2,254 research outputs found
Survey of Spectrum Sharing for Inter-Technology Coexistence
Increasing capacity demands in emerging wireless technologies are expected to
be met by network densification and spectrum bands open to multiple
technologies. These will, in turn, increase the level of interference and also
result in more complex inter-technology interactions, which will need to be
managed through spectrum sharing mechanisms. Consequently, novel spectrum
sharing mechanisms should be designed to allow spectrum access for multiple
technologies, while efficiently utilizing the spectrum resources overall.
Importantly, it is not trivial to design such efficient mechanisms, not only
due to technical aspects, but also due to regulatory and business model
constraints. In this survey we address spectrum sharing mechanisms for wireless
inter-technology coexistence by means of a technology circle that incorporates
in a unified, system-level view the technical and non-technical aspects. We
thus systematically explore the spectrum sharing design space consisting of
parameters at different layers. Using this framework, we present a literature
review on inter-technology coexistence with a focus on wireless technologies
with equal spectrum access rights, i.e. (i) primary/primary, (ii)
secondary/secondary, and (iii) technologies operating in a spectrum commons.
Moreover, we reflect on our literature review to identify possible spectrum
sharing design solutions and performance evaluation approaches useful for
future coexistence cases. Finally, we discuss spectrum sharing design
challenges and suggest future research directions
Survey on wireless technology trade-offs for the industrial internet of things
Aside from vast deployment cost reduction, Industrial Wireless Sensor and Actuator Networks (IWSAN) introduce a new level of industrial connectivity. Wireless connection of sensors and actuators in industrial environments not only enables wireless monitoring and actuation, it also enables coordination of production stages, connecting mobile robots and autonomous transport vehicles, as well as localization and tracking of assets. All these opportunities already inspired the development of many wireless technologies in an effort to fully enable Industry 4.0. However, different technologies significantly differ in performance and capabilities, none being capable of supporting all industrial use cases. When designing a network solution, one must be aware of the capabilities and the trade-offs that prospective technologies have. This paper evaluates the technologies potentially suitable for IWSAN solutions covering an entire industrial site with limited infrastructure cost and discusses their trade-offs in an effort to provide information for choosing the most suitable technology for the use case of interest. The comparative discussion presented in this paper aims to enable engineers to choose the most suitable wireless technology for their specific IWSAN deployment
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Bluetooth is one of the most established technologies for short range digital
wireless data transmission. With the advent of wearables and the Internet of
Things (IoT), Bluetooth has again gained importance, which makes security
research and protocol optimizations imperative. Surprisingly, there is a lack
of openly available tools and experimental platforms to scrutinize Bluetooth.
In particular, system aspects and close to hardware protocol layers are mostly
uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread
in off-the-shelf devices. Thus, we offer deep insights into the internal
architecture of a popular commercial family of Bluetooth controllers used in
smartphones, wearables, and IoT platforms. Reverse engineered functions can
then be altered with our InternalBlue Python framework---outperforming
evaluation kits, which are limited to documented and vendor-defined functions.
The modified Bluetooth stack remains fully functional and high-performance.
Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by
implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we
discover a novel critical security issue affecting a large selection of
Broadcom chipsets that allows executing code within the attacked Bluetooth
firmware. We further show how to use our framework to fix bugs in chipsets out
of vendor support and how to add new security features to Bluetooth firmware
Design and evaluation of coexistence mechanisms for Bluetooth and IEEE 802.11b systems
Short-range wireless technologies are becoming increasingly important in enabling useful mobile applications. Bluetooth and IEEE 802.11b standards are the most commonly deployed technologies for WPAN and WLAN. However, because both standards share the same unlicensed ISM (Industrial, Scientific, Medical) radio spectrum, severe interference is inevitable and performance can be impaired significantly when heterogeneous devices using the two technologies come into close proximity. The most notable solution to this problem is a frequency domain noncollaborative coexistence mechanism called adaptive frequency hopping (AFH). However, we find that the efficiency of the 'channel classification' sub-process in noncollaborative mechanisms is by and large ignored in the literature. Moreover, we also find that there is no system resources awareness and no interference source genre concerns in IEEE 802.15 Task Group 2 AFH (TG2 AFH) design. Thus, we suggest a new approach called ISOAFH (Interference Source Oriented AFH). With the above considerations, we propose a customized channel classification process, thereby simplifying the time and space complexity of the mechanism. Through our detailed implementation of various coexistence mechanisms in MATLAB Simulink, it is observed that TG2 AFH performance is sensitive to memory and power limitations, while ISOAFH is much less sensitive to these constraints and can keep a much lower channel collision rate. On the other hand, We also study some open issues of a time domain mechanism called MDMS (Master Delay MAC Scheduling). We compare different coexistence mechanisms and find that the performance of each approach very much depends on the efficiency of its sub-processes.published_or_final_versio
On adaptive frequency hopping to combat coexistence interference between bluetooth and IEEE 802.11b with practical resource constraints
In contrast to traditional frequency hopping techniques, Adaptive Frequency Hopping (AFH) is a low cost and low power solution to avoid interference dynamically. While each AFH algorithm proposed previously is shown to be efficient, a detailed performance analysis of various AFH mechanisms under realistic resource constraints is yet to be done. In particular, based on our performance study on Bluetooth systems presented in this paper, we have found that the AFH mechanism adopted by IEEE 802.15 Task Group 2 (TG2) is very sensitive to memory and power limitations. We then propose a novel Interference Source Oriented Adaptive Frequency Hopping (ISOAFH) approach based on a cross-layer design, in which the baseband layer of Bluetooth considers not only the instantaneous channels condition but also the physical layer transmission characteristics of potential interference sources in determining the hop sequence. In our simulations using detailed MATLAB Simulink modeling, we find that our proposed method is much more robust in that it is insensitive to memory and energy constraints. Indeed, our approach generally achieves a lower collision rate and higher ISM spectrum utilization.published_or_final_versio
JamLab: Augmenting Sensornet Testbeds with Realistic and Controlled Interference Generation
Radio interference drastically affects the performance of sensor-net communications, leading to packet loss and reduced energy-efficiency. As an increasing number of wireless devices operates on the same ISM frequencies, there is a strong need for understanding and debugging the performance of existing sensornet protocols under interference. Doing so requires a low-cost flexible testbed infrastructure that allows the repeatable generation of a wide range of interference patterns. Unfortunately, to date, existing sensornet testbeds lack such capabilities, and do not permit to study easily the coexistence problems between devices sharing the same frequencies. This paper addresses the current lack of such an infrastructure by using off-the-shelf sensor motes to record and playback interference patterns as well as to generate customizable and repeat-able interference in real-time. We propose and develop JamLab: a low-cost infrastructure to augment existing sensornet testbeds with accurate interference generation while limiting the overhead to a simple upload of the appropriate software. We explain how we tackle the hardware limitations and get an accurate measurement and regeneration of interference, and we experimentally evaluate the accuracy of JamLab with respect to time, space, and intensity. We further use JamLab to characterize the impact of interference on sensornet MAC protocols
Selective Jamming of LoRaWAN using Commodity Hardware
Long range, low power networks are rapidly gaining acceptance in the Internet
of Things (IoT) due to their ability to economically support long-range sensing
and control applications while providing multi-year battery life. LoRa is a key
example of this new class of network and is being deployed at large scale in
several countries worldwide. As these networks move out of the lab and into the
real world, they expose a large cyber-physical attack surface. Securing these
networks is therefore both critical and urgent. This paper highlights security
issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow
modulation type in the protocol. We exploit these issues to develop a suite of
practical attacks based around selective jamming. These attacks are conducted
and evaluated using commodity hardware. The paper concludes by suggesting a
range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi
Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets
Wireless communication standards and implementations have a troubled history
regarding security. Since most implementations and firmwares are closed-source,
fuzzing remains one of the main methods to uncover Remote Code Execution (RCE)
vulnerabilities in deployed systems. Generic over-the-air fuzzing suffers from
several shortcomings, such as constrained speed, limited repeatability, and
restricted ability to debug. In this paper, we present Frankenstein, a fuzzing
framework based on advanced firmware emulation, which addresses these
shortcomings. Frankenstein brings firmware dumps "back to life", and provides
fuzzed input to the chip's virtual modem. The speed-up of our new fuzzing
method is sufficient to maintain interoperability with the attached operating
system, hence triggering realistic full-stack behavior. We demonstrate the
potential of Frankenstein by finding three zero-click vulnerabilities in the
Broadcom and Cypress Bluetooth stack, which is used in most Apple devices, many
Samsung smartphones, the Raspberry Pis, and many others.
Given RCE on a Bluetooth chip, attackers may escalate their privileges beyond
the chip's boundary. We uncover a Wi-Fi/Bluetooth coexistence issue that
crashes multiple operating system kernels and a design flaw in the Bluetooth
5.2 specification that allows link key extraction from the host. Turning off
Bluetooth will not fully disable the chip, making it hard to defend against RCE
attacks. Moreover, when testing our chip-based vulnerabilities on those
devices, we find BlueFrag, a chip-independent Android RCE.Comment: To be published at USENIX Securit
- …