ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks.We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.Comment: 11 pages, 14 figures, accepted at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

FastZIP: Faster and More Secure Zero-Interaction Pairing

With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.Comment: ACM MobiSys '21 - Code and data at: https://github.com/seemoo-lab/fastzi

Conducting a Large-scale Field Test of a Smartphone-based Communication Network for Emergency Response

Smartphone-based communication networks form a basis for services in emergency response scenarios, where communication infrastructure is impaired or overloaded. Still, their design and evaluation are largely based on simulations that rely on generic mobility models and weak assumptions regarding user behavior. For a realistic assessment, scenario-specific models are essential. To this end, we conducted a large-scale field test of a set of emergency services that relied solely on ad hoc communication. Over the course of one day, we gathered data from smartphones distributed to 125 participants in a scripted disaster event. In this paper, we present the scenario, measurement methodology, and a first analysis of the data. Our work provides the first trace combining user interaction, mobility, and additional sensor readings of a large-scale emergency response scenario, facilitating future research

Perils of Zero-Interaction Security in the Internet of Things

The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations. In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%

Loan growth and riskiness of banks

We investigate whether loan growth affects the riskiness of individual banks in 16 major countries. Using Bankscope data from more than 16,000 individual banks during 1997-2007, we test three hypotheses on the relation between abnormal loan growth and asset risk, bank profitability, and bank solvency. We find that loan growth leads to an increase in loan loss provisions during the subsequent three years, to a decrease in relative interest income, and to lower capital ratios. Further analyses show that loan growth also has a negative impact on the risk-adjusted interest income. These results suggest that loan growth represents an important driver of the riskiness of banks

Lightweight Detection of Denial-of-Service Attacks on Wireless Sensor Networks Revisited

The resource-constrained nature of sensor nodes makes wireless sensor networks (WSNs) especially susceptible to denial-of-service (DoS) attacks. Due to the wireless communication medium, it is difficult to prevent attacks such as jamming. Hence, mechanisms to detect attacks during operation are required. The current generation of intrusion detection systems are still rather heavyweight, as some form of collaboration is typically needed. In this paper, we study the behavior of a large number of node-centric metrics under jamming and blackhole attacks, by applying a logistic regression. In our experiments, we vary several parameters, such as traffic intensity, transmission power, and attacker location. We consider the most common topologies in wireless sensor networks such as central data collection and meshed multi-hop networks by using the collection tree and the mesh protocol. The created regression models are then used to implement a fully localized intrusion detection system requiring no collaboration, showing that certain models can be generalized to different networks

The King is Dead Long Live the King! Towards Systematic Performance Evaluation of Heterogeneous Bluetooth Mesh Networks in Real World Environments

Wireless networks based on Bluetooth mesh (BM) promise a variety of Internet of Things applications from health- care monitoring to smart buildings. BM introduces a novel network concept that supports up to 32767 devices and 127 hops. So far no readily available dataset or toolset exists to perform systematic in-depth performance analysis of this standard. In this paper, we present insights on the performance and practical usability of BM. We conduct realistic smart office experiments with heterogeneous devices distributed throughout an area of approximately 1100m2. By varying network pa- rameters and BM node features, we collect the first public available BM dataset. Based on our experience, the use of current implementations is error-prone due to the complexity of BM. To facilitate researchers to conduct further experiments, we propose a toolset to configure and systematically evaluate BM performance. Finally we discuss several pitfalls that should be avoided in designing and deploying such networks