Selective Jamming of LoRaWAN using Commodity Hardware

Long range, low power networks are rapidly gaining acceptance in the Internet of Things (IoT) due to their ability to economically support long-range sensing and control applications while providing multi-year battery life. LoRa is a key example of this new class of network and is being deployed at large scale in several countries worldwide. As these networks move out of the lab and into the real world, they expose a large cyber-physical attack surface. Securing these networks is therefore both critical and urgent. This paper highlights security issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow modulation type in the protocol. We exploit these issues to develop a suite of practical attacks based around selective jamming. These attacks are conducted and evaluated using commodity hardware. The paper concludes by suggesting a range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi

A Dynamically Refocusable Sampling Infrastructure for 802.11 Networks

The edge of the Internet is increasingly wireless. Enterprises large and small, homeowners, and even whole cities have deployed Wi-Fi networks for their users, and many users never need to--- or never bother to--- use the wired network. With the advent of high-throughput wireless networks (such as 802.11n) some new construction, even of large enterprise build- ings, may no longer be wired for Ethernet. To understand Internet traffic, then, we need to understand the wireless edge. Measuring Wi-Fi traffic, however, is challenging. It is insufficient to capture traffic in the access points, or upstream of the access points, because the activity of neighboring networks, ad hoc networks, and physical interference cannot be seen at that level. To truly understand the MAC-layer behavior, we need to capture frames from the air using Air Monitors (AMs) placed in the vicinity of the network. Such a capture is always a sample of the network activity, since it is physically impossible to capture a full trace: all frames from all channels at all times in all places. We have built a monitoring infrastructure that captures frames from the 802.11 network. This infrastructure includes several channel sampling strategies that will capture repre- sentative traffic from the network. Further, the monitoring infrastructure needs to modify its behavior according to feedback received from the downstream consumers of the captured traffic in case the analysis needs traffic of a certain type. We call this technique refocusing . The coordinated sampling technique improves the efficiency of the monitoring by utilizing the AMs intelligently. Finally, we deployed this measurement infrastructure within our Computer Science building to study the performance of the system with real network traffic

A cognitive QoS management framework for WLANs

Due to the precipitous growth of wireless networks and the paucity of spectrum, more interference is imposed to the wireless terminals which constraints their performance. In order to preserve such performance degradation, this paper proposes a framework which uses cognitive radio techniques for quality of service (QoS) management of wireless local area networks (LANs). The framework incorporates radio environment maps as input to a cognitive decision engine that steers the network to optimize its QoS parameters such as throughput. A novel experimentally verified heuristic physical model is developed to predict and optimize the throughput of wireless terminals. The framework was applied to realistic stationary and time-variant interference scenarios where an average throughput gain of 344% was achieved in the stationary interference scenario and 70% to 183% was gained in the time-variant interference scenario

Treatment-Based Classi?cation in Residential Wireless Access Points

IEEE 802.11 wireless access points (APs) act as the central communication hub inside homes, connecting all networked devices to the Internet. Home users run a variety of network applications with diverse Quality-of-Service requirements (QoS) through their APs. However, wireless APs are often the bottleneck in residential networks as broadband connection speeds keep increasing. Because of the lack of QoS support and complicated configuration procedures in most off-the-shelf APs, users can experience QoS degradation with their wireless networks, especially when multiple applications are running concurrently. This dissertation presents CATNAP, Classification And Treatment iN an AP , to provide better QoS support for various applications over residential wireless networks, especially timely delivery for real-time applications and high throughput for download-based applications. CATNAP consists of three major components: supporting functions, classifiers, and treatment modules. The supporting functions collect necessary flow level statistics and feed it into the CATNAP classifiers. Then, the CATNAP classifiers categorize flows along three-dimensions: response-based/non-response-based, interactive/non-interactive, and greedy/non-greedy. Each CATNAP traffic category can be directly mapped to one of the following treatments: push/delay, limited advertised window size/drop, and reserve bandwidth. Based on the classification results, the CATNAP treatment module automatically applies the treatment policy to provide better QoS support. CATNAP is implemented with the NS network simulator, and evaluated against DropTail and Strict Priority Queue (SPQ) under various network and traffic conditions. In most simulation cases, CATNAP provides better QoS supports than DropTail: it lowers queuing delay for multimedia applications such as VoIP, games and video, fairly treats FTP flows with various round trip times, and is even functional when misbehaving UDP traffic is present. Unlike current QoS methods, CATNAP is a plug-and-play solution, automatically classifying and treating flows without any user configuration, or any modification to end hosts or applications

Feasibility of Using Passive Monitoring Techniques in Mesh Networks for the Support of Routing

In recent years, Wireless Mesh Networks (WMNs) have emerged as a promising solution to provide low cost access networks that extend Internet access and other networking services. Mesh routers form the backbone connectivity through cooperative routing in an often unstable wireless medium. Therefore, the techniques used to monitor and manage the performance of the wireless network are expected to play a significant role in providing the necessary performance metrics to help optimize the link performance in WMNs. This thesis initially presents an assessment of the correlation between passive monitoring and active probing techniques used for link performance measurement in single radio WMNs. The study reveals that by combining multiple performance metrics obtained by using passive monitoring, a high correlation with active probing can be achieved. The thesis then addresses the problem of the system performance degradation associated with simultaneous activation of multiple radios within a mesh node in a multi-radio environment. The experiments results suggest that the finite computing resource seems to be the limiting factor in the performance of a multi-radio mesh network. Having studied this characteristic of multi-radio networks, a similar approach as used in single radio mesh network analysis was taken to investigate the feasibility of passive monitoring in a multi-radio environment. The accuracy of the passive monitoring technique was compared with that of the active probing technique and the conclusion reached is that passive monitoring is a viable alternative to active probing technique in multi-radio mesh networks

Measuring the service level in the 2.4 GHz ISM band

In this report we provide the findings of the 2.4 GHz service level research. Here service level means the following: can all devices in the 2.4 GHz band fulfill their communication needs. In other words this corresponds to the overall Quality of Service (QoS). The project is a short research exploratory project of about 400 hours in collaboration with Agentschap Telecom, the Dutch Radiocommunications Agency. First of all a survey has been made to investigate which measurement methods can be used to assess the service level in the 2.4 GHz. Here the focus is on IEEE 802.11b/g/n (WiFi) systems. The service level can be measured at several levels of the OSI model: spectrum sensing (physical layer) and packet sniffers (datalink layer). Power level measurements are used to assess the utilization of the 2.4 GHz ISM band. On the other hand packet sniffers are an appropriate method to measure congestion and to pinpoint problems. Secondly, in this project the interferer mechanisms of several sources (microwave, wireless A/V transmitter, Bluetooth, second WiFi network) have been measured in a controlled environment. It turns out that interferers not only increase retry rate, but also trigger unwanted WiFi mechanisms; especially the hidden node mechanism (Request To Send (RTS)/Clear To Send (CTS) packets). So this means that the CTS/RTS control packets, but also the retry rate can be used to identify congestion. The spectrum measurement results allow to identify which interferer source causes congestion. Finally, also a measurement setup is presented that allows to measure the service level. In addition, initial measurements are provided of live environments (college room, office room, city centre). The results show inefficient use of the wireless medium in certain scenarios, due to a large frame rate of management and control packets compared to the data frame rate. In a busy WiFi environment (college room) only 20% of all frames are data frames. Of these data frames only 1/10 are actual data frames as most data frames are so-called null frames; used to keep a WiFi connection alive in power save mode. From all frames about 70% are control frames of which most are ACK frames and in less extend CTS/RTS frames. More research is required to identify the reasons for the high number of control frames. It is likely that there is significant interference, probably due to the many WiFi devices. This is also depicted by the retry frame rate (7%). Combining spectrum sensing with packet sniffing seems to be a good method to assess the service level in the 2.4 GHz ISM band. However, the interferer mechanisms that occur between WiFi networks, WiFi devices and other technologies are complex. More research is needed to enhance the developed proof-of-concept demonstrator and to have a better understanding of the interferer mechanisms in WiFi systems

BotSpine - A Generic Simple Development Platform of Smartphones and Sensors or Robotics

The Internet of Things (IoT) emergence leads to an “intelligence” technology revolution in industrial, social, environmental and almost every aspect of life and objectives. Sensor and actuators are heavily employed in industrial production and, under the trend of IoT, smart sensors are in great demand. Smartphones stand out from other computing terminals as a result of their incomparable popularity, mobility and computer comparable computing capability. However, current IoT designs are developed among diverse platforms and systems and are usually specific to applications and patterns. There is no a standardized developing interface between smartphones and sensors/electronics that is facile and rapid for either developers or consumers to connect and control through smartphones. The goal of this thesis is to develop a simple and generic platform interconnecting smartphones and sensors and/or robotics, allowing users to develop, monitor and control all types of sensors, robotics or customer electronics simply over their smartphones through the developed platform. The research is in cooperation with a local company, Environmental Instruments Canada Inc. From the perspective of research and industrial interests, the proposed platform is designed for generally applicable, low cost, low energy, easily programmed, and smartphone based sensor and/or robotic development purposes. I will build a platform interfacing smartphones and sensors including hardware, firmware structures and software application. The platform is named BotSpine and it provides an energy-efficient real-time wireless communication. This thesis also implements BotSpine by redesigning a radon sniffer robot with the developed interface, demonstrated that BotSpine is able to achieve expectations. BotSpine performs a fast and secure connection with smartphones and its command/BASIC program features render controlling and developing robotics and electronics easy and simple