Matthias Wilhelm | TU Kaiserslautern (original) (raw)
Papers by Matthias Wilhelm
IEEE Transactions on Wireless Communications, Aug 20, 2014
Numerous studies have shown that concurrent transmissions can help to boost wireless network perf... more Numerous studies have shown that concurrent transmissions can help to boost wireless network performance despite the possibility of packet collisions. However, while these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model for MSK-modulated signals that makes the reasons explicit and thus provides fundamental insights on the key parameters governing the successful reception of colliding transmissions. A major contribution is the closed-form derivation of the receiver bit decision variable for an arbitrary number of colliding signals and constellations of power ratios, time offsets, and carrier phase offsets. We systematically explore the factors for successful packet delivery under concurrent transmissions across the whole parameter space of the model. We confirm the capture threshold behavior observed in previous studies but also reveal new insights relevant to the design of optimal protocols: We identify capture zones depending not only on the signal power ratio but also on time and phase offsets.
Proceedings of the 4th ACM Conference on Wireless Network Security (WiSec 2011), Jun 15, 2011
In this work, we take on the role of a wireless adversary and investigate one of its most powerfu... more In this work, we take on the role of a wireless adversary and investigate one of its most powerful tools---radio frequency jamming. Although different jammer designs are discussed in the literature, reactive jamming, i.e., targeting only packets that are already on the air, is generally recognized as a stepping stone in implementing optimal jamming strategies. The reason is that, while destroying only selected packets, the adversary minimizes its risk of being detected. One might hope for reactive jamming to be too challenging or uneconomical for an attacker to conceive and implement due to its strict real-time requirements. Yet, in this work we disillusion from such hopes as we demonstrate that flexible and reliable software-defined reactive jamming is feasible by designing and implementing a reactive jammer against IEEE 802.15.4 networks. First, we identify the causes of loss at the physical layer of 802.15.4 and show how to achieve the best performance for reactive jamming. Then, we apply these insights to our USRP2-based reactive jamming prototype, enabling a classification of transmissions in real-time, and reliable and selective jamming. The prototype achieves a reaction time in the order of microseconds, a high precision (such as targeting individual symbols), and a 97.6% jamming rate in realistic indoor scenarios for a single reactive jammer, and over 99.9% for two concurrent jammers.
IEEE Journal on Selected Areas in Communications, Sep 2013
Key management in wireless sensor networks faces several unique challenges. The scale, resource l... more Key management in wireless sensor networks faces several unique challenges. The scale, resource limitations, and new threats such as node capture suggest the use of in-network key generation. However, the cost of such schemes is often high because their security is based on computational complexity. Recently, several research contributions justified experimentally that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during device movement, a bit string is derived known only to the two involved entities. Yet, movement is not the only option to generate randomness: the channel response strongly depends on the signal frequency as well. In this work, we introduce a key generation protocol based on the frequency-selectivity of multipath fading channels. The practical advantage of this approach is that it does not require device movement during key establishment. Thus the frequent case of a sensor network with static nodes is supported. We show the protocol’s applicability by implementing it on MICAz motes, and evaluating its robustness and security through experiments and analysis. The error correction property of the protocol mitigates the effects of measurement errors and temporal effects, giving rise to an agreement rate of over 97%.
Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control... more Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control is notoriously difficult to achieve due to the inherent broadcast characteristics of wireless communications: an attacker can easily target any node in its transmission range and affect large parts of a sensor network simultaneously. In this paper, we therefore propose a distributed guardian system to protect a WSN based on physically regulating channel access by means of selective interference. The guardians are deployed alongside a sensor network, inspecting all local traffic, classifying packets based on their content, and destroying any malicious packet while still on the air. In that sense, the system tries to gain "air dominance" over attackers. A key challenge in implementing the guardian system is the resulting real-time requirement in order to classify and destroy packets during transmission. We present a USRP2 software radio based guardian implementation for IEEE 802.15.4 that meets this challenge; using an FPGA-based design we can even check for the content of the very last payload byte of a packet and still prevent its reception by a potential victim mote. Our evaluation shows that the guardians effectively block 99.9% of unauthorized traffic in 802.15.4 networks in our experiments, without disturbing the legitimate operations of the WSN.
ACM Student Research Competition Grand Finals 2012, Jun 2012
Security in wireless networks is a notoriously difficult problem, mainly because medium access is... more Security in wireless networks is a notoriously difficult problem, mainly because medium access is hard to control: anyone in transmission range can easily inject packets into a network. The current solution strategy is to place the burden of packet filtering on each network node individually, leading to challenging administration and performance problems. We propose an alternative approach that provides the desired packet filtering remotely: the wireless firewall. The working principle is simple—if we cannot prevent the transmission of a malicious packet, we may still prevent its reception. The wireless firewall achieves this by content- based classification and selective interference that is just long enough to induce checksum errors in malicious packets. This way, the protection is fully transparent to the network: everything received without errors is trustworthy. We show the feasibility of our approach with WiFire, a software-defined wireless firewall system implemented on the USRP2, which achieves per-packet classification and selective destruction reliably: our evaluation shows that 99.9% of adversarial traffic is successfully blocked without disturbing the legitimate operations of the network.
Numerous studies showed that concurrent transmissions can boost wireless network performance desp... more Numerous studies showed that concurrent transmissions can boost wireless network performance despite collisions. While these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model that reveals the reasons and provides insights on the key parameters affecting the performance of MSK-modulated transmissions. A major contribution is a closed-form derivation of the receiver bit decision variable for arbitrary numbers of colliding signals and constellations of power ratios, timing offsets, and carrier phase offsets. We systematically explore the root causes for successful packet delivery under concurrent transmissions across the whole parameter space of the model. We confirm the capture threshold behavior observed in previous studies but also reveal new insights relevant for the design of optimal protocols: We identify capture zones depending not only on the signal power ratio but also on time and phase offsets.
Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2013), Jun 2013
We propose a novel approach to detect reactive jammers in direct sequence spread spectrum (DSSS) ... more We propose a novel approach to detect reactive jammers in direct sequence spread spectrum (DSSS) wireless networks. The key idea is to use the chip error rate of the first few jamming-free symbols at the DSSS demodulator during the signal synchronization phase of regular packet reception to estimate the probability of successful packet delivery. If the estimated probability is significantly higher than the actual packet delivery ratio, we declare jamming. As a proof of concept, we implement a prototype in a network of three USRP software-defined radios (transmitter, receiver, and jammer) and evaluate the feasibility, responsiveness, and accuracy of our approach in a controlled lab environment. Our experiments with IEEE 802.15.4 DSSS-based communication show that for links with a jamming-free packet delivery probability above 0.5, the false positive and negative detection rates remain below 5%.
Proceedings of the ACM SIGCOMM 2011 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2011), Aug 15, 2011
Firewalls are extremely effective at enforcing security policies in wired networks. Perhaps surpr... more Firewalls are extremely effective at enforcing security policies in wired networks. Perhaps surprisingly, firewalls are entirely nonexistent in the wireless domain. Yet, the need to selectively control and block radio communication is particularly high in a broadcast environment since any node may receive and send packets. In this demo, we present WiFire, a system that brings the firewall concept to wireless networks. First, WiFire detects and analyzes packets during their transmission, checking their content against a set of rules. It then relies on reactive jamming techniques to selectively block undesired communication. We show the feasibility and performance of WiFire, which is implemented on the USRP2 software-defined radio platform, in several scenarios with IEEE 802.15.4 radios. WiFire is able to classify and effectively block undesired communication without interfering with desired communication.
Workshop Proceedings of MMB & DFT 2012, Mar 21, 2012
We assess the ability of adversaries to modify the content of messages on the physical layer of w... more We assess the ability of adversaries to modify the content of messages on the physical layer of wireless networks. In contrast to related work, we consider signal overshadowing to achieve such manipulations during transmission. We present preliminary experimental results, which suggest that our approach enables deterministic message manipulations, even in unpredictable radio environments.
Proceedings of the 4th International Workshop on Wireless of the Students, by the Students, and for the Students (S3 2012), Aug 26, 2012
Despite its practical importance, interference can still be considered a "black box" in wireless ... more Despite its practical importance, interference can still be considered a "black box" in wireless network experiments as it is difficult to generate in a controlled and repeatable manner. Current generation approaches, such as packet storms or pre-recorded interference traces, do not adapt to the transmissions on the channel; the resulting effects of the interference are random and beyond the experimenter’s control. Our solution to this problem is to use protocol-aware interferers, allowing them to adapt to the actual packet transmissions on the channel. We implemented a reactive jamming system on the USRP2 that enables this mode of operation as a proof of concept, decoding packets and interfering with them during their transmission. With this capability in mind we propose interference scripting, a way to define protocol-aware interference patterns using both packet content and time, and to repeatably generate these patterns on dedicated devices deployed alongside a testbed. This way, we hope to provide a useful tool to experimenters, adding controllable interference to wireless testbeds.
Proceedings of the 3rd ACM Conference on Wireless Network Security (WiSec 2010), Mar 22, 2010
Key management in wireless sensor networks does not only face typical, but also several new chall... more Key management in wireless sensor networks does not only face typical, but also several new challenges. The scale, resource limitations, and new threats such as node capture and compromise necessitate the use of an on-line key generation, where secret keys are generated by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys between two parties. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The great practical advantage of this approach is that we do not rely on node movement as the source of randomness. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the proposed protocol mitigates the effects of measurement errors and other temporal effects, giving rise to a key agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.
Proceeding of the 6th IEEE Workshop on Secure Network Protocols (NPSec 2010), Oct 5, 2010
Initial deployment of secrets plays a crucial role in any security design, but especially in hard... more Initial deployment of secrets plays a crucial role in any security design, but especially in hardware constrained wireless sensor networks. Many key management schemes assume either manually pre-installed shared secrets or keys authenticated with the aid of out-of-band channels. While manually installing secret keys affects the practicability of the key deployment, out-of-band channels require additional interfaces of already hardware-limited wireless sensor nodes. In this work, we present a key deployment protocol that uses pair-wise ephemeral keys generated from physical layer information which subsequently enables an authenticated exchange of public keys. Hence, this work presents an elegant solution to the key deployment problem without requiring more capabilities than already available on common low-cost devices. To justify the feasibility of this solution, we implement and experimentally evaluate the proposed key deployment protocol using commodity wireless sensor motes.
Proceedings of the 1st ACM Conference on Wireless Network Security (WiSec 2008), Aug 2008
Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flood... more Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flooding APs with fake authentication requests. Such attacks may exhaust an AP’s memory resources and result in denied association service, thus enabling more sophisticated impersonation attacks accomplished by rogue APs.
This work introduces the concept of wireless client puzzles, a protection method which assists an AP to preserve its resources by discarding fake requests, while allowing legitimate clients to successfully join the network. Rather than conditioning a puzzle’s solution on computational resources of highly heterogeneous clients, the puzzles utilize peculiarities of a wireless environment such as broadcast communication and signal propagation which provide more invariant properties. Using an implementation of the proposed scheme, we demonstrate its effectiveness within a realistic scenario. Based on the insights from the implementation a simulation is used to extend the threat model and to scale up the scenario. Simulations verify our implementation results and show that the impact of flooding rate is decreased by 75% even if an attacker changes its position or manipulates its signal strength, while ≈ 90% of the legitimate stations are still able to successfully associate during an attack.
Mobile Computing and Communications Review, Jul 2011
We present RFReact, a USRP2-based platform that enables selective and reactive RF jamming. We dem... more We present RFReact, a USRP2-based platform that enables selective and reactive RF jamming. We demonstrate that RFReact is both powerful and versatile with a jamming system that can demodulate the header of an IEEE 802.15.4 packet, decide whether to jam it based on its content, and carry out the decision all while the packet is still on the air.
Recently, several research contributions have justified that wireless communication is not only a... more Recently, several research contributions have justified that wireless communication is not only a security burden. Its unpredictable and erratic nature can also be turned against an adversary and used to augment conventional security protocols, especially key agreement. In this paper, we are inspired by promising studies on such key agreement schemes, yet aim for releasing some of their limiting assumptions. We demonstrate the feasibility of our scheme within performance-limited wireless sensor networks. The central idea is to use the reciprocity of the wireless channel response between two transceivers as a correlated random variable. Doing so over several frequencies results in a random vector from which a shared secret is extracted. By employing error correction techniques, we are able to control the trade-off between the amount of secrecy and the robustness of our key agreement protocol. To evaluate its applicability, the protocol is implemented on MicaZ sensor nodes and analyzed in indoor environments. Further, these experiments provide insights into realistic channel behavior, available information entropy, and show a high rate of successful key agreements, up to 95%.
Key management in wireless sensor networks faces several new challenges. The scale, resource limi... more Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.
Pervasive and Mobile Computing, Oct 2009
To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides mean... more To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides means for mutual user authentication and assures confidentiality of user data. However, the IEEE 802.11 link-layer is still highly vulnerable to a plethora of simple, yet effective attacks which further jeopardize the already fragile security of wireless communications.
Some of these vulnerabilities are related to limited hardware capabilities of access points and their abuse may result in serious degradation of control over the wireless connection, which, especially in the case of broadcast communication, allows for client hijacking attacks. Although these issues are known and their impact is expected to be less prevalent on modern equipment, this work demonstrates the opposite. In our experimental analysis, we tested frequently used access points, and by forcing them to operate on their performance limits, we identified significant operational anomalies and demonstrated their impact on security by implementing a novel version of the Man-In-The-Middle attack, to which we refer as the Muzzle attack.
Secondly, this work describes DiscoSec, a solution for “patching” WLANs against a variety of such link-layer attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements DiscoSec is evaluated, showing that even on very resource-limited devices the network throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more performance-capable hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source IEEE 802.11 device driver utilizing well-established cryptographic primitives provided by the Linux Crypto API and OpenSSL library.
Proceedings of the 2008 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2008), Jun 22, 2008
To improve the already tarnished reputation of WLAN security, the new IEEE 802.11i security stand... more To improve the already tarnished reputation of WLAN security, the new IEEE 802.11i security standard provides means for an enhanced user authentication and strong data confidentiality. However, the standard focuses on securing higher-layer data, i.e., protecting IEEE 802.11 data frames. Management frames used for connection administration are left unprotected and a wide spectrum of known attacks is still applicable and even extended against the IEEE 802.11i/IEEE 802.1X protocol execution.
This work describes DiscoSec, a service pack for “patching” WLANs against the most prominent vulnerabilities resulting in resource-depletion and impersonation attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements the performance of DiscoSec is evaluated showing that even on very resource-limited devices the throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more powerful hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source WLAN device driver.
IEEE Transactions on Wireless Communications, Aug 20, 2014
Numerous studies have shown that concurrent transmissions can help to boost wireless network perf... more Numerous studies have shown that concurrent transmissions can help to boost wireless network performance despite the possibility of packet collisions. However, while these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model for MSK-modulated signals that makes the reasons explicit and thus provides fundamental insights on the key parameters governing the successful reception of colliding transmissions. A major contribution is the closed-form derivation of the receiver bit decision variable for an arbitrary number of colliding signals and constellations of power ratios, time offsets, and carrier phase offsets. We systematically explore the factors for successful packet delivery under concurrent transmissions across the whole parameter space of the model. We confirm the capture threshold behavior observed in previous studies but also reveal new insights relevant to the design of optimal protocols: We identify capture zones depending not only on the signal power ratio but also on time and phase offsets.
Proceedings of the 4th ACM Conference on Wireless Network Security (WiSec 2011), Jun 15, 2011
In this work, we take on the role of a wireless adversary and investigate one of its most powerfu... more In this work, we take on the role of a wireless adversary and investigate one of its most powerful tools---radio frequency jamming. Although different jammer designs are discussed in the literature, reactive jamming, i.e., targeting only packets that are already on the air, is generally recognized as a stepping stone in implementing optimal jamming strategies. The reason is that, while destroying only selected packets, the adversary minimizes its risk of being detected. One might hope for reactive jamming to be too challenging or uneconomical for an attacker to conceive and implement due to its strict real-time requirements. Yet, in this work we disillusion from such hopes as we demonstrate that flexible and reliable software-defined reactive jamming is feasible by designing and implementing a reactive jammer against IEEE 802.15.4 networks. First, we identify the causes of loss at the physical layer of 802.15.4 and show how to achieve the best performance for reactive jamming. Then, we apply these insights to our USRP2-based reactive jamming prototype, enabling a classification of transmissions in real-time, and reliable and selective jamming. The prototype achieves a reaction time in the order of microseconds, a high precision (such as targeting individual symbols), and a 97.6% jamming rate in realistic indoor scenarios for a single reactive jammer, and over 99.9% for two concurrent jammers.
IEEE Journal on Selected Areas in Communications, Sep 2013
Key management in wireless sensor networks faces several unique challenges. The scale, resource l... more Key management in wireless sensor networks faces several unique challenges. The scale, resource limitations, and new threats such as node capture suggest the use of in-network key generation. However, the cost of such schemes is often high because their security is based on computational complexity. Recently, several research contributions justified experimentally that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during device movement, a bit string is derived known only to the two involved entities. Yet, movement is not the only option to generate randomness: the channel response strongly depends on the signal frequency as well. In this work, we introduce a key generation protocol based on the frequency-selectivity of multipath fading channels. The practical advantage of this approach is that it does not require device movement during key establishment. Thus the frequent case of a sensor network with static nodes is supported. We show the protocol’s applicability by implementing it on MICAz motes, and evaluating its robustness and security through experiments and analysis. The error correction property of the protocol mitigates the effects of measurement errors and temporal effects, giving rise to an agreement rate of over 97%.
Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control... more Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control is notoriously difficult to achieve due to the inherent broadcast characteristics of wireless communications: an attacker can easily target any node in its transmission range and affect large parts of a sensor network simultaneously. In this paper, we therefore propose a distributed guardian system to protect a WSN based on physically regulating channel access by means of selective interference. The guardians are deployed alongside a sensor network, inspecting all local traffic, classifying packets based on their content, and destroying any malicious packet while still on the air. In that sense, the system tries to gain "air dominance" over attackers. A key challenge in implementing the guardian system is the resulting real-time requirement in order to classify and destroy packets during transmission. We present a USRP2 software radio based guardian implementation for IEEE 802.15.4 that meets this challenge; using an FPGA-based design we can even check for the content of the very last payload byte of a packet and still prevent its reception by a potential victim mote. Our evaluation shows that the guardians effectively block 99.9% of unauthorized traffic in 802.15.4 networks in our experiments, without disturbing the legitimate operations of the WSN.
ACM Student Research Competition Grand Finals 2012, Jun 2012
Security in wireless networks is a notoriously difficult problem, mainly because medium access is... more Security in wireless networks is a notoriously difficult problem, mainly because medium access is hard to control: anyone in transmission range can easily inject packets into a network. The current solution strategy is to place the burden of packet filtering on each network node individually, leading to challenging administration and performance problems. We propose an alternative approach that provides the desired packet filtering remotely: the wireless firewall. The working principle is simple—if we cannot prevent the transmission of a malicious packet, we may still prevent its reception. The wireless firewall achieves this by content- based classification and selective interference that is just long enough to induce checksum errors in malicious packets. This way, the protection is fully transparent to the network: everything received without errors is trustworthy. We show the feasibility of our approach with WiFire, a software-defined wireless firewall system implemented on the USRP2, which achieves per-packet classification and selective destruction reliably: our evaluation shows that 99.9% of adversarial traffic is successfully blocked without disturbing the legitimate operations of the network.
Numerous studies showed that concurrent transmissions can boost wireless network performance desp... more Numerous studies showed that concurrent transmissions can boost wireless network performance despite collisions. While these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model that reveals the reasons and provides insights on the key parameters affecting the performance of MSK-modulated transmissions. A major contribution is a closed-form derivation of the receiver bit decision variable for arbitrary numbers of colliding signals and constellations of power ratios, timing offsets, and carrier phase offsets. We systematically explore the root causes for successful packet delivery under concurrent transmissions across the whole parameter space of the model. We confirm the capture threshold behavior observed in previous studies but also reveal new insights relevant for the design of optimal protocols: We identify capture zones depending not only on the signal power ratio but also on time and phase offsets.
Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2013), Jun 2013
We propose a novel approach to detect reactive jammers in direct sequence spread spectrum (DSSS) ... more We propose a novel approach to detect reactive jammers in direct sequence spread spectrum (DSSS) wireless networks. The key idea is to use the chip error rate of the first few jamming-free symbols at the DSSS demodulator during the signal synchronization phase of regular packet reception to estimate the probability of successful packet delivery. If the estimated probability is significantly higher than the actual packet delivery ratio, we declare jamming. As a proof of concept, we implement a prototype in a network of three USRP software-defined radios (transmitter, receiver, and jammer) and evaluate the feasibility, responsiveness, and accuracy of our approach in a controlled lab environment. Our experiments with IEEE 802.15.4 DSSS-based communication show that for links with a jamming-free packet delivery probability above 0.5, the false positive and negative detection rates remain below 5%.
Proceedings of the ACM SIGCOMM 2011 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2011), Aug 15, 2011
Firewalls are extremely effective at enforcing security policies in wired networks. Perhaps surpr... more Firewalls are extremely effective at enforcing security policies in wired networks. Perhaps surprisingly, firewalls are entirely nonexistent in the wireless domain. Yet, the need to selectively control and block radio communication is particularly high in a broadcast environment since any node may receive and send packets. In this demo, we present WiFire, a system that brings the firewall concept to wireless networks. First, WiFire detects and analyzes packets during their transmission, checking their content against a set of rules. It then relies on reactive jamming techniques to selectively block undesired communication. We show the feasibility and performance of WiFire, which is implemented on the USRP2 software-defined radio platform, in several scenarios with IEEE 802.15.4 radios. WiFire is able to classify and effectively block undesired communication without interfering with desired communication.
Workshop Proceedings of MMB & DFT 2012, Mar 21, 2012
We assess the ability of adversaries to modify the content of messages on the physical layer of w... more We assess the ability of adversaries to modify the content of messages on the physical layer of wireless networks. In contrast to related work, we consider signal overshadowing to achieve such manipulations during transmission. We present preliminary experimental results, which suggest that our approach enables deterministic message manipulations, even in unpredictable radio environments.
Proceedings of the 4th International Workshop on Wireless of the Students, by the Students, and for the Students (S3 2012), Aug 26, 2012
Despite its practical importance, interference can still be considered a "black box" in wireless ... more Despite its practical importance, interference can still be considered a "black box" in wireless network experiments as it is difficult to generate in a controlled and repeatable manner. Current generation approaches, such as packet storms or pre-recorded interference traces, do not adapt to the transmissions on the channel; the resulting effects of the interference are random and beyond the experimenter’s control. Our solution to this problem is to use protocol-aware interferers, allowing them to adapt to the actual packet transmissions on the channel. We implemented a reactive jamming system on the USRP2 that enables this mode of operation as a proof of concept, decoding packets and interfering with them during their transmission. With this capability in mind we propose interference scripting, a way to define protocol-aware interference patterns using both packet content and time, and to repeatably generate these patterns on dedicated devices deployed alongside a testbed. This way, we hope to provide a useful tool to experimenters, adding controllable interference to wireless testbeds.
Proceedings of the 3rd ACM Conference on Wireless Network Security (WiSec 2010), Mar 22, 2010
Key management in wireless sensor networks does not only face typical, but also several new chall... more Key management in wireless sensor networks does not only face typical, but also several new challenges. The scale, resource limitations, and new threats such as node capture and compromise necessitate the use of an on-line key generation, where secret keys are generated by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys between two parties. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The great practical advantage of this approach is that we do not rely on node movement as the source of randomness. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the proposed protocol mitigates the effects of measurement errors and other temporal effects, giving rise to a key agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.
Proceeding of the 6th IEEE Workshop on Secure Network Protocols (NPSec 2010), Oct 5, 2010
Initial deployment of secrets plays a crucial role in any security design, but especially in hard... more Initial deployment of secrets plays a crucial role in any security design, but especially in hardware constrained wireless sensor networks. Many key management schemes assume either manually pre-installed shared secrets or keys authenticated with the aid of out-of-band channels. While manually installing secret keys affects the practicability of the key deployment, out-of-band channels require additional interfaces of already hardware-limited wireless sensor nodes. In this work, we present a key deployment protocol that uses pair-wise ephemeral keys generated from physical layer information which subsequently enables an authenticated exchange of public keys. Hence, this work presents an elegant solution to the key deployment problem without requiring more capabilities than already available on common low-cost devices. To justify the feasibility of this solution, we implement and experimentally evaluate the proposed key deployment protocol using commodity wireless sensor motes.
Proceedings of the 1st ACM Conference on Wireless Network Security (WiSec 2008), Aug 2008
Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flood... more Resource-depletion attacks against IEEE 802.11 access points (APs) are commonly executed by flooding APs with fake authentication requests. Such attacks may exhaust an AP’s memory resources and result in denied association service, thus enabling more sophisticated impersonation attacks accomplished by rogue APs.
This work introduces the concept of wireless client puzzles, a protection method which assists an AP to preserve its resources by discarding fake requests, while allowing legitimate clients to successfully join the network. Rather than conditioning a puzzle’s solution on computational resources of highly heterogeneous clients, the puzzles utilize peculiarities of a wireless environment such as broadcast communication and signal propagation which provide more invariant properties. Using an implementation of the proposed scheme, we demonstrate its effectiveness within a realistic scenario. Based on the insights from the implementation a simulation is used to extend the threat model and to scale up the scenario. Simulations verify our implementation results and show that the impact of flooding rate is decreased by 75% even if an attacker changes its position or manipulates its signal strength, while ≈ 90% of the legitimate stations are still able to successfully associate during an attack.
Mobile Computing and Communications Review, Jul 2011
We present RFReact, a USRP2-based platform that enables selective and reactive RF jamming. We dem... more We present RFReact, a USRP2-based platform that enables selective and reactive RF jamming. We demonstrate that RFReact is both powerful and versatile with a jamming system that can demodulate the header of an IEEE 802.15.4 packet, decide whether to jam it based on its content, and carry out the decision all while the packet is still on the air.
Recently, several research contributions have justified that wireless communication is not only a... more Recently, several research contributions have justified that wireless communication is not only a security burden. Its unpredictable and erratic nature can also be turned against an adversary and used to augment conventional security protocols, especially key agreement. In this paper, we are inspired by promising studies on such key agreement schemes, yet aim for releasing some of their limiting assumptions. We demonstrate the feasibility of our scheme within performance-limited wireless sensor networks. The central idea is to use the reciprocity of the wireless channel response between two transceivers as a correlated random variable. Doing so over several frequencies results in a random vector from which a shared secret is extracted. By employing error correction techniques, we are able to control the trade-off between the amount of secrecy and the robustness of our key agreement protocol. To evaluate its applicability, the protocol is implemented on MicaZ sensor nodes and analyzed in indoor environments. Further, these experiments provide insights into realistic channel behavior, available information entropy, and show a high rate of successful key agreements, up to 95%.
Key management in wireless sensor networks faces several new challenges. The scale, resource limi... more Key management in wireless sensor networks faces several new challenges. The scale, resource limitations, and new threats such as node capture necessitate the use of an on-line key generation by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The practical advantage of this approach is that we do not require node movement. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the protocol mitigates the effects of measurement errors and other temporal effects, giving rise to an agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.
Pervasive and Mobile Computing, Oct 2009
To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides mean... more To improve the tarnished reputation of WLAN security, the new IEEE 802.11i standard provides means for mutual user authentication and assures confidentiality of user data. However, the IEEE 802.11 link-layer is still highly vulnerable to a plethora of simple, yet effective attacks which further jeopardize the already fragile security of wireless communications.
Some of these vulnerabilities are related to limited hardware capabilities of access points and their abuse may result in serious degradation of control over the wireless connection, which, especially in the case of broadcast communication, allows for client hijacking attacks. Although these issues are known and their impact is expected to be less prevalent on modern equipment, this work demonstrates the opposite. In our experimental analysis, we tested frequently used access points, and by forcing them to operate on their performance limits, we identified significant operational anomalies and demonstrated their impact on security by implementing a novel version of the Man-In-The-Middle attack, to which we refer as the Muzzle attack.
Secondly, this work describes DiscoSec, a solution for “patching” WLANs against a variety of such link-layer attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements DiscoSec is evaluated, showing that even on very resource-limited devices the network throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more performance-capable hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source IEEE 802.11 device driver utilizing well-established cryptographic primitives provided by the Linux Crypto API and OpenSSL library.
Proceedings of the 2008 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2008), Jun 22, 2008
To improve the already tarnished reputation of WLAN security, the new IEEE 802.11i security stand... more To improve the already tarnished reputation of WLAN security, the new IEEE 802.11i security standard provides means for an enhanced user authentication and strong data confidentiality. However, the standard focuses on securing higher-layer data, i.e., protecting IEEE 802.11 data frames. Management frames used for connection administration are left unprotected and a wide spectrum of known attacks is still applicable and even extended against the IEEE 802.11i/IEEE 802.1X protocol execution.
This work describes DiscoSec, a service pack for “patching” WLANs against the most prominent vulnerabilities resulting in resource-depletion and impersonation attacks. DiscoSec provides DoS-resilient key exchange, an efficient frame authentication, and a performance-oriented implementation. By means of extensive real-world measurements the performance of DiscoSec is evaluated showing that even on very resource-limited devices the throughput is decreased by only 22% compared to the throughput without any authentication, and by 6% on more powerful hardware. To demonstrate its effectiveness, DiscoSec is available as an open-source WLAN device driver.