Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Traditional bit-layer defenses including encryption keys and MAC address control lists are vulnerable to extraction and identity spoofing, respectively. This dissertation explores three novel strategies to leverage the wireless physical layer to improve security in low-rate wireless personal area networks. The first, physical layer protocol manipulation, identifies true transceiver design within remote devices through analysis of replies in response to packets transmitted with modified physical layer headers. Results herein demonstrate a methodology that correctly differentiates among six IEEE 802.15.4 transceiver classes with greater than 99% accuracy, regardless of claimed bit-layer identity. The second strategy, radio frequency fingerprinting, accurately identifies the true source of every wireless transmission in a network, even among devices of the same design and manufacturer. Results suggest that even low-cost signal collection receivers can achieve greater than 90% authentication accuracy within a defense system based on radio frequency fingerprinting. The third strategy, based on received signal strength quantification, can be leveraged to rapidly locate suspicious transmission sources and to perform physical security audits of critical networks. Results herein reduce mean absolute percentage error of a widely-utilized distance estimation model 20% by examining signal strength measurements from real-world networks in a military hospital and a civilian hospital

A Comparative Analysis of IEEE 802.15.4 Adapters for Wireless Range Finding

ZigBee wireless networks have become increasingly prevalent over the past decade. Based on the IEEE 802.15.4 low data rate wireless standard, ZigBee offers low-cost mesh connectivity in hospitals, refineries, building automation, and critical infrastructure. This thesis explores two ZigBee Received Signal Strength Indicator (RSSI)-based rangefinding tool sets used for assessing wireless network security: Z-Ranger and Zbfind. Z-Ranger is a new tool set developed herein for the Microchip Zena Wireless Adapter that offers configurable distance estimating parameters and a RSSI resolution of 256 values. Zbfind is an application developed for the Atmel RZUSBstick with no configurable distance estimating parameters and a RSSI resolution of 29 values. The two tool sets are evaluated while rangefinding four low-rate wireless devices indoors and two devices outdoors. Mean error is calculated at each of the 35 collection points and a 99% confidence interval and p-Test are used to identify statistically significant deviations between the two tool sets

Wireless based Smart Parking System using Zigbee

One of main issues of developing big parking space for shopping complexes, office complexes and other types of building that requires large parking space is to notify the visitors of occupied and nonoccupied parking space. Most of the visitors might spending up to 30 to 45 minutes just to find an empty parking space. In most recent technology, some parking lot system offered a system that could automatically count when the car entering the empty car space and blocking an infrared signal thus notify the system to count for it. However, this type of sensors actually has an increase of budgeting in order to install and to be maintained. In this project, we have developed a unique solution by providing cost effective solution by using Zigbee technology in parking lot system technology. Instead of using and maintain cable that need to be installed at the ceiling of the parking lot, we developed a system that use wireless technology of Zigbee and it could notify the visitors of empty and non-empty parking lot

Overview of the Course in “Wireless and Mobile Security”

This paper provides an overview of “Wireless and Mobile Security” course. The course offers practical study of security issues and features concerning wireless security. The program of the course effciently interleaves systematic theoretical knowledge and practical work. The theoretical part of the course includes basic information about the architecture of wireless networks, as well as available in this area to modern standards and protection mechanisms built into the equipment for wireless networks. It is also proposed an effective method for integrating a wireless network with the existing network infrastructure, taking into account all aspects of security. More than 50 percent of teaching time is devoted to practical work on the protection of wireless networks. During the course skills to work with software NetStumbler, Kismet, AirSnort, Aircrack, and other monitoring wireless and network tools will be acquired. Particular attention is paid to the use of the most common tools of audit wireless networks, both commercial, and open source. In conclusion, a comprehensive approach to wireless security will be offered for each wireless technology

Comparison of ZigBee Replay Attacks Using a Universal Software Radio Peripheral and USB Radio

Low-Rate Wireless Personal Area Networks are a prevalent solution for communication among embedded devices. ZigBee is a leading network protocol stack based on the low-rate IEEE 802.15.4 standard that operates smart utility meters, residential and commercial building automation, and heath care networks. Such networks are essential, but low-rate, low-cost hardware is challenging to protect because end devices have tight limitations on hardware cost, memory use, and power consumption. KillerBee is a python-based framework for attacking ZigBee and other 802.15.4 networks that makes traffic eavesdropping, packet replay, and denial of service attacks straightforward to conduct. Recent works investigate software-defined radios as an even more versatile attack platform. Software defined radios can operate with greater flexibility and at greater transmit power than traditional network hardware. Software-defined radios also enable novel physical-layer attacks including reflexive jamming and synchronization header manipulation that are not possible with traditional hardware. This research implements a replay attack against a ZigBee device using a software defined radio. Replay attacks consist of an attacker recording legitimate traffic on a network and then replaying that traffic at will to cause malicious effects. Replay attacks can be very disruptive to operational systems, from turning valves in industrial controls systems to disarming door locks. Specifically, how software-defined radios can extend the effective attack range far beyond what is possible with hardware currently utilized by KillerBee is investigated. A software defined radio is tested with both directed and omnidirectional antennas and the effective attack range is compared to that of a USB radio. Tests are conducted both line-of-sight outdoors and through interior walls. The replay attack is implemented with beacon request frames

A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network

Air Force Institute of Technology Research Report 2013

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems Engineering and Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Air Force Institute of Technology Research Report 2016

This Research Report presents the FY16 research statistics and contributions of the Graduate School of Engineering and Management (EN) at AFIT. AFIT research interests and faculty expertise cover a broad spectrum of technical areas related to USAF needs, as reflected by the range of topics addressed in the faculty and student publications listed in this report. In most cases, the research work reported herein is directly sponsored by one or more USAF or DOD agencies. AFIT welcomes the opportunity to conduct research on additional topics of interest to the USAF, DOD, and other federal organizations when adequate manpower and financial resources are available and/or provided by a sponsor. In addition, AFIT provides research collaboration and technology transfer benefits to the public through Cooperative Research and Development Agreements (CRADAs)

Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers

Radio Frequency (RF) emissions from electronic devices expose security vulnerabilities that can be used by an attacker to extract otherwise unobtainable information. Two realms of study were investigated here, including the exploitation of 1) unintentional RF emissions in the field of Side Channel Analysis (SCA), and 2) intentional RF emissions from physical devices in the field of RF-Distinct Native Attribute (RF-DNA) fingerprinting. Statistical analysis on the linear model fit to measured SCA data in Linear Regression Attacks (LRA) improved performance, achieving 98% success rate for AES key-byte identification from unintentional emissions. However, the presence of non-Gaussian noise required the use of a non-parametric classifier to further improve key guessing attacks. RndF based profiling attacks were successful in very high dimensional data sets, correctly guessing all 16 bytes of the AES key with a 50,000 variable dataset. With variable reduction, Random Forest still outperformed Template Attack for this data set, requiring fewer traces and achieving higher success rates with lower misclassification rate. Finally, the use of a RndF classifier is examined for intentional RF emissions from ZigBee devices to enhance security using RF-DNA fingerprinting. RndF outperformed parametric MDA/ML and non-parametric GRLVQI classifiers, providing up to GS =18.0 dB improvement (reduction in required SNR). Network penetration, measured using rogue ZigBee devices, show that the RndF method improved rogue rejection in noisier environments - gains of up to GS =18.0 dB are realized over previous methods

Air Force Institute of Technology Research Report 2015

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems Engineering and Management, Operational Sciences, Mathematics, Statistics and Engineering Physics