System Level Design of Software-Defined Radio Platform

This major qualifying project proposes a new single-board design for a Dedicated Short Range Communication (DSRC) On Board Unit (OBU) which consists of a Zynq 7030 system on a chip and AD9361 wideband transceiver. This software-defined radio (SDR) platform design is based on ZedBoard and FMcomms2. The advantages of this approach compared to the ZedBoard and FMcomms2 joint solution are smaller form factor, front end tuned to 5.9GHz and a more powerful processor. Since the prototype has not been manufactured due to the time constraints of this project, the working implementation of 6GHz DSRC radio 802.11p in GNU Radio has been confirmed on the lower capability hardware USRP2 and USRP N210 (Universal Software Radio Peripheral)

IoT security and privacy assessment using software-defined radios

The Internet of Things (IoT) has seen exceptional adoption in recent years, resulting in an unprecedented level of connectivity in personal and industrial domains. In parallel, software-defined radio (SDR) technology has become increasingly powerful, making it a compelling tool for wireless security research across multiple communication protocols. Specifically, SDRs are capable of manipulating the physical layer of protocols in software, which would otherwise be implemented statically in hardware. This flexibility enables research that goes beyond the boundaries of protocol specifications. This dissertation pursues four research directions that are either enabled by software-defined radio technology, or advance its utility for security research. First, we investigate the anti-tracking mechanisms defined by the Bluetooth Low Energy (BLE) wireless protocol. This protocol, present in virtually all wearable smart devices, implements address randomization in order to prevent unwanted tracking of its users. By analyzing raw advertising data from BLE devices using SDRs, we identify a vulnerability that allows an attacker to track a BLE device beyond the address randomization defined by the protocol. Second, we implement a compact, SDR-based testbed for physical layer benchmarking of wireless devices. The testbed is capable of emulating multiple data transmissions and produce intentional signal corruption in very precisely defined ways in order to investigate receiver robustness and undefined device behavior in the presence of malformed packets. We subject a range of Wi-Fi and Zigbee devices to specifically crafted packet collisions and "truncated packets" as a way to fingerprinting wireless device chipsets. Third, we introduce a middleware framework, coined "Snout", to improves accessibility and usability of SDRs. The architecture provides standardized data pipelines as well as an abstraction layer to GNU Radio flowgraphs which power SDR signal processing. This abstraction layer improves usability and maintainability by providing a declarative experiment configuration format instead of requiring constant manipulation of the signal processing code during experimentation. We show that Snout does not result in significant computational overhead, and maintains a predictable and modest memory footprint. Finally, we address the visibility problem arising from the growing number of IoT protocols across large bands of radio spectrum. We model an SDR-based IoT monitor which is capable of scanning multiple channels (including across multiple protocols), and employs channel switching policies to maximize freshness of information obtained by transmitting devices. We present multiple policies and compare their performance against an optimal Markov Decision Process (MDP) model, as well as through event-based simulation using real-world device traffic. The results of this work demonstrate the use of SDR technology in privacy and security research of IoT device communication, and open up opportunities for further low-layer protocol discoveries that require the use of software-defined radio as a research tool

A Cooperative Spectrum Sensing Network with Signal Classification Capabilities

This report describes the design and implementation of the spectrum sensing and signal classification sub-systems of a cooperative network. A sensor blindly receives and calculates the cyclic statistics of a signal decides whether or not the signal represents information or noise. If the signal\u27s statistics indicate the presence of data, the system attempts to classify its modulation scheme. Finally, the decisions of several independent sensors are combined to provide a reliable estimate of the contents of the spectrum of interest. Independently, sensors correctly classify a signal about 60-70% of the time in a low SNR environment. The data fusion module improves this number significantly - especially as the number of sensors increases

Future Wireless Networking Experiments Escaping Simulations

In computer networking, simulations are widely used to test and analyse new protocols and ideas. Currently, there are a number of open real testbeds available to test the new protocols. In the EU, for example, there are Fed4Fire testbeds, while in the US, there are POWDER and COSMOS testbeds. Several other countries, including Japan, Brazil, India, and China, have also developed next-generation testbeds. Compared to simulations, these testbeds offer a more realistic way to test protocols and prototypes. In this paper, we examine some available wireless testbeds from the EU and the US, which are part of an open-call EU project under the NGIAtlantic H2020 initiative to conduct Software-Defined Networking (SDN) experiments on intelligent Internet of Things (IoT) networks. Furthermore, the paper presents benchmarking results and failure recovery results from each of the considered testbeds using a variety of wireless network topologies. The paper compares the testbeds based on throughput, latency, jitter, resources available, and failure recovery time, by sending different types of traffic. The results demonstrate the feasibility of performing wireless experiments on different testbeds in the US and the EU. Further, issues faced during experimentation on EU and US testbeds are also reported

Analysis of Various Algorithmic approaches to Software-Based 1200 Baud Audio Frequency Shift Keying Demodulation for APRS

Digital communications continues to be a relevant Field of study as new technologies appear and old methodologies get revisited or renovated. The goal of this research is to look into the old digital communication scheme of Bell 202 [67] used by APRS and improve software based demodulation performance. Improved performance is defined by being able to correctly decode more packets in an efficient, real time, manner. Most APRS demodulation is currently done using specialized hardware since that yields the best performance. This research shows that through using Sivan Toledo\u27s javAX25 [72] software package, new demodulation algorithms can be implemented that decode more Bell 202 encoded AX.25 packets than the existing software could. These improvements may help drive the adoption of software demodulation since it is a low cost alternative to specialized hardware

RF Fingerprinting Needs Attention: Multi-task Approach for Real-World WiFi and Bluetooth

A novel cross-domain attentional multi-task architecture - xDom - for robust real-world wireless radio frequency (RF) fingerprinting is presented in this work. To the best of our knowledge, this is the first time such comprehensive attention mechanism is applied to solve RF fingerprinting problem. In this paper, we resort to real-world IoT WiFi and Bluetooth (BT) emissions (instead of synthetic waveform generation) in a rich multipath and unavoidable interference environment in an indoor experimental testbed. We show the impact of the time-frame of capture by including waveforms collected over a span of months and demonstrate the same time-frame and multiple time-frame fingerprinting evaluations. The effectiveness of resorting to a multi-task architecture is also experimentally proven by conducting single-task and multi-task model analyses. Finally, we demonstrate the significant gain in performance achieved with the proposed xDom architecture by benchmarking against a well-known state-of-the-art model for fingerprinting. Specifically, we report performance improvements by up to 59.3% and 4.91x under single-task WiFi and BT fingerprinting respectively, and up to 50.5% increase in fingerprinting accuracy under the multi-task setting.Comment: Accepted to IEEE GLOBECOM 202

Benchmarking in Wireless Networks

Experimentation is evolving as a viable and realistic performance analysis approach in wireless networking research. Realism is provisioned by deploying real software (network stack, drivers, OS), and hardware (wireless cards, network equipment, etc.) in the actual physical environment. However, the experimenter is more likely to be dogged by tricky issues because of calibration problems and bugs in the software/hardware tools. This, coupled with difficulty of dealing with multitude of controllable and uncontrollable hardware/software parameters and unpredictable characteristics of the wireless channel in the wild, poses significant challenges in the way of experiments repeatability and reproducibility. Furthermore, experimentation has been impeded by the lack of standard definitions, measurement methodologies and full disclosure reports that are particularly important to understand the suitability of protocols and services to emerging wireless application scenarios. Lack of tools to manage experiments, large amount of data and facilitate reproducible analysis further complicates the process. In this report, we present a holistic view of benchmarking in wireless networks; introduce key definitions and formulate a procedure complemented by step-by-step case study to help drive future efforts on benchmarking of wireless network applications and protocols

Leveraging Backscatter for Ultra-low Power Wireless Sensing Systems

The past few years have seen a dramatic growth in wireless sensing systems, with millions of wirelessly connected sensors becoming first-class citizens of the Internet. The number of wireless sensing devices is expected to surpass 6.75 billion by 2017, more than the world\u27s population as well as the combined market of smartphones, tablets, and PCs. However, its growth faces two pressing challenges: battery energy density and wireless radio power consumption. Battery energy density looms as a fundamental limiting factor due to slow improvements over the past several decades (3x over 22 years). Wireless radio power consumption is another key challenge because high-speed wireless communication is often far more expensive energy-wise than computation, storage and sensing. To make matters worse, wireless sensing devices are generating an increasing amount of data. These challenges raise a fundamental question --- how should we power and communicate with wireless sensing devices. More specifically, instead of using batteries, can we leverage other energy sources to reduce, if not eliminate, the dependence on batteries? Similarly, instead of optimizing existing wireless radios, can we fundamentally change how radios transmit wireless signals to achieve lower power consumption? A promising technique to address these questions is backscatter --- a primitive that enables RF energy harvesting and ultra-low-power wireless communication. Backscatter has the potential to reduce dependence on batteries because it can obtain energy by rectifying the wireless signals transmitted by a backscatter reader. Backscatter can also work by reflecting existing wireless signals (WiFi, BLE) when these are available nearby. Because signal reflection only consumes uWs of power, backscatter can enable ultra-low-power wireless communication. However, the use of backscatter for communicating with wireless sensing devices presents several challenges. First, decreasing RF power across distance limits the operational range of micro-powered backscatter devices. This raises the question of how to maintain a communication link with a backscatter device despite tiny amount of harvested power. Second, even though the backscatter RF front-end is extremely power-efficient, the computational and sensing overhead on backscatter sensors limit its ability to operate with a few micro-Watts of power. Such overhead is a negligible factor of overall power consumption for platforms where radio power consumption is high (e.g. WiFi or Bluetooth based devices). However, it becomes the bottleneck for backscatter based platforms. Third, backscatter readers are not currently deployed in existing indoor environments to provide a continuous carrier for carrying backscattered information. As a result, backscatter deployment is not yet widespread. This thesis addresses these challenges by making the following contributions. First, we design a network stack that enables continuous operation despite decreasing harvested power across distance by employing an OS abstraction --- task fragmentation. We show that such a network stack enables packet transfer even when the whole system is powered by a 3cmx3cm solar panel under natural indoor light condition. Second, we design a hardware architecture that minimizes the computational overhead of backscatter to enable over 1Mbps backscatter transmission while consuming less than 100uWs of power, a two order of magnitude improvement over the state-of-the-art. Finally, we design a system that can leverage both ambient WiFi and BLE signals for backscatter. Our empirical evaluation shows that we can backscatter 500bps data on top of a WiFi stream and 50kbps data on top of a Bluetooth stream when the backscatter device is 3m away from the commercial WiFi and Bluetooth receivers

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider