Feasibility and Security Analysis of Wideband Ultrasonic Radio for Smart Home Applications

Smart home Internet-of-Things (IoT) accompanied by smart home apps has witnessed tremendous growth in the past few years. Yet, the security and privacy of the smart home IoT devices and apps have raised serious concerns, as they are getting increasingly complicated each day, expected to store and exchange extremely sensitive personal data, always on and connected, and commonly exposed to any users in a sensitive environment. Nowadays wireless smart home IoT devices rely on electromagnetic wave-based radio-frequency (RF) technology to establish fast and reliable quality network connections. However, RF has its limitations that can negatively affect the smart home user experience and even cause serious security issue, such as crowded spectrum resources and RF waves leakage. To overcome those limitations, people have to use technology with sophisticated time and frequency division management and rely on the assumptions that the attackers have limited computational power. In this thesis we propose URadio, a wideband ultrasonic communication system, using electrostatic ultrasonic transducers. We design and develop two different types of transducer membranes using two types of extremely thin materials, Aluminized Mylar Film (AMF) and reduced Graphene Oxide (rGO), for assembling transducers, which achieve at least 45 times more bandwidth than commercial transducers. Equipped with the new wideband transducers, an OFDM communication system is designed to better utilize the available 600 kHz wide bandwidth. Our experiments show that URadio can achieve an unprecedentedly 4.8 Mbps data rate with a communication range of 17 cm. The attainable communication range is increased to 31 cm and 35 cm with data rates of 1.2 Mbps and 0.6 Mbps using QPSK and BPSK, respectively. Although the current wideband system only supports short-range communication, it is expected to extend the transmission range with better acoustic engineering. Also, by conducting experiments to measure the ultrasonic adversaries\u27 eavesdropping and jamming performance, we prove that our system is physically secure even when exchanging plaintext data. Adviser: Qiben Ya

Acoustic-channel attack and defence methods for personal voice assistants

Personal Voice Assistants (PVAs) are increasingly used as interface to digital environments. Voice commands are used to interact with phones, smart homes or cars. In the US alone the number of smart speakers such as Amazon’s Echo and Google Home has grown by 78% to 118.5 million and 21% of the US population own at least one device. Given the increasing dependency of society on PVAs, security and privacy of these has become a major concern of users, manufacturers and policy makers. Consequently, a steep increase in research efforts addressing security and privacy of PVAs can be observed in recent years. While some security and privacy research applicable to the PVA domain predates their recent increase in popularity and many new research strands have emerged, there lacks research dedicated to PVA security and privacy. The most important interaction interface between users and a PVA is the acoustic channel and acoustic channel related security and privacy studies are desirable and required. The aim of the work presented in this thesis is to enhance the cognition of security and privacy issues of PVA usage related to the acoustic channel, to propose principles and solutions to key usage scenarios to mitigate potential security threats, and to present a novel type of dangerous attack which can be launched only by using a PVA alone. The five core contributions of this thesis are: (i) a taxonomy is built for the research domain of PVA security and privacy issues related to acoustic channel. An extensive research overview on the state of the art is provided, describing a comprehensive research map for PVA security and privacy. It is also shown in this taxonomy where the contributions of this thesis lie; (ii) Work has emerged aiming to generate adversarial audio inputs which sound harmless to humans but can trick a PVA to recognise harmful commands. The majority of work has been focused on the attack side, but there rarely exists work on how to defend against this type of attack. A defence method against white-box adversarial commands is proposed and implemented as a prototype. It is shown that a defence Automatic Speech Recognition (ASR) can work in parallel with the PVA’s main one, and adversarial audio input is detected if the difference in the speech decoding results between both ASR surpasses a threshold. It is demonstrated that an ASR that differs in architecture and/or training data from the the PVA’s main ASR is usable as protection ASR; (iii) PVAs continuously monitor conversations which may be transported to a cloud back end where they are stored, processed and maybe even passed on to other service providers. A user has limited control over this process when a PVA is triggered without user’s intent or a PVA belongs to others. A user is unable to control the recording behaviour of surrounding PVAs, unable to signal privacy requirements and unable to track conversation recordings. An acoustic tagging solution is proposed aiming to embed additional information into acoustic signals processed by PVAs. A user employs a tagging device which emits an acoustic signal when PVA activity is assumed. Any active PVA will embed this tag into their recorded audio stream. The tag may signal a cooperating PVA or back-end system that a user has not given a recording consent. The tag may also be used to trace when and where a recording was taken if necessary. A prototype tagging device based on PocketSphinx is implemented. Using Google Home Mini as the PVA, it is demonstrated that the device can tag conversations and the tagging signal can be retrieved from conversations stored in the Google back-end system; (iv) Acoustic tagging provides users the capability to signal their permission to the back-end PVA service, and another solution inspired by Denial of Service (DoS) is proposed as well for protecting user privacy. Although PVAs are very helpful, they are also continuously monitoring conversations. When a PVA detects a wake word, the immediately following conversation is recorded and transported to a cloud system for further analysis. An active protection mechanism is proposed: reactive jamming. A Protection Jamming Device (PJD) is employed to observe conversations. Upon detection of a PVA wake word the PJD emits an acoustic jamming signal. The PJD must detect the wake word faster than the PVA such that the jamming signal still prevents wake word detection by the PVA. An evaluation of the effectiveness of different jamming signals and overlap between wake words and the jamming signals is carried out. 100% jamming success can be achieved with an overlap of at least 60% with a negligible false positive rate; (v) Acoustic components (speakers and microphones) on a PVA can potentially be re-purposed to achieve acoustic sensing. This has great security and privacy implication due to the key role of PVAs in digital environments. The first active acoustic side-channel attack is proposed. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smartphone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movement can be monitored to steal Android unlock patterns. The number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel unnoticeable acoustic side-channel

Inaudible acoustics: Techniques and applications

This dissertation is focused on developing a sub-area of acoustics that we call inaudible acoustics. We have developed two core capabilities, (1) BackDoor and (2) Ripple, and demonstrated their use in various mobile and IoT applications. In BackDoor, we synthesize ultrasound signals that are inaudible to humans yet naturally recordable by all microphones. Importantly, the microphone does not require any modification, enabling billions of microphone-enabled devices, including phones, laptops, voice assistants, and IoT devices, to leverage the capability. Example applications include acoustic data beacons, acoustic watermarking, and spy-microphone jamming. In Ripple, we develop modulation and sensing techniques for vibratory signals that traverse through solid surfaces, enabling a new form of secure proximal communication. Applications of the vibratory communication system include on-body communication through imperceptible physical vibrations and device-device secure data transfer through physical contacts. Our prototypes include an inaudible jammer that secures private conversations from electronic eavesdropping, acoustic beacons for location-based information sharing, and vibratory communication in a smart-ring sending password through a finger touch. Our research also uncovers new security threats to acoustic devices. While simple abuse of inaudible jammer can disable hearing aids and cell phones, our work shows that voice interfaces, such as Amazon Echo, Google Home, Siri, etc., can be compromised through carefully designed inaudible voice commands. The contributions of this dissertation can be summarized in three primitives: (1) exploiting inherent hardware nonlinearity for sensing out-of-band signals, (2) developing the vibratory communication system for secure touch-based data exchange, and (3) structured information reconstruction from noisy acoustic signals. In developing these primitives, we draw from principles in wireless networking, digital communications, signal processing, and embedded design and translate them to completely functional systems

TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals

We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.Comment: 18 pages, 27 figures, ACM CCS'22 conferenc

THaW publications

In 2013, the National Science Foundation\u27s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project\u27s bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials and abstracts and associates each work with a URL where it may be found, cluster (category), several content tags, and a brief annotation summarizing the work\u27s contribution. For more information about THaW, visit thaw.org

A demonstration and comparative analysis of haptic performance using a Gough-Stewart platform as a wearable haptic feedback device

In many hazardous work environments, contact tasks ranging from manufacturing to disassembly to emergency response are performed by industrial manipulators. Due to the hazardous and complex nature of these environments, teleoperation is often employed. When such is the case, the operator is left to interpret a large amount of data during task completion due to the complexity of modern robotic systems and the possible complexity of the tasks. This information is usually processed visually but can lead to sensory overload. To mitigate this, the information processing can also be distributed through other modes of sensory such as auditory or haptic. The University of Texas at Austin's TeMoto hands-free interface reduces the burden on the operator of commanding remote systems by enabling the use of gestural and verbal commands to complete a range of tasks, but the removal of a mechanical interactive device from the operator interface complicates the inclusion of haptic feedback. In this work, a standalone Gough-Stewart platform previously configured as a wearable haptic feedback device for the Nuclear and Applied Robotics Group at the University of Texas at Austin provides real-time haptic feedback to the unconstrained hand(s) of the operator. In doing so, this haptic interface can be employed with the intent of enhancing situational awareness and minimizing operator stress by imparting forces and torques to the user based on those imparted on the end-effector of the industrial manipulator. While multiple technical issues and human factor issues must be addressed, this effort focuses on integrating the system and evaluating its performance for various industrial manipulator designs and sensor modalities. After testing various digital signal processing techniques, functionality was demonstrated among one series-elastic and two rigid industrial manipulators, each with different force/torque data acquisition characteristics and a comparative analysis in haptic performance was performed. Furthermore, it was demonstrated with the TeMoto hands-free teleoperation system. Overall, the demonstrations and experiments performed in this work prove the system to be a viable, hardware agnostic means of haptic feedback and a strong basis for future effortsMechanical Engineerin

An optical system for line-of-sight communication

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Includes bibliographical references (p. 95).We design and implement a system for short and medium range directional two-way wireless communication. The system uses infrared radiation to transmit and receive voice data digitally. We utilize narrow angle infrared light emitting diodes for transmission, directed across a reasonable angular range that allows the system to transmit across a narrow beam to the receiver, avoiding the dangers of detection, jamming, and eavesdropping that traditional omnidirectional radio transmission entails. On the receiving end, a wide-angle detector is used. The system is integrated inconspicuously into a military vest, allowing the wearer to communicate while on the field. In the working version of this system we use traditional semiconductor photodetectors and receivers. We also investigate the properties of optoelectronic fibers, novel semiconductor devices that can act as line detectors of light. We characterize these fibers, and analyze their potential for use as photodetecting devices in this system.by Agustya R. Mehta.M.Eng

Portfolio of Electroacoustic Compositions with Commentaries

This portfolio consists of electroacoustic compositions which were primarily realised through the use of corporeally informed compositional practices. The manner in which a composer interacts with the compositional tools and musical materials at their disposal is a defining factor in the creation of musical works. Although the use of computers in the practice of electroacoustic composition has extended the range of sonic possibilities afforded to composers, it has also had a negative impact on the level of physical interaction that composers have with these musical materials. This thesis is an investigation into the use of mediation technologies with the aim of circumventing issues relating to the physical performance of electroacoustic music. This line of inquiry has led me to experiment with embedded computers, wearable technologies, and a range of various sensors. The specific tools that were used in the creation of the pieces within this portfolio are examined in detail within this thesis. I also provide commentaries and analysis of the eleven electroacoustic works which comprise this portfolio, describing the thought processes that led to their inception, the materials used in their creation, and the tools and techniques that I employed throughout the compositional process