Doctor of Philosophy

dissertationThe wireless radio channel is typically thought of as a means to move information from transmitter to receiver, but the radio channel can also be used to detect changes in the environment of the radio link. This dissertation is focused on the measurements we can make at the physical layer of wireless networks, and how we can use those measurements to obtain information about the locations of transceivers and people. The first contribution of this work is the development and testing of an open source, 802.11b sounder and receiver, which is capable of decoding packets and using them to estimate the channel impulse response (CIR) of a radio link at a fraction of the cost of traditional channel sounders. This receiver improves on previous implementations by performing optimized matched filtering on the field-programmable gate array (FPGA) of the Universal Software Radio Peripheral (USRP), allowing it to operate at full bandwidth. The second contribution of this work is an extensive experimental evaluation of a technology called location distinction, i.e., the ability to identify changes in radio transceiver position, via CIR measurements. Previous location distinction work has focused on single-input single-output (SISO) radio links. We extend this work to the context of multiple-input multiple-output (MIMO) radio links, and study system design trade-offs which affect the performance of MIMO location distinction. The third contribution of this work introduces the "exploiting radio windows" (ERW) attack, in which an attacker outside of a building surreptitiously uses the transmissions of an otherwise secure wireless network inside of the building to infer location information about people inside the building. This is possible because of the relative transparency of external walls to radio transmissions. The final contribution of this dissertation is a feasibility study for building a rapidly deployable radio tomographic (RTI) imaging system for special operations forces (SOF). We show that it is possible to obtain valuable tracking information using as few as 10 radios over a single floor of a typical suburban home, even without precise radio location measurements

Secure OFDM System Design for Wireless Communications

Wireless communications is widely employed in modern society and plays an increasingly important role in people\u27s daily life. The broadcast nature of radio propagation, however, causes wireless communications particularly vulnerable to malicious attacks, and leads to critical challenges in securing the wireless transmission. Motivated by the insufficiency of traditional approaches to secure wireless communications, physical layer security that is emerging as a complement to the traditional upper-layer security mechanisms is investigated in this dissertation. Five novel techniques toward the physical layer security of wireless communications are proposed. The first two techniques focus on the security risk assessment in wireless networks to enable a situation-awareness based transmission protection. The third and fourth techniques utilize wireless medium characteristics to enhance the built-in security of wireless communication systems, so as to prevent passive eavesdropping. The last technique provides an embedded confidential signaling link for secure transmitter-receiver interaction in OFDM systems

Channel Based Relay Attack Detection Protocol

A relay attack is a potentially devastating form of a man-in-the-middle attack, that can circumvent any challenge-response authentication protocol. A relay attack also has no known cryptographic solution. This thesis proposes the usage of reciprocal channel state information in a wireless system to detect the presence of a relay attack. Through the usage of an open source channel state information tool, a challenge-response authentication Channel Based Relay Attack Detection Protocol is designed and implemented using IEEE 802.11n (WiFi) in detail. The proposed protocol adapts ideas from solutions to other problems, to create a novel solution to the relay attack problem. Preliminary results are done to show the practicality of using channel state information for randomness extraction. As well, two novel attacks are proposed that could be used to defeat the protocol and other similar protocols. To handle these attacks, two modifications are given that only work with the Channel Based Relay Attack Detection Protocol

Wireless communication, sensing, and REM: A security perspective

The diverse requirements of next-generation communication systems necessitate awareness, flexibility, and intelligence as essential building blocks of future wireless networks. The awareness can be obtained from the radio signals in the environment using wireless sensing and radio environment mapping (REM) methods. This is, however, accompanied by threats such as eavesdropping, manipulation, and disruption posed by malicious attackers. To this end, this work analyzes the wireless sensing and radio environment awareness mechanisms, highlighting their vulnerabilities and provides solutions for mitigating them. As an example, the different threats to REM and its consequences in a vehicular communication scenario are described. Furthermore, the use of REM for securing communications is discussed and future directions regarding sensing/REM security are highlighted

Authentication and Message Integrity Verification without Secrets

Embedding network capabilities in a plethora of new devices and infrastructures--the Internet-of-Things, vehicular and aviation networks, the critical national infrastructure, industrial plants--are dramatically transforming the modern way of living. The rapid deployment pace of these emerging applications has brought unprecedented security challenges related to data confidentiality, user privacy, and critical infrastructure availability. A significant portion of these threats is attributed to the broadcast nature of the wireless medium, which exposes systems to easy-to-launch passive and active attacks. The slow security standards rollout combined with the ever-shrinking time-to-market, the device heterogeneity and the lack of user-friendly input interfaces (screen, keyboard, etc.) only exacerbate the security challenges. In this dissertation, we address the fundamental problem of trust establishment in the context of emerging network applications. We present techniques integrating physical layer properties with cryptographic primitives to guarantee message integrity and bootstrap initial trust without relying on any prior secrets. We present the ``helper'' security paradigm in which security is outsourced to one or more dedicated devices to allow for the scalable pairing of off-the-shelf heterogeneous devices. In addition, we present our work on message integrity verification of navigation information for aircrafts (speed, location, and heading) by exploiting the Doppler spread of the wireless channel. Finally, we develop a secure and fast voting technique for distributed networks which allows fast coordination of a group of devices without the overhead of messaging