57,728 research outputs found
Near-Optimal Evasion of Convex-Inducing Classifiers
Classifiers are often used to detect miscreant activities. We study how an
adversary can efficiently query a classifier to elicit information that allows
the adversary to evade detection at near-minimal cost. We generalize results of
Lowd and Meek (2005) to convex-inducing classifiers. We present algorithms that
construct undetected instances of near-minimal cost using only polynomially
many queries in the dimension of the space and without reverse engineering the
decision boundary.Comment: 8 pages; to appear at AISTATS'201
A Game-Theoretic Framework for Medium Access Control
In this paper, we generalize the random access game model, and show that it provides a general game-theoretic framework for designing contention based medium access control. We extend the random access game model to the network with multiple contention measure signals, study the design of random access games, and analyze different distributed algorithms achieving their equilibria. As examples, a series of utility functions is proposed for games achieving the maximum throughput in a network of homogeneous nodes. In a network with n traffic classes, an N-signal game model is proposed which achieves the maximum throughput under the fairness constraint among different traffic classes. In addition, the convergence of different dynamic algorithms such as best response, gradient play and Jacobi play under propagation delay and estimation error is established. Simulation results show that game model based protocols can achieve superior performance over the standard IEEE 802.11 DCF, and comparable performance as existing protocols with the best performance in literature
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices
Bluetooth is among the dominant standards for wireless short-range
communication with multi-billion Bluetooth devices shipped each year. Basic
Bluetooth analysis inside consumer hardware such as smartphones can be
accomplished observing the Host Controller Interface (HCI) between the
operating system's driver and the Bluetooth chip. However, the HCI does not
provide insights to tasks running inside a Bluetooth chip or Link Layer (LL)
packets exchanged over the air. As of today, consumer hardware internal
behavior can only be observed with external, and often expensive tools, that
need to be present during initial device pairing. In this paper, we leverage
standard smartphones for on-device Bluetooth analysis and reverse engineer a
diagnostic protocol that resides inside Broadcom chips. Diagnostic features
include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth
Low Energy (BLE), transmission and reception statistics, test mode, and memory
peek and poke
- …