Acoustic Cybersecurity: Exploiting Voice-Activated Systems

In this study, we investigate the emerging threat of inaudible acoustic attacks targeting digital voice assistants, a critical concern given their projected prevalence to exceed the global population by 2024. Our research extends the feasibility of these attacks across various platforms like Amazon's Alexa, Android, iOS, and Cortana, revealing significant vulnerabilities in smart devices. The twelve attack vectors identified include successful manipulation of smart home devices and automotive systems, potential breaches in military communication, and challenges in critical infrastructure security. We quantitatively show that attack success rates hover around 60%, with the ability to activate devices remotely from over 100 feet away. Additionally, these attacks threaten critical infrastructure, emphasizing the need for multifaceted defensive strategies combining acoustic shielding, advanced signal processing, machine learning, and robust user authentication to mitigate these risks

Smart Ordering Application for Assigning Sequence Numbers to Customers at Offline Sites

In this paper, we propose a new smart ordering application for assigning sequence numbers to customers. This system has advantages over existing ordering systems, for example, it does not require identifying information such as phone numbers or social network IDs, and could therefore protect customer data. In this system, inaudible high frequencies between 18 kHz and 22 kHz are used for communication between speaker and microphone. To evaluate performance, the system was tested across smart devices including the Galaxy S7 and S8, and iPhones 6, 7, and 8, and the results showed a success rate of 98.7%. The proposed system could be a useful service technology for offline sites that need to assign sequence numbers to customers because of high visitor rates

Information Leakage Attacks and Countermeasures

The scientific community has been consistently working on the pervasive problem of information leakage, uncovering numerous attack vectors, and proposing various countermeasures. Despite these efforts, leakage incidents remain prevalent, as the complexity of systems and protocols increases, and sophisticated modeling methods become more accessible to adversaries. This work studies how information leakages manifest in and impact interconnected systems and their users. We first focus on online communications and investigate leakages in the Transport Layer Security protocol (TLS). Using modern machine learning models, we show that an eavesdropping adversary can efficiently exploit meta-information (e.g., packet size) not protected by the TLS’ encryption to launch fingerprinting attacks at an unprecedented scale even under non-optimal conditions. We then turn our attention to ultrasonic communications, and discuss their security shortcomings and how adversaries could exploit them to compromise anonymity network users (even though they aim to offer a greater level of privacy compared to TLS). Following up on these, we delve into physical layer leakages that concern a wide array of (networked) systems such as servers, embedded nodes, Tor relays, and hardware cryptocurrency wallets. We revisit location-based side-channel attacks and develop an exploitation neural network. Our model demonstrates the capabilities of a modern adversary but also presents an inexpensive tool to be used by auditors for detecting such leakages early on during the development cycle. Subsequently, we investigate techniques that further minimize the impact of leakages found in production components. Our proposed system design distributes both the custody of secrets and the cryptographic operation execution across several components, thus making the exploitation of leaks difficult

Sensor-Based Covert Channels on Mobile Devices

Smartphones have become ubiquitous in our daily activities, having billions of active users worldwide. The wide range of functionalities of modern mobile devices is enriched by many embedded sensors. These sensors, accessible by third-party mobile applications, pose novel security and privacy threats to the users of the devices. Numerous research works demonstrate that user keystrokes, location, or even speech can be inferred based on sensor measurements. Furthermore, the sensor itself can be susceptible to external physical interference, which can lead to attacks on systems that rely on sensor data. In this dissertation, we investigate how reaction of sensors in mobile devices to malicious physical interference can be exploited to establish covert communication channels between otherwise isolated devices or processes. We present multiple covert channels that use sensors’ reaction to electromagnetic and acoustic interference to transmit sensitive data from nearby devices with no dedicated equipment or hardware modifications. In addition, these covert channels can also transmit information between applications within a mobile device, breaking the logical isolation enforced by the operating system. Furthermore, we discuss how sensor-based covert channels can affect privacy of end users by tracking their activities on two different devices or across two different applications on the same device. Finally, we present a framework that automatically identifies covert channels that are based on physical interference between hardware components of mobile devices. As a result of the experimental evaluation, we can confirm previously known covert channels on smartphones, and discover novel sources of cross-component interference that can be used to establish covert channels. Focusing on mobile platforms in this work, we aim to show that it is of crucial importance to consider physical covert channels when assessing the security of the systems that rely on sensors, and advocate for holistic approaches that can proactively identify and estimate corresponding security and privacy risks

처프 신호를 이용한 음파 통신 기법 연구

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2014. 8. 최성현.Todays smart devices such as smartphones and tablet/wearable PCs are equipped with voice user interface (UI) in order to support intuitive command input from users. Speakers and microphones of the voice UI are generally used to play and record human voice and/or environmental sound, respectively. Accordingly, various aerial acoustic communication techniques have been introduced to utilize the voice UI as an additional communication interface beyond WiFi and/or Bluetooth. Smart devices are especially suitable for the aerial acoustic communication since the application processor (AP) of smart devices can process the sound to embed or fetch information in it. That is, smart devices work similar to software defined radio platform. The aerial acoustic communication is also very versatile as any audio interface can be utilized as a communication interface. In this dissertation, we propose an aerial acoustic communication technique using inaudible chirp signal as well as corresponding receiver architecture for smart devices. We additionally introduce the applications of the proposed communication technique in indoor environments. We begin the receiver design for aerial acoustic communication by measuring the characteristics of indoor acoustic channel, composed of speaker, air-medium, and microphone. Our experimental research reveals that the indoor acoustic channel typically has long delay spread (approximately 40 msec), and it is very frequency-selective due to the frequency response of audio interfaces. We also show that legacy physical layer (PHY) modulation schemes such as phase/frequency shift keying (PSK/FSK) are likely to fail in this indoor acoustic channel, especially in long communication scenarios, due mainly to the instability of local oscillator and frequency selectivity of audio interfaces. In order to resolve the above-mentioned problems, we use chirp signals for the aerial acoustic communication. The proposed acoustic receiver supports long-range communication independent of the device characteristics over the severely frequency-selective acoustic channel with large delay spread. The chirp signal has time-varying frequency with a specific frequency sweeping rate. The chirp signal was widely used for radar applications due to its capability of resolving multi-path propagation. However, this dissertation is the first study of adopting chirp signal in aerial acoustic communications for smart devices. The proposed receiver architecture of chirp binary orthogonal keying (BOK) can be easily implemented via fast Fourier transform (FFT) in smart devices application layer. Via extensive experimental results, we verify that the proposed chirp signal can deliver data at 16 bps up to 25 m distance in typical indoor environments, which is drastically extended compared to the few meters of previous research. The data rate of 16 bps is enough to deliver short identification (ID) in indoor environments. The exemplary applications with this short ID can be multimedia content recognition and indoor location tracking. The low data rate, however, might be a huddle of the proposed system to be applied to the services that require high data rate. We design a backend server architecture in order to compensate for the low data rate and widen the application extent of the proposed receiver. The smart devices can send queries in order to refer to the backend server for additional information that is related with the received ID. We also propose an energy-efficient recording and processing method for the acoustic signal detection. Note that it would consume huge amount of energy if the smart devices contiguously sensed the acoustic signal for 24 hours. The smart devices instead control the sensing (i.e., recording) timing so that it is activated only when there exists chirp signal. This can drastically extend the battery lifetime by removing unnecessary signal processing. We also present two application examples of the proposed receiver, namely, (1) TV content recognition, and (2) indoor location tracking, including technical discussions on their implementations. Experiments and field tests validate the feasibility of the proposed aerial acoustic communication in practical environments.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Acoustic communication . . . . . . . . . . . . . . . . . 1 1.1.1 Underwater acoustic communication . . . . . 2 1.1.2 Aerial acoustic communication . . . . . . . . . . 3 1.2 Overview of Existing Approaches . . . . . . . . . . . 5 1.2.1 Indoor Location Tracking . . . . . . . . . . . . . . . 5 1.2.2 Data Communication using Acoustic Signal . 7 1.2.3 Commercial Services . . . . . . . . . . . . . . . . . . 9 1.2.4 Limitations of Previous Work . . . . . . . . . . . 10 1.3 Main Contributions . . . . . . . . . . . . . . . . . . . . . 11 1.3.1 Acoustic Channel and PHY Analysis . . . . . . 12 1.3.2 Receiver Design for Acoustic Chirp BOK . . . 12 1.3.3 Applications of Chirp BOK Receiver . . . . . . 13 1.4 Organization of the Dissertation . . . . . . . . . . 13 2 Acoustic Channel and PHY Analysis . . . . . . . . . . 15 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Characteristics of Indoor Acoustic Channel . . 18 2.2.1 Hearing Threshold of Human . . . . . . . . . . . 18 2.2.2 Frequency Response of Various Audio Interfaces . 21 2.2.3 Delay Spread of Acoustic Channel . . . . . . . . 25 2.3 Revisit of Existing Modulation Schemes . . . . . . 26 2.3.1 Case Study: Phase Shift Keying . . . . . . . . . . 28 2.3.2 Case Study: Frequency Shift Keying . . . . . . . 35 2.3.3 Chirp Binary Orthogonal Keying (BOK) . . . . 40 2.4 Performance Evaluation of PHY Modulation Schemes . 42 2.4.1 Experimental Environment . . . . . . . . . . . . . . 44 2.4.2 PSK Demodulator . . . . . . . . . . . . . . . . . . . . . 44 2.4.3 FSK Demodulator . . . . . . . . . . . . . . . . . . . . . 45 2.4.4 BER of PHY Modulation Schemes . . . . . . . . . 46 2.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3 Receiver Design for Acoustic Chirp BOK . . . . . . . 49 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.2 Chirp Signals and Matched Filter Receiver . . . . . 51 3.2.1 Notation of Chirp Signals . . . . . . . . . . . . . . . 51 3.2.2 Matched Filter and FFT . . . . . . . . . . . . . . . . . 53 3.2.3 Envelope Detection of Chirp Auto Correlation . 55 3.3 System Design and Receiver Architecture . . . . . . 59 3.3.1 Frame and Symbol Design . . . . . . . . . . . . . . . 60 3.3.2 Signal Reception Process . . . . . . . . . . . . . . . . 63 3.3.3 Receiver Architecture . . . . . . . . . . . . . . . . . . . 65 3.3.4 Symbol combining for BER enhancement . . . . 68 3.4 Performance Evaluation of Chirp BOK Receiver . . 73 3.4.1 Experimental Environment . . . . . . . . . . . . . . . . 74 3.4.2 Transmission Range in Indoor Environment . . . 74 3.4.3 Multi-path Resolution Capability of Chirp Signal . 75 3.4.4 Symbol Sampling and Doppler Shift . . . . . . . . . 82 3.4.5 Selective combining . . . . . . . . . . . . . . . . . . . . . 85 3.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4 Applications of Chirp BOK Receiver . . . . . . . . . . . . . . 90 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 4.2 Backend Server Architecture . . . . . . . . . . . . . . . . . . 93 4.2.1 Implementation of Backend Server . . . . . . . . . . 93 4.2.2 Operation of Backend Server . . . . . . . . . . . . . . 95 4.3 Low Power Operation for Smart Devices . . . . . . . . 98 4.3.1 Reception Process of Chirp BOK receiver . . . . . . 98 4.3.2 Revisit of Signal Detection in Wireless Communications ... 100 4.3.3 Chirp Signal Detection using PSD . . . . . . . . . . . 102 4.3.4 Performance Evaluation of Signal Detection Algorithm . 105 4.4 Applications of Chirp BOK Receiver and Feasibility Test . . 110 4.4.1 TV Content Recognition . . . . . . . . . . . . . . . . . . . 111 4.4.2 Indoor Location Tracking in Seoul Subway . . . . . 114 4.4.3 Device to Device Communication . . . . . . . . . . . . 118 4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 5 Conclusion and Future Work . . . . . . . . . . . . . . . . . . . 123 5.1 Research Contributions . . . . . . . . . . . . . . . . . . . . . . 123 5.2 Future Work and Concluding Remark . . . . . . . . . . 125 Abstract (In Korean) . . . . . . . . . . . . . . . . . . . . . . . . 136Docto

Audio beacon technologies, surveillance and social order

This thesis explores audio beacon technology with the aim of elucidating the implications of this technology for the individual in contemporary society. Audio beacons are hidden inside digital devices. They emit and receive high frequency audio signals which are inaudible to the human ear, thereby generating and transmitting data without our knowledge. The motivation for this research is to raise awareness of the prevalence of audio beacon technologies and to explore their implications for contemporary society. The research takes an interdisciplinary approach involving – 1) a survey of audio beacon technology, 2) a contextualization in terms of contemporary theories of surveillance and control and 3) an interpretation in terms of 20th century dystopian literature. The hidden surveillance and privacy of this technology is examined mainly through the humanistic perspective of George Orwell’s book Nineteen Eighty-Four. The general conclusion formed is that audio beacon technologies can serve as a surveillance method enhancing authoritarian and exploitative regimes. To mitigate the negative impacts of audio beacons, this research proposes two types of solutions – 1) individual actions that will have an immediate effect and 2) governmental legislation that can improve privacy in the longer term. Both of these solutions cannot happen without a raised public awareness, towards which this research hopes to make a contribution. Finally, this research introduces the notion of a \u27digital paradox\u27 in which the dystopian worlds of George Orwell and Aldous Huxley are brought together in order to characterize surveillance and control in contemporary society

Asynchronous Ultrasonic Trilateration for Indoor Positioning of Mobile Phones

Spatial awareness is fast becoming the key feature on today‟s mobile devices. While accurate outdoor navigation has been widely available for some time through Global Positioning Systems (GPS), accurate indoor positioning is still largely an unsolved problem. One major reason for this is that GPS and other Global Navigation Satellite Systems (GNSS) systems offer accuracy of a scale far different to that required for effective indoor navigation. Indoor positioning is also hindered by poor GPS signal quality, a major issue when developing dedicated indoor locationing systems. In addition, many indoor systems use specialized hardware to calculate accurate device position, as readily available wireless protocols have so far not delivered sufficient levels of accuracy. This research aims to investigate how the mobile phone‟s innate ability to produce sound (notably ultrasound) can be utilised to deliver more accurate indoor positioning than current methods. Experimental work covers limitations of mobile phone speakers in regard to generation of high frequencies, propagation patternsof ultrasound and their impact on maximum range, and asynchronous trilateration. This is followed by accuracy and reliability tests of an ultrasound positioning system prototype.This thesis proposes a new method of positioning a mobile phone indoors with accuracy substantially better than other contemporary positioning systems available on off-theshelf mobile devices. Given that smartphones can be programmed to correctly estimate direction, this research outlines a potentially significant advance towards a practical platform for indoor Location Based Services. Also a novel asynchronous trilateration algorithm is proposed that eliminates the need for synchronisation between the mobile device and the positioning infrastructure