InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

CAFS in action

For those few readers who do not know, CAFS is a system developed by ICL to search through data at speeds of several million characters per second. Its full name is Content Addressable File Store Information Search Processor, CAFS-ISP or CAFS for short. It is an intelligent hardware-based searching engine, currently available with both ICL's 2966 family of computers and the recently announced Series 39, operating within the VME environment. It uses content addressing techniques to perform fast searches of data or text stored on discs: almost all fields are equally accessible as search keys. Software in the mainframe generates a search task; the CAFS hardware performs the search, and returns the hit records to the mainframe. Because special hardware is used, the searching process is very much more efficient than searching performed by any software method. Various software interfaces are available which allow CAFS to be used in many different situations. CAFS can be used with existing systems without significant change. It can be used to make online enquiries of mainframe files or databases or directly from user written high level language programs. These interfaces are outlined in the body of the report

A Framework of Efficient Hybrid Model and Optimal Control for Multihop Wireless Networks

The performance of multihop wireless networks (MWN) is normally studied via simulation over a fixed time horizon using a steady-state type of statistical analysis procedure. However, due to the dynamic nature of network connectivi- ty and nonstationary traffic, such an approach may be inap- propriate as the network may spend most time in a transien- t/nonstationary state. Moreover, the majority of the simu- lators suffer from scalability issues. In this work, we presents a performance modeling framework for analyzing the time varying behavior of MWN. Our framework is a hybrid mod- el of time varying connectivity matrix and nonstationary network queues. Network connectivity is captured using s- tochastic modeling of adjacency matrix by considering both wireless link quality and node mobility. Nonstationary net- work queues behavior are modeled using fluid flow based differential equations. In terms of the computational time, the hybrid fluid-based model is a more scalable tool than the standard simulator. Furthermore, an optimal control strategy is proposed on the basis of the hybrid model