Thesis Abstract

Law Enforcement Agencies (LEA) around the world utilizes eavesdropping systems that are based on

the Communications Assistance for Law Enforcement Act (CALEA) architecture, which provides a

platform for transmitting and collecting these data for further analysis. Recent security analysis however

has revealed that CALEA is susceptible to Denial-of-Service (DoS) attacks, which could potentially

compromise the ability of the system to transmit, analyse and utilize the captured data in real time. The

primary reason for this is the limited transfer rate allocated for sending data obtained via eavesdropping.

The bandwidth can be easily overwhelmed by dummy messages if the transmission link is hijacked,

resulting in subsequent loss of real data being transmitted. This would be analogous to the SYN flood

attack observed in web servers.

This project proposes a solution to this issue, which involves splitting the original data to be transmitted

into smaller chunks prior to transmission. The motivation is to decrease the probability of packets

containing real data being lost when the bandwidth usage increases when a DOS attack is attempted.

Subsequently larger amount of real data arrives intact at the receiving end, which can then be gainfully

utilized. The process of distinguishing the fake from real messages could be achieved through some

appropriate pattern recognition and classification software, which however would be beyond the scope

of this project. The key activities in this project involve the design, implementation and test of the

performance aspects of the proposed solution to the DOS attack problem.

A brief overview of the CALEA architecture is provided, along with the various key modules that

comprise it. The current solution is proposed after an analysis of various alternatives. The primary

research methodology in this project concerns the design of the experimental tests for the proposed

solution, its implementation, execution, data gathering and subsequent analysis. The trial runs are

repeated for both wireless medium and wired medium in order to compare results. A limited transfer rate

link is used to simulate an overwhelmed link and the FTP protocol is used for the file transfer process. A

performance analysis is shown to indicate the amount of real data that would have been lost without the

use of the solution. A discussion about the strength and weakness of the solution is also provided, along

with avenues for future work.

Thesis Overview