Secure Neighbor Discovery and Ranging in Wireless Networks

This thesis addresses the security of two fundamental elements of wireless networking: neighbor discovery and ranging. Neighbor discovery consists in discovering devices available for direct communication or in physical proximity. Ranging, or distance bounding, consists in measuring the distance between devices, or providing an upper bound on this distance. Both elements serve as building blocks for a variety of services and applications, notably routing, physical access control, tracking and localization. However, the open nature of wireless networks makes it easy to abuse neighbor discovery and ranging, and thereby compromise overlying services and applications. To prevent this, numerous works proposed protocols that secure these building blocks. But two aspects crucial for the security of such protocols have received relatively little attention: formal verification and attacks on the physical-communication-layer. They are precisely the focus of this thesis. In the first part of the thesis, we contribute a formal analysis of secure communication neighbor discovery protocols. We build a formal model that captures salient characteristics of wireless systems such as node location, message propagation time and link variability, and we provide a specification of secure communication neighbor discovery. Then, we derive an impossibility result for a general class of protocols we term "time-based protocols", stating that no such protocol can provide secure communication neighbor discovery. We also identify the conditions under which the impossibility result is lifted. We then prove that specific protocols in the time-based class (under additional conditions) and specific protocols in a class we term "time- and location-based protocols," satisfy the neighbor discovery specification. We reinforce these results by mechanizing the model and the proofs in the theorem prover Isabelle. In the second part of the thesis, we explore physical-communication-layer attacks that can seemingly decrease the message arrival time without modifying its content. Thus, they can circumvent time-based neighbor discovery protocols and distance bounding protocols. (Indeed, they violate the assumptions necessary to prove protocol correctness in the first part of the thesis.) We focus on Impulse Radio Ultra-Wideband, a physical layer technology particularly well suited for implementing distance bounding, thanks to its ability to perform accurate indoor ranging. First, we adapt physical layer attacks reported in prior work to IEEE 802.15.4a, the de facto standard for Impulse Radio, and evaluate their performance. We show that an adversary can achieve a distance-decrease of up to hundreds of meters with an arbitrarily high probability of success, with only a minor cost in terms of transmission power (few dB). Next, we demonstrate a new attack vector that disrupts time-of-arrival estimation algorithms, in particular those designed to be precise. The distance-decrease achievable by this attack vector is in the order of the channel spread (order of 10 meters in indoor environments). This attack vector can be used in previously reported physical layer attacks, but it also creates a new type of external attack based on malicious interference. We demonstrate that variants of the malicious interference attack are much easier to mount than the previously reported external attack. We also provide design guidelines for modulation schemes and devise receiver algorithms that mitigate physical layer attacks. These countermeasures allow the system designer to trade off security, ranging precision and cost in terms of transmission power and packet length

Location and Map Awareness Technologies in Next Wireless Networks

In a future perspective, the need of mapping an unknown indoor environment, of localizing and retrieving information from objects with zero costs and efforts could be satisfied by the adoption of next 5G technologies. Thanks to the mix of mmW and massive arrays technologies, it will be possible to achieve a higher indoor localization accuracy without relying on a dedicated infrastructure for localization but exploiting that designed for communication purposes. Besides users localization and navigation objectives, mapping and thus, the capability of reconstructing indoor scenarios, will be an important field of research with the possibility of sharing environmental information via crowd-sourcing mechanisms between users. Finally, in the Internet of Things vision, it is expected that people, objects and devices will be interconnected to each other with the possibility of exchanging the acquired and estimated data including those regarding objects identification, positioning and mapping contents. To this end, the merge of RFID, WSN and UWB technologies has demonstrated to be a promising solution. Stimulated by this framework, this work describes different technological and signal processing approaches to ameliorate the localization capabilities and the user awareness about the environment. From one side, it has been focused on the study of the localization and mapping capabilities of multi-antenna systems based on 5G technologies considering different technological issues, as for example those related to the existing available massive arrays. From the other side, UWB-RFID systems relying on passive communication schemes have been investigated in terms of localization coverage and by developing different techniques to improve the accuracy even in presence of NLOS conditions

Receiver Design and Security for Low Power Wireless Communications Systems

This dissertation focuses on two important areas in wireless communications: receiver design and security. In the first part of this dissertation we consider low data rate receiver design for ultra-wideband (UWB), a wideband radio technology that promises to help solve the frequency allocation problem that often inhibits narrowband systems. Reference-based receivers are promising candidates in the UWB regime, because the conventional rake receiver designs suffers from complexity limitations and inaccuracies in channel estimation. Many reference-based systems have arisen as viable solutions for receivers. We unify these systems as well as other systems into the general framework for performance analysis to suggest the optimal system for varying constraints. We improve the performance of frequency-shifted reference (FSR-UWB) for an average power constraint by halving the frequency offset and employing a sample-and-hold approach across the frame period. Also, we introduce a novel peak mitigation technique; tone reservation, for the multi-differential (MD) version of FSR-UWB, to reduce the high peak-to-average power ratio observed as the data carriers increase. The next part of this dissertation is about wireless security which is ubiquitous in modern news. Cryptography is widely use for security but it assumes limited computational abilities of an eavesdropper, is based on the unproven hardness of the underlying primitives, and allows for the message to be recorded and decrypted later. In this dissertation we consider an information-theoretic security approach to guaranteeing everlasting secrecy. We contribute a new secrecy rate pair outage formulation, where an outage event is based on the instantaneous rates of the destination and the eavesdropper being below and above desired thresholds, respectively. In our new secrecy rate pair outage formulation, two new unaccounted outage events emerge: secrecy breach, where the eavesdropper is above the targeted threshold; unreliable, where the destination is unable to successfully decode the message. The former case must be carefully avoided, while for the latter case we can exploit automatic retransmissions (ARQ) while maintaining the eavesdropper intercept probability below the target threshold. We look at both ``simple\u27\u27 receivers and also complex receivers that use a buffer to store previous messages to maximally combine signal-to-noise ratio (SNR). Then we extend these results to the two-hop case where we maximize the end-to-end secure throughput by optimizing the intercept probability at each eavesdropper given a total end-to-end intercept constraint. Lastly, we consider the difficult case in information-theoretic security: the near eavesdropper case, where we contribute an optimal power allocation algorithm that leverages nearby chatter nodes to generate noise to reduce the probability of intercept by the eavesdropper while minimally impeding the source-to-destination communication. As shown in both one-hop and two-hop cases, allowing a slight outage at the destination for cases of when the eavesdropper is above a specific threshold greatly improves secrecy performance

A Multi-Hop 6LoWPAN Wireless Sensor Network for Waste Management Optimization

In the first part of this Thesis several Wireless Sensor Network technologies, including the ones based on the IEEE 802.15.4 Protocol Standard like ZigBee, 6LoWPAN and Ultra Wide Band, as well as other technologies based on other protocol standards like Z-Wave, Bluetooth and Dash7, are analyzed with respect to relevance and suitability with the Waste Management Outsmart European FP7 Project. A particular attention is given to the parameters which characterize a Large Scale WSN for Smart Cities, due to the amount of sensors involved and to the practical application requested by the project. Secondly, a prototype of sensor network is proposed: an Operative System named Contiki is chosen for its portability on different hardware platforms, its Open Source license, for the use of the 6LoW-PAN protocol and for the implementation of the new RPL routing protocol. The Operative System is described in detail, with a special focus on the uIPv6 TCP/IP stack and RPL implementation. With regard to this innovative routing proto col designed specifically for Low Power Lossy Networks, chapter 4 describes in detail how the network topology is organized as a Directed Acyclic Graph, what is an RPL Instance and how downward and upward routes are constructed and maintained. With the use of several AVR Atmel modules mounting the Contiki OS a real WSN is created and, with an Ultrasonic Sensor, the filling level of a waste basket prototype is periodically detected and transmitted through a multi-hop wireless network to a sink nodeope

Analysis of the IEEE 802.15.4a ultra wideband physical layer through wireless sensor network simulations in OMNET++

Wireless Sensor Networks are the main representative of pervasive computing in large-scale physical environments. These networks consist of a large number of small, wireless devices embedded in the physical world to be used for surveillance, environmental monitoring or other data capture, processing and transfer applications. Ultra wideband has emerged as one of the newest and most promising concepts for wireless technology. Considering all its advantages it seems a likely communication technology candidate for future wireless sensor networks. This paper considers the viability of ultra wideband technology in wireless sensor networks by employing an IEEE 802.15.4a low-rate ultra wideband physical layer model in the OMNET++ simulation environment. An elaborate investigation into the inner workings of the IEEE 802.15.4a UWB physical layer is performed. Simulation experiments are used to provide a detailed analysis of the performance of the IEEE 802.15.4a UWB physical layer over several communication distances. A proposal for a cognitive, adaptive communication approach to optimize for speed and distance is also presented. AFRIKAANS : Draadlose Sensor Netwerke is die hoof verteenwoordiger vir deurdringende rekenarisering in groot skaal fisiese omgewings. Hierdie tipe netwerke bestaan uit ’n groot aantal klein, draadlose apparate wat in die fisiese wêreld ingesluit word vir die doel van bewaking, omgewings monitering en vele ander data opvang, verwerk en oordrag applikasies. Ultra wyeband het opgestaan as een van die nuutste en mees belowend konsepte vir draadlose kommunikasie tegnologie. As al die voordele van dié kommunikasie tegnologie in ag geneem word, blyk dit om ’n baie goeie kandidaat te wees vir gebruik in toekomstige draadlose sensor netwerke. Hierdie verhandeling oorweeg die vatbaarheid van die gebruik van die ultra wyeband tegnologie in draadlose sensor netwerke deur ’n IEEE 802.15.4a lae-tempo ultra wyeband fisiese laag model in die OMNET++ simulasie omgewing toe te pas. ’n Breedvoerige ondersoek word geloots om die fyn binneste werking van die IEEE 802.15.4a UWB fisiese laag te verstaan. Simulasie eksperimente word gebruik om ’n meer gedetaileerde analiese omtrent die werkverrigting van die IEEE 802.15.4a UWB fisiese laag te verkry oor verskillende kommunikasie afstande. ’n Voorstel vir ’n omgewings bewuste, aanpasbare kommunikasie tegniek word bespreek met die doel om die spoed en afstand van kommunikasie te optimiseer.Dissertation (MEng)--University of Pretoria, 2011.Electrical, Electronic and Computer Engineeringunrestricte

Wireless wire - ultra-low-power and high-data-rate wireless communication systems

With the rapid development of communication technologies, wireless personal-area communication systems gain momentum and become increasingly important. When the market gets gradually saturated and the technology becomes much more mature, new demands on higher throughput push the wireless communication further into the high-frequency and high-data-rate direction. For example, in the IEEE 802.15.3c standard, a 60-GHz physical layer is specified, which occupies the unlicensed 57 to 64 GHz band and supports gigabit links for applications such as wireless downloading and data streaming. Along with the progress, however, both wireless protocols and physical systems and devices start to become very complex. Due to the limited cut-off frequency of the technology and high parasitic and noise levels at high frequency bands, the power consumption of these systems, especially of the RF front-ends, increases significantly. The reason behind this is that RF performance does not scale with technology at the same rate as digital baseband circuits. Based on the challenges encountered, the wireless-wire system is proposed for the millimeter wave high-data-rate communication. In this system, beamsteering directional communication front-ends are used, which confine the RF power within a narrow beam and increase the level of the equivalent isotropic radiation power by a factor equal to the number of antenna elements. Since extra gain is obtained from the antenna beamsteering, less front-end gain is required, which will reduce the power consumption accordingly. Besides, the narrow beam also reduces the interference level to other nodes. In order to minimize the system average power consumption, an ultra-low power asynchronous duty-cycled wake-up receiver is added to listen to the channel and control the communication modes. The main receiver is switched on by the wake-up receiver only when the communication is identified while in other cases it will always be in sleep mode with virtually no power consumed. Before transmitting the payload, the event-triggered transmitter will send a wake-up beacon to the wake-up receiver. As long as the wake-up beacon is longer than one cycle of the wake-up receiver, it can be captured and identified. Furthermore, by adopting a frequency-sweeping injection locking oscillator, the wake-up receiver is able to achieve good sensitivity, low latency and wide bandwidth simultaneously. In this way, high-data-rate communication can be achieved with ultra-low average power consumption. System power optimization is achieved by optimizing the antenna number, data rate, modulation scheme, transceiver architecture, and transceiver circuitries with regards to particular application scenarios. Cross-layer power optimization is performed as well. In order to verify the most critical elements of this new approach, a W-band injection-locked oscillator and the wake-up receiver have been designed and implemented in standard TSMC 65-nm CMOS technology. It can be seen from the measurement results that the wake-up receiver is able to achieve about -60 dBm sensitivity, 10 mW peak power consumption and 8.5 µs worst-case latency simultaneously. When applying a duty-cycling scheme, the average power of the wake-up receiver becomes lower than 10 µW if the event frequency is 1000 times/day, which matches battery-based or energy harvesting-based wireless applications. A 4-path phased-array main receiver is simulated working with 1 Gbps data rate and on-off-keying modulation. The average power consumption is 10 µW with 10 Gb communication data per day

Real-time signal detection and classification algorithms for body-centered systems

El principal motivo por el cual los sistemas de comunicación en el entrono corporal se desean con el objetivo de poder obtener y procesar señales biométricas para monitorizar e incluso tratar una condición médica sea ésta causada por una enfermedad o el rendimiento de un atleta. Dado que la base de estos sistemas está en la sensorización y el procesado, los algoritmos de procesado de señal son una parte fundamental de los mismos. Esta tesis se centra en los algoritmos de tratamiento de señales en tiempo real que se utilizan tanto para monitorizar los parámetros como para obtener la información que resulta relevante de las señales obtenidas. En la primera parte se introduce los tipos de señales y sensores en los sistemas en el entrono corporal. A continuación se desarrollan dos aplicaciones concretas de los sistemas en el entorno corporal así como los algoritmos que en las mismas se utilizan. La primera aplicación es el control de glucosa en sangre en pacientes con diabetes. En esta parte se desarrolla un método de detección mediante clasificación de patronones de medidas erróneas obtenidas con el monitor contínuo comercial "Minimed CGMS". La segunda aplicacióin consiste en la monitorizacióni de señales neuronales. Descubrimientos recientes en este campo han demostrado enormes posibilidades terapéuticas (por ejemplo, pacientes con parálisis total que son capaces de comunicarse con el entrono gracias a la monitorizacióin e interpretación de señales provenientes de sus neuronas) y también de entretenimiento. En este trabajo, se han desarrollado algoritmos de detección, clasificación y compresión de impulsos neuronales y dichos algoritmos han sido evaluados junto con técnicas de transmisión inalámbricas que posibiliten una monitorización sin cables. Por último, se dedica un capítulo a la transmisión inalámbrica de señales en los sistemas en el entorno corporal. En esta parte se estudia las condiciones del canal que presenta el entorno corporal para la transmisión de sTraver Sebastiá, L. (2012). Real-time signal detection and classification algorithms for body-centered systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/16188Palanci

A real-time packet scheduling system for a 6LoWPAN industrial application

Nowadays, the industrial Wireless Sensor Networks (WSN) are crucial for the monitoring and control of the modern smart factory floor that is relying on them for critical applications and tasks that were performed by wired systems in the past. For this reason, it is required that the transmission mechanisms of wireless sensor networks are efficient and robust and that they guarantee realtime responses with low data losses. Furthermore, it is required that they utilize common networking standards, such as the Internet Protocol (IP), that provides interoperability with already existing infrastructures and offers widely tested security and transmission control protocols. The theoretical part of this document focuses on the description of the current panorama of the industrial WSN, its applications, design challenges and standardizations. It describes the 6LoWPAN standard and the wireless transmission technology that it uses for its lower layers, the IEEE 802.15.4 protocol. Later, it describes the principles behind the wireless scheduling, a state-of-the-art in the IEEE 802.15.4 scheduled channel access and the features of the most used operating systems for WSN. The practical part presents the real-time packet scheduling system for a 6LoWPAN industrial application proposed by this thesis work that adapts the HSDPA scheduling mechanisms to the IEEE 802.15.4 beacon-enabled mode. The system implemented manages the channel access by allocating Guaranteed Time Slots to sensor nodes according to the priority given by three scheduling algorithms that can be selected according to the traffic condition of the network. The system proposed was programmed using Contiki OS. It is based on the eSONIA 6LoWPAN firmware developed for the European Research Project and it was deployed on the FAST WSN for testing. The results, discussion and conclusions are documented at the final sections of this part

Efficient DS-UWB MUD Algorithm Using Code Mapping and RVM

A hybrid multiuser detection (MUD) using code mapping and a wrong code recognition based on relevance vector machine (RVM) for direct sequence ultra wide band (DS-UWB) system is developed to cope with the multiple access interference (MAI) and the computational efficiency. A new MAI suppression mechanism is studied in the following steps: firstly, code mapping, an optimal decision function, is constructed and the output candidate code of the matched filter is mapped to a feature space by the function. In the feature space, simulation results show that the error codes caused by MAI and the single user mapped codes can be classified by a threshold which is related to SNR of the receiver. Then, on the base of code mapping, use RVM to distinguish the wrong codes from the right ones and finally correct them. Compared with the traditional MUD approaches, the proposed method can considerably improve the bit error ratio (BER) performance due to its special MAI suppression mechanism. Simulation results also show that the proposed method can approximately achieve the BER performance of optimal multiuser detection (OMD) and the computational complexity approximately equals the matched filter. Moreover, the proposed method is less sensitive to the number of users