POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers

It is known that attackers can exfiltrate data from air-gapped computers through their speakers via sonic and ultrasonic waves. To eliminate the threat of such acoustic covert channels in sensitive systems, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such audio-less systems are considered to be \textit{audio-gapped}, and hence immune to acoustic covert channels. In this paper, we introduce a technique that enable attackers leak data acoustically from air-gapped and audio-gapped systems. Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. The malicious code manipulates the internal \textit{switching frequency} of the power supply and hence controls the sound waveforms generated from its capacitors and transformers. Our technique enables producing audio tones in a frequency band of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply without the need for audio hardware or speakers. Binary data (files, keylogging, encryption keys, etc.) can be modulated over the acoustic signals and sent to a nearby receiver (e.g., smartphone). We show that our technique works with various types of systems: PC workstations and servers, as well as embedded systems and IoT devices that have no audio hardware at all. We provide technical background and discuss implementation details such as signal generation and data modulation. We show that the POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need any hardware access or special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive data can be exfiltrated from air-gapped and audio-gapped systems from a distance of five meters away at a maximal bit rates of 50 bit/sec

The manipulation of RF-DNA fingerprints through the use of a phase-modulated clock in IEEE802.11a Wi-Fi signals

The ubiquity of IoT devices has created an urgent need to augment existing network security mechanisms by leveraging discriminating, waveform characteristics to facilitate the detection of unauthorized devices. RF-DNA fingerprints are a waveform-based approach capable of distinguishing one device from others of the same manufacturer and model. This work investigates the extent to which the intentionally inserted changes can alter the RF-DNA fingerprints of the transmitted signal without negatively impacting the receiver’s ability to demodulate the received signal. The experiments presented herein investigate intentional changes caused by the external clock to the preamble of the 802.11a Wi-Fi waveform from which RF-DNA fingerprints are extracted. Analysis is conducted using the Gabor Transform. The results show the structure of the preamble remains intact when the clock signal is phase-modulated using sine waves oscillating frequencies up to 10 kHz with deviation of 1.5 degrees, or 2.5 kHz with deviation of 90 degrees

Second year technical report on-board processing for future satellite communications systems

Advanced baseband and microwave switching techniques for large domestic communications satellites operating in the 30/20 GHz frequency bands are discussed. The nominal baseband processor throughput is one million packets per second (1.6 Gb/s) from one thousand T1 carrier rate customer premises terminals. A frequency reuse factor of sixteen is assumed by using 16 spot antenna beams with the same 100 MHz bandwidth per beam and a modulation with a one b/s per Hz bandwidth efficiency. Eight of the beams are fixed on major metropolitan areas and eight are scanning beams which periodically cover the remainder of the U.S. under dynamic control. User signals are regenerated (demodulated/remodulated) and message packages are reformatted on board. Frequency division multiple access and time division multiplex are employed on the uplinks and downlinks, respectively, for terminals within the coverage area and dwell interval of a scanning beam. Link establishment and packet routing protocols are defined. Also described is a detailed design of a separate 100 x 100 microwave switch capable of handling nonregenerated signals occupying the remaining 2.4 GHz bandwidth with 60 dB of isolation, at an estimated weight and power consumption of approximately 400 kg and 100 W, respectively

Application of Visual Simulation in Communication Systems

A communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment (DTE) usually capable of interconnection and interoperation to form an integrated whole. The components of a communications system serve a common purpose, are technically compatible, use common procedures, respond to controls, and operate in unison. A typical communication link includes, at a minimum, three key elements: a transmitter, a communication medium (or channel), and a receiver. The ability to simulate all three of these elements is required in order to successfully model any end-to-end communication system. In order to achieve this target we have used a simulation software “VisSim” ,or Visual Simulator ,that allows us to use a graphical approach to simulation and modeling. With graphical programming, the diagram is the source code, depicted as an arrangement of nodes connected by wires. Each piece of data flows through the wires, to be consumed by nodes that transform the data mathematically or perform some action such as I/O. The visual simulator allows us to model end-to-end communication systems at the signal or physical level. We use VisSim/ Comm to build both transmitter and receiver models, filters and equalizers, as well as channel models and coding techniques from a first principles perspective, by selecting and connecting predefined blocks. In this project work we simulate a variety of models including analog, digital and mixed mode designs, and quickly simulate their behavior using the VisSim/Comm software and graphical programming

Design and implementation of a bi-directional visible light communication testbed

Abstract. This work defines a bi-directional visible light communication (VLC) testbed design and implementation process using Universal Software Radio Peripheral (USRP) software defined radios (SDR) and open-source software. The visible light communication design uses LED light sources for wireless communications purposes. The testbed combines light, infrared and radio frequencies as wireless media to be utilized in a hybrid wireless communication system. Bi-directional communication at 12.5 Mbps bit rate was successfully achieved and only limited by a sample rate of the USRP system. The achieved communication distance was in the range of 0.5 to 7 meters depending on the used optics. A TCP-IP communication and access to the Internet was also established by using light and infrared communication links. The Internet connection was also established by using power line communication for providing data to the lighting through the existing power line cables. The results in the work were obtained by using a GMSK modulation. Also, GFSK, QPSK, 8-PSK, 16-QAM and OFDM modulation were initially tested for future study.Kaksisuuntaisen näkyvän valon tiedonsiirtotestialustan suunnittelu ja toteutus. Tiivistelmä. Työssä suunnitellaan ja rakennetaan kaksisuuntainen kokeiluympäristö valon käyttöön langattomassa tiedonsiirrossa käyttäen ohjelmistoradioita ja avoimen lähdekoodin ohjelmistoja. Kokeiluympäristössä voidaan tutkia ja käyttää valon, Infrapunan ja radioaaltojen taajuusalueita tiedonsiirtoon. Valon tiedonsiirrossa käytetään valaistuskäyttöön suunniteltuja LED valaisimia sekä valaistukseen että tiedonsiirtoon. Työssä saavuttiin laitteiston näytteistystaajuuden rajoittama kaksisuuntainen 12,5 Mb/s tiedonsiirtonopeus ja käytetyn optiikan ominaisuuksista sekä tiedonsiirtonopeudesta riippuvainen tiedonsiirtoetäisyys 0,5–7 metriä. Järjestelmään ohjelmoitiin valo- ja infrapunalinkin avulla toimiva TCP-IP yhteys Internetiin. Internet yhteys valaisimelle onnistuttiin siirtämään myös käyttäen sähköverkon valmiita kaapelointeja. Työn tulokset saavuttiin käyttäen GMSK moduloitua signaalia. Myös GFSK, QPSK, 8-PSK, 16-QAM ja OFDM modulaatioiden toimivuus testattiin tutkimuksen jatkoa varten

Amplitude and phase modulation techniques for an asymmetric multi-level outphasing transmitter

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.Cataloged from PDF version of thesis.Includes bibliographical references (p. 93-95).New techniques for improving outphasing transmitters show potential of breaking the traditional linearity-efficiency trade-off by using highly efficient non-linear switching Power Amplifiers (PAs). This work focuses on two of the main building blocks of modem outphasing systems, the power supply switching network and the phase modulator. Both are ubiquitous building blocks in modern RF transceivers, and both are especially critical in Asymmetric Multilevel Outphasing (AMO) systems. A design of the power supply network and control scheme is proposed for an implementation in mm-wave operating frequencies as part of a complete transmitter in 45nm SOI CMOS utilizing four discrete power supplies and achieving data rates of up to 4GS/s. The design includes analysis and simulation of the control signal data path requirements for optimal system operation as well as switch optimization and effects of the driving strength on overall system performance. A new design concept is proposed for a phase modulator utilizing the phase shifthing capabilities of a resonant tank and the ability to seperately control the circuit properties via its components. A prototype in 65nm CMOS achieves 12 bits of resolution, with an Effective Number Of Bits (ENOB) of 10.2 bits and very fast settling time of less than 5 carrier cycles. The chip is also tested as a stand alone transmitter showing an EVM of less than 5% for 8-PSK modulation at maximum data rate, meeting the requirements for operation at the Medical Implant Communication Services (MICS) band.by Gilad Yahalom.S.M

LTE Advanced: Technology and Performance Analysis

Wireless data usage is increasing at a phenomenal rate and driving the need for continued innovations in wireless data technologies to provide more capacity and higher quality of service. In October 2009, 3rd Generation Partnership Project (3GPP) submitted LTE-Advanced to the ITU as a proposed candidate IMT-Advanced technology for which specifications could become available in 2011 through Release-10 . The aim of “LTE-Advanced” is to further enhance LTE radio access in terms of system performance and capabilities compared to current cellular systems, including the first release of LTE, with a specific goal to ensure that LTE fulfills and even surpass the requirements of “IMT-Advanced” as defined by the International Telecommunication Union (ITU-R) . This thesis offers an introduction to the mobile communication standard known as LTE Advanced, depicting the evolution of the standard from its roots and discussing several important technologies that help it evolve to accomplishing the IMT-Advanced requirements. A short history of the LTE standard is offered, along with a discussion of its standards and performance. LTE-Advanced details include analysis on the physical layer by investigating the performance of SC-FDMA and OFDMA of LTE physical layer. The investigation is done by considering different modulation schemes (QPSK, 16QAM and 64QAM) on the basis of PAPR, BER, power spectral density (PSD) and error probability by simulating the model of SC-FDMA & OFDMA. To evaluate the performance in presence of noise, an Additive White Gaussian Noise (AWGN) channel was introduced. A set of conclusions is derived from our results describing the effect of higher order modulation schemes on BER and error probability for both OFDMA and SC-FDMA. The power spectral densities of both the multiple access techniques (OFDMA and SC-FDMA) are calculated and result shows that the OFDMA has higher power spectral density.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format