381 research outputs found
Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices
Bluetooth is among the dominant standards for wireless short-range
communication with multi-billion Bluetooth devices shipped each year. Basic
Bluetooth analysis inside consumer hardware such as smartphones can be
accomplished observing the Host Controller Interface (HCI) between the
operating system's driver and the Bluetooth chip. However, the HCI does not
provide insights to tasks running inside a Bluetooth chip or Link Layer (LL)
packets exchanged over the air. As of today, consumer hardware internal
behavior can only be observed with external, and often expensive tools, that
need to be present during initial device pairing. In this paper, we leverage
standard smartphones for on-device Bluetooth analysis and reverse engineer a
diagnostic protocol that resides inside Broadcom chips. Diagnostic features
include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth
Low Energy (BLE), transmission and reception statistics, test mode, and memory
peek and poke
DEMO: Attaching InternalBlue to the Proprietary macOS IOBluetooth Framework
In this demo, we provide an overview of the macOS Bluetooth stack internals
and gain access to undocumented low-level interfaces. We leverage this
knowledge to add macOS support to the InternalBlue firmware modification and
wireless experimentation framework.Comment: 13th ACM Conference on Security and Privacy in Wireless and Mobile
Network
Demo: Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless
ad hoc protocol that Apple introduced around 2014 and which is the base for
applications such as AirDrop and AirPlay. We have reverse engineered the
protocol and explain its frame format and operation in our MobiCom '18 paper
"One Billion Apples' Secret Sauce: Recipe of the Apple Wireless Direct Link Ad
hoc Protocol." AWDL builds on the IEEE 802.11 standard and implements election,
synchronization, and channel hopping mechanisms on top of it. Furthermore, AWDL
features an IPv6-based data path which enables direct communication. To
validate our own work, we implement a working prototype of AWDL on Linux-based
systems. Our implementation is written in C, runs in userspace, and makes use
of Linux's Netlink API for interactions with the system's networking stack and
the pcap library for frame injection and reception. In our demonstrator, we
show how our Linux system synchronizes to an existing AWDL cluster or takes
over the master role itself. Furthermore, it can receive data frames from and
send them to a MacBook or iPhone via AWDL. We demonstrate the data exchange via
ICMPv6 echo request and replies as well as sending and receiving data over a
TCP connection.Comment: The 24th Annual International Conference on Mobile Computing and
Networking (MobiCom '18
Optimal Joint Routing and Scheduling in Millimeter-Wave Cellular Networks
Millimeter-wave (mmWave) communication is a promising technology to cope with
the expected exponential increase in data traffic in 5G networks. mmWave
networks typically require a very dense deployment of mmWave base stations
(mmBS). To reduce cost and increase flexibility, wireless backhauling is needed
to connect the mmBSs. The characteristics of mmWave communication, and
specifically its high directional- ity, imply new requirements for efficient
routing and scheduling paradigms. We propose an efficient scheduling method,
so-called schedule-oriented optimization, based on matching theory that
optimizes QoS metrics jointly with routing. It is capable of solving any
scheduling problem that can be formulated as a linear program whose variables
are link times and QoS metrics. As an example of the schedule-oriented
optimization, we show the optimal solution of the maximum throughput fair
scheduling (MTFS). Practically, the optimal scheduling can be obtained even for
networks with over 200 mmBSs. To further increase the runtime performance, we
propose an efficient edge-coloring based approximation algorithm with provable
performance bound. It achieves over 80% of the optimal max-min throughput and
runs 5 to 100 times faster than the optimal algorithm in practice. Finally, we
extend the optimal and approximation algorithms for the cases of multi-RF-chain
mmBSs and integrated backhaul and access networks.Comment: To appear in Proceedings of INFOCOM '1
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented IEEE
802.11-based ad hoc protocol. Apple first introduced AWDL around 2014 and has
since integrated it into its entire product line, including iPhone and Mac.
While we have found that AWDL drives popular applications such as AirPlay and
AirDrop on more than one billion end-user devices, neither the protocol itself
nor potential security and Wi-Fi coexistence issues have been studied. In this
paper, we present the operation of the protocol as the result of binary and
runtime analysis. In short, each AWDL node announces a sequence of Availability
Windows (AWs) indicating its readiness to communicate with other AWDL nodes. An
elected master node synchronizes these sequences. Outside the AWs, nodes can
tune their Wi-Fi radio to a different channel to communicate with an access
point, or could turn it off to save energy. Based on our analysis, we conduct
experiments to study the master election process, synchronization accuracy,
channel hopping dynamics, and achievable throughput. We conduct a preliminary
security assessment and publish an open source Wireshark dissector for AWDL to
nourish future work.Comment: The 24th Annual International Conference on Mobile Computing and
Networking (MobiCom '18
DEMO: BTLEmap: Nmap for Bluetooth Low Energy
The market for Bluetooth Low Energy devices is booming and, at the same time,
has become an attractive target for adversaries. To improve BLE security at
large, we present BTLEmap, an auditing application for BLE environments.
BTLEmap is inspired by network discovery and security auditing tools such as
Nmap for IP-based networks. It allows for device enumeration, GATT service
discovery, and device fingerprinting. It goes even further by integrating a BLE
advertisement dissector, data exporter, and a user-friendly UI, including a
proximity view. BTLEmap currently runs on iOS and macOS using Apple's
CoreBluetooth API but also accepts alternative data inputs such as a Raspberry
Pi to overcome the restricted vendor API. The open-source project is under
active development and will provide more advanced capabilities such as
long-term device tracking (in spite of MAC address randomization) in the
future.Comment: 13th ACM Conference on Security and Privacy in Wireless and Mobile
Network
A Systematic Approach to Constructing Incremental Topology Control Algorithms Using Graph Transformation
Communication networks form the backbone of our society. Topology control
algorithms optimize the topology of such communication networks. Due to the
importance of communication networks, a topology control algorithm should
guarantee certain required consistency properties (e.g., connectivity of the
topology), while achieving desired optimization properties (e.g., a bounded
number of neighbors). Real-world topologies are dynamic (e.g., because nodes
join, leave, or move within the network), which requires topology control
algorithms to operate in an incremental way, i.e., based on the recently
introduced modifications of a topology. Visual programming and specification
languages are a proven means for specifying the structure as well as
consistency and optimization properties of topologies. In this paper, we
present a novel methodology, based on a visual graph transformation and graph
constraint language, for developing incremental topology control algorithms
that are guaranteed to fulfill a set of specified consistency and optimization
constraints. More specifically, we model the possible modifications of a
topology control algorithm and the environment using graph transformation
rules, and we describe consistency and optimization properties using graph
constraints. On this basis, we apply and extend a well-known constructive
approach to derive refined graph transformation rules that preserve these graph
constraints. We apply our methodology to re-engineer an established topology
control algorithm, kTC, and evaluate it in a network simulation study to show
the practical applicability of our approachComment: This document corresponds to the accepted manuscript of the
referenced journal articl
Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark
Practical solutions to bootstrap security in today's information and
communication systems critically depend on centralized services for
authentication as well as key and trust management. This is particularly true
for mobile users. Identity providers such as Google or Facebook have active
user bases of two billion each, and the subscriber number of mobile operators
exceeds five billion unique users as of early 2018. If these centralized
services go completely `dark' due to natural or man made disasters, large scale
blackouts, or country-wide censorship, the users are left without practical
solutions to bootstrap security on their mobile devices. Existing distributed
solutions, for instance, the so-called web-of-trust are not sufficiently
lightweight. Furthermore, they support neither cross-application on mobile
devices nor strong protection of key material using hardware security modules.
We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping
device-to-device security wirelessly, thus, enabling secure distributed
self-organized networks. It is tailored to operate `in the dark' and provides
strong protection of key material as well as an intuitive means to build a
lightweight web-of-trust. SoL is particularly well suited for local or urban
operation in scenarios such as the coordination of emergency response, where it
helps containing/limiting the spreading of misinformation. As a proof of
concept, we implement SoL in the Android platform and hence test its
feasibility on real mobile devices. We further evaluate its key performance
aspects using simulation
- …