201 research outputs found
Selective Jamming of LoRaWAN using Commodity Hardware
Long range, low power networks are rapidly gaining acceptance in the Internet
of Things (IoT) due to their ability to economically support long-range sensing
and control applications while providing multi-year battery life. LoRa is a key
example of this new class of network and is being deployed at large scale in
several countries worldwide. As these networks move out of the lab and into the
real world, they expose a large cyber-physical attack surface. Securing these
networks is therefore both critical and urgent. This paper highlights security
issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow
modulation type in the protocol. We exploit these issues to develop a suite of
practical attacks based around selective jamming. These attacks are conducted
and evaluated using commodity hardware. The paper concludes by suggesting a
range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi
BotSpine - A Generic Simple Development Platform of Smartphones and Sensors or Robotics
The Internet of Things (IoT) emergence leads to an “intelligence” technology revolution in industrial, social, environmental and almost every aspect of life and objectives. Sensor and actuators are heavily employed in industrial production and, under the trend of IoT, smart sensors are in great demand. Smartphones stand out from other computing terminals as a result of their incomparable popularity, mobility and computer comparable computing capability. However, current IoT designs are developed among diverse platforms and systems and are usually specific to applications and patterns. There is no a standardized developing interface between smartphones and sensors/electronics that is facile and rapid for either developers or consumers to connect and control through smartphones.
The goal of this thesis is to develop a simple and generic platform interconnecting smartphones and sensors and/or robotics, allowing users to develop, monitor and control all types of sensors, robotics or customer electronics simply over their smartphones through the developed platform. The research is in cooperation with a local company, Environmental Instruments Canada Inc. From the perspective of research and industrial interests, the proposed platform is designed for generally applicable, low cost, low energy, easily programmed, and smartphone based sensor and/or robotic development purposes.
I will build a platform interfacing smartphones and sensors including hardware, firmware structures and software application. The platform is named BotSpine and it provides an energy-efficient real-time wireless communication. This thesis also implements BotSpine by redesigning a radon sniffer robot with the developed interface, demonstrated that BotSpine is able to achieve expectations. BotSpine performs a fast and secure connection with smartphones and its command/BASIC program features render controlling and developing robotics and electronics easy and simple
IoT Device Fingerprint using Deep Learning
Device Fingerprinting (DFP) is the identification of a device without using
its network or other assigned identities including IP address, Medium Access
Control (MAC) address, or International Mobile Equipment Identity (IMEI)
number. DFP identifies a device using information from the packets which the
device uses to communicate over the network. Packets are received at a router
and processed to extract the information. In this paper, we worked on the DFP
using Inter Arrival Time (IAT). IAT is the time interval between the two
consecutive packets received. This has been observed that the IAT is unique for
a device because of different hardware and the software used for the device.
The existing work on the DFP uses the statistical techniques to analyze the IAT
and to further generate the information using which a device can be identified
uniquely. This work presents a novel idea of DFP by plotting graphs of IAT for
packets with each graph plotting 100 IATs and subsequently processing the
resulting graphs for the identification of the device. This approach improves
the efficiency to identify a device DFP due to achieved benchmark of the deep
learning libraries in the image processing. We configured Raspberry Pi to work
as a router and installed our packet sniffer application on the Raspberry Pi .
The packet sniffer application captured the packet information from the
connected devices in a log file. We connected two Apple devices iPad4 and
iPhone 7 Plus to the router and created IAT graphs for these two devices. We
used Convolution Neural Network (CNN) to identify the devices and observed the
accuracy of 86.7%
Are You in the Line? RSSI-based Queue Detection in Crowds
Crowd behaviour analytics focuses on behavioural characteristics of groups of
people instead of individuals' activities. This work considers human queuing
behaviour which is a specific crowd behavior of groups. We design a
plug-and-play system solution to the queue detection problem based on
Wi-Fi/Bluetooth Low Energy (BLE) received signal strength indicators (RSSIs)
captured by multiple signal sniffers. The goal of this work is to determine if
a device is in the queue based on only RSSIs. The key idea is to extract
features not only from individual device's data but also mobility similarity
between data from multiple devices and mobility correlation observed by
multiple sniffers. Thus, we propose single-device feature extraction,
cross-device feature extraction, and cross-sniffer feature extraction for model
training and classification. We systematically conduct experiments with
simulated queue movements to study the detection accuracy. Finally, we compare
our signal-based approach against camera-based face detection approach in a
real-world social event with a real human queue. The experimental results
indicate that our approach can reach minimum accuracy of 77% and it
significantly outperforms the camera-based face detection because people block
each other's visibility whereas wireless signals can be detected without
blocking.Comment: This work has been partially funded by the European Union's Horizon
2020 research and innovation programme within the project "Worldwide
Interoperability for SEmantics IoT" under grant agreement Number 72315
Collecting Channel State Information in Wi-Fi Access Points for IoT Forensics
The Internet of Things (IoT) has boomed in recent years, with an ever-growing number of connected devices and a corresponding exponential increase in network traffic. As a result, IoT devices have become potential witnesses of the surrounding environment and people living in it, creating a vast new source of forensic evidence. To address this need, a new field called IoT Forensics has emerged. In this paper, we present CSI Sniffer, a tool that integrates the collection and management of Channel State Information (CSI) in WiFi Access Points. CSI is a physical layer indicator that enables human sensing, including occupancy monitoring and activity recognition. After a description of the tool architecture and implementation, we demonstrate its capabilities through two application scenarios that use binary classification techniques to classify user behavior based on CSI features extracted from IoT traffic. Our results show that the proposed tool can enhance the capabilities of forensic investigations by providing additional sources of evidence. Wi-Fi Access Points integrated with CSI Sniffer can be used by ISP or network managers to facilitate the collection of information from IoT devices and the surrounding environment. We conclude the work by analyzing the storage requirements of CSI sample collection and discussing the impact of lossy compression techniques on classification performance
Pattern-of-Life Modeling using Data Leakage in Smart Homes
This work investigates data leakage in smart homes by providing a Smart Home Automation Architecture (SHAA) and a device classifier and pattern-of-life analysis tool, CITIoT (Classify, Identify, and Track Internet of things). CITIoT was able to capture traffic from SHAA and classify 17 of 18 devices, identify 95% of the events that occurred, and track when users were home or away with near 100% accuracy. Additionally, a mitigation tool, MIoTL (Mitigation of IoT Leakage) is provided to defend against smart home data leakage. With mitigation, CITIoT was unable to identify motion and camera devices and was inundated with an average of 221 false positives per day that made it ineffective at identifying real events. Also, CITIoT was only able to recognize 8 minutes of 24 hours that the user was away from the smart home. This work closes by stressing the vulnerabilities presented through the demonstration of how an adversary can use CITIoT to crack a BLE lock and gain access to the home. Lastly, security recommendations are provided to defend against vulnerabilities presented in this work and create a safer smart home environment
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
Internet-of-Things (IoT) Security Threats: Attacks on Communication Interface
Internet of Things (IoT) devices collect and process information from remote places and have significantly increased the productivity of distributed systems or individuals. Due to the limited budget on power consumption, IoT devices typically do not include security features such as advanced data encryption and device authentication. In general, the hardware components deployed in IoT devices are not from high end markets. As a result, the integrity and security assurance of most IoT devices are questionable. For example, adversary can implement a Hardware Trojan (HT) in the fabrication process for the IoT hardware devices to cause information leak or malfunctions. In this work, we investigate the security threats on IoT with a special emphasis on the attacks that aim for compromising the communication interface between IoT devices and their main processing host. First, we analyze the security threats on low-energy smart light bulbs, and then we exploit the limitation of Bluetooth protocols to monitor the unencrypted data packet from the air-gapped network. Second, we examine the security vulnerabilities of single-wire serial communication protocol used in data exchange between a sensor and a microcontroller. Third, we implement a Man-in-the-Middle (MITM) attack on a master-slave communication protocol adopted in Inter-integrated Circuit (I2C) interface. Our MITM attack is executed by an analog hardware Trojan, which crosses the boundary between digital and analog worlds. Furthermore, an obfuscated Trojan detection method(ADobf) is proposed to monitor the abnormal behaviors induced by analog Trojans on the I2C interface
- …