Security Analysis of the Internet of Things Using Digital Forensic and Penetration Testing Tools

We exist in a universe where everything is related to the internet or each other like smart TVs, smart telephones, smart thermostat, cars and more. Internet of Things has become one of the most talked about technologies across the world and its applications range from the control of home appliances in a smart home to the control of machines on the production floor of an industry that requires less human intervention in performing basic daily tasks. Internet of Things has rapidly developed without adequate attention given to the security and privacy goals involved in its design and implementation. This document contains three research projects all centered on how to improve user\u27s data privacy and security in the Internet of Things. The first research provides a detailed analysis of the Internet of Things architecture, some security vulnerabilities, and countermeasures. We went on to discuss some solutions to these issues and presented some available Internet of Things simulators that could be used to test Internet of Things systems. In the second research, we explored privacy and security challenges faced by consumers of smart devices in this case we used an Amazon Echo Dot as our case study. During this research, we were able to compare two different digital forensic tools to see which performed better at extracting information from the device and if the device observes best practices for user data privacy. In the third research project, we used a tool called GATTacker to exploit security vulnerabilities of a Bluetooth Low Energy device and provide security awareness to users

Blind guide: anytime, anywhere

Sight dominates our mental life, more than any other sense. Even when we are just thinking about something the world, we end imagining what looks like. This rich visual experience is part of our lives. People need the vision for two complementary reasons. One of them is vision give us the knowledge to recognize objects in real time. The other reason is vision provides us the control one need to move around and interact with objects. Eyesight helps people to avoid dangers and navigate in our world. Blind people usually have enhanced accuracy and sensibility of their other natural senses to sense their surroundings. But sometimes this is not enough because the human senses can be affected by external sources of noise or disease. Without any foreign aid or device, sightless cannot navigate in the world. Many assistive tools have been developed to help blind people. White canes or guide dogs help blind in their navigation. Each device has their limitation. White canes cannot detect head level obstacles, drop-offs, and obstructions over a meter away. The training of a guide dog takes a long time, almost five years in some cases. The sightless also needs training and is not a solution for everybody. Taking care of a guide dog can be expensive and time consuming. Humans have developed technology for helping us in every aspect of our lives. The primary goal of technology is helping people to improve their quality of life. Technology can assist us with our limitations. Wireless sensor networks is a technology that has been used to help people with disabilities. In this dissertation, the author proposes a system based on this technology called Blind Guide. Blind Guide is an artifact that helps blind people to navigate in indoors or outdoors scenarios. The prototype is portable assuring that can be used anytime and anywhere. The system is composed of wireless sensors that can be used in different parts of the body. The sensors detect an obstacle and inform the user with an audible warning providing a safety walk to the users. A great feature about Blind Guide is its modularity. The system can adapt to the needs of the user and can be used in a combination with other solution. For example, Blind Guide can be used in conjunction with the white cane. The white cane detects obstacles below waist level and a Blind Guide wireless sensor in the forehead can detect obstacles at the head level. This feature is important because some sightless people feel uncomfortable without the white cane. The system is scalable giving us the opportunity to create a network of interconnected Blind Guide users. This network can store the exact location and description of the obstacles found by the users. This information is public for all users of this system. This feature reduces the time required for obstacle detection and consequent energy savings, thus increasing the autonomy of the solution. One of the main requirements for the development of this prototype was to design a low-cost solution that can be accessible for anyone around the world. All the components of the solution can provide a low-cost solution, easily obtainable and at a low cost. Technology makes our life easier and it must be available for anyone. Modularity, portability, scalability, the possibility to work in conjunction with other solutions, detecting objects that other solutions cannot, obstacle labeling, a network of identified obstacles and audible warnings are the main aspects of the Blind Guide system. All these aspects makes Blind Guide an anytime, anywhere solution for blind people. Blind Guide was tested with a group of volunteers. The volunteers were sightless and from different ages. The trials performed to the system show us positive results. The system successfully detected incoming obstacles and informed in real time to its users. The volunteers gave us a positive feedback telling that they felt comfortable using the prototype and they believe that the system can help them with their daily routine

The Bits of Silence : Redundant Traffic in VoIP

Human conversation is characterized by brief pauses and so-called turn-taking behavior between the speakers. In the context of VoIP, this means that there are frequent periods where the microphone captures only background noise – or even silence whenever the microphone is muted. The bits transmitted from such silence periods introduce overhead in terms of data usage, energy consumption, and network infrastructure costs. In this paper, we contribute by shedding light on these costs for VoIP applications. We systematically measure the performance of six popular mobile VoIP applications with controlled human conversation and acoustic setup. Our analysis demonstrates that significant savings can indeed be achievable - with the best performing silence suppression technique being effective on 75% of silent pauses in the conversation in a quiet place. This results in 2-5 times data savings, and 50-90% lower energy consumption compared to the next better alternative. Even then, the effectiveness of silence suppression can be sensitive to the amount of background noise, underlying speech codec, and the device being used. The codec characteristics and performance do not depend on the network type. However, silence suppression makes VoIP traffic network friendly as much as VoLTE traffic. Our results provide new insights into VoIP performance and offer a motivation for further enhancements, such as performance-aware codec selection, that can significantly benefit a wide variety of voice assisted applications, as such intelligent home assistants and other speech codec enabled IoT devices.Peer reviewe

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Naval Reserve support to information Operations Warfighting

Since the mid-1990s, the Fleet Information Warfare Center (FIWC) has led the Navy's Information Operations (IO) support to the Fleet. Within the FIWC manning structure, there are in total 36 officer and 84 enlisted Naval Reserve billets that are manned to approximately 75 percent and located in Norfolk and San Diego Naval Reserve Centers. These Naval Reserve Force personnel could provide support to FIWC far and above what they are now contributing specifically in the areas of Computer Network Operations, Psychological Operations, Military Deception and Civil Affairs. Historically personnel conducting IO were primarily reservists and civilians in uniform with regular military officers being by far the minority. The Naval Reserve Force has the personnel to provide skilled IO operators but the lack of an effective manning document and training plans is hindering their opportunity to enhance FIWC's capabilities in lull spectrum IO. This research investigates the skill requirements of personnel in IO to verify that the Naval Reserve Force has the talent base for IO support and the feasibility of their expanded use in IO.http://archive.org/details/navalreservesupp109451098

Intelligent Voice Assistant Extended Through Voice Relay System

Intelligent voice assistants provide powerful functionality for consumers, but require relatively expensive general purpose processors, audio digital signal processors, local hotword detection and voice library modules, and more. To get whole-home voice assistant coverage, consumers typically need to purchase separate, fully functional intelligent voice assistant devices for each room, which gets to be expensive and unwieldy. Each device takes up an outlet and adds bulk to each room. Furthermore, when multiple intelligent voice assistant devices are in close proximity, they may each respond to the same voice input at the same time from a user

Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication

Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate devices. This requires a common hardware interface, which limits the use of existing SDP systems. We propose to use short-range acoustic communication for the initial pairing. Audio hardware is commonly available on existing off-the-shelf devices and can be accessed from user space without requiring firmware or hardware modifications. We improve upon previous approaches by designing Acoustic Integrity Codes (AICs): a modulation scheme that provides message authentication on the acoustic physical layer. We analyze their security and demonstrate that we can defend against signal cancellation attacks by designing signals with low autocorrelation. Our system can detect overshadowing attacks using a ternary decision function with a threshold. In our evaluation of this SDP scheme's security and robustness, we achieve a bit error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on Android smartphones, we demonstrate pairing between different smartphone models.Comment: 11 pages, 11 figures. Published at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks). Updated reference

A Hybrid Indoor Location Positioning System

Indoor location positioning techniques have experienced impressive growth in recent years. A wide range of indoor positioning algorithms has been developed for various applications. In this work a practical indoor location positioning technique is presented which utilizes off-the-shelf smartphones and low-cost Bluetooth Low Energy (BLE) nodes without any further infrastructure. The method includes coarse and fine modes of location positioning. In the coarse mode, the received signal strength (RSS) of the BLE nodes is used for location estimation while in the fine acoustic signals are utilized for accurate positioning. The system can achieve centimeter-level positioning accuracy in its fine mode. To enhance the system’s performance in noisy environments, two digital signal processing (DSP) algorithms of (a) band-pass filtering with audio pattern recognition and (b) linear frequency modulated chirp signal with matched filter are implemented. To increase the system’s robustness in dense multipath environments, a method using data clustering with sliding window is employed. The received signal strength of BLE nodes is used as an auxiliary positioning method to identify the non-line-of-sight (NLoS) propagation paths in the acoustic positioning mode. Experimental measurement results in an indoor area of 10 m2 indicate that the positioning error falls below 6 cm