Malleum Knowledge Base

VCS script

10 min read

Hello everyone. Today, we’re excited to present our research on a topic that has become increasingly relevant in our digital age. Our presentation is titled ‘Virtual Sessions for Forensic Analysis of VCS: A Novel Methodology’.

I’m Jaykumar Soni, and joining me in this research endeavor are Tom Neubert, Benjamin Dietrich, and Prof. Dr Claus Vielhauer. Together, we’ve delved deep into the realm of Video Conferencing Systems, or VCS, to develop a unique approach for their forensic analysis.

Change slide------------------------------------------------------------------

To ensure we navigate through our presentation in a structured manner, we’ve laid out an agenda. This will not only guide our discussion today but also help you anticipate what’s coming next. We’ll kick things off with an introduction to VCS, then delve into the growing concerns and the existing research gap.

As we move through each section, we’ll revisit this agenda, marking our progress. This way, you’ll always have a clear sense of where we are in the presentation and what to expect next. Let’s embark on this journey and start with our first topic.

Change slide--------------------------------------------------

Before we dive deeper into our research, it’s essential to set the stage with a clear understanding of Video Conferencing Systems. For the purpose of this presentation, I’ll use the abbreviation VCS.

  • “In today’s digital age, VCS have transformed the way we communicate. They’ve bridged geographical divides, allowing for real-time face-to-face interactions no matter where participants are located.”
  • “These systems have become essential tools, especially in professional settings. They’ve enabled remote work, global collaborations, and virtual meetings, making distances virtually irrelevant.”
  • “Beyond the corporate world, VCS have also been crucial in personal communications, especially during times when meeting in person was challenging, like during global pandemics.”
  • “However, like any technology that becomes a significant part of our daily lives, VCS have their own set of challenges and concerns, which we’ll explore in the following slides.”

“In short, while VCS have brought many advantages, it’s vital to address and understand the related challenges to ensure secure and private communications.”

Next, we’ll delve into the growing concerns associated with VCS and the research gap that exists.”

“The Growing Concern and Research Gap”:

The Growing Concern:

  • “The global adoption of VCS has seen a significant surge, especially in recent years. This widespread usage has brought with it a set of challenges.”
  • “There have been increasing reports of security breaches in various VCS platforms. These breaches not only compromise data but also raise questions about the overall security infrastructure of these systems.”
  • “Another pressing concern is the privacy of users. VCS often captures facial videos and speech audios, which are essentially biometric data. The potential misuse of this data is a significant concern.”
  • “Furthermore, VCS can inadvertently reveal behavioral patterns of users, such as their absence, movements, and even their chatting behavior. This kind of data can be sensitive in many contexts.”

Research Gap:

  • “Now, while these concerns are evident, the current methodologies to analyze VCS have their limitations.”
  • “The closed-source nature of many commercial VCS platforms poses a significant challenge. It restricts a comprehensive analysis, making it difficult to get a holistic view of the system’s workings.”
  • “There’s a clear need in the field for a method that is not only reproducible and comparable but also ensures that user privacy isn’t compromised. This is the gap we aim to address in our research.”

“In the next slides, we’ll delve into our unique contributions and the methodology we’ve developed to address these challenges.”

“Our Contribution and Visualization”:

Slide: Our Contribution

  • Novel Approach:

    • “We’ve introduced a privacy-preserving methodology tailored for VCS analysis. This approach is distinct because it harnesses publicly available videos and scripts, ensuring that the data we work with is both relevant and ethically sourced, with little intervention needed from the user to generate the network traffic data.”

  • Ethical Testing:

    • “A cornerstone of our research is its ethical foundation. We’ve ensured that no real biometric data is involved in our methodology. This not only upholds the privacy of individuals but also sets a precedent for how VCS analysis can be conducted without compromising on ethical standards.”

  • Comprehensive Methodology:

    • “Our methodology isn’t just novel; it’s comprehensive. We’ve developed a five-step process that spans from the initial definition of user activities right through to forensic analysis. This ensures a thorough and holistic approach to VCS analysis.”

Slide: Virtualization Visualization

“Now, to give you a clearer picture of our virtualization process, let’s take a look at this image. What you’re seeing is a snapshot of a VCS, but with a twist. Instead of live webcams, we’re using videos as the webcam source.

  • “This visualization captures the essence of our virtual VCS sessions. The videos you see replace live webcam feeds, allowing us to simulate real VCS interactions without compromising on user privacy.”
  • “It’s a simple yet powerful representation of how we can conduct VCS analysis in a controlled, ethical, and reproducible manner.”
  • “As we delve deeper into our presentation, we’ll explore the intricacies of this approach. But this image provides a tangible glimpse into our innovative methodology.”

Script: SOA

“Let’s take a moment to understand the landscape of research surrounding Video Conferencing Systems, or VCS, before we delve into our own contributions.

Historical Focus:

  • Historically, much of the research in the realm of VCS has been narrowly focused. A significant portion of early works primarily addressed Microsoft’s Skype™, given its widespread use over the past decade. Topics ranged from physical memory analysis to reconstruct user activities, identification of Skype™ packets in network traffic, and even forensic behavior on hard drives.

Key Research Areas:

  • Over the years, the research community has explored various facets of VCS. Some of the key areas include:
    • Memory and traffic analysis.
    • Forensic behavior on hard drives.

Recent Advancements:

  • As technology evolved, so did the research methodologies. For instance, in 2021, a study on the Cisco WebEx VCS™ application delved into a forensic analysis of memory, hard disk, and network traffic. They explored typical user activities, from setting up profiles to making audio and video calls.
  • Another noteworthy study in 2021 focused on the Zoom™ application. This research identified several software functions that were forensically traceable across hard drives, memory, and network traffic.
  • However, a standout piece of research by Altschaffel et al. in 2021 took a unique approach. Recognizing the challenges posed by encrypted network streams in VCS, they presented a forensic examination process based on heuristics and meta-data analysis of VCS-related multimedia network streams. They identified 20 events that revealed sensitive user or activity-related information.

In essence, while there have been various forensic investigations on VCS applications, there’s a pressing need for universally applicable setups. These setups should allow for reproducible and comparable forensic examinations, especially on encrypted network traffic, to identify potential risks within VCS environments. And that’s precisely where our research comes into play, as we’ll discuss in the subsequent slides.”

“Detailed Steps of Our Methodology”:

“As we delve deeper into our research’s core, it’s essential to understand the meticulous methodology we’ve employed. Our approach is systematic, spanning five distinct steps to ensure a comprehensive analysis of VCS.

  • 1. User Activities Definition:

    • “The foundation of our methodology lies in defining user activities. We script specific behaviors that are to be exhibited during the virtual VC-sessions. This ensures that our simulations are consistent and replicable, providing a standardized base for our analysis.”

  • 2. Data Collection:

    • “Once our user activities are defined, the next step is data collection. We source video and audio data from publicly available platforms. This ensures that our data is both relevant to real-world VCS scenarios and ethically sourced, eliminating privacy concerns.”

  • 3. VC-Session Automation:

    • “With our data in hand, we move to the automation phase. Here, we employ simulation scripts that execute the predefined user activities. This automation ensures that our virtual VC-sessions are consistent, reducing variables and ensuring the reliability of our results.”

  • 4. Network Data Capture:

    • “The next phase involves capturing network data. As our virtual VC-session runs, we record the network traffic it generates. This data is crucial, providing the raw material for our subsequent forensic analysis.”

  • 5. Forensic Analysis:

    • “The final step is where we delve deep. With our captured data, we perform a thorough forensic analysis, evaluating the data to draw insights, identify vulnerabilities, and understand the intricacies of VCS behavior.”

“User Activity Tracking & Proof-of-Concept Validation”

“Let’s delve into some of our preliminary findings and the validation of our proof-of-concept.

Starting with User Activity Tracking:

  • In our initial tests, we’ve made promising strides. We’ve been able to successfully identify specific activities within the VCS environment.
  • Some of the events we’ve captured include the toggling of webcams, whether they’re turned on or off, tracking the audio status, such as when a user mutes or unmutes their microphone, and even when screen sharing is initiated.

Moving on to our Proof-of-Concept Validation:

  • Our early results are quite encouraging. They demonstrate the potential of our approach to consistently and reproducibly simulate virtual VC-sessions.
  • While these are just our initial findings, they lay a solid foundation. We believe this sets the stage for a more in-depth and comprehensive analysis in the subsequent phases of our research.

In essence, our early results not only validate our approach but also highlight the potential impact of our research in understanding and analyzing VCS.”

Statistics:

“Let’s take a closer look at this visualization, which provides a snapshot of our early statistical results on user activity during VC sessions.

At the outset, you’ll notice the behavior of the UDP stream. It’s active from the moment a user joins a session and remains so until they exit. This continuous stream gives us a wealth of information. For instance, variations in throughput allow us to identify when a user mutes or unmutes their audio. Similarly, the inbound traffic offers insights into the audio status of remote users.

Now, an intriguing aspect of this data is the unique throughput patterns each user exhibits. These patterns, influenced by individual speaking styles, can potentially help us estimate the number of users in a session.

Focusing on specific colors in the graph, the brown, turquoise, and orange streams represent connections between clients and the server. These streams become particularly active during specific session activities, such as when a user toggles their webcam.

In contrast, the green, pink, and blue streams align perfectly with screen sharing activities. Their behavior corresponds with our screenplay timeline, indicating screen sharing events.

Another key observation is the clear differentiation between video and audio streams. Video streams have a distinct throughput range, which, when analyzed alongside audio streams, can significantly enhance user identification accuracy.

Lastly, it’s worth noting that screen sharing events stand out distinctly from audio and video streams, purely based on their throughput.

While this graph offers a glimpse into our findings, we’ll be delving deeper into these observations in our upcoming paper.”

Script for the “Conclusions & Future Work” Slide:

“As we wrap up our presentation, let’s summarize our key findings and look ahead to our future research directions.

Conclusions:

  • We’ve introduced a novel methodology, one that places a strong emphasis on privacy, tailored specifically for the analysis of Video Conferencing Systems.
  • Our approach has undergone validation, and I’m pleased to share that our early results are both promising and encouraging. It’s a testament to the potential of our methodology in this domain.

Looking Ahead - Future Work:

  • We’re excited about the next steps. One avenue we’re keen to explore is the integration of machine learning techniques. We believe this can significantly enhance the depth and breadth of our VCS analysis.
  • Additionally, we aim to further refine our user activity tracking mechanisms, ensuring even more accurate and detailed insights.
  • And lastly, to bolster the robustness of our research, we’re looking to expand our datasets for virtual VC-sessions, capturing a wider range of user interactions and behaviors.

In essence, while we’ve made significant strides, the journey ahead is filled with opportunities to delve deeper and make impactful contributions to the field of VCS analysis.”

Graph View