Finding and Exploiting Vulnerabilities in Embedded TCP/IP Stacks

In the context of the rapid development of IoT technology, cyber-attacks are becoming more frequent, and the damage caused by cyber-attacks is remaining obstinately high. How to take the initiative in the rivalry with attackers is a major problem in today's era of the Internet. Vulnerability research is of great importance in this contest, especially the study of vulnerability detection and exploitation methodologies. The objective of the thesis is to examine vulnerabilities in DNS client implementations of embedded TCP/IP stacks, specifically in terms of vulnerability detection and vulnerability exploitation research. In the thesis, a detection method is developed for some anti-patterns in DNS client implementations using a static analysis platform. We tested it against 10 embedded TCP/IP stacks, the result shows that the developed detection method has high precision for detecting the vulnerabilities found by the Forescout research labs with a total of 88% accuracy. For different anti-patterns, the method has different detection precision and it is closely related to the implementation of the detection queries. The thesis also conducted vulnerability exploitation research for a heap overflow vulnerability that exists in a DNS client implementation of a popular TCP/IP stack. A proof-of-concept of this exploitation is developed. Though there are many constraints for successful exploitations, the ability to conduct remote code execution attacks still makes exploitation of heap overflow vulnerability dangerous. In addition, attacks against TCP/IP stacks can take advantage of the stacks and make it possible for an attacker to exploit vulnerabilities in other devices. Often it takes a huge amount of time for researchers to have deep knowledge of a codebase and to find vulnerabilities in it. But with the developed detection method, we can automate the process of locating vulnerable code patterns to add support for detecting relevant vulnerabilities. Research on the exploitation of vulnerabilities can allow us to discover the potential impact of a vulnerability from the perspective of an attacker and implement targeted defences

Detection of gravitational wave signals from NS-NS inspirals in presence of non-stationary noise

Gravitational Wave (GW) detection is an important and inspiring project. Once detected, it will open a new window to understand the universe. The laser interferometer GW detectors, specially LIGO, is the most sensitive detectors at the moment, which can detect GW signal as weak as 10−21. Chirp signal generated by neutron star binaries is a well modeled waveform. One goal of LIGO is to study chirp signal detection. In this field, matched filtering is a widely used method. But since LIGO noise is non-stationary, which will weaken the efficiency of general matched filtering. In this work, a modified matched filtering is built to take non-stationary into account

Topo-fermiology

The modern semiclassical theory of a Bloch electron in a magnetic field now encompasses the orbital magnetic moment and the geometric phase. These two notions are encoded in the Bohr-Sommerfeld quantization condition as a phase ($\lambda$) that is subleading in powers of the field; $\lambda$ is measurable in the phase offset of the de Haas-van Alphen oscillation, as well as of fixed-bias oscillations of the differential conductance in tunneling spectroscopy. In some solids and for certain field orientations, $\lambda/\pi$ are robustly integer-valued owing to the symmetry of the extremal orbit, i.e., they are the topological invariants of magnetotransport. Our comprehensive symmetry analysis identifies solids in any (magnetic) space group for which $\lambda$ is a topological invariant, as well as identifies the symmetry-enforced degeneracy of Landau levels. The analysis is simplified by our formulation of ten (and only ten) symmetry classes for closed, Fermi-surface orbits. Case studies are discussed for graphene, transition metal dichalchogenides, 3D Weyl and Dirac metals, and crystalline and $\mathbb{Z}_2$ topological insulators. In particular, we point out that a $\pi$ phase offset in the fundamental oscillation should \emph{not} be viewed as a smoking gun for a 3D Dirac metal.Comment: Update: (i) Generalized Lifshitz-Kosevich formulae (for the oscillatory magnetization and density of states) which apply also in magnetic solids. (ii) Case studies on Bi2Se3 and Na3Bi. A $\pi$ phase offset in the fundamental oscillation should not be viewed as a smoking gun for a 3D Dirac metal. (iii) A zero-sum rule for $\lambda$ is derived for bulk orbits in time-reversal-symmetric metal

Performance study of a novel solar solid dehumidification/regeneration bed for use in buildings air conditioning systems

In this paper, a novel solar solid dehumidification/regeneration bed has been proposed, and its three regeneration methods, i.e., simulated solar radiation regeneration, microwave regeneration, and combined regeneration of the microwave and simulated solar radiation, were experimentally investigated and compared, as well as the dehumidification performance. The degree of regeneration of the proposed system under the regeneration method combining both microwave irradiation and simulated solar radiation could reach 77.7%, which was 3.77 times higher than that of the system under the simulated solar regeneration method and 1.05 times higher than that of the system under the microwave regeneration. The maximum energy efficiency of the proposed system under the combined regeneration method was 21.7%, while it was only 19.4% for the system under microwave regeneration. All these proved that the combined regeneration method of the simulated solar and microwave radiation not only improved the regeneration efficiency of the system, but also enhanced the energy efficiency. For the dehumidification performance, the maximum transient moisture removal was 14.1 g/kg, the maximum dehumidification efficiency was 68.0% and the maximum speed of dehumidification was 0.294 g/(kgμs) when the inlet air temperature was at 26.09 °C and the air relative humidity was at 89.23%. By comparing the testing results with the semi-empirical results from the Page model, it was indicated that the Page model can predict the regeneration characteristics of the novel solar solid dehumidification/regeneration bed under the combined method of microwave and simulated solar regeneration. The results of this research should prove useful to researchers and engineers to exploit the potential of solar technologies in buildings worldwide