-
Resilience-by-Design Concepts for 6G Communication Networks
Authors:
Ladan Khaloopour,
Yanpeng Su,
Florian Raskob,
Tobias Meuser,
Roland Bless,
Leon Würsching,
Kamyar Abedi,
Marko Andjelkovic,
Hekma Chaari,
Pousali Chakraborty,
Michael Kreutzer,
Matthias Hollick,
Thorsten Strufe,
Norman Franchi,
Vahid Jamali
Abstract:
The sixth generation (6G) mobile communication networks are expected to intelligently integrate into various aspects of modern digital society, including smart cities, homes, healthcare, transportation, and factories. While offering a multitude of services, it is likely that societies become increasingly reliant on 6G infrastructure. Any disruption to these digital services, whether due to human o…
▽ More
The sixth generation (6G) mobile communication networks are expected to intelligently integrate into various aspects of modern digital society, including smart cities, homes, healthcare, transportation, and factories. While offering a multitude of services, it is likely that societies become increasingly reliant on 6G infrastructure. Any disruption to these digital services, whether due to human or technical failures, natural disasters, or terrorism, would significantly impact citizens' daily lives. Hence, 6G networks need not only to provide high-performance services but also to be resilient in maintaining essential services in the face of potentially unknown challenges. This paper introduces a comprehensive concept for designing resilient 6G communication networks, summarizing our initial studies within the German Open6GHub project. Adopting an interdisciplinary approach, we propose to embed physical and cyber resilience across all communication system layers, addressing electronics, physical channel, network components and functions, networks, services, and cross-layer and cross-infrastructure considerations. After reviewing the background on resilience concepts, definitions, and approaches, we introduce the proposed resilience-by-design (RBD) concept for 6G communication networks. We further elaborate on the proposed RBD concept along with selected 6G use-cases and present various open problems for future research on 6G resilience.
△ Less
Submitted 24 May, 2024;
originally announced May 2024.
-
Radio Resource Management Design for RSMA: Optimization of Beamforming, User Admission, and Discrete/Continuous Rates with Imperfect SIC
Authors:
L. F. Abanto-Leon,
A. Krishnamoorthy,
A. Garcia-Saavedra,
G. H. Sim,
R. Schober,
M. Hollick
Abstract:
This paper investigates the radio resource management (RRM) design for multiuser rate-splitting multiple access (RSMA), accounting for various characteristics of practical wireless systems, such as the use of discrete rates, the inability to serve all users, and the imperfect successive interference cancellation (SIC). Specifically, failure to consider these characteristics in RRM design may lead…
▽ More
This paper investigates the radio resource management (RRM) design for multiuser rate-splitting multiple access (RSMA), accounting for various characteristics of practical wireless systems, such as the use of discrete rates, the inability to serve all users, and the imperfect successive interference cancellation (SIC). Specifically, failure to consider these characteristics in RRM design may lead to inefficient use of radio resources. Therefore, we formulate the RRM of RSMA as optimization problems to maximize respectively the weighted sum rate (WSR) and weighted energy efficiency (WEE), and jointly optimize the beamforming, user admission, discrete/continuous rates, accounting for imperfect SIC, which result in nonconvex mixed-integer nonlinear programs that are challenging to solve. Despite the difficulty of the optimization problems, we develop algorithms that can find high-quality solutions. We show via simulations that carefully accounting for the aforementioned characteristics, can lead to significant gains. Precisely, by considering that transmission rates are discrete, the transmit power can be utilized more intelligently, allocating just enough power to guarantee a given discrete rate. Additionally, we reveal that user admission plays a crucial role in RSMA, enabling additional gains compared to random admission by facilitating the servicing of selected users with mutually beneficial channel characteristics. Furthermore, provisioning for possibly imperfect SIC makes RSMA more robust and reliable.
△ Less
Submitted 30 April, 2024;
originally announced April 2024.
-
Maintaining App Services in Disrupted Cities: A Crisis and Resilience Evaluation Tool
Authors:
Leon Würsching,
Matthias Hollick
Abstract:
Disaster scenarios can disconnect entire cities from the core network (CN), isolating base stations (BSs) and disrupting the Internet connection of app services for many users. Such a disruption is particularly disastrous when it affects critical app services such as communication, information, and navigation. Deploying local app servers at the network edge can solve this issue but leaves mobile n…
▽ More
Disaster scenarios can disconnect entire cities from the core network (CN), isolating base stations (BSs) and disrupting the Internet connection of app services for many users. Such a disruption is particularly disastrous when it affects critical app services such as communication, information, and navigation. Deploying local app servers at the network edge can solve this issue but leaves mobile network operators (MNOs) faced with design decisions regarding the criticality of traffic flows, the BS topology, and the app server deployment. We present the Crisis and Resilience Evaluation Tool (CARET) for crisis-mode radio access networks RANs, enabling MNOs to make informed decisions about a city's RAN configuration based on real-world data of the NetMob23 dataset.
△ Less
Submitted 17 October, 2023;
originally announced October 2023.
-
Hardening and Speeding Up Zero-interaction Pairing and Authentication
Authors:
Mikhail Fomichev,
Timm Lippert,
Matthias Hollick
Abstract:
Establishing and maintaining secure communications in the Internet of Things (IoT) is vital to protect smart devices. Zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA) enable IoT devices to establish and maintain secure communications without user interaction by utilizing devices' ambient context, e.g., audio. For autonomous operation, ZIP and ZIA require the context to have…
▽ More
Establishing and maintaining secure communications in the Internet of Things (IoT) is vital to protect smart devices. Zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA) enable IoT devices to establish and maintain secure communications without user interaction by utilizing devices' ambient context, e.g., audio. For autonomous operation, ZIP and ZIA require the context to have enough entropy to resist attacks and complete in a timely manner. Despite the low-entropy context being the norm, like inside an unoccupied room, the research community has yet to come up with ZIP and ZIA schemes operating under such conditions. We propose HardZiPA, a novel approach that turns commodity IoT actuators into injecting devices, generating high-entropy context. Here, we combine the capability of IoT actuators to impact the environment, e.g., emitting a sound, with a pseudorandom number generator (PRNG) featured by many actuators to craft hard-to-predict context stimuli. To demonstrate the feasibility of HardZiPA, we implement it on off-the-shelf IoT actuators, i.e., smart speakers, lights, and humidifiers. We comprehensively evaluate HardZiPA, collecting over 80 hours of various context data in real-world scenarios. Our results show that HardZiPA is able to thwart advanced active attacks on ZIP and ZIA schemes, while doubling the amount of context entropy in many cases, which allows two times faster pairing and authentication.
△ Less
Submitted 28 August, 2023; v1 submitted 7 June, 2023;
originally announced June 2023.
-
Smartphones with UWB: Evaluating the Accuracy and Reliability of UWB Ranging
Authors:
Alexander Heinrich,
Sören Krollmann,
Florentin Putz,
Matthias Hollick
Abstract:
More and more consumer devices implement the IEEE Ultra-Wide Band (UWB) standard to perform distance measurements for sensitive tasks such as keyless entry and startup of modern cars, to find lost items using coin-sized trackers, and for smart payments. While UWB promises the ability to perform time-of-flight centimeter-accurate distance measurements between two devices, the accuracy and reliabili…
▽ More
More and more consumer devices implement the IEEE Ultra-Wide Band (UWB) standard to perform distance measurements for sensitive tasks such as keyless entry and startup of modern cars, to find lost items using coin-sized trackers, and for smart payments. While UWB promises the ability to perform time-of-flight centimeter-accurate distance measurements between two devices, the accuracy and reliability of the implementation in up-to-date consumer devices have not been evaluated so far. In this paper, we present the first evaluation of UWB smartphones from Apple, Google, and Samsung, focusing on accuracy and reliability in passive keyless entry and smart home automation scenarios. To perform the measurements for our analysis, we build a custom-designed testbed based on a Gimbal-based platform for Wireless Evaluation (GWEn), which allows us to create reproducible measurements. All our results, including all measurement data and a manual to reconstruct a GWEn are published online. We find that the evaluated devices can measure the distance with an error of less than 20cm, but fail in producing reliable measurements in all scenarios. Finally, we give recommendations on how to handle measurement results when implementing a passive keyless entry system.
△ Less
Submitted 20 March, 2023;
originally announced March 2023.
-
FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
Authors:
Leon Würsching,
Florentin Putz,
Steffen Haesler,
Matthias Hollick
Abstract:
Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesse…
▽ More
Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.
△ Less
Submitted 15 February, 2023;
originally announced February 2023.
-
Network Message Field Type Classification and Recognition for Unknown Binary Protocols
Authors:
Stephan Kleber,
Milan Stute,
Matthias Hollick,
Frank Kargl
Abstract:
Reverse engineering of unknown network protocols based on recorded traffic traces enables security analyses and debugging of undocumented network services. In particular for binary protocols, existing approaches (1) lack comprehensive methods to classify or determine the data type of a discovered segment in a message, e.,g., a number, timestamp, or network address, that would allow for a semantic…
▽ More
Reverse engineering of unknown network protocols based on recorded traffic traces enables security analyses and debugging of undocumented network services. In particular for binary protocols, existing approaches (1) lack comprehensive methods to classify or determine the data type of a discovered segment in a message, e.,g., a number, timestamp, or network address, that would allow for a semantic interpretation and (2) have strong assumptions that prevent analysis of lower-layer protocols often found in IoT or mobile systems. In this paper, we propose the first generic method for analyzing unknown messages from binary protocols to reveal the data types in message fields. To this end, we split messages into segments of bytes and use their vector interpretation to calculate similarities. These can be used to create clusters of segments with the same type and, moreover, to recognize specific data types based on the clusters' characteristics. Our extensive evaluation shows that our method provides precise classification in most cases and a data-type-recognition precision of up to 100% at reasonable recall, improving the state-of-the-art by a factor between 1.3 and 3.7 in realistic scenarios. We open-source our implementation to facilitate follow-up works.
△ Less
Submitted 7 November, 2022;
originally announced January 2023.
-
Safehaul: Risk-Averse Learning for Reliable mmWave Self-Backhauling in 6G Networks
Authors:
Amir Ashtari Gargari,
Andrea Ortiz,
Matteo Pagin,
Anja Klein,
Matthias Hollick,
Michele Zorzi,
Arash Asadi
Abstract:
Wireless backhauling at millimeter-wave frequencies (mmWave) in static scenarios is a well-established practice in cellular networks. However, highly directional and adaptive beamforming in today's mmWave systems have opened new possibilities for self-backhauling. Tapping into this potential, 3GPP has standardized Integrated Access and Backhaul (IAB) allowing the same base station serve both acces…
▽ More
Wireless backhauling at millimeter-wave frequencies (mmWave) in static scenarios is a well-established practice in cellular networks. However, highly directional and adaptive beamforming in today's mmWave systems have opened new possibilities for self-backhauling. Tapping into this potential, 3GPP has standardized Integrated Access and Backhaul (IAB) allowing the same base station serve both access and backhaul traffic. Although much more cost-effective and flexible, resource allocation and path selection in IAB mmWave networks is a formidable task. To date, prior works have addressed this challenge through a plethora of classic optimization and learning methods, generally optimizing a Key Performance Indicator (KPI) such as throughput, latency, and fairness, and little attention has been paid to the reliability of the KPI. We propose Safehaul, a risk-averse learning-based solution for IAB mmWave networks. In addition to optimizing average performance, Safehaul ensures reliability by minimizing the losses in the tail of the performance distribution. We develop a novel simulator and show via extensive simulations that Safehaul not only reduces the latency by up to 43.2% compared to the benchmarks but also exhibits significantly more reliable performance (e.g., 71.4% less variance in achieved latency).
△ Less
Submitted 12 January, 2023; v1 submitted 9 January, 2023;
originally announced January 2023.
-
Towards Privacy Engineering for Real-Time Analytics in the Human-Centered Internet of Things
Authors:
Thomas Plagemann,
Vera Goebel,
Matthias Hollick,
Boris Koldehofe
Abstract:
Big data applications offer smart solutions to many urgent societal challenges, such as health care, traffic coordination, energy management, etc. The basic premise for these applications is "the more data the better". The focus often lies on sensing infrastructures in the public realm that produce an ever-increasing amount of data. Yet, any smartphone and smartwatch owner could be a continuous so…
▽ More
Big data applications offer smart solutions to many urgent societal challenges, such as health care, traffic coordination, energy management, etc. The basic premise for these applications is "the more data the better". The focus often lies on sensing infrastructures in the public realm that produce an ever-increasing amount of data. Yet, any smartphone and smartwatch owner could be a continuous source of valuable data and contribute to many useful big data applications. However, such data can reveal a lot of sensitive information, like the current location or the heart rate of the owner of such devices. Protection of personal data is important in our society and for example manifested in the EU General Data Protection Regulation (GDPR). However, privacy protection and useful big data applications are hard to bring together, particularly in the human-centered IoT. Implementing proper privacy protection requires skills that are typically not in the focus of data analysts and big data developers. Thus, many individuals tend to share none of their data if in doubt whether it will be properly protected. There exist excellent privacy solutions between the "all or nothing" approach. For example, instead of continuously publishing the current location of individuals one might aggregate this data and only publish information of how many individuals are in a certain area of the city. Thus, personal data is not revealed, while useful information for certain applications like traffic coordination is retained. The goal of the Parrot project is to provide tools for real-time data analysis applications that leverage this "middle ground". Data analysts should only be required to specify their data needs, and end-users can select the privacy requirements for their data as well as the applications and end-users they want to share their data with.
△ Less
Submitted 28 October, 2022;
originally announced October 2022.
-
Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones
Authors:
Jiska Classen,
Alexander Heinrich,
Robert Reith,
Matthias Hollick
Abstract:
When an iPhone is turned off, most wireless chips stay on. For instance, upon user-initiated shutdown, the iPhone remains locatable via the Find My network. If the battery runs low, the iPhone shuts down automatically and enters a power reserve mode. Yet, users can still access credit cards, student passes, and other items in their Wallet. We analyze how Apple implements these standalone wireless…
▽ More
When an iPhone is turned off, most wireless chips stay on. For instance, upon user-initiated shutdown, the iPhone remains locatable via the Find My network. If the battery runs low, the iPhone shuts down automatically and enters a power reserve mode. Yet, users can still access credit cards, student passes, and other items in their Wallet. We analyze how Apple implements these standalone wireless features, working while iOS is not running, and determine their security boundaries. On recent iPhones, Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) keep running after power off, and all three wireless chips have direct access to the secure element. As a practical example what this means to security, we demonstrate the possibility to load malware onto a Bluetooth chip that is executed while the iPhone is off.
△ Less
Submitted 12 May, 2022;
originally announced May 2022.
-
AirGuard -- Protecting Android Users From Stalking Attacks By Apple Find My Devices
Authors:
Alexander Heinrich,
Niklas Bittner,
Matthias Hollick
Abstract:
Finder networks in general, and Apple's Find My network in particular, can pose a grave threat to users' privacy and even health if these networks are abused for stalking. Apple's release of the AirTag, a very affordable tracker covered by the nearly ubiquitous Find My network, amplified this issue. While Apple provides a stalking detection feature within its ecosystem, billions of Android users a…
▽ More
Finder networks in general, and Apple's Find My network in particular, can pose a grave threat to users' privacy and even health if these networks are abused for stalking. Apple's release of the AirTag, a very affordable tracker covered by the nearly ubiquitous Find My network, amplified this issue. While Apple provides a stalking detection feature within its ecosystem, billions of Android users are still left in the dark. Apple recently released the Android app "Tracker Detect," which does not deliver a convincing feature set for stalking protection. We reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection. We design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices. We compare the performance of our solution with the Apple-provided one in iOS and study the use of AirGuard in the wild over multiple weeks using data contributed by tens of thousands of active users.
△ Less
Submitted 23 February, 2022;
originally announced February 2022.
-
Very Pwnable Network: Cisco AnyConnect Security Analysis
Authors:
Gerbert Roitburd,
Matthias Ortmann,
Matthias Hollick,
Jiska Classen
Abstract:
Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company's network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn th…
▽ More
Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company's network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn the corporate network. Cisco, the dominating vendor of enterprise network hardware, offers VPN connectivity with their AnyConnect client for desktop and mobile devices. While past security research primarily focused on the AnyConnect Windows client, we show that Linux and iOS are based on different architectures and have distinct security issues. Our reverse engineering as well as the follow-up design analysis and fuzzing reveal 13 new vulnerabilities. Seven of these are located in the Linux client. The root cause for privilege escalations on Linux is anchored so deep in the client's architecture that it only got patched with a partial workaround. A similar analysis on iOS uncovers three AnyConnect-specific bugs as well as three general issues in iOS network extensions, which apply to all kinds of VPNs and are not restricted to AnyConnect.
△ Less
Submitted 11 February, 2022;
originally announced February 2022.
-
Sequential Parametric Optimization for Rate-Splitting Precoding in Non-Orthogonal Unicast and Multicast Transmissions
Authors:
Luis F. Abanto-Leon,
Matthias Hollick,
Bruno Clerckx,
Gek Hong Sim
Abstract:
This paper investigates rate-splitting (RS) precoding for non-orthogonal unicast and multicast (NOUM) transmissions using fully-digital and hybrid precoders. We study the nonconvex weighted sum-rate (WSR) maximization problem subject to a multicast requirement. We propose FALCON, an approach based on sequential parametric optimization, to solve the aforementioned problem. We show that FALCON conve…
▽ More
This paper investigates rate-splitting (RS) precoding for non-orthogonal unicast and multicast (NOUM) transmissions using fully-digital and hybrid precoders. We study the nonconvex weighted sum-rate (WSR) maximization problem subject to a multicast requirement. We propose FALCON, an approach based on sequential parametric optimization, to solve the aforementioned problem. We show that FALCON converges to a local optimum without requiring judicious selection of an initial feasible point. Besides, we show through simulations that by leveraging RS, hybrid precoders can attain nearly the same performance as their fully-digital counterparts under certain specific settings.
△ Less
Submitted 25 January, 2022;
originally announced January 2022.
-
RadiOrchestra: Proactive Management of Millimeter-wave Self-backhauled Small Cells via Joint Optimization of Beamforming, User Association, Rate Selection, and Admission Control
Authors:
L. F. Abanto-Leon,
A. Asadi,
G. H. Sim,
A. Garcia-Saavedra,
M. Hollick
Abstract:
Millimeter-wave self-backhauled small cells are a key component of next-generation wireless networks. Their dense deployment will increase data rates, reduce latency, and enable efficient data transport between the access and backhaul networks, providing greater flexibility not previously possible with optical fiber. Despite their high potential, operating dense self-backhauled networks optimally…
▽ More
Millimeter-wave self-backhauled small cells are a key component of next-generation wireless networks. Their dense deployment will increase data rates, reduce latency, and enable efficient data transport between the access and backhaul networks, providing greater flexibility not previously possible with optical fiber. Despite their high potential, operating dense self-backhauled networks optimally is an open challenge, particularly for radio resource management (RRM). This paper presents, RadiOrchestra, a holistic RRM framework that models and optimizes beamforming, rate selection as well as user association and admission control for self-backhauled networks. The framework is designed to account for practical challenges such as hardware limitations of base stations (e.g., computational capacity, discrete rates), the need for adaptability of backhaul links, and the presence of interference. Our framework is formulated as a nonconvex mixed-integer nonlinear program, which is challenging to solve. To approach this problem, we propose three algorithms that provide a trade-off between complexity and optimality. Furthermore, we derive upper and lower bounds to characterize the performance limits of the system. We evaluate the developed strategies in various scenarios, showing the feasibility of deploying practical self-backhauling in future networks.
△ Less
Submitted 13 July, 2022; v1 submitted 25 January, 2022;
originally announced January 2022.
-
Attacks on Wireless Coexistence: Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation
Authors:
Jiska Classen,
Francesco Gringoli,
Michael Hermann,
Matthias Hollick
Abstract:
Modern mobile devices feature multiple wireless technologies, such as Bluetooth, Wi-Fi, and LTE. Each of them is implemented within a separate wireless chip, sometimes packaged as combo chips. However, these chips share components and resources, such as the same antenna or wireless spectrum. Wireless coexistence interfaces enable them to schedule packets without collisions despite shared resources…
▽ More
Modern mobile devices feature multiple wireless technologies, such as Bluetooth, Wi-Fi, and LTE. Each of them is implemented within a separate wireless chip, sometimes packaged as combo chips. However, these chips share components and resources, such as the same antenna or wireless spectrum. Wireless coexistence interfaces enable them to schedule packets without collisions despite shared resources, essential to maximizing networking performance. Today's hardwired coexistence interfaces hinder clear security boundaries and separation between chips and chip components. This paper shows practical coexistence attacks on Broadcom, Cypress, and Silicon Labs chips deployed in billions of devices. For example, we demonstrate that a Bluetooth chip can directly extract network passwords and manipulate traffic on a Wi-Fi chip. Coexistence attacks enable a novel type of lateral privilege escalation across chip boundaries. We responsibly disclosed the vulnerabilities to the vendors. Yet, only partial fixes were released for existing hardware since wireless chips would need to be redesigned from the ground up to prevent the presented attacks on coexistence.
△ Less
Submitted 10 December, 2021;
originally announced December 2021.
-
My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack
Authors:
Matthias Gazzari,
Annemarie Mattmann,
Max Maass,
Matthias Hollick
Abstract:
Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reali…
▽ More
Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack. Our approach is based on neural networks for a between-subject attack in a realistic scenario using the Myo Armband to collect the sensor data. In our approach, the EMG data has proven to be the most prominent source of information compared to the accelerometer and gyroscope, increasing the keystroke detection performance. For our end-to-end approach on raw data, we report a mean balanced accuracy of about 76 % for the keystroke detection and a mean top-3 key accuracy of about 32 % on 52 classes for the key identification on passwords of varying strengths. We have created an extensive dataset including more than 310 000 keystrokes recorded from 37 volunteers, which is available as open access along with the source code used to create the given results.
△ Less
Submitted 4 December, 2021;
originally announced December 2021.
-
Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
Authors:
Patrick Leu,
Giovanni Camurati,
Alexander Heinrich,
Marc Roeschlin,
Claudio Anliker,
Matthias Hollick,
Srdjan Capkun,
Jiska Classen
Abstract:
We present the first over-the-air attack on IEEE 802.15.4z High-Rate Pulse Repetition Frequency (HRP) Ultra-WideBand (UWB) distance measurement systems. Specifically, we demonstrate a practical distance reduction attack against pairs of Apple U1 chips (embedded in iPhones and AirTags), as well as against U1 chips inter-operating with NXP and Qorvo UWB chips. These chips have been deployed in a wid…
▽ More
We present the first over-the-air attack on IEEE 802.15.4z High-Rate Pulse Repetition Frequency (HRP) Ultra-WideBand (UWB) distance measurement systems. Specifically, we demonstrate a practical distance reduction attack against pairs of Apple U1 chips (embedded in iPhones and AirTags), as well as against U1 chips inter-operating with NXP and Qorvo UWB chips. These chips have been deployed in a wide range of phones and cars to secure car entry and start and are projected for secure contactless payments, home locks, and contact tracing systems. Our attack operates without any knowledge of cryptographic material, results in distance reductions from 12m (actual distance) to 0m (spoofed distance) with attack success probabilities of up to 4%, and requires only an inexpensive (USD 65) off-the-shelf device. Access control can only tolerate sub-second latencies to not inconvenience the user, leaving little margin to perform time-consuming verifications. These distance reductions bring into question the use of UWB HRP in security-critical applications.
△ Less
Submitted 9 November, 2021;
originally announced November 2021.
-
Next2You: Robust Copresence Detection Based on Channel State Information
Authors:
Mikhail Fomichev,
Luis F. Abanto-Leon,
Max Stiegler,
Alejandro Molina,
Jakob Link,
Matthias Hollick
Abstract:
Context-based copresence detection schemes are a necessary prerequisite to building secure and usable authentication systems in the Internet of Things (IoT). Such schemes allow one device to verify proximity of another device without user assistance utilizing their physical context (e.g., audio). The state-of-the-art copresence detection schemes suffer from two major limitations: (1) they cannot a…
▽ More
Context-based copresence detection schemes are a necessary prerequisite to building secure and usable authentication systems in the Internet of Things (IoT). Such schemes allow one device to verify proximity of another device without user assistance utilizing their physical context (e.g., audio). The state-of-the-art copresence detection schemes suffer from two major limitations: (1) they cannot accurately detect copresence in low-entropy context (e.g., empty room with few events occurring) and insufficiently separated environments (e.g., adjacent rooms), (2) they require devices to have common sensors (e.g., microphones) to capture context, making them impractical on devices with heterogeneous sensors. We address these limitations, proposing Next2You, a novel copresence detection scheme utilizing channel state information (CSI). In particular, we leverage magnitude and phase values from a range of subcarriers specifying a Wi-Fi channel to capture a robust wireless context created when devices communicate. We implement Next2You on off-the-shelf smartphones relying only on ubiquitous Wi-Fi chipsets and evaluate it based on over 95 hours of CSI measurements that we collect in five real-world scenarios. Next2You achieves error rates below 4%, maintaining accurate copresence detection both in low-entropy context and insufficiently separated environments. We also demonstrate the capability of Next2You to work reliably in real-time and its robustness to various attacks.
△ Less
Submitted 22 February, 2022; v1 submitted 9 November, 2021;
originally announced November 2021.
-
Happy MitM: Fun and Toys in Every Bluetooth Device
Authors:
Jiska Classen,
Matthias Hollick
Abstract:
Bluetooth pairing establishes trust on first use between two devices by creating a shared key. Similar to certificate warnings in TLS, the Bluetooth specification requires warning users upon issues with this key, because this can indicate ongoing Machine-in-the-Middle (MitM) attacks. This paper uncovers that none of the major Bluetooth stacks warns users, which violates the specification. Clear wa…
▽ More
Bluetooth pairing establishes trust on first use between two devices by creating a shared key. Similar to certificate warnings in TLS, the Bluetooth specification requires warning users upon issues with this key, because this can indicate ongoing Machine-in-the-Middle (MitM) attacks. This paper uncovers that none of the major Bluetooth stacks warns users, which violates the specification. Clear warnings would protect users from recently published and potential future security issues in Bluetooth authentication and encryption.
△ Less
Submitted 16 August, 2021;
originally announced August 2021.
-
BEAMWAVE: Cross-Layer Beamforming and Scheduling for Superimposed Transmissions in Industrial IoT mmWave Networks
Authors:
Luis F. Abanto-Leon,
Matthias Hollick,
Gek Hong Sim
Abstract:
The omnipresence of IoT devices in Industry 4.0 is expected to foster higher reliability, safety, and efficiency. However, interconnecting a large number of wireless devices without jeopardizing the system performance proves challenging. To address the requirements of future industries, we investigate the cross-layer design of beamforming and scheduling for layered-division multiplexing (LDM) syst…
▽ More
The omnipresence of IoT devices in Industry 4.0 is expected to foster higher reliability, safety, and efficiency. However, interconnecting a large number of wireless devices without jeopardizing the system performance proves challenging. To address the requirements of future industries, we investigate the cross-layer design of beamforming and scheduling for layered-division multiplexing (LDM) systems in millimeter-wave bands. Scheduling is crucial as the devices in industrial settings are expected to proliferate rapidly. Also, highly performant beamforming is necessary to ensure scalability. By adopting LDM, multiple transmissions can be non-orthogonally superimposed. Specifically, we consider a superior-importance control multicast message required to be ubiquitous to all devices and inferior-importance private unicast messages targeting a subset of scheduled devices. Due to NP-hardness, we propose BEAMWAVE, which decomposes the problem into beamforming and scheduling. Through simulations, we show that BEAMWAVE attains near-optimality and outperforms other competing schemes.
△ Less
Submitted 9 August, 2021;
originally announced August 2021.
-
Best Practices for Notification Studies for Security and Privacy Issues on the Internet
Authors:
Max Maass,
Henning Pridöhl,
Dominik Herrmann,
Matthias Hollick
Abstract:
Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies,…
▽ More
Researchers help operators of vulnerable and non-compliant internet services by individually notifying them about security and privacy issues uncovered in their research. To improve efficiency and effectiveness of such efforts, dedicated notification studies are imperative. As of today, there is no comprehensive documentation of pitfalls and best practices for conducting such notification studies, which limits validity of results and impedes reproducibility. Drawing on our experience with such studies and guidance from related work, we present a set of guidelines and practical recommendations, including initial data collection, sending of notifications, interacting with the recipients, and publishing the results. We note that future studies can especially benefit from extensive planning and automation of crucial processes, i.e., activities that take place well before the first notifications are sent.
△ Less
Submitted 15 June, 2021;
originally announced June 2021.
-
Snail Mail Beats Email Any Day: On Effective Operator Security Notifications in the Internet
Authors:
Max Maass,
Marc-Pascal Clement,
Matthias Hollick
Abstract:
In the era of large-scale internet scanning, misconfigured websites are a frequent cause of data leaks and security incidents. Previous research has investigated sending automated email notifications to operators of insecure or compromised websites, but has often met with limited success due to challenges in address data quality, spam filtering, and operator distrust and disinterest. While several…
▽ More
In the era of large-scale internet scanning, misconfigured websites are a frequent cause of data leaks and security incidents. Previous research has investigated sending automated email notifications to operators of insecure or compromised websites, but has often met with limited success due to challenges in address data quality, spam filtering, and operator distrust and disinterest. While several studies have investigated the design and phrasing of notification emails in a bid to increase their effectiveness, the use of other contact channels has remained almost completely unexplored due to the required effort and cost. In this paper, we investigate two methods to increase notification success: the use of letters as an alternative delivery medium, and the description of attack scenarios to incentivize remediation. We evaluate these factors as part of a notification campaign utilizing manually-collected address information from 1359 German website operators and focusing on unintentional information leaks from web servers. We find that manually collected addresses lead to large increases in delivery rates compared to previous work, and letters were markedly more effective than emails, increasing remediation rates by up to 25 percentage points. Counterintuitively, providing detailed descriptions of possible attacks can actually *decrease* remediation rates, highlighting the need for more research into how notifications are perceived by recipients.
△ Less
Submitted 15 June, 2021;
originally announced June 2021.
-
FastZIP: Faster and More Secure Zero-Interaction Pairing
Authors:
Mikhail Fomichev,
Julia Hesse,
Lars Almon,
Timm Lippert,
Jun Han,
Matthias Hollick
Abstract:
With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing t…
▽ More
With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.
△ Less
Submitted 23 February, 2022; v1 submitted 9 June, 2021;
originally announced June 2021.
-
Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System
Authors:
Alexander Heinrich,
Milan Stute,
Tim Kornhuber,
Matthias Hollick
Abstract:
Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to…
▽ More
Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
△ Less
Submitted 3 March, 2021;
originally announced March 2021.
-
Stay Connected, Leave no Trace: Enhancing Security and Privacy in WiFi via Obfuscating Radiometric Fingerprints
Authors:
Luis F. Abanto-Leon,
Andreas Baeuml,
Gek Hong,
Sim,
Matthias Hollick,
Arash Asadi
Abstract:
The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytica…
▽ More
The intrinsic hardware imperfection of WiFi chipsets manifests itself in the transmitted signal, leading to a unique radiometric fingerprint. This fingerprint can be used as an additional means of authentication to enhance security. In fact, recent works propose practical fingerprinting solutions that can be readily implemented in commercial-off-the-shelf devices. In this paper, we prove analytically and experimentally that these solutions are highly vulnerable to impersonation attacks. We also demonstrate that such a unique device-based signature can be abused to violate privacy by tracking the user device, and, as of today, users do not have any means to prevent such privacy attacks other than turning off the device.
We propose RF-Veil, a radiometric fingerprinting solution that not only is robust against impersonation attacks but also protects user privacy by obfuscating the radiometric fingerprint of the transmitter for non-legitimate receivers. Specifically, we introduce a randomized pattern of phase errors to the transmitted signal such that only the intended receiver can extract the original fingerprint of the transmitter. In a series of experiments and analyses, we expose the vulnerability of adopting naive randomization to statistical attacks and introduce countermeasures. Finally, we show the efficacy of RF-Veil experimentally in protecting user privacy and enhancing security. More importantly, our proposed solution allows communicating with other devices, which do not employ RF-Veil.
△ Less
Submitted 27 November, 2020; v1 submitted 25 November, 2020;
originally announced November 2020.
-
Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support
Authors:
Max Maass,
Alina Stöver,
Henning Pridöhl,
Sebastian Bretthauer,
Dominik Herrmann,
Matthias Hollick,
Indra Spiecker
Abstract:
Misconfigurations and outdated software are a major cause of compromised websites and data leaks. Past research has proposed and evaluated sending automated security notifications to the operators of misconfigured websites, but encountered issues with reachability, mistrust, and a perceived lack of importance. In this paper, we seek to understand the determinants of effective notifications. We ide…
▽ More
Misconfigurations and outdated software are a major cause of compromised websites and data leaks. Past research has proposed and evaluated sending automated security notifications to the operators of misconfigured websites, but encountered issues with reachability, mistrust, and a perceived lack of importance. In this paper, we seek to understand the determinants of effective notifications. We identify a data protection misconfiguration that affects 12.7 % of the 1.3 million websites we scanned and opens them up to legal liability. Using a subset of 4754 websites, we conduct a multivariate randomized controlled notification experiment, evaluating contact medium, sender, and framing of the message. We also include a link to a public web-based self-service tool that is run by us in disguise and conduct an anonymous survey of the notified website owners (N=477) to understand their perspective.
We find that framing a misconfiguration as a problem of legal compliance can increase remediation rates, especially when the notification is sent as a letter from a legal research group, achieving remediation rates of 76.3 % compared to 33.9 % for emails sent by computer science researchers warning about a privacy issue. Across all groups, 56.6 % of notified owners remediated the issue, compared to 9.2 % in the control group. In conclusion, we present factors that lead website owners to trust a notification, show what framing of the notification brings them into action, and how they can be supported in remediating the issue.
△ Less
Submitted 12 November, 2020;
originally announced November 2020.
-
ReactiFi: Reactive Programming of Wi-Fi Firmware on Mobile Devices
Authors:
Artur Sterz,
Matthias Eichholz,
Ragnar Mogk,
Lars Baumgärtner,
Pablo Graubner,
Matthias Hollick,
Mira Mezini,
Bernd Freisleben
Abstract:
Network programmability will be required to handle future increased network traffic and constantly changing application needs. However, there is currently no way of using a high-level, easy to use programming language to program Wi-Fi firmware. This impedes rapid prototyping and deployment of novel network services/applications and hinders continuous performance optimization in Wi-Fi networks, sin…
▽ More
Network programmability will be required to handle future increased network traffic and constantly changing application needs. However, there is currently no way of using a high-level, easy to use programming language to program Wi-Fi firmware. This impedes rapid prototyping and deployment of novel network services/applications and hinders continuous performance optimization in Wi-Fi networks, since expert knowledge is required for both the used hardware platforms and the Wi-Fi domain. In this paper, we present ReactiFi, a high-level reactive programming language to program Wi-Fi chips on mobile consumer devices. ReactiFi enables programmers to implement extensions of PHY, MAC, and IP layer mechanisms without requiring expert knowledge of Wi-Fi chips, allowing for novel applications and network protocols. ReactiFi programs are executed directly on the Wi-Fi chip, improving performance and power consumption compared to execution on the main CPU. ReactiFi is conceptually similar to functional reactive languages, but is dedicated to the domain-specific needs of Wi-Fi firmware. First, it handles low-level platform-specific details without interfering with the core functionality of Wi-Fi chips. Second, it supports static reasoning about memory usage of applications, which is important for typically memory-constrained Wi-Fi chips. Third, it limits dynamic changes of dependencies between computations to dynamic branching, in order to enable static reasoning about the order of computations. We evaluate ReactiFi empirically in two real-world case studies. Our results show that throughput, latency, and power consumption are significantly improved when executing applications on the Wi-Fi chip rather than in the operating system kernel or in user space. Moreover, we show that the high-level programming abstractions of ReactiFi have no performance overhead compared to manually written C code.
△ Less
Submitted 4 March, 2021; v1 submitted 1 October, 2020;
originally announced October 2020.
-
SWAN: Swarm-Based Low-Complexity Scheme for PAPR Reduction
Authors:
Luis F. Abanto-Leon,
Gek Hong Sim,
Matthias Hollick,
Amnart Boonkajay,
Fumiyuki Adachi
Abstract:
Cyclically shifted partial transmit sequences (CS-PTS) has conventionally been used in SISO systems for PAPR reduction of OFDM signals. Compared to other techniques, CS-PTS attains superior performance. Nevertheless, due to the exhaustive search requirement, it demands excessive computational complexity. In this paper, we adapt CS-PTS to operate in a MIMO framework, where singular value decomposit…
▽ More
Cyclically shifted partial transmit sequences (CS-PTS) has conventionally been used in SISO systems for PAPR reduction of OFDM signals. Compared to other techniques, CS-PTS attains superior performance. Nevertheless, due to the exhaustive search requirement, it demands excessive computational complexity. In this paper, we adapt CS-PTS to operate in a MIMO framework, where singular value decomposition (SVD) precoding is employed. We also propose SWAN, a novel optimization method based on swarm intelligence to circumvent the exhaustive search. SWAN not only provides a significant reduction in computational complexity, but it also attains a fair balance between optimality and complexity. Through simulations, we show that SWAN achieves near-optimal performance at a much lower complexity than other competing approaches.
△ Less
Submitted 15 September, 2020; v1 submitted 17 August, 2020;
originally announced August 2020.
-
NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
Authors:
Steffen Klee,
Alexandros Roussos,
Max Maass,
Matthias Hollick
Abstract:
Near-Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf…
▽ More
Near-Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf Android smartphones.
In this paper, we present an extended and improved NFC toolkit based on the functionally limited original open-source codebase. With in-flight traffic analysis and modification, relay, and replay features this toolkit turns an off-the-shelf smartphone into a powerful NFC research tool. To support the development of countermeasures against relay attacks, we investigate the latency incurred by NFCGate in different configurations.
Our newly implemented features and improvements enable the case study of an award-winning, enterprise-level NFC lock from a well-known European lock vendor, which would otherwise require dedicated hardware. The analysis of the lock reveals several security issues, which were disclosed to the vendor.
△ Less
Submitted 10 August, 2020;
originally announced August 2020.
-
Optimal and Approximation Algorithms for Joint Routing and Scheduling in Millimeter-Wave Cellular Networks
Authors:
Dingwen Yuan,
Hsuan-Yin Lin,
Jörg Widmer,
Matthias Hollick
Abstract:
Millimeter-wave (mmWave) communication is a promising technology to cope with the exponential increase in 5G data traffic.
Such networks typically require a very dense deployment of base stations.
A subset of those, so-called macro base stations, feature high-bandwidth connection to the core network, while relay base stations are connected wirelessly.
To reduce cost and increase flexibility,…
▽ More
Millimeter-wave (mmWave) communication is a promising technology to cope with the exponential increase in 5G data traffic.
Such networks typically require a very dense deployment of base stations.
A subset of those, so-called macro base stations, feature high-bandwidth connection to the core network, while relay base stations are connected wirelessly.
To reduce cost and increase flexibility, wireless backhauling is needed to connect both macro to relay as well as relay to relay base stations.
The characteristics of mmWave communication mandates new paradigms for routing and scheduling.
The paper investigates scheduling algorithms under different interference models.
To showcase the scheduling methods, we study the maximum throughput fair scheduling problem. Yet the proposed algorithms can be easily extended to other problems.
For a full-duplex network under the no interference model, we propose an efficient polynomial-time scheduling method, the {\em schedule-oriented optimization}. Further, we prove that the problem is NP-hard if we assume pairwise link interference model or half-duplex radios.
Fractional weighted coloring based approximation algorithms are proposed for these NP-hard cases.
Moreover, the approximation algorithm parallel data stream scheduling is proposed for the case of half-duplex network under the no interference model. It has better approximation ratio than the fractional weighted coloring based algorithms and even attains the optimal solution for the special case of uniform orthogonal backhaul networks.
△ Less
Submitted 6 July, 2020;
originally announced July 2020.
-
DEMO: BTLEmap: Nmap for Bluetooth Low Energy
Authors:
Alexander Heinrich,
Milan Stute,
Matthias Hollick
Abstract:
The market for Bluetooth Low Energy devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, GATT service discovery, and device…
▽ More
The market for Bluetooth Low Energy devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, GATT service discovery, and device fingerprinting. It goes even further by integrating a BLE advertisement dissector, data exporter, and a user-friendly UI, including a proximity view. BTLEmap currently runs on iOS and macOS using Apple's CoreBluetooth API but also accepts alternative data inputs such as a Raspberry Pi to overcome the restricted vendor API. The open-source project is under active development and will provide more advanced capabilities such as long-term device tracking (in spite of MAC address randomization) in the future.
△ Less
Submitted 1 July, 2020;
originally announced July 2020.
-
Firmware Insider: Bluetooth Randomness is Mostly Random
Authors:
Jörn Tillmanns,
Jiska Classen,
Felix Rohrbach,
Matthias Hollick
Abstract:
Bluetooth chips must include a Random Number Generator (RNG). This RNG is used internally within cryptographic primitives but also exposed to the operating system for chip-external applications. In general, it is a black box with security-critical authentication and encryption mechanisms depending on it. In this paper, we evaluate the quality of RNGs in various Broadcom and Cypress Bluetooth chips…
▽ More
Bluetooth chips must include a Random Number Generator (RNG). This RNG is used internally within cryptographic primitives but also exposed to the operating system for chip-external applications. In general, it is a black box with security-critical authentication and encryption mechanisms depending on it. In this paper, we evaluate the quality of RNGs in various Broadcom and Cypress Bluetooth chips. We find that the RNG implementation significantly changed over the last decade. Moreover, most devices implement an insecure Pseudo-Random Number Generator (PRNG) fallback. Multiple popular devices, such as the Samsung Galaxy S8 and its variants as well as an iPhone, rely on the weak fallback due to missing a Hardware Random Number Generator (HRNG). We statistically evaluate the output of various HRNGs in chips used by hundreds of millions of devices. While the Broadcom and Cypress HRNGs pass advanced tests, it remains indistinguishable for users if a Bluetooth chip implements a secure RNG without an extensive analysis as in this paper. We describe our measurement methods and publish our tools to enable further public testing.
△ Less
Submitted 30 June, 2020;
originally announced June 2020.
-
Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets
Authors:
Jan Ruge,
Jiska Classen,
Francesco Gringoli,
Matthias Hollick
Abstract:
Wireless communication standards and implementations have a troubled history regarding security. Since most implementations and firmwares are closed-source, fuzzing remains one of the main methods to uncover Remote Code Execution (RCE) vulnerabilities in deployed systems. Generic over-the-air fuzzing suffers from several shortcomings, such as constrained speed, limited repeatability, and restricte…
▽ More
Wireless communication standards and implementations have a troubled history regarding security. Since most implementations and firmwares are closed-source, fuzzing remains one of the main methods to uncover Remote Code Execution (RCE) vulnerabilities in deployed systems. Generic over-the-air fuzzing suffers from several shortcomings, such as constrained speed, limited repeatability, and restricted ability to debug. In this paper, we present Frankenstein, a fuzzing framework based on advanced firmware emulation, which addresses these shortcomings. Frankenstein brings firmware dumps "back to life", and provides fuzzed input to the chip's virtual modem. The speed-up of our new fuzzing method is sufficient to maintain interoperability with the attached operating system, hence triggering realistic full-stack behavior. We demonstrate the potential of Frankenstein by finding three zero-click vulnerabilities in the Broadcom and Cypress Bluetooth stack, which is used in most Apple devices, many Samsung smartphones, the Raspberry Pis, and many others.
Given RCE on a Bluetooth chip, attackers may escalate their privileges beyond the chip's boundary. We uncover a Wi-Fi/Bluetooth coexistence issue that crashes multiple operating system kernels and a design flaw in the Bluetooth 5.2 specification that allows link key extraction from the host. Turning off Bluetooth will not fully disable the chip, making it hard to defend against RCE attacks. Moreover, when testing our chip-based vulnerabilities on those devices, we find BlueFrag, a chip-independent Android RCE.
△ Less
Submitted 17 June, 2020;
originally announced June 2020.
-
DEMO: Attaching InternalBlue to the Proprietary macOS IOBluetooth Framework
Authors:
Davide Toldo,
Jiska Classen,
Matthias Hollick
Abstract:
In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation framework.
In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation framework.
△ Less
Submitted 29 May, 2020;
originally announced May 2020.
-
DEMO: Extracting Physical-Layer BLE Advertisement Information from Broadcom and Cypress Chips
Authors:
Jiska Classen,
Matthias Hollick
Abstract:
Multiple initiatives propose utilizing Bluetooth Low Energy (BLE) advertisements for contact tracing and SARS-CoV-2 exposure notifications. This demo shows a research tool to analyze BLE advertisements; if universally enabled by the vendors, the uncovered features could improve exposure notifications for everyone. We reverse-engineer the firmware-internal implementation of BLE advertisements on Br…
▽ More
Multiple initiatives propose utilizing Bluetooth Low Energy (BLE) advertisements for contact tracing and SARS-CoV-2 exposure notifications. This demo shows a research tool to analyze BLE advertisements; if universally enabled by the vendors, the uncovered features could improve exposure notifications for everyone. We reverse-engineer the firmware-internal implementation of BLE advertisements on Broadcom and Cypress chips and show how to extract further physical-layer information at the receiver. The analyzed firmware works on hundreds of millions of devices, such as all iPhones, the European Samsung Galaxy S series, and Raspberry Pis.
△ Less
Submitted 29 May, 2020;
originally announced May 2020.
-
Empirical Insights for Designing Information and Communication Technology for International Disaster Response
Authors:
Milan Stute,
Max Maass,
Tom Schons,
Marc-André Kaufhold,
Christian Reuter,
Matthias Hollick
Abstract:
Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster respons…
▽ More
Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.
△ Less
Submitted 11 May, 2020;
originally announced May 2020.
-
HydraWave: Multi-Group Multicast Hybrid Precoding and Low-Latency Scheduling for Ubiquitous Industry 4.0 mmWave Communication
Authors:
Luis F. Abanto-Leon,
Matthias Hollick,
Gek Hong Sim
Abstract:
Industry 4.0 anticipates massive interconnectivity of industrial devices (e.g., sensors, actuators) to support factory automation and production. Due to the rigidity of wired connections to harmonize with automation, wireless information transfer has attracted substantial attention. However, existing solutions for the manufacturing sector face critical issues in coping with the key performance dem…
▽ More
Industry 4.0 anticipates massive interconnectivity of industrial devices (e.g., sensors, actuators) to support factory automation and production. Due to the rigidity of wired connections to harmonize with automation, wireless information transfer has attracted substantial attention. However, existing solutions for the manufacturing sector face critical issues in coping with the key performance demands: ultra-low latency, high throughput, and high reliability. Besides, recent advancements in wireless millimeter-wave technology advocates hybrid precoding with affordable hardware and outstanding spatial multiplexing performance. Thus, we present HYDRAWAVE -- a new paradigm that contemplates the joint design of group scheduling and hybrid precoding for multi-group multicasting to support ubiquitous low-latency communications. Our hybrid precoder, based on semidefinite relaxation and Cholesky matrix factorization, facilitates the robust design of the constant-modulus phase shifts rendering formidable performance at a fraction of the power required by fully-digital precoders. Further, our novel group scheduling formulation minimizes the number of scheduling windows while accounting for the channel correlation of the co-scheduled multicast receivers. Compared to exhaustive search, which renders the optimal scheduling at high overhead, HYDRAWAVE incurs only 9.5% more delay. Notoriously, HYDRAWAVE attains up to 102% gain when compared to the other benchmarked schemes.
△ Less
Submitted 2 September, 2020; v1 submitted 3 February, 2020;
originally announced February 2020.
-
Zero-Interaction Security -- Towards Sound Experimental Validation
Authors:
Mikhail Fomichev,
Max Maass,
Matthias Hollick
Abstract:
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn…
▽ More
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS) -- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results. In our discussion, we outline general considerations when conducting similar studies and give specific examples of technical and methodological issues that we experienced. We hope that our findings will raise awareness about the importance of reproducibility and realistic datasets in computer science and inform future research.
△ Less
Submitted 18 November, 2019;
originally announced November 2019.
-
Bluemergency: Mediating Post-disaster Communication Systems using the Internet of Things and Bluetooth Mesh
Authors:
Flor Álvarez,
Lars Almon,
Hauke Radtki,
Matthias Hollick
Abstract:
Mobile devices have shown to be very useful during and post disaster. If the communication infrastructure breaks down, however, they become almost useless as most services rely on Internet connectivity. Building post-disaster networks based purely on smartphones remains a challenging task, and, as of today, no practical solutions exist. The rapidly growing Internet of Things (IoT) offers the possi…
▽ More
Mobile devices have shown to be very useful during and post disaster. If the communication infrastructure breaks down, however, they become almost useless as most services rely on Internet connectivity. Building post-disaster networks based purely on smartphones remains a challenging task, and, as of today, no practical solutions exist. The rapidly growing Internet of Things (IoT) offers the possibility to improve this situation. With an increase in smart spaces such as smart homes and smart offices, we move towards digital cities that are deeply penetrated by IoT technology. Many IoT devices are battery powered and can aid in mediating an emergency network. In scenarios where the electrical grid is still operational, yet communication infrastructure failed, non-battery powered IoT devices can similarly help to relief congestion or build a backup network in case of cyber attacks. With the recent release of the Bluetooth Mesh standard, a common interface between mobile devices and the IoT has become available. The key idea behind this standard is to allow existing and new devices to build large-scale multi-hop sensor networks. By enabling hundreds of devices to communicate with each other, Bluetooth Mesh (BT MESH) becomes a practical technical solution for enabling communication post disaster. In this paper, we propose a novel emergency network concept that utilises the parts of digital cities that remains operational in case of disaster, thus mediating large-scale post-disaster device-to-device communication. Since the Bluetooth Mesh standard is backwards compatible to Bluetooth 4.0, most of todays mobile devices can join such a network. No special hardware or software modifications are necessary, especially no jail-breaking of the smartphones.
△ Less
Submitted 10 September, 2019;
originally announced September 2019.
-
Hybrid Precoding for Multi-Group Multicasting in mmWave Systems
Authors:
Luis F. Abanto-Leon,
Matthias Hollick,
Gek Hong,
Sim
Abstract:
Multicast beamforming is known to improve spectral efficiency. However, its benefits and challenges for hybrid precoders design in millimeter-wave (mmWave) systems remain understudied. To this end, this paper investigates the first joint design of hybrid transmit precoders (with an arbitrary number of finite-resolution phase shifts) and receive combiners for mmWave multi-group multicasting. Our pr…
▽ More
Multicast beamforming is known to improve spectral efficiency. However, its benefits and challenges for hybrid precoders design in millimeter-wave (mmWave) systems remain understudied. To this end, this paper investigates the first joint design of hybrid transmit precoders (with an arbitrary number of finite-resolution phase shifts) and receive combiners for mmWave multi-group multicasting. Our proposed design leverages semidefinite relaxation (SDR), alternating optimization and Cholesky matrix factorization to sequentially optimize the digital/analog precoders at the transmitter and the combiners at each receiver. By considering receivers with multiple-antenna architecture, our design remarkably improves the overall system performance. Specifically, with only two receive antennas the average transmit power per received message improves by $ 16.8\% $ while the successful information reception is boosted by $ 60\% $. We demonstrate by means of extensive simulations that our hybrid precoder design performs very close to its fully-digital counterpart even under challenging scenarios (i.e., when co-located users belong to distinct multicast groups).
△ Less
Submitted 3 February, 2020; v1 submitted 7 August, 2019;
originally announced August 2019.
-
Joint Relaying and Spatial Sharing Multicast Scheduling for mmWave Networks
Authors:
Gek Hong,
Sim,
Mahdi Mousavi,
Lin Wang,
Anja Klein,
Matthias Hollick
Abstract:
Millimeter-wave (mmWave) communication plays a vital role to efficiently disseminate large volumes of data in beyond-5G networks. Unfortunately, the directionality of mmWave communication significantly complicates efficient data dissemination, particularly in multicasting, which is gaining more and more importance in emerging applications (e.g., V2X, public safety). While multicasting for systems…
▽ More
Millimeter-wave (mmWave) communication plays a vital role to efficiently disseminate large volumes of data in beyond-5G networks. Unfortunately, the directionality of mmWave communication significantly complicates efficient data dissemination, particularly in multicasting, which is gaining more and more importance in emerging applications (e.g., V2X, public safety). While multicasting for systems operating at lower frequencies (i.e., sub-6GHz) has been extensively studied, they are sub-optimal for mmWave systems as mmWave has significantly different propagation characteristics, i.e., using the directional transmission to compensate for the high path loss and thus promoting spectrum sharing. In this paper, we propose novel multicast scheduling algorithms by jointly exploiting relaying and spatial sharing gains while aiming to minimize the multicast completion time. We first characterize the min-time mmWave multicasting problem with a comprehensive model and formulate it with an integer linear program (ILP). We further design a practical and scalable distributed algorithm named mmDiMu, based on gradually maximizing the transmission throughput over time. Finally, we carry out validation through extensive simulations in different scales and the results show that mmDiMu significantly outperforms conventional algorithms with around 95% reduction on multicast completion time.
△ Less
Submitted 30 July, 2019;
originally announced July 2019.
-
Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices
Authors:
Jiska Classen,
Matthias Hollick
Abstract:
Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system's driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running insid…
▽ More
Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system's driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke.
△ Less
Submitted 2 May, 2019;
originally announced May 2019.
-
InternalBlue - Bluetooth Binary Patching and Experimentation Framework
Authors:
Dennis Mantz,
Jiska Classen,
Matthias Schulz,
Matthias Hollick
Abstract:
Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular,…
▽ More
Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered.
We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform.
InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware.
△ Less
Submitted 2 May, 2019;
originally announced May 2019.
-
Perils of Zero-Interaction Security in the Internet of Things
Authors:
Mikhail Fomichev,
Max Maass,
Lars Almon,
Alejandro Molina,
Matthias Hollick
Abstract:
The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising r…
▽ More
The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations.
In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%.
△ Less
Submitted 22 February, 2019; v1 submitted 22 January, 2019;
originally announced January 2019.
-
Demo: Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link
Authors:
Milan Stute,
David Kreitschmann,
Matthias Hollick
Abstract:
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless ad hoc protocol that Apple introduced around 2014 and which is the base for applications such as AirDrop and AirPlay. We have reverse engineered the protocol and explain its frame format and operation in our MobiCom '18 paper "One Billion Apples' Secret Sauce: Recipe of the Apple Wireless Direct Link Ad hoc Protocol." AWD…
▽ More
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless ad hoc protocol that Apple introduced around 2014 and which is the base for applications such as AirDrop and AirPlay. We have reverse engineered the protocol and explain its frame format and operation in our MobiCom '18 paper "One Billion Apples' Secret Sauce: Recipe of the Apple Wireless Direct Link Ad hoc Protocol." AWDL builds on the IEEE 802.11 standard and implements election, synchronization, and channel hopping mechanisms on top of it. Furthermore, AWDL features an IPv6-based data path which enables direct communication. To validate our own work, we implement a working prototype of AWDL on Linux-based systems. Our implementation is written in C, runs in userspace, and makes use of Linux's Netlink API for interactions with the system's networking stack and the pcap library for frame injection and reception. In our demonstrator, we show how our Linux system synchronizes to an existing AWDL cluster or takes over the master role itself. Furthermore, it can receive data frames from and send them to a MacBook or iPhone via AWDL. We demonstrate the data exchange via ICMPv6 echo request and replies as well as sending and receiving data over a TCP connection.
△ Less
Submitted 17 December, 2018;
originally announced December 2018.
-
On the Difficulties of Incentivizing Online Privacy through Transparency: A Qualitative Survey of the German Health Insurance Market
Authors:
Max Maass,
Nicolas Walter,
Dominik Herrmann,
Matthias Hollick
Abstract:
Today, online privacy is the domain of regulatory measures and privacy-enhancing technologies. Transparency in the form of external and public assessments has been proposed for improving privacy and security because it exposes otherwise hidden deficiencies. Previous work has studied privacy attitudes and behavior of consumers. However, little is known on how organizations react to measures that em…
▽ More
Today, online privacy is the domain of regulatory measures and privacy-enhancing technologies. Transparency in the form of external and public assessments has been proposed for improving privacy and security because it exposes otherwise hidden deficiencies. Previous work has studied privacy attitudes and behavior of consumers. However, little is known on how organizations react to measures that employ public "naming and shaming" as an incentive for improvement. We performed the first study on this aspect by conducting a qualitative survey with 152 German health insurers. We scanned their websites with PrivacyScore.org to generate a public ranking and confronted the insurers with the results. We obtained a response rate of 27%. Responses ranged from positive feedback to legal threats. Only 12% of the sites - mostly non-responders - improved during our study. Our results show that insurers struggle due to unawareness, reluctance, and incapability, and demonstrate the general difficulties of transparency-based approaches.
△ Less
Submitted 22 February, 2019; v1 submitted 30 November, 2018;
originally announced November 2018.
-
Conducting a Large-scale Field Test of a Smartphone-based Communication Network for Emergency Response
Authors:
Flor Álvarez,
Lars Almon,
Patrick Lieser,
Tobias Meuser,
Yannick Dylla,
Björn Richerzhagen,
Matthias Hollick,
Ralf Steinmetz
Abstract:
Smartphone-based communication networks form a basis for services in emergency response scenarios, where communication infrastructure is impaired or overloaded. Still, their design and evaluation are largely based on simulations that rely on generic mobility models and weak assumptions regarding user behavior. For a realistic assessment, scenario-specific models are essential. To this end, we cond…
▽ More
Smartphone-based communication networks form a basis for services in emergency response scenarios, where communication infrastructure is impaired or overloaded. Still, their design and evaluation are largely based on simulations that rely on generic mobility models and weak assumptions regarding user behavior. For a realistic assessment, scenario-specific models are essential. To this end, we conducted a large-scale field test of a set of emergency services that relied solely on ad hoc communication. Over the course of one day, we gathered data from smartphones distributed to 125 participants in a scripted disaster event. In this paper, we present the scenario, measurement methodology, and a first analysis of the data. Our work provides the first trace combining user interaction, mobility, and additional sensor readings of a large-scale emergency response scenario, facilitating future research.
△ Less
Submitted 14 August, 2018;
originally announced August 2018.
-
Maintaining both availability and integrity of communications: Challenges and guidelines for data security and privacy during disasters and crises
Authors:
Flor Álvarez,
Paul Gardner-Stephen,
Matthias Hollick
Abstract:
Communications play a vital role in the response to disasters and crises. However, existing communications infrastructure is often impaired, destroyed or overwhelmed during such events. This leads to the use of substitute communications solutions including analog two-way radio or unsecured internet access. Often provided by unknown third parties, these solutions may have less sophisticated securit…
▽ More
Communications play a vital role in the response to disasters and crises. However, existing communications infrastructure is often impaired, destroyed or overwhelmed during such events. This leads to the use of substitute communications solutions including analog two-way radio or unsecured internet access. Often provided by unknown third parties, these solutions may have less sophisticated security characteristics than is desirable. While substitute communications are often invaluable, care is required to minimize the risk to NGOs and individuals stemming from the use of communications channels with reduced or unknown security properties. This is particularly true if private information is involved, including the location and disposition of individuals and first responders. In this work we enumerate the principal risks and challenges that may arise, and provide practical guidelines for mitigating them during crises. We take plausible threats from contemporary disaster and crisis events into account and discuss the security and privacy features of state-of-the-art communications mechanisms.
△ Less
Submitted 14 August, 2018;
originally announced August 2018.
-
Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark
Authors:
Flor Álvarez,
Max Kolhagen,
Matthias Hollick
Abstract:
Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique use…
▽ More
Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely `dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate `in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation.
△ Less
Submitted 10 September, 2019; v1 submitted 14 August, 2018;
originally announced August 2018.
-
ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control
Authors:
Santiago Aragon,
Marco Tiloca,
Max Maass,
Matthias Hollick,
Shahid Raza
Abstract:
The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profi…
▽ More
The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profile, which specifies how a client establishes a secure IPsec channel with a resource server, contextually using the ACE framework to enforce authorized access to remote resources. The profile makes it possible to establish IPsec Security Associations, either through their direct provisioning or through the standard IKEv2 protocol. We provide the first Open Source implementation of the ACE IPsec profile for the Contiki OS and test it on the resource-constrained Zolertia Firefly platform. Our experimental performance evaluation confirms that the IPsec profile and its operating modes are affordable and deployable also on constrained IoT platforms.
△ Less
Submitted 14 August, 2018;
originally announced August 2018.