The Design, Testing, and Analysis of a Constant Jammer for the Bluetooth Low Energy (BLE) Wireless Communication Protocol

The decreasing cost of web-enabled smart devices utilizing embedded processors, sensors, and wireless communication hardware have created an optimal ecosystem for the Internet of Things (IoT). IEEE802.15.4, IEEE802.11ah, WirelessHART, ZigBee Smart Energy, Bluetooth (BT), and Bluetooth Low Energy (BLE) are amongst the most commonly used wireless standards for IoT systems. Each of these standards has tradeoffs concerning power consumption, range of communication, network formation, security, reliability, and ease of implementation. The most widely used standards for IoT are Bluetooth, BLE, and Zigbee. This paper discusses the vulnerabilities in the implementation of the PHY and link layers of BLE. The link layer defines the scheme for establishing a link between two devices. Scanning devices are able to establish communication with other devices that are sending advertising packets. These advertising packets are sent out in a deterministic fashion. The advertising channels for BLE, specified by the PHY layer, are Channels 37, 38, and 39, at center frequencies 2.402, 2.426, and 2.480 GHz, respectively. This scheme for establishing a connection seems to introduce an unintentional gap in the security of the protocol. Creating and transmitting tones with center frequencies corresponding to those of the advertising channels, a victim BLE device will be unable to establish a connection with another BLE device. Jamming a mesh network of BLE devices relies on this same concept. The proposed jamming system is an inexpensive one which utilizes the following hardware. Three individual synthesizers, a microcontroller (MCU), Wilkinson power combiner, power amplifier, and antenna, integrated on a single PCB, are used to transmit a 3-tone signal. Due to the unprecedented nature of the COVID-19 pandemic, necessary adjustments were made to the jammer system design. In the first modified jamming scheme, a single synthesizer evaluation board, power amplifier, and antenna, are used to transmit jamming tones in the form of a frequency hop. Limitations of the frequency hop approach necessitated a second modified scheme. In this second scheme a synthesizer and two Software Defined Radios (SDR), connected to a personal computer, continuously generate three individual jamming tones. The proposed jammer and the modified ones all classify as constant jammers as the transmission of jamming signals is continuous. Both modified jamming schemes are tested. The results of jamming using the second modified scheme validate the objective of simultaneous jamming of the advertising channels of BLE devices. The success of the modified scheme enables the original goal of creating a relatively inexpensive custom PCB for BLE advertising channel jamming. By exploiting the weakness of the BLE protocol, the hope is to have the governing body for Bluetooth, Bluetooth Special Interest Group (SIG), improve security for the future releases of BLE

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Methods and tools for network reconnaissance of IoT devices

The Internet of Things (IoT) impacts nearly all aspects surrounding our daily life, including housing, transportation, healthcare, and manufacturing. IoT devices communicate through a variety of communication protocols, such as Bluetooth Low Energy (BLE), Zigbee, Z-Wave, and LoRa. These protocols serve essential purposes in both commercial industrial and personal domains, encompassing wearables and intelligent buildings. The organic and decentralized development of IoT protocols under the auspices of different organizations has resulted in a fragmented and heterogeneous IoT ecosystem. In many cases, IoT devices do not have an IP address. Furthermore, some protocols, such as LoRa and Z-Wave, are proprietary in nature and incompatible with standard protocols. This heterogeneity and fragmentation of the IoT introduce challenges in assessing the security posture of IoT devices. To address this problem, this thesis proposes a novel methodology that transcends specific protocols and supports network and security monitoring of IoT devices at scale. This methodology leverages the capabilities of software-defined radio (SDR) technology to implement IoT protocols in software. We first investigate the problem of IoT network reconnaissance, that is the discovery and characterization of all the IoT devices in one’s organization. We focus on four popular protocols, namely Zigbee, BLE, Z-Wave, and LoRa. We introduce and analyze new algorithms to improve the performance and speed-up the discovery of IoT devices. These algorithms leverage the ability of SDRs to transmit and receive signals across multiple channels in parallel. We implement these algorithms in the form of an SDR tool, called IoT-Scan, the first universal IoT scanner middleware. We thoroughly evaluate the delay and energy performance of IoT-Scan. Notably, using multi-channel scanning, we demonstrate a reduction of 70% in the discovery times of Bluetooth and Zigbee devices in the 2.4GHz band and of LoRa and Z-Wave devices in the 900MHz band, versus single-channel scanning. Second, we investigate a new type of denial-of-service attacks on IoT cards, called Truncate-after-Preamble (TaP) attacks. We employ SDRs to assess the security posture of off-the-shelf Zigbee and Wi-Fi cards to TaP attacks. We show that all the Zigbee devices are vulnerable to TaP attacks, while the Wi-Fi devices are vulnerable to the attack to a varying degree. Remarkably, TaP attacks demand energy consumption five orders of magnitude lower than what is required by a continuous jamming mechanism. We propose several countermeasures to mitigate the attacks. Third, we devise an innovative approach for the purpose of identifying and creating unique profiles for IoT devices. This approach leverages SDRs to create malformed packets at the physical layer (e.g., truncated or overlapping packets). Experiments demonstrate the ability of this approach to perform fine-grained timing experiments (at the microsecond level), craft multi-packet transmissions/collisions, and derive device-specific reception curves. In summary, the results of this thesis validate the feasibility of our proposed SDR-based methodology in addressing fundamental security challenges caused by the heterogeneity of the IoT. This methodology is future-proof and can accommodate new protocols and protocol upgrades

Business impact, risks and controls associated with the internet of things

Thesis (MCom)--Stellenbosch University, 2017.ENGLISH SUMMARY : Modern businesses need to keep up with the ever-evolving state of technology to determine how a change in technology will affect their operations. Adopting Internet of Things to operations will assist businesses in achieving the goals set by management and, through data integration, add additional value to information. With the Internet of Things forming a global communication network, data is gathered in real time by sensor technologies embedded in uniquely identifiable virtual and physical objects. This data gathered are integrated and analysed to extract knowledge, in order to provide services like inventory management, customised customer service and elearning as well as accurate patient records. This integrated information will generate value for businesses by, inter alia, improving the quality of information and business operations. Business may be quick to adopt the Internet of Things into their operations because of the promised benefits, without fully understanding its enabling technologies. It is important that businesses acquire knowledge of the impact that these technologies will have on their operations as well as the risks associated with the use of these technologies before they deploy the Internet of Things in their business environment. The purpose of this study was to identify the business impact, risks and controls associated with the Internet of Things and its enabling technologies. Through the understanding of the enabling technologies of Internet of Things, the possible uses and impact on business operations can be identified. With the help of a control framework, the understanding gained on the technologies were used to identify the risks associated with them. The study concludes by formulating internal controls to address the identified risks. It was found that the core technologies (smart objects, wireless networks and semantic technologies) adopt humanlike characteristics and convert most manual business operations into autonomous operations, leading to increased business productivity, market differentiation, cost reduction and higher-quality information. The identified risks centred on data integrity, privacy and confidentiality, authenticity, unauthorised access, network availability and semantic technology vulnerabilities. A multi-layered approach of technical and non-technical internal controls were formulated to mitigate the identified risks to an acceptable level. The findings will assist information technology specialists and executive management of industries to identify the risks associated with the implementation of Internet of Things in operations, mitigate the risks to an acceptable level through controls as well as assist them to determine the possible uses and its impact on operations.AFRIKAANSE OPSOMMING : Moderne ondernemings moet tred hou met die voortdurende ontwikkeling van tegnologie om te bepaal hoe ʼn verandering in tegnologie hulle bedrywighede sal beïnvloed. Inkorporering van Internet van Dinge in bedrywighede sal besighede help om die doelwitte wat deur bestuur gestel is te bereik en, deur data integrasie, additionele waarde te voeg tot inligting. Met Internet van Dinge wat ʼn globale kommunikasienetwerk vorm, word data in regte tyd versamel deur ensortegnologieë wat ingebed is in unieke identifiseerbare virtuele en fisiese voorwerpe. Hierdie versamelde data word geïntegreer en ontleed om kennis te onttrek om sodoende dienste te lewer, soos voorraadbestuur, pasgemaakte kliëntediens en e-leer sowel as akkurate pasiënt rekords. Hierdie geïntegreerde inligting sal waarde genereer vir ondernemings deur, inter alia, die gehalte van inligting en sakebedrywighede te verbeter. Ondernemings mag vinnig Internet van Dinge in hulle bedrywighede inkorporeer as gevolg van die beloofde voordele, sonder om die instaatstellende tegnologieë ten volle te verstaan. Dit is belangrik dat ondernemings kennis inwin oor die impak wat hierdie tegnologieë sal hê op hulle bedrywighede sowel as die risiko’s wat geassosieer word met die gebruik van hierdie tegnologieë voordat Internet van Dinge in hulle sakeomgewings ontplooi word. Die doel van hierdie studie was om die besigheidsimpak, risko’s en kontroles wat geassosieer word met Internet van Dinge en die instaatstellende tegnologieë te identifiseer. Deur die instaatstellende tegnologieë van Internet van Dinge te verstaan, kan die moontlike gebruike en impak daarvan op sakebedrywighede geïdentifiseer word. Met behulp van ʼn kontroleraamwerk, is die begrip van die tegnologieë gebruik om die risiko’s wat geassosieer word met hulle te identifiseer. Die studie sluit af met die formulering van interne kontroles om die geïdentifiseerde risko’s aan te spreek. Daar is gevind dat die kerrntegnologiekomponente (slim voorwerpe, draadlose netwerke en semantiese tegnologieë) menslike eienskappe aanneem en die meeste handsakebedrywighede omskakel na outonome bedrywighede, wat lei tot verhoogte sakeproduktiwiteit, markdifferensiasie, kostebesparing en hoërgehalte-inligting. Die geïdentifiseerde risiko’s is toegespits op data integriteit, -privaatheid en - vertroulikheid, egtheid, ongemagtigde toegang, netwerkbeskikbaarheid en semantiese tegnologiekwesbaarhede. ʼn Multilaagbenadering van tegniese en nie-tegniese interne kontroles is geformuleer, om sodoende die geïdentifiseerde risiko’s tot ʼn aanvaarbare vlak te versag. Die bevindinge sal inligtingstegnologie-spesialiste en uitvoerende bestuur van industrieë help om die risiko’s verbonde aan implementering van Internet van Dinge te identifiseer, risko’s te versag tot ʼn aanvaarbare vlak met kontroles sowel as hulle te help om moontlike gebruike en hulle impak op bedrywighede vas te stel

Security and Privacy of Radio Frequency Identification

Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor