IoT security and privacy assessment using software-defined radios

The Internet of Things (IoT) has seen exceptional adoption in recent years, resulting in an unprecedented level of connectivity in personal and industrial domains. In parallel, software-defined radio (SDR) technology has become increasingly powerful, making it a compelling tool for wireless security research across multiple communication protocols. Specifically, SDRs are capable of manipulating the physical layer of protocols in software, which would otherwise be implemented statically in hardware. This flexibility enables research that goes beyond the boundaries of protocol specifications. This dissertation pursues four research directions that are either enabled by software-defined radio technology, or advance its utility for security research. First, we investigate the anti-tracking mechanisms defined by the Bluetooth Low Energy (BLE) wireless protocol. This protocol, present in virtually all wearable smart devices, implements address randomization in order to prevent unwanted tracking of its users. By analyzing raw advertising data from BLE devices using SDRs, we identify a vulnerability that allows an attacker to track a BLE device beyond the address randomization defined by the protocol. Second, we implement a compact, SDR-based testbed for physical layer benchmarking of wireless devices. The testbed is capable of emulating multiple data transmissions and produce intentional signal corruption in very precisely defined ways in order to investigate receiver robustness and undefined device behavior in the presence of malformed packets. We subject a range of Wi-Fi and Zigbee devices to specifically crafted packet collisions and "truncated packets" as a way to fingerprinting wireless device chipsets. Third, we introduce a middleware framework, coined "Snout", to improves accessibility and usability of SDRs. The architecture provides standardized data pipelines as well as an abstraction layer to GNU Radio flowgraphs which power SDR signal processing. This abstraction layer improves usability and maintainability by providing a declarative experiment configuration format instead of requiring constant manipulation of the signal processing code during experimentation. We show that Snout does not result in significant computational overhead, and maintains a predictable and modest memory footprint. Finally, we address the visibility problem arising from the growing number of IoT protocols across large bands of radio spectrum. We model an SDR-based IoT monitor which is capable of scanning multiple channels (including across multiple protocols), and employs channel switching policies to maximize freshness of information obtained by transmitting devices. We present multiple policies and compare their performance against an optimal Markov Decision Process (MDP) model, as well as through event-based simulation using real-world device traffic. The results of this work demonstrate the use of SDR technology in privacy and security research of IoT device communication, and open up opportunities for further low-layer protocol discoveries that require the use of software-defined radio as a research tool

SInCom 2015

2nd Baden-Württemberg Center of Applied Research Symposium on Information and Communication Systems, SInCom 2015, 13. November 2015 in Konstan

The effective combating of intrusion attacks through fuzzy logic and neural networks

The importance of properly securing an organization’s information and computing resources has become paramount in modern business. Since the advent of the Internet, securing this organizational information has become increasingly difficult. Organizations deploy many security mechanisms in the protection of their data, intrusion detection systems in particular have an increasingly valuable role to play, and as networks grow, administrators need better ways to monitor their systems. Currently, many intrusion detection systems lack the means to accurately monitor and report on wireless segments within the corporate network. This dissertation proposes an extension to the NeGPAIM model, known as NeGPAIM-W, which allows for the accurate detection of attacks originating on wireless network segments. The NeGPAIM-W model is able to detect both wired and wireless based attacks, and with the extensions to the original model mentioned previously, also provide for correlation of intrusion attacks sourced on both wired and wireless network segments. This provides for a holistic detection strategy for an organization. This has been accomplished with the use of Fuzzy logic and neural networks utilized in the detection of attacks. The model works on the assumption that each user has, and leaves, a unique footprint on a computer system. Thus, all intrusive behaviour on the system and networks which support it, can be traced back to the user account which was used to perform the intrusive behavior

MedLAN: Compact mobile computing system for wireless information access in emergency hospital wards

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A&E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec

MedLAN : compact mobile computing system for wireless information access in emergency hospital wards

As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A;E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Examining Effectiveness of Web-Based Internet of Things Honeypots

The Internet of Things (IoT) is growing at an alarming rate. It is estimated that there will be over 25 billion IoT devices by 2020. The simplicity of their function usually means that IoT devices have low processing power, which prevent them from having intricate security features, leading to vulnerabilities. This makes IoT devices the prime target of attackers in the coming years. Honeypots are intentionally vulnerable machines that run programs which appear as a vulnerable device to a would-be attacker. They are placed on a network to entice and trap an attacker and then gather information on them, including place of origin and method of attack. Due to their prevalence and propensity for having vulnerabilities, IoT devices are a perfect candidate for honeypots placed on a network. Honeyd is popular open-source software written by Niels Provos that creates lowinteraction virtual honeypots. It is able to simulate everything at the network level, allow the user to create various Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) services, and allow Operating System (OS) simulation for scanning tools such as Nmap. This research seeks to determine if Honeyd is capable of producing convincing IoT honeypots. Three IoT devices: a TITAThink camera, a Proliphix thermostat, and an ezOutlet2 power outlet, had their Hypertext-Transfer Protocol (HTTP) services simulated through Python scripts and integrated with Honeyd to create three IoT honeypots. These honeypots were then compared to the actual devices to determine how similar they were. The devices and honeypots are both queried in the exact same manner and have their response times, code, headers, and Nmap scan results compared to see how they differ

Innovation and new venture creation

[SPA] Crear lo "nuevo" para resolver problemas es una hazaña incierta. Aun así, el ser humano ha innovado y aplicado el ingenio durante milenios, llegando a crear nuevas herramientas, puentes y empresas, a pesar de la falta de recursos o de claridad en los objetivos. En este sentido, el problema de la asimetría de información (cómo se desplegará el futuro) y de la asimetría de recursos (de qué medios se dispondrá) motivó esta tesis. En particular, el problema de cómo los emprendedores crean nuevos emprendimientos e innovan bajo la incertidumbre y sin objetivos iniciales claros. Esta tesis pretende contribuir a la comprensión de la innovación y la creación de nuevos emprendimientos utilizando una lógica no predictiva (effectuation) y métodos ágiles (utilizados por las aceleradoras de startups) como principios orientadores de esta discusión. Effectuation es una lógica común aplicada por los emprendedores expertos para resolver los problemas típicos de la innovación y creación de nuevas empresas. Se trata de una heurística de control no predictiva que los emprendedores ponen en práctica a través de cinco principios de acción effectual al abordar las incertidumbres y sorpresas en la creación de nuevos productos, servicios o mercados: 1) Principio de "pájaro en mano": construyen un nuevo emprendimiento no necesariamente con un objetivo en mente, sino partiendo de sus propios medios y recursos (quiénes son, qué saben, a quienes conocen), 2) Principio de "pérdida asequible": no hacen grandes apuestas con la expectativa de obtener grandes beneficios, sino que evalúan las oportunidades en función de las desventajas aceptables, 3) Principio de "colcha loca": reducen la incertidumbre formando asociaciones y obteniendo compromisos iniciales en las primeras fases de sus nuevas empresas, 4) Principio de la “limonada”: aprovechan las contingencias en lugar de rechazarlas, permaneciendo flexibles y adaptando sus proyectos según sea necesario, 5) Principio del “piloto en el avión”: se centran en controlar lo que sea controlable en su entorno, entendiendo que el futuro no se encuentra ni se predice, sino que se hace a través de la acción humana. Las aceleradoras y los métodos ágiles activan los principios effectual a través de herramientas y prescripciones que reducen sistemáticamente las inversiones mientras se crea un nuevo emprendimiento. Las aceleradoras promueven ampliamente los métodos ágiles (por ejemplo, el modelo de desarrollo de clientes, los sprints de diseño, el ciclo de innovación rápida) para construir prototipos y primeras versiones de productos y servicios mientras se descubren los clientes y partners iniciales. Además, reduce el riesgo para los inversores en todas las fases de crecimiento de las startups al validar la idea del emprendimiento y aclarar qué recursos serán necesarios. En este sentido, esta tesis examinó si, y en qué medida, los emprendedores construyen nuevas empresas utilizando effectuation y métodos ágiles mediante la creación de tres innovaciones reales con aplicaciones en el mundo real. Los tres casos eran pruebas de concepto implementadas en contextos del mundo real con el objetivo explícito de lanzar Productos Mínimos Viables (Minimum Viable Products, MVP) pero bajo incertidumbre y con ambigüedad de objetivos sobre su funcionalidad. Las tres aplicaciones eran soluciones tecnológicas a problemas de congestión del tráfico, pandemias y confianza en las transacciones digitales. La aplicación 1, "Lemur", es una aplicación edge para el control del tráfico; la aplicación 2, "Dolphin", un sistema de geolocalización basado en sensores e Internet de las Cosas (Internet of Things, IoT) aplicado para el control de pandemias y la aplicación 3, "Crypto Degrees", una solución basada en blockchain para verificar títulos universitarios. En todas las etapas del desarrollo de cada aplicación, los equipos implicados la abordaron de forma emprendedora/eficaz, afrontando las incertidumbres y emprendiendo acciones para comprometerse con múltiples partes interesadas al tiempo que apalancaban las contingencias. Tras implementar las tres soluciones y analizar sus resultados e impacto, los tres casos validaron las predicciones teóricas de que, aplicando principios effectual de forma ágil, se pueden crear nuevos emprendimientos de forma emprendedora e innovadora. [ENG] Creating the "new" to solve problems is an uncertain feat. Still, humans have innovated and applied Ingenium for millennia, eventually creating new tools, bridges, and ventures, despite a lack of resources or clarity of objectives. In this sense, the problem of information asymmetry (how the future will deploy) and resource asymmetry (what means will be available) motivated this thesis. In particular, the problem of how entrepreneurs create new ventures and innovate under uncertainty and without clear initial goals. This thesis aims to contribute to understanding innovation and the creation of new ventures using a non-predictive logic (effectuation) and agile methods (used by startup accelerators) as guiding principles of this discussion. Effectuation is a common logic applied by expert entrepreneurs to solve the typical problems of starting new ventures and innovating. It is a non-predictive control heuristics entrepreneurs operationalize through five principles of effectual action while addressing the uncertainties and contingencies in creating new products, services or markets: 1) Bird-in-hand principle: they build a new venture not necessarily with a goal in mind, but starting with their own means and resources (who they are, what they know, who they know), 2) Affordable loss principle: they do not place large bets with the expectation of high returns, but rather assess opportunities based on acceptable downsides, 3) Crazy quilt principle: they reduce uncertainty by forming partnerships and gaining initial commitments early in their new ventures, 4) Lemonade principle: they leverage contingencies instead of rejecting them, remaining flexible and adapting their projects as required, 5) Pilot in the plane principle: they focus on controlling whatever is controllable in their environment, understanding that the future is not found or predicted, but it is made through human action. Accelerators and agile methods activate the effectual principles through tools and prescriptions that systematically reduce investments while creating a new venture. Accelerators extensively promote "agile" methods (e.g., customer development model, design sprints, rapid innovation cycle) to build prototypes and early versions Effectuation is a common logic applied by expert entrepreneurs to solve the typical problems of starting new ventures and innovating. It is a non-predictive control heuristics entrepreneurs operationalize through five principles of effectual action while addressing the uncertainties and contingencies in creating new products, services or markets: 1) Bird-in-hand principle: they build a new venture not necessarily with a goal in mind, but starting with their own means and resources (who they are, what they know, who they know), 2) Affordable loss principle: they do not place large bets with the expectation of high returns, but rather assess opportunities based on acceptable downsides, 3) Crazy quilt principle: they reduce uncertainty by forming partnerships and gaining initial commitments early in their new ventures, 4) Lemonade principle: they leverage contingencies instead of rejecting them, remaining flexible and adapting their projects as required, 5) Pilot in the plane principle: they focus on controlling whatever is controllable in their environment, understanding that the future is not found or predicted, but it is made through human action. Accelerators and agile methods activate the effectual principles through tools and prescriptions that systematically reduce investments while creating a new venture. Accelerators extensively promote "agile" methods (e.g., customer development model, design sprints, rapid innovation cycle) to build prototypes and early versions of products and services while discovering the initial customers and partners. Additionally, it reduces the risk for investors across all startup growth phases by validating the venture idea and clarifying what resources will be required. In this sense, this thesis examined whether and to what extent entrepreneurs build new ventures using effectuation and agile methods by creating three actual innovations with real-world applications. The three cases were proofs of concept implemented in real-world contexts with the explicit goal of launching Minimum Viable Products (MVPs) but under uncertainty and with ambiguity of objectives about its functionality. The three applications were technological solutions to problems of traffic congestion, pandemics, and trust in digital transactions. Application 1, "Lemur," is an edge application for traffic control; application 2, "Dolphin," an Internet of Things (IoT)-based geolocation system applied for pandemic control and application 3, "Crypto Degrees," a blockchainbased solution to verify university degrees. In all stages of each application development, the teams involved approached it in an entrepreneurial/effectual way, facing uncertainties and engaging in actions to engage with multiple stakeholders while leveraging contingencies. After implementing the three solutions and analyzing their results and impact, the three cases validated the theoretical predictions that by applying effectual principles in an agile form, new ventures can be created in an entrepreneurial, innovative way.Escuela Internacional de Doctorado de la Universidad Politécnica de CartagenaUniversidad Politécnica de CartagenaPrograma Doctorado en Tecnologías de la Información y las Comunicacione