91 research outputs found
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
LTE Frequency Hopping Jammer
The goal of this project was to show that communication with a cellular base station and user equipment could be interfered with using narrowband jamming. Specifically, a randomized frequency hopping jammer was used as the main method to disrupt service. The testbed was built with OpenAirInterface, software-defined radios, and a Samsung s4 phone. It was found to be possible to greatly disrupt communications in an LTE system with a jammer
AI Testing Framework for Next-G O-RAN Networks: Requirements, Design, and Research Opportunities
Openness and intelligence are two enabling features to be introduced in next
generation wireless networks, e.g. Beyond 5G and 6G, to support service
heterogeneity, open hardware, optimal resource utilization, and on-demand
service deployment. The open radio access network (O-RAN) is a promising RAN
architecture to achieve both openness and intelligence through virtualized
network elements and well-defined interfaces. While deploying artificial
intelligence (AI) models is becoming easier in O-RAN, one significant challenge
that has been long neglected is the comprehensive testing of their performance
in realistic environments. This article presents a general automated,
distributed and AI-enabled testing framework to test AI models deployed in
O-RAN in terms of their decision-making performance, vulnerability and
security. This framework adopts a master-actor architecture to manage a number
of end devices for distributed testing. More importantly, it leverages AI to
automatically and intelligently explore the decision space of AI models in
O-RAN. Both software simulation testing and software-defined radio hardware
testing are supported, enabling rapid proof of concept research and
experimental research on wireless research platforms.Comment: To be published in IEEE Wireless Communications Magazin
LEVERAGING OPENAIRINTERFACE AND SOFTWARE DEFINED RADIO TO ESTABLISH A LOW-COST 5G NON-STANDALONE ARCHITECTURE
Includes Supplementary MaterialCommercial cellular service providers are at the forefront of the paradigm shift from 4G Long Term Evolution (LTE) to 5G New Radio (NR). The increase in throughput, provisioning of ultra-low latency, and greater reliability of 5G enable potential uses that no other wireless communication could support. The Department of Defense (DOD) is interested in 5G NR technologies, but the implementation of the architecture can be lengthy and costly. This capstone configured a 4G LTE network and a 5G non-standalone network using OpenAirInterface and software defined radios (SDRs). Universal Subscriber Identity Module (USIM) cards were configured and introduced to user equipment and attached to the 4G LTE network. A gNodeB (gNB) was added to the 4G LTE network to establish the 5G non-standalone (NSA) network architecture (3GPP Option 3). The testbed developed in this research was able to connect the core to a commercial internet service provider and browse the internet using third-party applications. Our analysis educates future researchers on the challenges and lessons learned when implementing the OpenAirInterface 4G LTE and 5G NSA networks. This work also provides a better understanding of 4G LTE and 5G NSA OpenAirInterface software usability, flexibility, and scalability for potential use cases for the DOD.Chief Petty Officer, United States NavyApproved for public release. Distribution is unlimited
- …