By Milica D. Djekic
As it’s well-known, there are a lot of ways of tracking someone’s e-mail, chat, or social media accounts. The defense professionals are quite familiar with such methods and those hotspots could be used in order to discover the new suspicious activities in cyberspace. So many transnational and terrorist groups use account tracking to stay updated about someone’s actions in the virtual domain. The main trick with the network traffic is that the data are put into packets keeping so sensitive information about the payload and routing information. In other words, those packets can travel from device to device relying on so critical communications infrastructure. If computer breach and account tracking are well-known ways of obtaining sensitive content, it’s quite clear there are more critical points in the data exchange and storage. For instance, if anyone would want to avoid the challenges of servers, datacenters and endpoints breach that person could try to do some communications tracking in order to catch the information on their way on. In so many cases those contents are under the key and there must be invested effort in order to decrypt the message and make it being readable to everyone. In modern times, so many communications channels have begun their life path as defense products and today they are fully under commercial usage. Anything being widely accessible has a counter-system in order to remain under the control of its creators. Apparently, no one will develop a solution that works on its own and without being controllable by human beings. Next, the final product can do only what its developers defined it to do and it cannot cope without its secret counter-weapon. So, if the e-mail accounts, browsers, and social media profiles deal with some kind of protection and they are so appealingly commercialized, it’s quite obvious those advancements have the reversible systems that make them being manageable. A similar situation is with the communications routes that can be tracked using widespread monitoring tools. Even if the packets of their information are well secured they can be transformed into plaintext as there are plenty of options on the marketplace for such a purpose.
The devices in a network communicate with each other coping with a certain set of rules. First, it’s important to understand why communication protocols matter as they are from the crucial significance of the traffic enabling and information exchange. In other words, if two devices follow such rules and if their talk is accurate or as defined they will get permission to make a connection with one another and do some data transfer. Logically, that information is part of the communication channel and in both – policing and the military – there can be an advisory who can listen to the traffic and re-direct its samples to the other machines. We call that operation tapping or streaming. Further, the exchanged information is secured with some sort of cryptography and the streamer cannot be confident what all that is about. The point is someone can make a breach into the network traffic as it’s possible making a breach into some device. On the other hand, when the traffic is streamed there can be a lot of job for cryptanalyst that needs to decrypt and analyze once sent content. From a security point of view, this matters for a reason communication tracking can be used by illegal organizations in order to monitor someone’s activities on the web. As a consequence of such a campaign, we can realize that so many community members, as well as their infrastructure, can be at risk because the bad guys can come into the possession of confidential information. Across the globe, there are so many network monitoring applications that can be applied to do some streaming and with the support of some cryptanalysis efforts reading once decrypted messages. Basically, the cryptanalyst is a person who is capable to transform the packets of the information into their plaintext form and make them being accessible to the rest of the team members. The fact is the cybercrime underworld has always been in a position to do such a sort of operations and undoubtedly is a threat to communities, businesses, and government assets. It appears the high-tech syndicates are the real global threat especially if we have in mind, they can be a very dangerous weapon in the hands of the rest of the criminal and terrorist groups.
The packet of the information is so complex set of the bits that depending on the 0s and 1s position in the array can mean a lot in the machine language sense. The two basic parts of the data packet are the payload and routing information that respectively copes with the message itself and the tracking path the packet must pass in order to be delivered from the starting point unless the final destination. The common type of the cryptography is end-to-end encryption or E2EE, so far. That kind of encryption means that the main message is ciphered at one device, then packed into the payload bits and finally sent to the destinating location. The entire communication network is so huge and very complicated, so in order to make the data transmission it’s necessary to get along with some path and prevent the encrypted payload getting streamed and read from its traffic route. The routing information or the path bits serve for the better packets distribution across the network. The E2EE is one of the best practice approaches in so many competitive armies and policing units as it serves for the quite reliable delivery of the messages. That sort of cryptography as anything else has its strong and weak sides and as it’s well-known the message is encrypted at the initial device and decrypted at the final destination, which means if those two devices are under the exposure the enemy can come in the possession of the accurate plaintext. Also, if anyone is doing the channeling of the communication asset that person can figure out the accurate interpretation of the payload itself. In other words, for the purposes of the good cryptanalysis it’s important to deal with the advanced knowledge of computer science and engineering and whatever goes through the channel deals with the array of the packet’s bits. If we know the position of each bit in that array we can make a choice between the 0 and 1, so – in other words, our chances to make the true guessing are half-half. In addition, it’s significant to take into consideration the meaning of ASCII characters that can give an opportunity to figure out how the open message could look like. For instance, any sentence within the plaintext ends up with some sign of interpunction, so there can be the entire variations of the possible decrypted information. In other words, as the E2EE is critical at its endpoints it can be quite concerning on its way through from the source to destination as the channel can be tapped and potentially broken in.
In order to illustrate the link encryption, we can use an example of the highway with its entire infrastructure that serves in directing the traffic on. The driver on that road must know where he goes and he has the permission to rely on the traffic signalization. In other words, the usage of the maps and GPS navigation is allowed, but what those all if the driver does not know the pathway. It seems that the link encryption is more like sending the packet of the information through the well-protected channel which routing information bits are carefully encrypted. The only fining being available at that moment is the information about the next stop. So, if it is needed to apply some GPS navigation it’s necessary to go step-by-step. In other words, stop linkage information is included as the plaintext and reading so it’s possible to figure out where the next station to such a packet is. In so general terms, those stops can be considered as hops where the entire packet is decrypted and re-encrypted in order to obtain the information about where further the packet should be delivered. The best practice has suggested that the most useful solution is the combination of the E2EE and link encryption for a reason the both – payload and routing information – are well-protected. That sort of cryptography is known as the super-encryption. The hop is any device in the network where once directed traffic can go and it can be the router, modem or server. The hop is also so sensitive point in the network because the hackers can identify that part of the IT infrastructure and try to attack the place where decryption of the packet itself takes place. That is especially the huge risk in case of the network monitoring for a reason the bad guys can find and exploit the places where the plaintext is widely accessible. In other words, the ongoing cyber criminals are extremely skillful individuals with the exceptional technical brightness that are capable to discover any weakness in the system and take advantage over so. The mix of the E2EE and link encryption gives the safer environment for data transport, but it’s still vulnerable to the high-tech attacks and campaigns.
About the Author
Milica D. Djekic is an Independent Researcher from Subotica, the Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with disability.