1,106 research outputs found
Recommended from our members
COVERT COMMUNICATIONS IN CONTINUOUS-TIME SYSTEMS
This dissertation studies covert wireless communications where a transmitter (Alice) intends to transmit messages to a legitimate receiver (Bob) such that the presence of the message is hidden from an attentive warden (Willie). Here we consider pertinent aspects of covert communications that focus on moving such systems closer to implementation. For example, previous studies use the standard discrete-time communication model when analyzing covert communications, since this is commonly assumed without loss of generality in standard communication theory. However, it is not clear that such a model captures the salient aspects of the continuous-time covert communications problem. A power detector that is optimal for the warden in a discrete-time covert communications scenario may not be optimal on a continuous- time model. Thus, it is of interest to consider this more realistic model for physical channels. After analyzing a power optimization problem using the standard discrete-time model, we move to the key part of system implementation: the instantiation in true continuous-time systems of the discrete-time models studied to this point in the literature. A key goal is to examine Willie’s detection capability on a continuous-time model and study how the limits of covert communications change from the discrete-time case. In particular, we show that detectors for Willie can benefit from the continuous-time setting and outperform detectors based on the discrete-time model; not surprisingly, this has a significant impact on the true covert throughput of the system. Nevertheless, we establish constructions such that efficient covert communications can still be achieved in a continuous-time model, and prove the fundamental limit on the covert communication rate. After considering the continuous-time problem in detail, we then turn to addressing another limitation of previous work - the requirement for an intentional jammer to facilitate efficient covert communication. Instead, we consider how to exploit a pre-existing interference source – a radar - to achieve covert communication. We establish a covert communication scheme in such an environment, and analyze the corresponding covert rate. Finally, we consider the use of a detection technique similar to that in the covert communications problem, in the area of quantized signal detection
Achieving Covert Wireless Communications Using a Full-Duplex Receiver
Covert communications hide the transmission of a message from a watchful
adversary while ensuring a certain decoding performance at the receiver. In
this work, a wireless communication system under fading channels is considered
where covertness is achieved by using a full-duplex (FD) receiver. More
precisely, the receiver of covert information generates artificial noise with a
varying power causing uncertainty at the adversary, Willie, regarding the
statistics of the received signals. Given that Willie's optimal detector is a
threshold test on the received power, we derive a closed-form expression for
the optimal detection performance of Willie averaged over the fading channel
realizations. Furthermore, we provide guidelines for the optimal choice of
artificial noise power range, and the optimal transmission probability of
covert information to maximize the detection errors at Willie. Our analysis
shows that the transmission of artificial noise, although causes
self-interference, provides the opportunity of achieving covertness but its
transmit power levels need to be managed carefully. We also demonstrate that
the prior transmission probability of 0.5 is not always the best choice for
achieving the maximum possible covertness, when the covert transmission
probability and artificial noise power can be jointly optimized.Comment: 13 pages, 11 figures, Accepted for publication in IEEE Transactions
on Wireless Communication
Selective Jamming of LoRaWAN using Commodity Hardware
Long range, low power networks are rapidly gaining acceptance in the Internet
of Things (IoT) due to their ability to economically support long-range sensing
and control applications while providing multi-year battery life. LoRa is a key
example of this new class of network and is being deployed at large scale in
several countries worldwide. As these networks move out of the lab and into the
real world, they expose a large cyber-physical attack surface. Securing these
networks is therefore both critical and urgent. This paper highlights security
issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow
modulation type in the protocol. We exploit these issues to develop a suite of
practical attacks based around selective jamming. These attacks are conducted
and evaluated using commodity hardware. The paper concludes by suggesting a
range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi
Achieving Covert Communication With A Probabilistic Jamming Strategy
In this work, we consider a covert communication scenario, where a
transmitter Alice communicates to a receiver Bob with the aid of a
probabilistic and uninformed jammer against an adversary warden's detection.
The transmission status and power of the jammer are random and follow some
priori probabilities. We first analyze the warden's detection performance as a
function of the jammer's transmission probability, transmit power distribution,
and Alice's transmit power. We then maximize the covert throughput from Alice
to Bob subject to a covertness constraint, by designing the covert
communication strategies from three different perspectives: Alice's
perspective, the jammer's perspective, and the global perspective. Our analysis
reveals that the minimum jamming power should not always be zero in the
probabilistic jamming strategy, which is different from that in the continuous
jamming strategy presented in the literature. In addition, we prove that the
minimum jamming power should be the same as Alice's covert transmit power,
depending on the covertness and average jamming power constraints. Furthermore,
our results show that the probabilistic jamming can outperform the continuous
jamming in terms of achieving a higher covert throughput under the same
covertness and average jamming power constraints
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
It is known that attackers can exfiltrate data from air-gapped computers
through their speakers via sonic and ultrasonic waves. To eliminate the threat
of such acoustic covert channels in sensitive systems, audio hardware can be
disabled and the use of loudspeakers can be strictly forbidden. Such audio-less
systems are considered to be \textit{audio-gapped}, and hence immune to
acoustic covert channels.
In this paper, we introduce a technique that enable attackers leak data
acoustically from air-gapped and audio-gapped systems. Our developed malware
can exploit the computer power supply unit (PSU) to play sounds and use it as
an out-of-band, secondary speaker with limited capabilities. The malicious code
manipulates the internal \textit{switching frequency} of the power supply and
hence controls the sound waveforms generated from its capacitors and
transformers. Our technique enables producing audio tones in a frequency band
of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply
without the need for audio hardware or speakers. Binary data (files,
keylogging, encryption keys, etc.) can be modulated over the acoustic signals
and sent to a nearby receiver (e.g., smartphone). We show that our technique
works with various types of systems: PC workstations and servers, as well as
embedded systems and IoT devices that have no audio hardware at all. We provide
technical background and discuss implementation details such as signal
generation and data modulation. We show that the POWER-SUPPLaY code can operate
from an ordinary user-mode process and doesn't need any hardware access or
special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive
data can be exfiltrated from air-gapped and audio-gapped systems from a
distance of five meters away at a maximal bit rates of 50 bit/sec
- …