0E2FA: Zero Effort Two-Factor Authentication

Smart devices (mobile devices, laptops, tablets, etc.) can receive signals from different radio frequency devices that are within range. As these devices move between networks (e.g., Wi-Fi hotspots, cellphone towers, etc.), they receive broadcast messages from access points, some of which can be used to collect useful information. This information can be utilized in a variety of ways, such as to establish a connection, to share information, to locate devices, and to identify users, which is central to this dissertation. The principal benefit of a broadcast message is that smart devices can read and process the embedded information without first being connected to the corresponding network. Moreover, broadcast messages can be received only within the range of the wireless access point that sends the broadcast, thus inherently limiting access to only those devices in close physical proximity, which may facilitate many applications that are dependent on proximity. In our research, we utilize data contained in these broadcast messages to implement a two-factor authentication (2FA) system that, unlike existing methods, does not require any extra effort on the part of the users of the system. By determining if two devices are in the same physical location and sufficiently close to each other, we can ensure that they belong to the same user. This system depends on something that a user knows, something that a user owns, and—a significant contribution of this work—something that is in the user’s environment

WLAN Interface Management on Mobile Devices

The number of smartphones in use is overwhelmingly increasing every year. These devices rely on connectivity to the Internet for the majority of their applications. The ever-increasing number of deployed 802.11 wireless access points and the relatively high cost of other data services make the case for opportunistic communication using free WiFi hot-spots. However, this requires effective management of the WLAN interface, because by design the energy cost of WLAN scanning and interface idle operation is high and energy is a primary resource on mobile devices. This thesis studies the WLAN interface management problem on mobile devices. First, I consider the hypothetical scenario where future knowledge of wireless connectivity opportunities is available, and present a dynamic programming algorithm that finds the optimal schedule for the interface. In the absence of future knowledge, I propose several heuristic strategies for interface management, and use real-world user traces to evaluate and compare their performance against the optimal algorithm. Trace-based simulations show that simple static scanning with a suitable interval value is very effective for delay-tolerant, background applications. I attribute the good performance of static scanning to the power-law distribution of the length of the WiFi opportunities of mobile users, and provide guidelines for choosing the scanning interval based on the statistical properties of the traces. I improve the performance of static scanning, by 46% on average, using a local cache of previous scan results that takes advantage of the location hints provided by the set of visible GSM cell towers

Android at risk: current threats stemming from unprotected local and external resources

Android is an open source platform derived from Linux OS. It utilizes a plethora of resources both local and external. Most of its local resources (e.g procfs nodes) were inherited from Linux with some of them being even- tually removed, while new ones were added to meet the requirements of a mobile multi-purpose platform. Moreover, such a platform compels the in- troduction of external resources which can be used in tandem with a variety of sensors (e.g Bluetooth and NFC) that the device is equipped with. This thesis demonstrates the subtlety involved in this adaptation which, if not performed correctly, can lead to severe information leaks stemming from un- protected local and external resources. It also presents new defense solutions and mitigation strategies that successfully tackle the found vulnerabilities. In particular, this thesis unearths three new side channels on Android OS. Prior to this work, these side channels were considered to be innocuous but here we illustrate that they can be used maliciously by an adversary to infer a user’s identity, geo-location, disease condition she is interested in, invest- ment information and her driving route. These information leaks, stem from local resources shared among all installed apps on Android: per-app data- usage statistics; ARP (Address Resolution Protocol) information; and speaker status (on or off). While harmless on a different setting, these public local resources can evidently disclose private information on a mobile platform and thus we maintain that they should not be freely available to all third-party apps installed on the system. To this end, we present mitigation strategies which strike a balance between the utility of apps that legitimately need to access such information and the privacy leakage risk involved. Unfortunately the design assumptions made while adapting Linux to cre- ate Android is not the only flaw of the latter. Specifically this work is also concerned with the security and privacy implications of using external to the OS resources. Such resources generate dynamic, hard to mediate channels of communication between the OS and an external source through usually a wireless protocol. We explore such implications in connecting smartphones with external Bluetooth devices. This thesis posits that Android falls short in providing secure Bluetooth connections with external devices; ergo its appli- cation in privacy critical domains is at the very least premature. We present a new threat, defined as external-device mis-bonding or DMB for short. To demonstrate the severity of the threat, we perform realistic attacks on popular medical Bluetooth devices. These attacks delineate how an unau- thorized app can capture private data from Bluetooth external devices and how it can help an adversary spoof those devices and feed erroneous data to legitimate applications. Furthermore, we designed an OS-level defense mechanism dubbed Dabinder, that addresses the system’s shortcomings, by guaranteeing that a Bluetooth connection is established only between a legitimate app and its respective accessory. Nevertheless, Bluetooth is not the only inadequately protected external resource with grave privacy ramifications. We have also studied NFC, Au- dio and SMS as potential channels of communication with alarmingly low confidentiality guarantees. We show with real world attacks, that Android’s permission model is too coarse-grained to safeguard such channels while pre- serving the utility of the apps. To better understand the prevalence of the problem we perform a measurement study on the Android ecosystem and discuss our findings. Finally this work presents SEACAT, a novel defense strategy, enhancing Android with flexible security capabilities. SEACAT is a scalable, effective and efficient solution, built on top of SELinux on Android, that enables the protection of channels used to communicate with external to Android re- sources. It achieves both MAC and DAC protection through straightforward and SELinux-compatible policies as the policy language and structure used, is in accordance with the current policy specifications. The system’s design encompasses mirror caching on both the kernel and the middleware layer which facilitates rapid policy enforcement through appropriate and carefully positioned hooks in the system

Asynchronous Contact Tracing, Fighting Pandemics with Internet of Things

La pandemia da COVID-19 ha cambiato le nostre vite obbligandoci a vivere mesi di lockdown, distanziamento sociale ed uso delle mascherine. Il distanziamento sociale e l'uso delle mascherine, anche dopo la prima fase della pandemia, sono state le contromisure principali in quanto permettevano di limitare i contagi permettendo comunque alla gente di uscire di casa. Tutte queste contromisure hanno creato gravi danni all'economia del paese e alla vita personale dei cittadini. Dalla fase iniziale della pandemia si è capito che per gestirla al meglio era necessario effettuare il numero maggiore di tamponi possibili per monitorare al meglio la diffusione del virus ma ciò non era possibile in quanto non esistevano le tecnologie necessarie per testare milioni di persone al giorno. Da questa necessità sono nati i sistemi di Contact Tracing, sistemi che permettono di monitorare in modo anonimo e protetto i contatti sociali delle persone così da capire se sono entrate in contatto con persone infette dal COVID-19 e solo in quel caso effettuare un tampone in modo tale da verificare se sono stati contagiati o meno. Tutti i sistemi di Contact tracing sviluppati ad oggi hanno mostrato problemi relativi alla protezione dei dati, alla scarsa ed inefficace comunicazione e non hanno ridotto al meglio il numero di tamponi effettuati per rilevare realmente coloro che erano stati contagiati avendo quindi uno scarso utilizzo soprattutto a causa della poca fiducia degli utenti riguardo l'utilizzo dei loro dati ed al fatto che dovevano autodichiararsi positivi. Con questa tesi presenterò una nuova tecnica per effettuare il Contact Tracing che combina l'utilizzo del Group Testing all'utilizzo dell'IoT e delle reti per tracciare i contatti tra gli utenti ed il virus chiamata Asynchronous Contact Tracing. Mostrerò come è stato progettato e sviluppato e mostrerò le performance grazie a degli esperimenti reali

Analyzing & designing the security of shared resources on smartphone operating systems

Smartphone penetration surpassed 80% in the US and nears 70% in Western Europe. In fact, smartphones became the de facto devices users leverage to manage personal information and access external data and other connected devices on a daily basis. To support such multi-faceted functionality, smartphones are designed with a multi-process architecture, which enables third-party developers to build smartphone applications which can utilize smartphone internal and external resources to offer creative utility to users. Unfortunately, such third-party programs can exploit security inefficiencies in smartphone operating systems to gain unauthorized access to available resources, compromising the confidentiality of rich, highly sensitive user data. The smartphone ecosystem, is designed such that users can readily install and replace applications on their smartphones. This facilitates users’ efforts in customizing the capabilities of their smartphones tailored to their needs. Statistics report an increasing number of available smartphone applications— in 2017 there were approximately 3.5 million third-party apps on the official application store of the most popular smartphone platform. In addition we expect users to have approximately 95 such applications installed on their smartphones at any given point. However, mobile apps are developed by untrusted sources. On Android—which enjoys 80% of the smartphone OS market share—application developers are identified based on self-sign certificates. Thus there is no good way of holding a developer accountable for a malicious behavior. This creates an issue of multi-tenancy on smartphones where principals from diverse untrusted sources share internal and external smartphone resources. Smartphone OSs rely on traditional operating system process isolation strategies to confine untrusted third-party applications. However this approach is insufficient because incidental seemingly harmless resources can be utilized by untrusted tenants as side-channels to bypass the process boundaries. Smartphones also introduced a permission model to allow their users to govern third-party application access to system resources (such as camera, microphone and location functionality). However, this permission model is both coarse-grained and does not distinguish whether a permission has been declared by a trusted or an untrusted principal. This allows malicious applications to perform privilege escalation attacks on the mobile platform. To make things worse, applications might include third- party libraries, for advertising or common recognition tasks. Such libraries share the process address space with their host apps and as such can inherit all the privileges the host app does. Identifying and mitigating these problems on smartphones is not a trivial process. Manual analysis on its own of all mobile apps is cumbersome and impractical, code analysis techniques suffer from scalability and coverage issues, ad-hoc approaches are impractical and susceptible to mistakes, while sometimes vulnerabilities are well hidden at the interplays between smartphone tenants and resources. In this work I follow an analytical approach to discover major security and privacy issues on smartphone platforms. I utilize the Android OS as a use case, because of its open-source nature but also its popularity. In particular I focus on the multi-tenancy characteristic of smartphones and identify the re- sources each tenant within a process, across processes and across devices can access. I design analytical tools to automate the discovery process, attacks to better understand the adversary models, and introduce design changes to the participating systems to enable robust fine-grained access control of resources. My approach revealed a new understanding of the threats introduced from third-party libraries within an application process; it revealed new capabilities of the mobile application adversary exploiting shared filesystem and permission resources; and shows how a mobile app adversary can exploit shared communication mediums to compromise the confidentiality of the data collected by external devices (e.g. fitness and medical accessories, NFC tags etc.). Moreover, I show how we can eradicate these problems following an architectural design approach to introduce backward-compatible, effective and efficient modifications in operating systems to achieve fine-grained application access to shared resources. My work has let to security changes in the official release of Android by Google

DETECTION AND ALLEVIATION OF LAST-MILE WIRELESS LINK BOTTLENECKS

Ph.DDOCTOR OF PHILOSOPH

A study of wireless digital posts and traffic signs using smartphones

[EN] Feasibility analysis of a vehicle-to-infrastructure communication system based on smartphones[ES] Análisis de viabilidad de un sistema de comunicación infraestructura-a-vehículo basado en smartphonesFernandez Laguía, CJ. (2015). A study of wireless digital posts and traffic signs using smartphones. http://hdl.handle.net/10251/64354Archivo delegad

Planning and realization of a WiFi 6 network to replace wired connections in an enterprise environment

WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections.WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections

Deep Learning Methods for Fingerprint-Based Indoor and Outdoor Positioning

Outdoor positioning systems based on the Global Navigation Satellite System have several shortcomings that have deemed their use for indoor positioning impractical. Location fingerprinting, which utilizes machine learning, has emerged as a viable method and solution for indoor positioning due to its simple concept and accurate performance. In the past, shallow learning algorithms were traditionally used in location fingerprinting. Recently, the research community started utilizing deep learning methods for fingerprinting after witnessing the great success and superiority these methods have over traditional/shallow machine learning algorithms. The contribution of this dissertation is fourfold: First, a Convolutional Neural Network (CNN)-based method for localizing a smartwatch indoors using geomagnetic field measurements is presented. The proposed method was tested on real world data in an indoor environment composed of three corridors of different lengths and three rooms of different sizes. Experimental results show a promising location classification accuracy of 97.77% with a mean localization error of 0.14 meter (m). Second, a method that makes use of cellular signals emitting from a serving eNodeB to provide symbolic indoor positioning is presented. The proposed method utilizes Denoising Autoencoders (DAEs) to mitigate the effects of cellular signal loss. The proposed method was evaluated using real-world data collected from two different smartphones inside a representative apartment of eight symbolic spaces. Experimental results verify that the proposed method outperforms conventional symbolic indoor positioning techniques in various performance metrics. Third, an investigation is conducted to determine whether Variational Autoencoders (VAEs) and Conditional Variational Autoencoders (CVAEs) are able to learn the distribution of the minority symbolic spaces, for a highly imbalanced fingerprinting dataset, so as to generate synthetic fingerprints that promote enhancements in a classifier\u27s performance. Experimental results show that this is indeed the case. By using various performance evaluation metrics, the achieved results are compared to those obtained by two state-of-the-art oversampling methods known as Synthetic Minority Oversampling TEchnique (SMOTE) and ADAptive SYNthetic (ADASYN) sampling. Fourth, a novel dataset of outdoor location fingerprints is presented. The proposed dataset, named OutFin, addresses the lack of publicly available datasets that researchers can use to develop, evaluate, and compare fingerprint-based positioning solutions which can constitute a high entry barrier for studies. OutFin is comprised of diverse data types such as WiFi, Bluetooth, and cellular signal strengths, in addition to measurements from various sensors including the magnetometer, accelerometer, gyroscope, barometer, and ambient light sensor. The collection area spanned four dispersed sites with a total of 122 Reference Points (RPs). Before OutFin was made available to the public, several experiments were conducted to validate its technical quality