12,740 research outputs found
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Design and manufacturing of a Selective Laser Sintering test bench to test sintering materials
The goal of this project is to design and build a prototype of recoating system for a laser cutting machine to turn it into a selective laser sintering printing machine. This prototype will be used to study new sintering materials and to design, if decided, a SLS 3D printing Machine (Selective Laser Sintering). This project has been developed in the installations and funded by FundaciĂł CIM.
The project develops the mechanical design and the electronic system design. Both parts are explained on this paper, so new users can use the machine and can understand the system. With this paper, it is expected that it can be improved in a future to test other parameters and configurations.
The paper is divided in three basic blocks that are summed up here:
The first block is an introduction to the 3D printing technologies. The most used of them are explained and selective laser sintering is explained in deep. With this block the reader can understand why it is important to develop the SLS technology and what has to be done to improve the machines and the technology.
The second block is a discussion on the mechanical design of the machine. The general idea of the machine is explained so the user can understand why the machine is designed in this way. After that, each part is detailed to see how the different mechanical challenges where overtaken. At the end of the block, there is a small calculations section needed on the electronic part.
The third block is an extensive explanation of the electronic system that controls and moves the machine. In that block, the different components are explained so the user can understand its basics working principles. It is also explained how the selection of the electronic components was done. Then everything is put together to see the whole electronic system.
Along with this paper, there are annexes that provide some extra information for the reader. One of this annexes refers to the mechanical part and the other one has some datasheets and coding for the electronic section.
The whole design has been done in SOLIDWORKS cad software and its electric extension ELECWORKS. The programming job was done with Arduino compiler
The STAR MAPS-based PiXeL detector
The PiXeL detector (PXL) for the Heavy Flavor Tracker (HFT) of the STAR
experiment at RHIC is the first application of the state-of-the-art thin
Monolithic Active Pixel Sensors (MAPS) technology in a collider environment.
Custom built pixel sensors, their readout electronics and the detector
mechanical structure are described in detail. Selected detector design aspects
and production steps are presented. The detector operations during the three
years of data taking (2014-2016) and the overall performance exceeding the
design specifications are discussed in the conclusive sections of this paper
State of Alaska Election Security Project Phase 2 Report
A laska’s election system is among the most secure in the country,
and it has a number of safeguards other states are now adopting. But
the technology Alaska uses to record and count votes could be improved—
and the state’s huge size, limited road system, and scattered communities
also create special challenges for insuring the integrity of the vote.
In this second phase of an ongoing study of Alaska’s election
security, we recommend ways of strengthening the system—not only the
technology but also the election procedures. The lieutenant governor
and the Division of Elections asked the University of Alaska Anchorage to
do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell.
State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference
A 96-Channel FPGA-based Time-to-Digital Converter
We describe an FPGA-based, 96-channel, time-to-digital converter (TDC)
intended for use with the Central Outer Tracker (COT) in the CDF Experiment at
the Fermilab Tevatron. The COT system is digitized and read out by 315 TDC
cards, each serving 96 wires of the chamber. The TDC is physically configured
as a 9U VME card. The functionality is almost entirely programmed in firmware
in two Altera Stratix FPGA's. The special capabilities of this device are the
availability of 840 MHz LVDS inputs, multiple phase-locked clock modules, and
abundant memory. The TDC system operates with an input resolution of 1.2 ns.
Each input can accept up to 7 hits per collision. The time-to-digital
conversion is done by first sampling each of the 96 inputs in 1.2-ns bins and
filling a circular memory; the memory addresses of logical transitions (edges)
in the input data are then translated into the time of arrival and width of the
COT pulses. Memory pipelines with a depth of 5.5 s allow deadtime-less
operation in the first-level trigger. The TDC VME interface allows a 64-bit
Chain Block Transfer of multiple boards in a crate with transfer-rates up to 47
Mbytes/sec. The TDC also contains a separately-programmed data path that
produces prompt trigger data every Tevatron crossing. The full TDC design and
multi-card test results are described. The physical simplicity ensures
low-maintenance; the functionality being in firmware allows reprogramming for
other applications.Comment: 32 pages, 13 figure
A 3-D Track-Finding Processor for the CMS Level-1 Muon Trigger
We report on the design and test results of a prototype processor for the CMS
Level-1 trigger that performs 3-D track reconstruction and measurement from
data recorded by the cathode strip chambers of the endcap muon system. The
tracking algorithms are written in C++ using a class library we developed that
facilitates automatic conversion to Verilog. The code is synthesized into
firmware for field-programmable gate-arrays from the Xilinx Virtex-II series. A
second-generation prototype has been developed and is currently under test. It
performs regional track-finding in a 60 degree azimuthal sector and accepts 3
GB/s of input data synchronously with the 40 MHz beam crossing frequency. The
latency of the track-finding algorithms is expected to be 250 ns, including
geometrical alignment correction of incoming track segments and a final
momentum assignment based on the muon trajectory in the non-uniform magnetic
field in the CMS endcaps.Comment: 7 pages, 5 figures, proceedings for the conference on Computing in
High Energy and Nuclear Physics, March 24-28 2003, La Jolla, Californi
FlashCam: a fully-digital camera for the medium-sized telescopes of the Cherenkov Telescope Array
The FlashCam group is currently preparing photomultiplier-tube based cameras
proposed for the medium-sized telescopes (MST) of the Cherenkov Telescope Array
(CTA). The cameras are designed around the FlashCam readout concept which is
the first fully-digital readout system for Cherenkov cameras, based on
commercial FADCs and FPGAs as key components for the front-end electronics
modules and a high performance camera server as back-end. This contribution
describes the progress of the full-scale FlashCam camera prototype currently
under construction, as well as performance results also obtained with earlier
demonstrator setups. Plans towards the production and implementation of
FlashCams on site are also briefly presented.Comment: 8 pages, 6 figures. In Proceedings of the 34th International Cosmic
Ray Conference (ICRC2015), The Hague, The Netherlands. All CTA contributions
at arXiv:1508.0589
Optimization on fixed low latency implementation of GBT protocol in FPGA
In the upgrade of ATLAS experiment, the front-end electronics components are
subjected to a large radiation background. Meanwhile high speed optical links
are required for the data transmission between the on-detector and off-detector
electronics. The GBT architecture and the Versatile Link (VL) project are
designed by CERN to support the 4.8 Gbps line rate bidirectional high-speed
data transmission which is called GBT link. In the ATLAS upgrade, besides the
link with on-detector, the GBT link is also used between different off-detector
systems. The GBTX ASIC is designed for the on-detector front-end,
correspondingly for the off-detector electronics, the GBT architecture is
implemented in Field Programmable Gate Arrays (FPGA). CERN launches the
GBT-FPGA project to provide examples in different types of FPGA. In the ATLAS
upgrade framework, the Front-End LInk eXchange (FELIX) system is used to
interface the front-end electronics of several ATLAS subsystems. The GBT link
is used between them, to transfer the detector data and the timing, trigger,
control and monitoring information. The trigger signal distributed in the
down-link from FELIX to the front-end requires a fixed and low latency. In this
paper, several optimizations on the GBT-FPGA IP core are introduced, to achieve
a lower fixed latency. For FELIX, a common firmware will be used to interface
different front-ends with support of both GBT modes: the forward error
correction mode and the wide mode. The modified GBT-FPGA core has the ability
to switch between the GBT modes without FPGA reprogramming. The system clock
distribution of the multi-channel FELIX firmware is also discussed in this
paper
- …