发布求助
文献互助 智能选刊 最新文献

Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks最新文献

筛选
英文 中文
Zigator Zigator
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-08 DOI: 10.1145/3395351.3399363
Dimitrios-Georgios Akestoridis, M. Harishankar, Michael Weber, P. Tague
{"title":"Zigator","authors":"Dimitrios-Georgios Akestoridis, M. Harishankar, Michael Weber, P. Tague","doi":"10.1145/3395351.3399363","DOIUrl":"https://doi.org/10.1145/3395351.3399363","url":null,"abstract":"As the popularity of Internet-connected devices for residential use increases, it is important to ensure that they meet appropriate security goals, given that they interact with the physical world through sensors and actuators. Zigbee is a wireless communication protocol that is commonly used in smart home environments, which builds on top of the IEEE 802.15.4 standard. In this work we present a security analysis tool, called Zigator, that enables in-depth study of Zigbee networks. In particular, we study the security consequences of the design choice to disable MAC-layer security in centralized Zigbee networks. We show that valuable information can be gained from passive inspection of Zigbee traffic, including the identification of certain encrypted NWK commands, which we then use to develop selective jamming and spoofing attacks. An attacker may launch these attacks in order to force the end user to factory reset targeted devices and eventually expose the network key. We validated our attacks by setting up a testbed, using open-source tools, that incorporates commercial Zigbee devices. Finally, we publicly release the software tools that we developed and the Zigbee packets that we captured, to contribute back to the research community.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123644262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy 分析支持zigbee的物联网系统的攻击态势并恢复用户隐私
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-08 DOI: 10.1145/3395351.3399349
Weicheng Wang, F. Cicala, Syed Rafiul Hussain, E. Bertino, Ninghui Li
{"title":"Analyzing the attack landscape of Zigbee-enabled IoT systems and reinstating users' privacy","authors":"Weicheng Wang, F. Cicala, Syed Rafiul Hussain, E. Bertino, Ninghui Li","doi":"10.1145/3395351.3399349","DOIUrl":"https://doi.org/10.1145/3395351.3399349","url":null,"abstract":"Zigbee network security relies on symmetric cryptography based on a pre-shared secret. In the current Zigbee protocol, the network coordinator creates a network key while establishing a network. The coordinator then shares the network key securely, encrypted under the pre-shared secret, with devices joining the network to ensure the security of future communications among devices through the network key. The pre-shared secret, therefore, needs to be installed in millions or more devices prior to deployment, and thus will be inevitably leaked, enabling attackers to compromise the confidentiality and integrity of the network. To improve the security of Zigbee networks, we propose a new certificate-less Zigbee joining protocol that leverages low-cost public-key primitives. The new protocol has two components. The first is to integrate Elliptic Curve Diffie-Hellman key exchange into the existing association request/response messages, and to use this key both for link-to-link communication and for encryption of the network key to enhance privacy of user devices. The second is to improve the security of the installation code, a new joining method introduced in Zigbee 3.0 for enhanced security, by using public key encryption. We analyze the security of our proposed protocol using the formal verification methods provided by ProVerif, and evaluate the efficiency and effectiveness of our solution with a prototype built with open source software and hardware stack. The new protocol does not introduce extra messages and the overhead is as lows as 3.8% on average for the join procedure.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123962809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
iRyP iRyP
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-08 DOI: 10.1145/3395351.3399341
Yuanyi Sun, Shiqing Chen, Sencun Zhu, Yu Chen
{"title":"iRyP","authors":"Yuanyi Sun, Shiqing Chen, Sencun Zhu, Yu Chen","doi":"10.1145/3395351.3399341","DOIUrl":"https://doi.org/10.1145/3395351.3399341","url":null,"abstract":"With the growing popularity of mobile devices that have built-in cameras, capturing images has become a trivial job for ordinary people, who share the images with their friends or the public online. However, such digital images are often taken without the consent of some photographed persons, hence leading to privacy concerns. In this paper, we propose iRyP, a purely edge-based privacy-respecting system for mobile cameras. In order to meet the requirements of efficiency and usability, we propose to piggyback privacy policies in the advertising messages of Bluetooth Low Energy (BLE), which has been widely deployed in most mobile devices. As such, privacy policies of people in a photo view can be delivered timely and automatically. Moreover, we propose to use a perceptual hashing algorithm for fast face matching. To improve detection accuracy, we also design several new techniques for face-related image processing. We implement and evaluate a prototype system purely based on the Android platform. Our experiments show that iRyP can meet our design requirements and is practical and ready to use.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125524574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Paging storm attacks against 4G/LTE networks from regional Android botnets: rationale, practicality, and implications 来自区域Android僵尸网络的针对4G/LTE网络的寻呼风暴攻击:理论基础、实用性和影响
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-08 DOI: 10.1145/3395351.3399347
Kaiming Fang, Guanhua Yan
{"title":"Paging storm attacks against 4G/LTE networks from regional Android botnets: rationale, practicality, and implications","authors":"Kaiming Fang, Guanhua Yan","doi":"10.1145/3395351.3399347","DOIUrl":"https://doi.org/10.1145/3395351.3399347","url":null,"abstract":"Although the impact of mobile botnet attacks against cellular networks has been studied in a number of previous works, little attention has been paid to regional botnets, where bot-infected mobile devices are geographically concentrated at local areas. In this work we investigate a new type of threats called paging storm attacks, which can be launched from a regional botnet to exhaust the limited paging capacity of cells in a 4G/LTE (Long-Term Evolution) network. As paging storm attacks can delay paging requests for legitimate time-critical voice or video calls in a target area, their real-life implications include user annoyance, distortion of call center analytics, and loss of productivity. To demonstrate the feasibility of such attacks, we design and implement a proof-of-concept Android botnet that can coordinate bot activities to create pulsating paging requests within a short period of time. We mathematically analyze the probability that normal paging requests are delayed due to a botnet attack. Experimental results observed from a high-fidelity emulation testbed reveal that paging storm attacks launched from a regional botnet can create repetitive surges of paging requests in the target LTE network, thereby delaying time-critical voice/video calls by several seconds.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125981080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
iJam with channel randomization iJam与信道随机化
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-07 DOI: 10.1145/3395351.3401705
Jordan L. Melcher, Yao Zheng, Dylan Anthony, Matthew Troglia, Yanjun Pan, Ming Li, Thomas Yang, Alvin Yang, Samson Aggelopoulos
{"title":"iJam with channel randomization","authors":"Jordan L. Melcher, Yao Zheng, Dylan Anthony, Matthew Troglia, Yanjun Pan, Ming Li, Thomas Yang, Alvin Yang, Samson Aggelopoulos","doi":"10.1145/3395351.3401705","DOIUrl":"https://doi.org/10.1145/3395351.3401705","url":null,"abstract":"Physical-layer key generation methods utilize the variations of the communication channel to achieve a secure key agreement between two parties with no prior security association. Their secrecy rate (bit generation rate) depends heavily on the randomness of the channel, which may reduce significantly in a stable environment. Existing methods seek to improve the secrecy rate by injecting artificial noise into the channel. Unfortunately, noise injection cannot alter the underlying channel state, which depends on the multipath environment between the transmitter and receiver. Consequently, these methods are known to leak key bits toward multi-antenna eavesdroppers, which is capable of filtering the noise through the differential of multiple signal receptions. This work demonstrates an improved approach to reinforce physical-layer key generation schemes, e.g., channel randomization. The channel randomization approach leverages a reconfigurable antenna to rapidly change the channel state during transmission, and an angle-of-departure (AoD) based channel estimation algorithm to cancel the changing effects for the intended receiver. The combined result is a communication channel stable in the eyes of the intended receiver but randomly changing from the viewpoint of the eavesdropper. We augmented an existing physical-layer key generation protocol, iJam, with the proposed approach and developed a full-fledged remote instrumentation platform to demonstrate its performance. Our evaluations show that augmentation does not affect the bit error rate (BER) of the intended receiver during key establishment but reduces the eavesdropper's BER to the level of random guessing, regardless of the number of antennas it equips.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124476847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
BTLEmap: Nmap for bluetooth low energy BTLEmap:低功耗蓝牙Nmap
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-07-01 DOI: 10.1145/3395351.3401796
A. Heinrich, Milan Stute, M. Hollick
{"title":"BTLEmap: Nmap for bluetooth low energy","authors":"A. Heinrich, Milan Stute, M. Hollick","doi":"10.1145/3395351.3401796","DOIUrl":"https://doi.org/10.1145/3395351.3401796","url":null,"abstract":"The market for Bluetooth Low Energy (BLE) devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, Generic Attribute Profile (GATT) service discovery, and device fingerprinting. It also features a BLE advertisement dissector, data exporter, and a user-friendly UI including a proximity view. BTLEmap currently runs on iOS and macOS using Apple's CoreBluetooth API but also accepts alternative data inputs such as a Raspberry Pi to overcome the restricted vendor API. The open-source project is under active development and will provide more advanced capabilities such as long-term device tracking (in spite of MAC address randomization) in the future.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116263644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
GNSS spoofing detection via opportunistic IRIDIUM signals 利用机会性铱星信号进行GNSS欺骗检测
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-06-18 DOI: 10.1145/3395351.3399350
G. Oligeri, Savio Sciancalepore, R. D. Pietro
{"title":"GNSS spoofing detection via opportunistic IRIDIUM signals","authors":"G. Oligeri, Savio Sciancalepore, R. D. Pietro","doi":"10.1145/3395351.3399350","DOIUrl":"https://doi.org/10.1145/3395351.3399350","url":null,"abstract":"In this paper, we study the privately-own IRIDIUM satellite constellation, to provide a location service that is independent of the GNSS. In particular, we apply our findings to propose a new GNSS spoofing detection solution, exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by IRIDIUM satellites. To achieve the above-introduced objective, we firstly reverse-engineer many parameters of the IRIDIUM satellite constellation, such as the satellites speed, packet interarrival times, maximum satellite coverage, satellite pass duration, and the satellite beam constellation, to name a few. Later, we adopt the aforementioned statistics to create a detailed model of the satellite network. Subsequently, we propose a solution to detect unintended deviations of a target user from his path, due to GNSS spoofing attacks. We show that our solution can be used efficiently and effectively to verify the position estimated from standard GNSS satellite constellation, and we provide constraints and parameters to fit several application scenarios. All the results reported in this paper, while showing the quality and viability of our proposal, are supported by real data. In particular, we have collected and analyzed hundreds of thousands of IRA messages, thanks to a measurement campaign lasting several days. All the collected data (1000+ hours) have been made available to the research community. Our solution is particularly suitable for unattended scenarios such as deserts, rural areas, or open seas, where standard spoofing detection techniques resorting to crowd-sourcing cannot be used due to deployment limitations. Moreover, contrary to competing solutions, our approach does not resort to physical-layer information, dedicated hardware, or multiple receiving stations, while exploiting only a single receiving antenna and publicly-available IRIDIUM transmissions. Finally, novel research directions are also highlighted.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130152594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Extracting physical-layer BLE advertisement information from Broadcom and Cypress chips 从Broadcom和Cypress芯片中提取物理层BLE广告信息
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-05-29 DOI: 10.1145/3395351.3401699
J. Classen, M. Hollick
{"title":"Extracting physical-layer BLE advertisement information from Broadcom and Cypress chips","authors":"J. Classen, M. Hollick","doi":"10.1145/3395351.3401699","DOIUrl":"https://doi.org/10.1145/3395351.3401699","url":null,"abstract":"Multiple initiatives propose utilizing Bluetooth Low Energy (BLE) advertisements for contact tracing and SARS-CoV-2 exposure notifications. This demo shows a research tool to analyze BLE advertisements; if universally enabled by the vendors, the uncovered features could improve exposure notifications for everyone. We reverse-engineer the firmware-internal implementation of BLE advertisements on Broadcom and Cypress chips and show how to extract further physical-layer information at the receiver. The analyzed firmware works on hundreds of millions of devices, such as all iPhones, the European Samsung Galaxy S series, and Raspberry Pis.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117329718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attaching InternalBlue to the proprietary macOS IOBluetooth framework 将InternalBlue附加到专有的macOS i蓝牙框架
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-05-29 DOI: 10.1145/3395351.3401697
D. Toldo, J. Classen, M. Hollick
{"title":"Attaching InternalBlue to the proprietary macOS IOBluetooth framework","authors":"D. Toldo, J. Classen, M. Hollick","doi":"10.1145/3395351.3401697","DOIUrl":"https://doi.org/10.1145/3395351.3401697","url":null,"abstract":"In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation framework.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129260745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Secure and user-friendly over-the-air firmware distribution in a portable faraday cage 安全和用户友好的无线固件分布在便携式法拉第笼
Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Pub Date : 2020-05-25 DOI: 10.1145/3395351.3399342
Martin Striegel, Florian Jakobsmeier, Yacov Matveev, Johann Heyszl, G. Sigl
{"title":"Secure and user-friendly over-the-air firmware distribution in a portable faraday cage","authors":"Martin Striegel, Florian Jakobsmeier, Yacov Matveev, Johann Heyszl, G. Sigl","doi":"10.1145/3395351.3399342","DOIUrl":"https://doi.org/10.1145/3395351.3399342","url":null,"abstract":"Setting up a large-scale wireless sensor networks (WSNs) is challenging, as firmware must be distributed and trust between sensor nodes and a backend needs to be established. To perform this task efficiently, we propose an approach named Box, which utilizes an intelligent Faraday Cage (FC). The FC acquires firmware images and secret keys from a backend, patches the firmware with the keys and deploys those customized images over-the-air (OTA) to sensor nodes placed in the FC. Electromagnetic (EM) shielding protects this exchange against passive attackers. We place few demands on the sensor node, not requiring additional hardware components or firmware customized by the manufacturer. We describe this novel workflow, implement the Box and a backend system and demonstrate the feasibility of our approach by batch-deploying firmware to multiple commercial off-the-shelf (COTS) sensor nodes. We conduct a user-study with 31 participants with diverse backgrounds and find, that our approach is both faster and more user-friendly than firmware distribution over a wired connection.","PeriodicalId":165929,"journal":{"name":"Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114966369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信