3,786 research outputs found
Selective Jamming of LoRaWAN using Commodity Hardware
Long range, low power networks are rapidly gaining acceptance in the Internet
of Things (IoT) due to their ability to economically support long-range sensing
and control applications while providing multi-year battery life. LoRa is a key
example of this new class of network and is being deployed at large scale in
several countries worldwide. As these networks move out of the lab and into the
real world, they expose a large cyber-physical attack surface. Securing these
networks is therefore both critical and urgent. This paper highlights security
issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow
modulation type in the protocol. We exploit these issues to develop a suite of
practical attacks based around selective jamming. These attacks are conducted
and evaluated using commodity hardware. The paper concludes by suggesting a
range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
Detecting and Locating Man-in-the-Middle Attacks in Fixed Wireless Networks
We propose a novel method to detect and locate a Man-in-the-Middle attack in a fixed wireless network by analyzing round-trip time and measured received signal strength from fixed access points. The proposed method was implemented as a client-side application that establishes a baseline for measured round trip time (RTTs) and received signal strength (RSS) under no-threat scenarios and applies statistical measures on the measured RTT and RSS to detect and locate Man-in-the-Middle attacks.We show empirically that the presence of a Man-in-the-Middle attack incurs a significantly longer delay and larger standard deviation in measured RTT compared to that measured without a Man-in-the-Middle attack.We evaluated three machine learning algorithms on the measured RSS dataset to estimate the location of a Man-in-the-Middle attacker.Experimental results show that the proposed method can effectively detect and locate a Man-in-the-Middle attack and achieves a mean location estimation error of 0.8 meters in an indoor densely populated metropolitanenvironment.</p
SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing
Human-centered wireless sensing aims to understand the fine-grained
environment and activities of a human using the diverse wireless signals around
her. The wireless sensing community has demonstrated the superiority of such
techniques in many applications such as smart homes, human-computer
interactions, and smart cities. Like many other technologies, wireless sensing
is also a double-edged sword. While the sensed information about a human can be
used for many good purposes such as enhancing life quality, an adversary can
also abuse it to steal private information about the human (e.g., location,
living habits, and behavioral biometric characteristics). However, the
literature lacks a systematic understanding of the privacy vulnerabilities of
wireless sensing and the defenses against them.
In this work, we aim to bridge this gap. First, we propose a framework to
systematize wireless sensing-based inference attacks. Our framework consists of
three key steps: deploying a sniffing device, sniffing wireless signals, and
inferring private information. Our framework can be used to guide the design of
new inference attacks since different attacks can instantiate these three steps
differently. Second, we propose a defense-in-depth framework to systematize
defenses against such inference attacks. The prevention component of our
framework aims to prevent inference attacks via obfuscating the wireless
signals around a human, while the detection component aims to detect and
respond to attacks. Third, based on our attack and defense frameworks, we
identify gaps in the existing literature and discuss future research
directions
Cyber-Attack Drone Payload Development and Geolocation via Directional Antennae
The increasing capabilities of commercial drones have led to blossoming drone usage in private sector industries ranging from agriculture to mining to cinema. Commercial drones have made amazing improvements in flight time, flight distance, and payload weight. These same features also offer a unique and unprecedented commodity for wireless hackers -- the ability to gain âphysicalâ proximity to a target without personally having to be anywhere near it. This capability is called Remote Physical Proximity (RPP). By their nature, wireless devices are largely susceptible to sniffing and injection attacks, but only if the attacker can interact with the device via physical proximity. A properly outfitted drone can increase the attack surface with RPP (adding a range of over 7 km using off-the-shelf drones), allowing full interactivity with wireless targets while the attacker can remain distant and hidden. Combined with the novel approach of using a directional antenna, these drones could also provide the means to collect targeted geolocation information of wireless devices from long distances passively, which is of significant value from an offensive cyberwarfare standpoint. This research develops skypie, a software and hardware framework designed for performing remote, directional drone-based collections. The prototype is inexpensive, lightweight, and totally independent of drone architecture, meaning it can be strapped to most medium to large commercial drones. The prototype effectively simulates the type of device that could be built by a motivated threat actor, and the development process evaluates strengths and shortcoming posed by these devices. This research also experimentally evaluates the ability of a drone-based attack system to track its targets by passively sniffing Wi-Fi signals from distances of 300 and 600 meters using a directional antenna. Additionally, it identifies collection techniques and processing algorithms for minimizing geolocation errors. Results show geolocation via 802.11 emissions (Wi-Fi) using a portable directional antenna is possible, but difficult to achieve the accuracy that GPS delivers (errors less than 5 m with 95% confidence). This research shows that geolocation predictions of a target cell phone acting as a Wi-Fi access point in a field from 300 m away is accurate within 70.1 m from 300 m away and within 76 meters from 600 m away. Three of the four main tests exceed the hypothesized geolocation error of 15% of the sensor-to-target distance, with tests 300 m away averaging 25.5% and tests 600 m away averaging at 34%. Improvements in bearing prediction are needed to reduce error to more tolerable quantities, and this thesis discusses several recommendations to do so. This research ultimately assists in developing operational drone-borne cyber-attack and reconnaissance capabilities, identifying limitations, and enlightening the public of countermeasures to mitigate the privacy threats posed by the inevitable rise of the cyber-attack drone
Wi-attack: Cross-technology Impersonation Attack against iBeacon Services
iBeacon protocol is widely deployed to provide location-based services. By
receiving its BLE advertisements, nearby devices can estimate the proximity to
the iBeacon or calculate indoor positions. However, the open nature of these
advertisements brings vulnerability to impersonation attacks. Such attacks
could lead to spam, unreliable positioning, and even security breaches. In this
paper, we propose Wi-attack, revealing the feasibility of using WiFi devices to
conduct impersonation attacks on iBeacon services. Different from impersonation
attacks using BLE compatible hardware, Wi-attack is not restricted by
broadcasting intervals and is able to impersonate multiple iBeacons at the same
time. Effective attacks can be launched on iBeacon services without
modifications to WiFi hardware or firmware. To enable direct communication from
WiFi to BLE, we use the digital emulation technique of cross technology
communication. To enhance the packet reception along with its stability, we add
redundant packets to eliminate cyclic prefix error entirely. The emulation
provides an iBeacon packet reception rate up to 66.2%. We conduct attacks on
three iBeacon services scenarios, point deployment, multilateration, and
fingerprint-based localization. The evaluation results show that Wi-attack can
bring an average distance error of more than 20 meters on fingerprint-based
localization using only 3 APs.Comment: 9 pages; 26 figures; 2021 18th Annual IEEE International Conference
on Sensing, Communication, and Networking (SECON), 202
- âŠ