59 research outputs found
A Study of Wireless Network Security
I intend to make a survey in wireless data security since wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a wireless network has great benefits. However, wireless networking has many security issues. Hackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired network. As a result, it\u27s very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
My survey research may involve these following aspects: wireless network architecture, data security in wireless networks, secure data storage in wireless networks and so forth
Securing the Internet of Things Infrastructure - Standards and Techniques
The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed
Analyzing the secure simple pairing in Bluetooth v4.0
This paper analyzes the security of Bluetooth v4.0’s Secure Simple Pairing
(SSP) protocol, for both the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR)
and Bluetooth Low Energy (LE) operational modes. Bluetooth v4.0 is the latest version
of a wireless communication standard for low-speed and low-range data transfer among
devices in a human’s PAN. It allows increased network mobility among devices such
as headsets, PDAs, wireless keyboards and mice. A pairing process is initiated when
two devices desire to communicate, and this pairing needs to correctly authenticate
devices so that a secret link key is established for secure communication. What is
interesting is that device authentication relies on humans to communicate verification
information between devices via a human-aided out-of-band channel. Bluetooth v4.0’s
SSP protocol is designed to offer security against passive eavesdropping and man-inthe-
middle (MitM) attacks. We conduct the first known detailed analysis of SSP for all
its MitM-secure models. We highlight some issues related to exchange of public keys
and use of the passkey in its models and discuss how to treat them properly
Securing the internet of things infrastructure – standards and techniques
The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed
Security Threats Analysis in Bluetooth-Enabled Mobile Devices
Exponential growth of the volume of Bluetooth-enabled devices indicates that
it has become a popular way of wireless interconnections for exchanging
information. The main goal of this paper is to analyze the most critical
Bluetooth attacks in real scenarios. In order to find out the major
vulnerabilities in modern Bluetooth-enabled mobile devices several attacks have
performed successfully such as- Surveillance, Obfuscation, Sniffing,
Unauthorized Direct Data Access (UDDA) and Man-in-the-Middle Attack (MITM). To
perform the testbed, several devices are used such as mobile phones, laptops,
notebooks, wireless headsets, etc. and all the tests are carried out by
pen-testing software like hcittml, braudit, spoafiooph, hridump, bluesnarfer,
bluebugger and carwhisperer.
KEYWORDS: Bluetooth, Security, Surveillance, Obfuscation, Sniffing, Denial of
service, Man-in-the-middle.Comment: 16 page
A Mobile Secure Bluetooth-Enabled Cryptographic Provider
The use of digital X509v3 public key certificates, together with different standards
for secure digital signatures are commonly adopted to establish authentication proofs
between principals, applications and services. One of the robustness characteristics commonly
associated with such mechanisms is the need of hardware-sealed cryptographic
devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled
tokens or dongles. These devices support internal functions for management and storage
of cryptographic keys, allowing the isolated execution of cryptographic operations, with
the keys or related sensitive parameters never exposed.
The portable devices most widely used are USB-tokens (or security dongles) and internal
ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing
cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared,
also suitable to protect cryptographic operations and digital signatures for secure
identity and payment applications. The common characteristic of such devices is to offer
the required support to be used as secure cryptographic providers. Among the advantages
of those portable cryptographic devices is also their portability and ubiquitous use, but,
in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply
the need of readers, not always and not commonly available for generic smartphones
or users working with computing devices. Also, wireless-devices can be specialized or
require a development effort to be used as standard cryptographic providers.
An alternative to mitigate such problems is the possible adoption of conventional
Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely,
by client-side applications running in users’ devices, such as desktop or laptop
computers. However, the use of smartphones for safe storage and management of private
keys and sensitive parameters requires a careful analysis on the adversary model assumptions.
The design options to implement a practical and secure smartphone-enabled
cryptographic solution as a product, also requires the approach and the better use of
the more interesting facilities provided by frameworks, programming environments and
mobile operating systems services.
In this dissertation we addressed the design, development and experimental evaluation
of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and
supports on-demand Bluetooth-enabled cryptographic operations, including standard
digital signatures. The addressed mobile cryptographic provider can be used by applications
running on Windows-enabled computing devices, requesting digital signatures.
The solution relies on the secure storage of private keys related to X509v3 public certificates
and Android-based secure elements (SEs). With the materialized solution, an
application running in a Windows computing device can request standard digital signatures
of documents, transparently executed remotely by the smartphone regarded as a
standard cryptographic provider
Man-in-the-Middle Attack and its Countermeasure in Bluetooth Secure Simple Pairing
With the development of more types of devices which have Bluetooth as a primary option to communicate, the importance of secure communication is growing. Bluetooth provides a short range wireless communication between devices making convenient for users and thus eliminating the need for messy cables.
The proliferation of the Bluetooth devices in the workplace exposes organizations to security risks. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attack, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation. Preventing unauthorized users from secure communication is a challenge to the pairing process.
The Man-in-the-Middle attack is based on sending random signals to jam the physical layer of legitimate user and then by falsification of information sent during the input/output capabilities exchange; also the fact that the security of the protocol is likely to be limited by the capabilities of the least powerful or the least secure device type. In addition, proposed a countermeasure that render the attack impractical. We have shown that, the proposed method can withstand the MITM attack and achieving all the security needs like authenticity, confidentiality, integrity and availability as well as it is an improvement to the existing Bluetooth secure simple pairing in order to make it more secure
Deteção de intrusões de rede baseada em anomalias
Dissertação de mestrado integrado em Eletrónica Industrial e ComputadoresAo longo dos últimos anos, a segurança de hardware e software tornou-se uma grande preocupação. À medida
que a complexidade dos sistemas aumenta, as suas vulnerabilidades a sofisticadas técnicas de ataque têm
proporcionalmente escalado. Frequentemente o problema reside na heterogenidade de dispositivos conectados ao
veículo, tornando difícil a convergência da monitorização de todos os protocolos num único produto de segurança.
Por esse motivo, o mercado requer ferramentas mais avançadas para a monitorizar ambientes críticos à vida
humana, tais como os nossos automóveis.
Considerando que existem várias formas de interagir com os sistemas de entretenimento do automóvel como
o Bluetooth, o Wi-fi ou CDs multimédia, a necessidade de auditar as suas interfaces tornou-se uma prioridade,
uma vez que elas representam um sério meio de aceeso à rede interna do carro. Atualmente, os mecanismos de
segurança de um carro focam-se na monitotização da rede CAN, deixando para trás as tecnologias referidas e não
contemplando os sistemas não críticos. Como exemplo disso, o Bluetooth traz desafios diferentes da rede CAN,
uma vez que interage diretamente com o utilizador e está exposto a ataques externos.
Uma abordagem alternativa para tornar o automóvel num sistema mais robusto é manter sob supervisão as
comunicações que com este são estabelecidas. Ao implementar uma detecção de intrusão baseada em anomalias,
esta dissertação visa analisar o protocolo Bluetooth no sentido de identificar interações anormais que possam
alertar para uma situação fora dos padrões de utilização. Em última análise, este produto de software embebido
incorpora uma grande margem de auto-aprendizagem, que é vital para enfrentar quaisquer ameaças desconhecidas
e aumentar os níveis de segurança globais. Ao longo deste documento, apresentamos o estudo do problema seguido
de uma metodologia alternativa que implementa um algoritmo baseado numa LSTM para prever a sequência de
comandos HCI correspondentes a tráfego Bluetooth normal. Os resultados mostram a forma como esta abordagem
pode impactar a deteção de intrusões nestes ambientes ao demonstrar uma grande capacidade para identificar padrões anómalos no conjunto de dados considerado.In the last few years, hardware and software security have become a major concern. As the systems’ complexity
increases, its vulnerabilities to several sophisticated attack techniques have escalated likewise. Quite often, the
problem lies in the heterogeneity of the devices connected to the vehicle, making it difficult to converge the monitoring
systems of all existing protocols into one security product. Thereby, the market requires more refined tools to monitor
life-risky environments such as personal vehicles.
Considering that there are several ways to interact with the car’s infotainment system, such as Wi-fi, Bluetooth,
or CD player, the need to audit these interfaces has become a priority as they represent a serious channel to reach
the internal car network. Nowadays, security in car networks focuses on CAN bus monitoring, leaving behind the
aforementioned technologies and not contemplating other non-critical systems. As an example of these concerns,
Bluetooth brings different challenges compared to CAN as it interacts directly with the user, being exposed to external
attacks.
An alternative approach to converting modern vehicles and their set of computers into more robust systems
is to keep track of established communications with them. By enforcing anomaly-based intrusion detection this
dissertation aims to analyze the Bluetooth protocol to identify abnormal user interactions that may alert for a non conforming pattern. Ultimately, such embedded software product incorporates a self-learning edge, which is vital to
face newly developed threats and increasing global security levels. Throughout this document, we present the study
case followed by an alternative methodology that implements an LSTM based algorithm to predict a sequence of
HCI commands corresponding to normal Bluetooth traffic. The results show how this approach can impact intrusion
detection in such environments by expressing a high capability of identifying abnormal patterns in the considered
data
Generic and Parameterizable Service for Remote Configuration of Mobile Phones Using Near Field Communication
Os serviços nos nossos dispositivos móveis têm aumentado em número e complexidade nos últimos anos. Utilizadores menos experientes sentem dificuldade em tirar total partido destes serviços. De forma a atenuar este problema, é necessário encontrar novas e inovadoras formas que permitam assistir o utilizador no processo de configuração. Para além disso, vivemos numa sociedade do imediato. As pessoas querem que o acesso aos recursos seja rápido, simples e seguro. É também sabido que grande parte dos utilizadores são leigos no que diz respeito à utilização de funcionalidades avançadas dos dispositivos móveis, o que resulta em alguma inércia no uso de certas aplicações e funcionalidades.O Near Field Communication oferece uma oportunidade única para introduzir novos paradigmas de negócio no que diz respeito à interação e facilidade de utilização. Esta dissertação especifica um serviço genérico e parametrizável para a configuração remota de dispositivos.Mobile services have increased both in number and complexity in the past few years. This means that in order to get the most out of these services, less experienced users will have a hard time configuring them by hand. To address this issue, we must find new and innovative solutions to assist the user in this process. Furthermore, we live in a society of the immediate. Everyone wants access to resources to be fast, simple and secure. It is also known that most of the users are laymen when referring to advanced configuration of mobile phone, resulting in some inertia in the use of applications and functionalities.Near Field Communication (NFC) provides an unique opportunity to introduce new business paradigms in terms of interaction and ease of use. This dissertation specifies a generic and parameterizable service for remote configuration of mobile devices using Near Field Communication, which requires minimal user intervention
- …