, a malware that encrypts an end user?s files and holds the decryption key until a ransom is paid. This early-warning detection system alerts the end user to the large-scale changes to his/her files and automatically halts the process that appears to be tampering with large amounts of the user?s data. This anti-malware system has a low false-positive rate and is capable of rapid detection based on a set of ransomware-specific behavior indicators. This anti-malware system has the potential to meet the need for better cybersecurity tools and applications by working in conjunction with existing anti-malware programs to catch ransomware that has begun execution.

Application

Malware detection system and technique to combat ransomware?s ability to access user?s data

Advantages

Protects user data by monitoring for large-scale changes to the data, blocking changes that are indicative of a transformation from usable to unusable
Through process scoring and monitoring only data files, the system maintains a high accuracy against unknown ransomware samples, while limiting user involvement
Halted processes are unable to continue damaging the user?s data, preventing total loss and making ransom payments less likely
Works in conjunction with existing anti-malware program, providing a second chance to catch undetected malware, such as ransomware
Can also detect and block unauthorized encryption of data in use cases where encryption is undesired or only a specific implementation is approved

Technology

Ransomware represents one of the most visible threats to end users; due to its ability to evade many existing antivirus detection systems. The system monitors a user?s files and takes measurements as data is read and written, creating a reputation score for a process. When the reputation score exceeds a set threshold, the system automatically stops the process as a potential malware threat. The anti-malware system can work in conjunction with a first-defense anti-malware program, catching malware that went undetected by the first program. By recognizing ransomware?s key feature, this anti-malware system combats ransomware and prevents the malware from accessing end user?s data in its totality. Experimental results indicate that the anti-malware system detected and stopped 100 percent of 492 real-world ransomware samples, with as few as zero files lost and a median of 10 files lost.

Credit Card-Sized Device That Tests for Skimmers in Card Readers

Quickly and Accurately Detects if Card Payment Readers Are Safe to Use

Inserting this device into a card reader before you insert your credit card can alert you to the presence of credit card skimmers so you won’t be scammed. Skimmers (and shimmers) are malicious card readers attached to the interior or exterior of the real payment terminal that are intentionally difficult for the average consumer to detect. Skimming is a type of identity theft in which thieves steal the data on your payment cards to empty your bank account or buy goods and services on your credit. In 2018, more than $24 billion was lost to payment card fraud worldwide. The United States is the global leader in credit card fraud. While consumers can use safer forms of payment – such as creating dummy credit card numbers, using Apple Pay or Android Pay, or paying the cashier inside rather than the pump – most, nearly 50 percent in the United States, will find themselves a victim of card payment fraud at some point. The increasing prevalence of these attacks points to the need for a consumer-side anti-skimmer defense apparent.

Researchers at the University of Florida have developed a credit card-sized device that quickly and accurately tests for the presence of skimmer devices when inserted into an ATM slot or other card payment system. The New York Police Department as well as units in retail, law enforcement, and financial industries across 21 states across the nation have used the device, named the Skim Reaper, with success.

Application

Credit card-sized device for the detection of overlay skimmers in ATMs and card payment devices

Advantages

Works quickly and accurately, providing sure protection against identity theft and payment card fraud with no inconvenience
Simulates a debit or credit card, making it easy to carry and use prior to inserting a payment card
Uses lights to indicate a card reader is safe or unsafe, giving clear guidance for the consumer or commercial user

Technology

This credit-card-sized device can be inserted into the slot of a payment card receiver to determine if more than one read head is present. Additional read heads indicate the presence of a skimmer attempting to gain sensitive card data. The card provides alerts – red light to indicate a skimmer, blue light to show a card reader is safe. Consumers can use the Skim Reaper to test card slots for skimmers before use. Commercial business owners or law enforcement could use the device to check card readers periodically. The skimmer detection system could have two primary components, which may exist as a single physical device, multiple devices, or via a hardware/software combination (such as a physical device and an app on a smartphone). Researchers have developed additional functionality such as that which would allow the device to identify itself to a card reader terminal and log when the reader was last examined, etc.