Politecnico di Torino (logo)

Design and development of a framework to support lawful interceptions

Nicola Fioranelli

Design and development of a framework to support lawful interceptions.

Rel. Giovanni Malnati. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020


In the past decades wireless networks have registered an enormous increase in their diffusion. It is very common to find many networks available when travelling because shops offer their private Access Points as well as private organizations and cities. Most of the networks are free in exchange of your personal data, many others are private and protected with passphrases. In any case, the need for people to use a connection instead of consuming their cellular traffic is very high and the majority have no idea of the possible security threats. In this scenario, there is a new attack surface to lawfully intercept investigated people that is explored in this thesis. In the first part there is a review of different network security aspects that could be used. However, in literature is difficult to find material related to this subject since what already exists, in most of the cases, is secret. The proposed solution combines a set of well known attacks towards wireless networks to capture sensitive data of victims. The framework comes with a mobile hardware device with three antennas, one GPS module and a GSM connection. It is, then, provided with a web application, easy to use for people without a deep technical background, from which is possible to make attacks against wireless Access Points and to perform a complete Man-In-The-Middle attack. Results can be saved locally or sent to a laboratory for further investigations. The framework is completed with a prototype of an Android malware able to capture personal data that in other cases it would be impossible to know due to the secure connections that nowadays are widespread. Finally, the last section focuses on possible further improvements that could be achieved. The results are positive because they show how easy it could be to intercept somebody, just creating a simple Captive Portal. The most interesting thing, that reflects also the aim of the thesis, is that the solution is provided with a GUI. This is a distinguish element because simplifies how people can interact with the framework and it is different from the other open-source tools that, typically, are command line. Moreover, this feature is particularly helpful in organizations like the Ministry of Justice, where only a few people have adequate skills to use the terminal.

Relators: Giovanni Malnati
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 105
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: TonicMInds Srl
URI: http://webthesis.biblio.polito.it/id/eprint/14565
Modify record (reserved for operators) Modify record (reserved for operators)