Trustworthy IAP: An Intelligent Applications Profiler to Investigate Vulnerabilities of Consumer Electronic Devices

As a typical representative of the Internet of Energy (IoE) intelligent era, consumer electronic (CE) devices continue to evolve at a remarkable pace. Computers, as typical and essential CE devices, have been instrumental in enhancing efficiency, communication, entertainment, and information access. As part of this evolution, a significant trend in computer design focuses on achieving low power consumption while maintaining high performance. For instance, a computer’s central processing unit (CPU) dynamically modulates its output power in response to the varying workload demands of running applications. However, these power efficiency mechanisms may inadvertently introduce implicit patterns into the operational states of CE devices. Particularly, the power consumption of a CE device executing various tasks can manifest distinguishable temporal patterns, thereby exposing potential vulnerabilities. Thus, this work aims to investigate the vulnerabilities of CE devices on power consumption mechanisms. We focus on exploring the possibility of using alternating current (AC) power consumption to infer the running applications on a consumer computer. To achieve that, we construct a physical attack system that employs data acquisition, processing, classification, and inference stages to establish a “profiler" for application profiling. The extensive experiment results on the self-collected power consumption dataset (36 applications) demonstrate the effectiveness of the attacking system

Enabling Technologies for 5G and Beyond: Bridging the Gap between Vision and Reality

It is common knowledge that the fifth generation (5G) of cellular networks will come with drastic transformation in the cellular systems capabilities and will redefine mobile services. 5G (and beyond) systems will be used for human interaction, in addition to person-to-machine and machine-to-machine communications, i.e., every-thing is connected to every-thing. These features will open a whole line of new business opportunities and contribute to the development of the society in many different ways, including developing and building smart cities, enhancing remote health care services, to name a few. However, such services come with an unprecedented growth of mobile traffic, which will lead to heavy challenges and requirements that have not been experienced before. Indeed, the new generations of cellular systems are required to support ultra-low latency services (less than one millisecond), and provide hundred times more data rate and connectivity, all compared to previous generations such as 4G. Moreover, they are expected to be highly secure due to the sensitivity of the transmitted information. Researchers from both academia and industry have been concerting significant efforts to develop new technologies that aim at enabling the new generation of cellular systems (5G and beyond) to realize their potential. Much emphasis has been put on finding new technologies that enhance the radio access network (RAN) capabilities as RAN is considered to be the bottleneck of cellular networks. Striking a balance between performance and cost has been at the center of the efforts that led to the newly developed technologies, which include non-orthogonal multiple access (NOMA), millimeter wave (mmWave) technology, self-organizing network (SON) and massive multiple-input multiple-output (MIMO). Moreover, physical layer security (PLS) has been praised for being a potential candidate for enforcing transmission security when combined with cryptography techniques. Although the main concepts of the aforementioned RAN key enabling technologies have been well defined, there are discrepancies between their intended (i.e., vision) performance and the achieved one. In fact, there is still much to do to bridge the gap between what has been promised by such technologies in terms of performance and what they might be able to achieve in real-life scenarios. This motivates us to identify the main reasons behind the aforementioned gaps and try to find ways to reduce such gaps. We first focus on NOMA where the main drawback of existing solutions is related to their poor performance in terms of spectral efficiency and connectivity. Another major drawback of existing NOMA solutions is that transmission rate per user decreases slightly with the number of users, which is a serious issue since future networks are expected to provide high connectivity. To this end, we develop NOMA solutions that could provide three times the achievable rate of existing solutions while maintaining a constant transmission rate per user regardless of the number of connected users. We then investigate the challenges facing mmWave transmissions. It has been demonstrated that such technology is highly sensitive to blockage, which limits its range of communication. To overcome this obstacle, we develop a beam-codebook based analog beam-steering scheme that achieves near maximum beamforming gain performance. The proposed technique has been tested and verified by real-life measurements performed at Bell Labs. Another line of research pursued in this thesis is investigating challenges pertaining to SON. It is known that radio access network self-planning is the most complex and sensitive task due to its impact on the cost of network deployment, etc., capital expenditure (CAPEX). To tackle this issue, we propose a comprehensive self-planning solution that provides all the planning parameters at once while guaranteeing that the system is optimally planned. The proposed scheme is compared to existing solutions and its superiority is demonstrated. We finally consider the communication secrecy problem and investigated the potential of employing PLS. Most of the existing PLS schemes are based on unrealistic assumptions, most notably is the assumption of having full knowledge about the whereabouts of the eavesdroppers. To solve this problem, we introduce a radically novel nonlinear precoding technique and a coding strategy that together allow to establish secure communication without any knowledge about the eavesdroppers. Moreover, we prove that it is possible to secure communications while achieving near transmitter-receiver channel capacity (the maximum theoretical rate)

A survey on the (in)security of trusted execution environments

As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.Funding for open access charge: Universidad de Málaga / CBUA This work has been partially supported by the Spanish Ministry of Science and Innovation through the SecureEDGE project (PID2019-110565RB-I00), and by the by the Andalusian FEDER 2014–2020 Program through the SAVE project (PY18-3724)

Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems

This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research

ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS

ABSTRACT All the mainstream mobile operating systems provide a web container, called ``WebView\u27\u27. This Web-based interface can be included as part of the mobile application to retrieve and display web contents from remote servers. WebView not only provides the same functionalities as web browser, more importantly, it enables rich interactions between mobile apps and webpages loaded inside WebView. Through its APIs, WebView enables the two-way interaction. However, the design of WebView changes the landscape of the Web, especially from the security perspective. This dissertation conducts a comprehensive and systematic study of WebView\u27s impact on web security, with a particular focus on identifying its fundamental causes. This dissertation discovers multiple attacks on WebView, and proposes new protection models to enhance the security of WebView. The design principles of these models are also described as well as the prototype implementation in Android platform. Evaluations are used to demonstrate the effectiveness and performance of these protection models

Machine Learning-based Orchestration Solutions for Future Slicing-Enabled Mobile Networks

The fifth generation mobile networks (5G) will incorporate novel technologies such as network programmability and virtualization enabled by Software-Defined Networking (SDN) and Network Function Virtualization (NFV) paradigms, which have recently attracted major interest from both academic and industrial stakeholders. Building on these concepts, Network Slicing raised as the main driver of a novel business model where mobile operators may open, i.e., “slice”, their infrastructure to new business players and offer independent, isolated and self-contained sets of network functions and physical/virtual resources tailored to specific services requirements. While Network Slicing has the potential to increase the revenue sources of service providers, it involves a number of technical challenges that must be carefully addressed. End-to-end (E2E) network slices encompass time and spectrum resources in the radio access network (RAN), transport resources on the fronthauling/backhauling links, and computing and storage resources at core and edge data centers. Additionally, the vertical service requirements’ heterogeneity (e.g., high throughput, low latency, high reliability) exacerbates the need for novel orchestration solutions able to manage end-to-end network slice resources across different domains, while satisfying stringent service level agreements and specific traffic requirements. An end-to-end network slicing orchestration solution shall i) admit network slice requests such that the overall system revenues are maximized, ii) provide the required resources across different network domains to fulfill the Service Level Agreements (SLAs) iii) dynamically adapt the resource allocation based on the real-time traffic load, endusers’ mobility and instantaneous wireless channel statistics. Certainly, a mobile network represents a fast-changing scenario characterized by complex spatio-temporal relationship connecting end-users’ traffic demand with social activities and economy. Legacy models that aim at providing dynamic resource allocation based on traditional traffic demand forecasting techniques fail to capture these important aspects. To close this gap, machine learning-aided solutions are quickly arising as promising technologies to sustain, in a scalable manner, the set of operations required by the network slicing context. How to implement such resource allocation schemes among slices, while trying to make the most efficient use of the networking resources composing the mobile infrastructure, are key problems underlying the network slicing paradigm, which will be addressed in this thesis