14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

In this paper, we build a speech privacy attack that exploits speech reverberations generated from a smartphone’s inbuilt loudspeaker captured via a zero-permission motion sensor (accelerometer). We design our attack Spearphone, and demonstrate that speech reverberations from inbuilt loudspeakers, at an appropriate loudness, can impact the accelerometer, leaking sensitive information about the speech. In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can successfully perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%) for any audio/video playback on the smartphone. We use lightweight classifiers and an off-the-shelf machine learning tool so that the attacking effort is minimized, making our attack deployable in practice. Our results with testing the attack on a voice call and voice assistant response were also encouraging, showcasing the impact of the proposed attack. In addition, we perform speech recognition and speech reconstruction to extract more information about the eavesdropped speech to an extent. Our work brings to light a fundamental design vulnerability in many currently-deployed smartphones, which may put people’s speech privacy at risk while using the smartphone in the loudspeaker mode during phone calls, media playback or voice assistant interactions.

Remotely Controlling TrustZone Applications? A Study on Securely and Resiliently Receiving Remote Commands

Shengye Wan¹, Kun Sun², Ning Zhang³, and Yue Li⁴

¹ College of William and Mary

² George Mason University

³ Washington University in St. Louis

⁴ the college of William and Mary

Mobile devices are becoming an indispensable part of work for corporations and governments to store and process sensitive information. Thus, it is important for remote administrators to maintain control of these devices via Mobile Device Management (MDM) solutions. ARM TrustZone has been widely regarded as the de facto solution for protecting the security-sensitive software, such as MDM agents, from attacks of a compromised rich OS. However, little attention has been given to protecting the MDM control channel, a fundamental component for a remote administrator to invoke the TrustZone-based MDM agents and perform specific management operations.

In this work, we design an ARM TrustZone-based network mechanism, called TZNIC, towards enabling resilient and secure access to TrustZone-based software, even in the presence of a malicious rich OS. TZNIC deploys two NIC drivers, one secure-world driver and one normal-world driver, multiplexing one physical NIC. We utilize the ARM TrustZone-based high privilege to protect the secure-world driver and further resolve several challenges on sharing one set of hardware peripherals between two isolated software environments. TZNIC does not require any changes or collaboration of the rich OS. We implement a prototype of TZNIC, and the evaluation results show that TZNIC can provide a reliable network channel to invoke the security software in the secure world, with minimal system overhead on the rich OS.

Z-Fuzzer: Device-agnostic Fuzzing of Zigbee Protocol Implementation

Mengfei Ren¹, Xiaolei Ren¹, Huadong Feng¹, Jiang Ming¹, and Yu Lei¹

¹ The University of Texas at Arlington

With the proliferation of the Internet of Things (IoT) devices, Zigbee is widely adopted as a resource-efficient wireless protocol. Recently, severe vulnerabilities in Zigbee protocol implementations have compromised IoT devices from different manufacturers. It becomes imperative to perform security testing on Zigbee protocol implementations. However, it is not a trivial task to apply the existing vulnerability detection techniques such as fuzzing to Zigbee protocol implementations. In particular, it remains a significant obstacle to deal with low-level hardware events. Many existing protocol fuzzing tools lack a proper execution environment for the Zigbee protocol, which communicates via a radio channel instead of the Internet.

To bridge the above gap, we develop a device-agnostic fuzzing platform named \emph{Z-Fuzzer} to detect security vulnerabilities in Zigbee protocol implementations. Z-Fuzzer provides a software simulation environment with pre-defined peripherals and hardware interrupts configurations to simulate Zigbee protocol execution on real IoT devices. We first extend the existing protocol fuzzing framework’s capabilities with a proxy server to bridge communication with the Zigbee protocol execution. Second, we generate more high-quality test cases with code-coverage heuristics. We compare Z-Fuzzer with advanced protocol fuzzing tools, BooFuzz and Peach fuzzer, on top of Z-Fuzzer’s simulation platform. Our results show that Z-Fuzzer can achieve higher code coverage in a mainstream Zigbee protocol implementation called Z-Stack. \mytool\ has detected more vulnerabilities using fewer test cases than BooFuzz and Peach. Three of them have been assigned CVE IDs with high CVSS scores (7.5$\sim$8.2).

SigUnder: a Stealthy 5G Low Power Attack and Defenses

Norbert Ludant¹ and Guevara Noubir¹

¹ Northeastern University

The 3GPP 5G cellular system is hailed as a major step towards more ubiquitous and pervasive communications infrastructure (including for V2X, Smart Grid, and Healthcare). We disclose and evaluate SigUnder, an attack that enables an adversary to overshadow the Signal Synchronization Block (SSB) with an injected signal at 3.4dB below the legitimate signal (prior work required 3dB above). The attack exploits the polar coding mechanism of 5G and the physical layer OFDM structure. It can be used to make previous DoS and over-shadowing attacks lower-power and stealthy, but also enables new attacks unique to 5G such as setting the cellBarred field in the 5G MIB (and blocking access to a cell). We develop techniques (e.g., phase prediction) to make the attack feasible in a practical setup, and evaluate its performance both in simulations and over the air experiments. We also introduce SICUnder, an extension of Successive Interference Cancellation (SIC) to be able to address the unique challenges that SigUnder poses and demonstrate it effectiveness relatively to standard SIC.

FADIA: FAirness-Driven collaboratIve remote Attestation

Mohamad Mansouri¹, Wafa Ben Jaballah¹, Melek Önen², Md Masoom Rabbani³, and Mauro Conti⁴

¹ Thales SIX GTS

² EURECOM

³ KU Leuven

⁴ University of Padua

Internet of Things (IoT) technology promises to bring new value creation opportunities across all major industrial sectors. This will yield industries to deploy more devices into their networks. A key pillar to ensure the safety and security of the running services on these devices is remote attestation. Unfortunately, existing solutions fail to cope with the recent challenges raised by large IoT networks. In particular, the heterogeneity of the devices used in the network affects the performance of a remote attestation protocol. Another challenge in these networks is their dynamic nature: More IoT devices may be added gradually over time. This poses a problem in terms of key management in remote attestation.

We propose FADIA, the first lightweight collaborative remote attestation protocol that is designed with fairness in mind. FADIA enables fair distribution of load/tasks on the attesting devices to achieve better performance. We also leverage the Eschenauer-Gligor scheme to enable efficient addition of devices to the network. We implement our solution on heterogeneous embedded devices and evaluate it in real scenarios. The evaluation shows that FADIA can (i) increase the lifetime of a network by an order of magnitude and (ii) decrease the runtime of a remote attestation protocol by a factor of $1.6$.

Delegated Attestation: Scalable Remote Attestation of Commodity CPS by Blending Proofs of Execution with Software Attestation

Mahmoud Ammar¹, Bruno Crispo², Ivan De Oliveira Nunes³, and Gene Tsudik³

¹ Huawei Technologies

² KU Leuven & University of Trento

³ UC Irvine

Remote Attestation (RA) is an interaction between a trusted verifier (Vrf) and one or more remote and potentially compromised devices (provers or Prv-s) that allow the former to measure the software state of the latter. RA is particularly relevant to safety-critical cyber-physical systems (CPS) where a set of low-end micro-controllers (MCUs), operate under the control of a remote and more powerful controller. In such cases, RA is an effective and relatively efficient means to detect software compromise, e.g., malware infections, on these low-end MCUs that cannot support expensive security mechanisms.

Unfortunately, current RA techniques have a major practical limitation by requiring one or more of: (i) customized hardware support on every Prv; or (ii) physical presence of Vrf, which must be directly connected to all Prv-s, or (iii) secure pre-loading of trusted software. To overcome this limitation, we construct, implement and evaluate a Delegated Attestation (DA) scheme. In it, all Prv-s remain unmodified, meaning that it applies even to already deployed CPS devices. However, there is no requirement for Vrf’s physical proximity, hardware support or secure initial software pre-loading. Instead, DA uses a recently proposed primitive (called Proofs-of-Execution or PoX) which entails a single customized low-end embedded device (called Attestation Proxy or Prox) on the same local-area network (e.g., a CAN-bus) as Prv-s. In doing so, DA enables RA of all Prv-s. Importantly, this guarantee holds even if Prox is itself compromised, enabling secure RA of completely unmodified Prv-s in an efficient manner.

Anonymous Device Authorization for Cellular Networks

Abida Haque¹, Varun Madathil¹, Bradley Reaves¹, and Alessandra Scafuro¹

¹ North Carolina State University

Cellular networks connect nearly every human on the planet; they consequently have visibility into location data and voice, SMS, and data contacts and communications. Such near-universal visibility represents a significant threat to the privacy of mobile subscribers. In 5G networks, end-user mobile device manufacturers assign a Permanent Equipment Identifier (PEI) to every new device. Mobile operators legitimately use the PEI to blocklist stolen devices from the network to discourage device theft, but the static PEI also provides a mechanism to uniquely identify and track subscribers. Advertisers and data brokers have also historically abused the PEI for data fusion of location and analytics data, including private data sold by cellular providers.

In this paper, we present a protocol that allows mobile devices to prove that they are not in the blocklist without revealing their PEI to any entity on the network. Thus, we maintain the primary purpose of the PEI while preventing potential privacy violations. We describe a provably-secure anonymous proof of blocklist non-membership for cellular network, based on the RSA accumulators and zero-knowledge proofs introduced by Camenisch and Lysyanskaya (Crypto’02) and expanded upon by Li, Li and Xue (ACNS’07). We show experimentally that this approach is viable for cellular networks: a phone can create a blocklist non-membership proof in only 3,432 milliseconds of online computation, and the network can verify the proof in less than one second on average. In total this adds fewer than 4.5 seconds to the rare network attach process. This work shows that PEIs can be attested anonymously in 5G and future network generations, and it paves the way for additional advances toward a cellular network with guaranteed privacy.

Spectrum-Flexible Secure Broadcast Ranging

Tien Dang Vo-Huu¹, Triet Dang Vo-Huu¹, and Guevara Noubir¹

¹ Northeastern University

Secure ranging is poised to play a critical role in several emerging applications such as self-driving cars, unmanned aerial systems, wireless IoT devices, and augmented reality. In this paper, we propose a design of a secure broadcast ranging system with unique features and techniques. Its \emph{spectral-flexibility}, and \emph{low-power short} ranging bursts enable co-existence with existing systems such as in the 2.4GHz ISM band. We exploit a set of RF techniques such as \emph{upsampling} and \emph{successive interference cancellation} to achieve high accuracy and scalability to tens of reflectors even when operating over narrow bands of spectrum. We demonstrate that it can be implemented on popular SDR platforms FPGA and/or hosts (with minimal FPGA modifications). The protocol design, and cryptographically generated/detected signals, and randomized timing of transmissions, provide stealth and security against denial of service, sniffing, and distance manipulation attacks. Through extensive experimental evaluations (and simulations for scalability to over 100 reflectors) we demonstrate an accuracy below 20cm on a wide range of SNR (as low as 0dB), spectrum 25MHz-100MHz, with bursts as short as 5us.

Amazon Echo Dot or the Reverberating Secrets of IoT Devices

Dennis Giese¹ and Guevara Noubir¹

¹ Northeastern University

Smart speakers, such as the Amazon Echo Dot, are very popular and routinely trusted with private and sensitive information. Yet, little is known about their security and potential attack vectors. We develop and synthesize a set of IoT forensics techniques and apply them to reverse engineer the hardware and software of the Amazon Echo Dot, and demonstrate its lacking protections of private user data. An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks). We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset. This is due to the wear-leveling algorithms of the flash memory and lack of encryption. We identify and discuss the design flaws in the storage of sensitive information and the process of de-provisioning used devices. We demonstrate the practical feasibility of such attacks on 86 used devices purchased on eBay and flea markets. Finally, we propose secure design alternatives and mitigation techniques.

Selest: Secure Elevation Estimation of Drones Using MPC

Marinos Vomvas¹, Erik-Oliver Blass², and Guevara Noubir¹

¹ Northeastern University

² Airbus

Drones are increasingly associated with incidents disturbing air traffic at airports, invading privacy, and even terrorism. Wireless Direction of Arrival (DoA) techniques, such as the MUSIC algorithm, can localize drones, but deploying a system that systematically localizes RF emissions can lead to intentional or unintentional (e.g.,if compromised) abuse. Multi-Party Computation (MPC) provides a solution for controlled computation of the elevation of RF emissions, only revealing estimates when some conditions are met, such as when the elevation exceeds a specified threshold. However, we show that a straightforward implementation of MUSIC, which relies on costly computation of complex matrix operations such as eigendecomposition, in state of the art MPC frameworks is extremely inefficient requiring over 20 seconds to achieve the weakest security guarantees. In this work, we develop a set of MPC optimizations and extension of MUSIC. We extensively evaluate our techniques in several MPC protocols achieving a speedup of 300-500 times depending on the security model and specific technique used. For instance a Malicious Shamir execution providing security against malicious adversaries enables 536 DoA estimations per second, making it practical for use in real-world setups

Toward a Secure Crowdsourced Location Tracking System

Chinmay Garg¹, Aravind Machiry², Andrea Continella³, Christopher Kruegel¹, and Giovanni Vigna¹

¹ University of California, Santa Barbara

² Purdue University

³ University of Twente

Low-energy Bluetooth devices have become ubiquitous and widely used for different applications. Among these, Bluetooth trackers are becoming popular as they allow users to track the location of their physical objects. To do so, Bluetooth trackers are often built-in within other commercial products connected to a larger crowdsourced tracking system. Such a system, however, can pose a threat to the security and privacy of the users, for instance, by revealing the location of a user’s valuable object. In this paper, we introduce a set of security properties and investigate the state of commercial crowdsourced tracking systems, which present common design flaws that make them insecure. Leveraging the results of our investigation, we propose a new design for a secure crowdsourced tracking system (SECROW), which allows devices to leverage the benefits of the crowdsourced model without sacrificing security and privacy. Our preliminary evaluation shows that SECROW is a practical, secure, and effective crowdsourced tracking solution.

Let Numbers Tell the Tale: Measuring Security Trends in Wi-Fi Networks and Best Practices

Domien Schepers¹, Aanjhan Ranganathan¹, and Mathy Vanhoef²

¹ Northeastern University

² New York University Abu Dhabi

Motivated by the recent push towards adopting new standards and the discovery of numerous vulnerabilities in both new and old protocols, this paper analyzes the security of Wi-Fi networks. Our analysis is based on publicly available datasets and our own survey covering 250,137 networks across four countries in three continents. We present several key insights, including the continued use of outdated security configurations and vulnerable protocols, the adoption rates of modern protocols, the increasing presence of mesh networks as part of smart city infrastructure, and the vast differences depending on the surveyed geographic region and frequency spectrum. Additionally, we identify and improve upon shortcomings in previous surveys, and recommend best practices for future surveying. In summary, our work provides a more fine-grained understanding on Wi-Fi network security in the real-world. Finally, we publish our tools used for extracting security statistics, and make all anonymized datasets available to other researchers.

Recurring Verification of Interaction Authenticity Within Bluetooth Networks

Travis Peters¹, Timothy J. Pierson², Sougata Sen³, José Camacho⁴, and David Kotz²

¹ Montana State University

² Dartmouth College

³ BITS Pilani, KK Birla Goa Campus, India

⁴ University of Granada, Spain

Although user authentication has been well explored, device-to-device authentication – specifically in Bluetooth networks – has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) – a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion-detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases.

RIP StrandHogg: A Practical StrandHogg Attack Detection Method on Android

Jasper Stang¹, Alexandra Dmitrienko¹, and Sascha Roth²

¹ University of Wuerzburg

² KOBIL Systems GmbH

StrandHogg vulnerabilities affect Android’s multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are limited to the detection of certain attack versions. In this work, we aim to develop a generic, efficient, and usability-friendly attack detection method, which does not require OS modifications and can be employed by apps installed on any vulnerable Android platform. To achieve our goal, we analyze StrandHogg attack techniques and develop two countermeasures, one using Machine Learning and the other one using ActivityCounter $-$ a reliable attack indicator, which we could synthetically engineer. Our first approach achieves an average F1 score of 92% across all attack variations, while ActivityCounter shows superior performance and efficiently detects all attack versions without false positives. ActivityCounter is the first solution without practical limitations, which can be easily deployed in practice and protect millions of affected users.

Happy MitM - Fun and Toys in Every Bluetooth Device

Jiska Classen¹ and Matthias Hollick¹

¹ TU Darmstadt, Germany

Bluetooth pairing establishes trust on first use between two devices by creating a shared key. Similar to certificate warnings in TLS, the Bluetooth specification requires warning users upon issues with this key, because this can indicate ongoing Machine-in-the-Middle (MitM) attacks. This paper uncovers that none of the major Bluetooth stacks warns users, which violates the specification. Clear warnings would protect users from recently published and potential future security issues in Bluetooth authentication and encryption.

Misactivation Detection and User Identification in Smart Home Speakers using Traffic Flow Features

Batyr Charyyev¹ and Mehmet Hadi Gunes¹

¹ Stevens Institute of Technology

The advancement in Internet of Things (IoT) technology has transformed our daily lifestyle. Particularly, voice assistants such as Amazon’s Alexa and Google Assistant are commonly deployed in households. These voice assistants enable users to interact with other devices in a smart home ecosystem. In this paper, we focus on two security issues that arise with the use of smart speakers, and present network flow fingerprinting methods to mitigate their impact. First, we concentrate on the misactivation of smart speakers in which spoken words unintentionally activate the device. This may lead to private user conversations being recorded and sent to the cloud without the user even noticing. To prevent such misactivation, we explore locality-sensitive hash-based machine learning approaches. Our evaluation results with the network traffic of four different smart speakers show that the proposed approach can achieve an area under the curve (i. e., AUC) of 93% to 99%. Secondly, we explore whether the voice commands of the device owner can be distinguished from other individuals based on the generated network traffic fingerprint without any analysis of the actual sound wave. Evaluation results with five different user voices show that we can achieve an average AUC of 72% to 81% by ensembling multiple machine learning models.

Julia: Fast and Secure Key Agreement for IoT Devices

Frans Lundberg¹ and Juraj Feljan¹

¹ ASSA ABLOY AB

Even the most resource-constrained IoT devices need to communicate securely. In order to establish a secure channel, key agreement between the communicating parties is used. Today’s key agreement protocols require at least three scalar multiplications in the handshake to achieve mutual authentication, forward and backward secrecy, and protection against key-compromise impersonation. As this is a computationally heavy operation, resource-constrained devices benefit from a lower number of scalar multiplications. In this paper we present Julia Key Agreement (JKA), a protocol that satisfies the aforementioned security properties using two scalar multiplications, and thus saves both time and energy. In addition, we define an optimized JKA that only requires a single scalar multiplication for a particular use case.

A Comprehensive Formal Analysis of 5G Handover

Aleksi Peltonen¹, Ralf Sasse², and David Basin²

¹ Aalto University

² ETH Zurich

5G has been under standardization for over a decade and will drive the world’s mobile technologies in the decades to come. One of the cornerstones of the 5G standard is its security, also for devices that move frequently between networks, such as autonomous vehicles, and must therefore be handed over from one network operator to another. We present a novel, comprehensive, formal analysis of the security of the device handover protocols specified in the 5G standard. Our analysis covers both handovers within the 5G core network, as well as fallback methods for backwards compatibility with 4G/LTE. We identify four main handover protocols and formally model them in the security protocol verification tool Tamarin. Using these models, we determine for each protocol the minimal set of security assumptions required for its intended security goals to be met. Understanding these requirements is essential when designing devices and other protocols that depend on the reliability and security of network handovers.

No need to ask the Android: Bluetooth-Low-Energy scanning without the location permission

Vincent Toubiana¹ and Mathieu Cunche²

¹ CNIL

² INSA-Lyon, Inria, CITI Lab

Bluetooth-Low-Energy (BLE) scanning can be misused by applications to determine a device location. In order to prevent unconsented location tracking by applications, Android conditions the use of some BLE functions to the prior obtention of the location permission and the activation of the location setting. In this paper, we detail a vulnerability that allows applications to perform BLE scans without the location permission. We present another flaw allowing to bypass the active location requirement. Together those flaws allow an app to fully circumvent the location restrictions applying to BLE scanning. The presented vulnerability affects devices running Android 6 up to 11 and could be misused by application developers to track the location of users. This vulnerability has been disclosed to Google and assigned the CVE-2021-0328.

SoK: Assessing the Threat Potential of Vibration-based Attacks against Live Speech using Mobile Sensors

Payton Walker¹ and Nitesh Saxena¹

¹ The University of Alabama at Birmingham

Existing academic research on vibration-based speech attacks has introduced interesting and intellectually appealing threat vectors with proof-of-concept demonstrations in controlled environments. The attacks presented in these studies exploit different types of sensors such as MEMS motion sensors, laser-based sensors, and some other sensors (camera, position error signal, piezo-disc) to measure the vibrations induced on an object by nearby sensitive speech. Such sensors are commonly found on mobile devices like smartphones and tablets that can be exposed to sensitive speech, revealing the significance of this potential threat. These studies have amassed significant attention in news and media and introduced concern to people about the safety of their day-to-day speech and around their personal, wireless and IoT devices. However, we hypothesize that the controlled experiments in the prior research maintain critical parameter values that are favorable to attack success (deviating from the limiting settings in a real-world scenario) and produce results that suggest a greater real-life threat level than actually exists.

The contributions made in this paper are as follows; First, we provide a detailed review of 10 existing academic research works related to vibration-based eavesdropping attacks. Second, we identify key experimental parameters that can impact the success of eavesdropping in the vibration domain. Third, we build a framework to evaluate the existing literature based on the Percent Parameters in Favored Settings (PPFS) Score metric that we define. Lastly, we use our defined framework to evaluate the feasibility of the existing vibration-based speech attacks to compromise live human speech to the extent of full speech recognition. The results of our evaluation suggest that none of the existing vibration-based eavesdropping attacks have a high likelihood of successfully compromising live human speech in a real-world scenario.

5G SUCI-Catchers: Still catching them all?

Merlin Chlosta¹, David Rupprecht¹, Christina Pöpper², and Thorsten Holz¹

¹ Ruhr University Bochum

² New York University Abu Dhabi

In mobile networks, IMSI-Catchers identify and track users simply by requesting all users’ permanent identities (IMSI) in range. The 5G standard attempts to fix this issue by encrypting the permanent identifier (now SUPI) and transmitting the SUCI. Since the encrypted SUCI is re-generated with an ephemeral key for each use, an attacker can no longer derive the user’s identity. However, this scheme does not prevent all tracking and linking: if the identity of a user is already known, an attacker can probe users for that identity.

We demonstrate a proof-of-concept 5G SUCI-Catcher attack in a 5G standalone network. Based on prior work on linkability through the Authentication and Key Agreement (AKA) procedure, we introduce an attack variant that enables practical, repeatable attacks. We capture encrypted SUCIs and use the AKA-procedure to link the encrypted identities between sessions. This answers Is user X present now? — a typical scenario for IMSI-Catchers. We analyze the attack’s scalability, discuss real-world applicability, and possible countermeasures by network operators.

Orbit-based Authentication Using TDOA Signatures in Satellite Networks

Eric Jedermann¹, Martin Strohmeier², Matthias Schäfer³, Jens Schmitt³, and Vincent Lenders²

¹ TU Kaiserslautern

² Armasuisse

³ University of Kaiserslautern

Given the nature of satellites orbiting the Earth on a fixed trajectory, in principle, it is interesting to investigate how this invariant can be exploited for security purposes. In particular, satellite orbit information can be retrieved from public databases. Using time difference of arrival (TDOA) measurements from multiple receivers, we can check this orbit information against a corresponding TDOA-based signature of the satellite. In that sense, we propose an orbit-based authentication scheme for down-link satellite communications in this paper. To investigate the properties and fundamentals of our novel TDOA signature scheme we study two satellite systems at different altitudes: Iridium and Starlink. Clearly, many challenging questions with respect to the feasibility and effectiveness of this authentication scheme arise; to name some: how many receivers are necessary, how should they be distributed, and how many consecutive measurements do we need for the TDOA signatures. We address these questions by a full factorial experimental design using a simulation framework, we developed for that purpose. Besides a deep understanding about the effects of the major factors on the authentication performance, we find that in adequate configurations, even under a versatile attacker, the orbit-based authentication scheme is able to achieve low false authentication rates well below 1% at false rejection rates of about 2%, for both, Iridium and Starlink satellites.

On the Challenges of Automata Reconstruction in LTE Networks

Merlin Chlosta¹, David Rupprecht¹, and Thorsten Holz¹

¹ Ruhr University Bochum

Mobile networks are a crucial part of our digital lives and require adequate security measures. The 4G and 5G network standards are complex and challenging to implement, which led to several implementation issues being discovered over the last years. Consequently, we aim to strengthen automation in testing and increase test coverage to spot issues and potential security vulnerabilities.

In this paper, we explore active automata learning for 4G/LTE protocol state machines. We focus on LTE’s Mobility Management Entity (MME), the main core network element that handles all user registration and authentication through the NAS protocol. Based on automata learning, we automatically reconstruct the NAS protocol state machine to study implementation-specific artifacts and their security implications. We design and implement a reliable UE-to-MME interface for testing the MME from the perspective of a user device. This method allows testing of fully functional core networks without modification. Based on a prototype implementation, we test two open-source projects, one commercial MME implementation, and one MME in an operator’s test network replicating the live LTE network. We expose several bugs, including crashes in three of the four implementations, potentially leading to network outages.

Non-IID Data Re-balancing at IoT Edge with Peer-to-peer Federated Learning for Anomaly Detection

Han Wang¹, Luis Muñoz-González², David Eklund¹, and Shahid Raza¹

¹ RISE Research Institutes of Sweden

² Imperial College London

The increase of the computational power in edge devices has enabled the penetration of distributed machine learning technologies such as federated learning, which allows to build collaborative models performing the training locally in the edge devices, improving the efficiency and the privacy for training of machine learning models, as the data remains in the edge devices. However, in some IoT networks the connectivity between devices and system components can be limited, which prevents the use of federated learning, as it requires a central node to orchestrate the training of the model. To sidestep this, peer-to-peer learning appears as a promising solution, as it does not require such an orchestrator. On the other side, the security challenges in IoT deployments have fostered the use of machine learning for attack and anomaly detection. In these problems, under supervised learning approaches, the training datasets are typically imbalanced, i.e. the number of anomalies is very small compared to the number of benign data points, which requires the use of re-balancing techniques to improve the algorithms’ performance. In this paper, we propose a novel peer-to-peer algorithm,P2PK-SMOTE, to train supervised anomaly detection machine learning models in non-IID scenarios, including mechanisms to locally re-balance the training datasets via synthetic generation of data points from the minority class. To improve the performance in non-IID scenarios, we also include a mechanism for sharing a small fraction of synthetic data from the minority class across devices, aiming to reduce the risk of data de-identification. Our experimental evaluation in real datasets for IoT anomaly detection across a different set of scenarios validates the benefits of our proposed approach.

Here, There, and Everywhere: Security Analysis of Wi-Fi Fine Timing Measurement

Domien Schepers¹, Mridula Singh², and Aanjhan Ranganathan¹

¹ Northeastern University

² ETH Zurich

Today, an increasing number of applications rely on location and proximity information to deliver services. With the introduction of Wi-Fi Fine Timing Measurement (FTM) in the IEEE 802.11-2016 standard, Wi-Fi derived location and proximity information will play a key role in many safety- and security-critical applications. For example, Wi-Fi FTM is adopted in Wi-Fi Aware where it enables geo-fencing and mobile identification. In this paper, we perform the first security analysis of Wi-Fi FTM and analyze its security guarantees across the logical and physical layers. We find various weaknesses that enable an attacker to introduce distance reductions and enlargements to any arbitrary attacker-chosen value, requiring commodity hardware only. We perform an evaluation using commercial access points, smartphones, and off-the-shelf Wi-Fi cards, and show that an attacker can manipulate distances with meter-level precision. Furthermore, we highlight the distance manipulation attacks which are independent of any higher-layer cryptographic protection, exposing fundamental limitations to achieving secure distance measurements in the current standard. Finally, we present security recommendations for the design and implementation of Wi-Fi FTM and next-generation positioning protocols.

SNOW-Vi: An Extreme Performance Variant of SNOW-V for Lower Grade CPUs

Patrik Ekdahl¹, Thomas Johansson², Alexander Maximov¹, and Jing Yang²

¹ Ericsson Research

² Lund University

SNOW 3G is a stream cipher used as one of the standard algorithms for data confidentiality and integrity protection over the air interface in the 3G and 4G mobile communication systems. SNOW-V is a recent new version that was proposed as a candidate for inclusion in the 5G standard. In this paper, we propose a faster variant of SNOW-V, called SNOW-Vi, that can reach the targeted speeds for 5G in a software implementation on a larger variety of CPU architectures. SNOW-Vi differs in the way how the LFSR is updated and also introduces a new location of the tap $T2$ for stronger security, while everything else is kept the same as in SNOW-V. The throughput in a software environment is increased by around 50% in average, up to 92 Gbps. This makes the applicability of the cipher much wider and more use cases are covered. The security analyses previously done for SNOW-V are not affected in most aspects, and SNOW-Vi provides the same 256-bit security level as SNOW-V.

LightningStrike: (In)secure Practices of E-IoT Systems in the Wild

Luis C. Puche Rondon¹, Leonardo Babun¹, Ahmet Aris¹, Kemal Akkaya¹, and Selcuk Uluagac¹

¹ Florida International University

Recent years have witnessed the widespread adoption of specialty smart ecosystems that have changed the lives of everyday users worldwide. As a part of smart ecosystems, Enterprise Internet of Things (E-IoT) allow users to integrate and control more complex installations in comparison to off-the-shelf IoT systems. With E-IoT, users have complete control of audio, video, scheduled events, lightning fixtures, shades, door access, and relays via available user interfaces. As such, these systems see widespread use in government or smart private offices, schools, smart buildings, professional conference rooms, hotels, smart homes, yachts, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems has not been researched in the literature. Further, many E-IoT systems utilize proprietary communication protocols that rely mostly on security through obscurity, which has many users to mistakenly assume that these systems are secure. To address this open research problem and determine if E-IoT systems are vulnerable, we focus on one of the core E-IoT components, E-IoT communication buses. Communication buses are used by E-IoT proprietary protocols to connect multiple E-IoT devices (e.g., keypads and touchscreens) and trigger pre-configured events upon user actions. In this study, we introduce LightningStrike, the implementation of four proof-of-concept attacks that demonstrate several weaknesses in E-IoT proprietary communication protocols through communication buses. With LightningStrike, we show that it is feasible for an attacker to compromise E-IoT systems using E-IoT communication buses. We demonstrate that E-IoT proprietary communication protocols are susceptible to Denial-of-Service, eavesdropping, impersonation, and replay attacks. As E-IoT systems control physical access, safety components, and emergency equipment, an attacker with a low level of effort and knowledge can easily exploit E-IoT vulnerabilities to impact the security and safety of users, smart systems, and smart buildings worldwide.

Write to Know: On the Feasibility of Wrist Motion based User-Authentication from Handwriting

Raveen Wijewickrama¹, Anindya Maiti², and Murtuza Jadliwala¹

¹ University of Texas at San Antonio

² University of Oklahoma

The popularity of smart wrist wearable technology (e.g., smartwatches) has rejuvenated the exploration of dynamic biometric-based authentication techniques that employ sensor data from these devices. Despite the progress demonstrated by the scientific community, research in this area has not successfully transitioned to practice, and we are yet to see a mainstream user-authentication product based on a dynamic biometric such as handwriting/hand gestures captured using commercial wrist wearables. This work undertakes an investigative analysis to further explore why that is the case. We accomplish this by studying the feasibility and practical deployability of handwriting-based authentication techniques in the literature that utilize motion sensors on-board wrist wearables. We conduct this analysis by replicating four state-of-the-art and representative handwriting-based authentication schemes that employ wrist motion data, in order to test their viability in realistic hand-writing/gesture scenarios. By using data collected from actual human subjects in an unconstrained fashion, we comparatively evaluate the performance of these schemes with well-defined usability and security metrics. Our experimental results show that some of the tested schemes perform considerably well in practice, and are promising. However, they do suffer from several practical user-dependent and technique-specific challenges that act as roadblocks towards their wide-scale adoption in mainstream applications.

Security Analysis of IEEE 802.15.4z/HRP UWB Time-of-Flight Distance Measurement

Mridula Singh¹, Marc Röschlin¹, Ezzat Zalzala¹, Patrick Leu¹, and Srdjan Capkun¹

¹ ETH Zurich, Switzerland

IEEE 802.15.4z, a standard for Ultra-Wide Band (UWB) secure distance measurement, was adopted in 2020 and the chips that implement this standard are already deployed in mobile phones and in automotive (for Passive Keyless Entry and Start). The standard specifies two different modes—LRP and HRP. While some deployments use the LRP mode, where the security has been analyzed and is available in the standard, other implementations, like NXP Trimension SR150/SR040 as well as the U1 chip in Apple iPhones, rely on the HRP mode. However, the security guarantees of HRP mode are neither fully specified in the standard, nor is there an open security analysis. In this work we perform the first open analysis of the 802.15.4z HRP mode. Our analysis reviews possible attacks on HRP and assesses strategies that an HRP receiver could implement. We show that in realistic deployments, despite countermeasures, HRP is hard to configure to be both performant and secure. If a distance missdetection rate is set to less than 10% (in benign scenarios), the probability of a successful distance shortening attacks ranges from 7% to over 90%.

Direct Anonymous Attestation on the Road: Efficient and Privacy-Preserving Revocation in C-ITS

Benjamin Larsen¹, Thanassis Giannetsos², Ioannis Krontiris³, and Kenneth Goldman⁴

¹ Technical University of Denmark (DTU)

² UBITECH

³ Huawei Technologies

⁴ IBM

Vehicular networks rely on public key infrastructure (PKI) to generate long-term and short-term pseudonyms that protect vehicle’s privacy. Instead of relying on a complex and centralized ecosystem of PKI entities, a more scalable solution is to rely on Direct Anonymous Attestation (DAA) and the use of Trusted Computing elements. In particular, revocation based on DAA is very attractive in terms of efficiency and privacy: it does not require the use of CRLs and revocation authority can exclude misbehaving participants from a V2X system without resolving (i.e. learning) their long-term identity. In this paper we design a novel revocation protocol based on DAA and show a detailed design and modeling of the implementation on a real TPM platform in order to demonstrate its significant performance improvements compared to existing solutions.

OutletSpy: Cross-outlet Application Inference via Power Factor Correction Signal

Juchuan Zhang¹, Xiaoyu Ji¹, Yuehan Chi¹, Yichao Chen², Bin Wang¹, and Wenyuan Xu¹

¹ Zhejiang University

² Shanghai Jiao Tong University

Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.

LNGate: Powering IoT with Next Generation Lightning Micro-payments using Threshold Cryptography

Ahmet Kurt¹, Suat Mercan¹, Omer Shlomovits², Enes Erdin³, and Kemal Akkaya¹

¹ Florida International University

² ZenGo X

³ University of Central Arkansas

Bitcoin has emerged as a revolutionary payment system with its decentralized ledger concept however it has significant problems such as high transaction fees and long confirmation times. Lightning Network (LN), which was introduced much later, solves most of these problems with an innovative concept called off-chain payments. With this advancement, Bitcoin has become an attractive venue to perform micro-payments which can also be adopted in many IoT applications (e.g. toll payments). Nevertheless, it is not feasible to host LN and Bitcoin on IoT devices due to the storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LN through an untrusted gateway node. The gateway hosts LN and Bitcoin nodes and can open & close LN channels, send LN payments on behalf of the IoT device. This delegation approach is powered by a (2,2)-threshold scheme that requires the IoT device and the LN gateway to jointly perform all LN operations which in turn secures both parties’ funds. Specifically, we propose to thresholdize LN’s Bitcoin public and private keys as well as its commitment points. With these and several other protocol level changes, IoT device is protected against revoked state broadcast, collusion, and ransom attacks. We implemented the proposed protocol by changing LN’s source code and thoroughly evaluated its performance using a Raspberry Pi. Our evaluation results show that computational and communication delays associated with the protocol are negligible. To the best of our knowledge, this is the first work that implemented threshold cryptography in LN.

Message Sieving to Mitigate Smart Gridlock Attacks in V2V

Siddharth Dongre¹ and Hanif Rahbari¹

¹ Rochester Institute of Technology

Growing deployment of vehicle-to-vehicle (V2V) communications is expected to significantly increase the volume of Basic Safety Messages (BSM) in highways and dense roads. Computational overhead of verifying the integrity of BSMs will therefore be high while current V2V equipment can process only a limited number of BSMs per second. As a result, critical BSMs carrying vital information may fail to be processed on time, creating unsafe outcomes. In this paper, we expose this vulnerability, discuss critical scenarios, develop novel attacks that exploit this vulnerability, and propose a sieving technique to mitigate these verification gridlock attacks. We show on a USRP testbed that our proposed sieving mechanism to counter sophisticated attackers who exploit this vulnerability achieves $80%$ accuracy at SNR greater than $6,$dB, effectively mitigating the attack.

Demo & Posters

Demo: A defensive man-in-middle approach to filter BLE packets

Ahmed Aboukora¹, Guillaume Bonnet¹, Romain Cayre², Florent Galtier³, Vincent Nicomette², and Guillaume Auriol²

¹ Université de Toulouse

² CNRS, LAAS; Univ de Toulouse, INSA, LAAS

³ CNRS, LAAS

In this paper, we propose an original defensive strategy in which we benefit from the use of Man-in-The-Middle attacks in order to protect some vulnerable BLE devices. More precisely, we describe a tool that uses a Man-in-The-Middle attack to implement a wireless firewall for BLE communications, that is able to block specific commands, make some services invisible on BLE devices, or to force out weak pairing mechanisms.

Demo: A framework to test and fuzz wi-fi devices

Domien Schepers¹, Mathy Vanhoef², and Aanjhan Ranganathan¹

¹ Northeastern University

² New York University Abu Dhabi

Over the years, numerous weaknesses have been identified in the IEEE 802.11 standard and its implementations. In order to present a proof-of-concept or demonstrate their impact in practice, researchers are often required to implement entire procedures or complex features from scratch (e.g., injecting encrypted frames with customized header flags). In this paper, we present a framework that allows researchers to more easily test and fuzz any device (i.e., access points and clients). This framework enables one to, for example, test hypothesis on new weaknesses, implement proof-of-concepts, create testing suites, and automate experiments. Our framework is implemented on top of the hostap user space daemon, and includes a language in which complex test cases can be defined (e.g., instructions to inject a sequence of user-modified frames into the network). Notably, a test case can make use of the hostap control interface, providing access to built-in features (e.g., authentication procedures, retrieval of encryption keys) and allows users to create customized hostap extensions.

Demo: AirCollect: efficiently recovering hashed phone numbers leaked via Apple AirDrop

Alexander Heinrich¹, Matthias Hollick¹, Thomas Schneider¹, Milan Stute¹, and Christian Weinert¹

¹ Technische Universität Darmstadt

Apple’s file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user’s own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security’21, we theoretically describe two attacks to exploit these vulnerabilities and propose “PrivateDrop” as a privacy-preserving drop-in replacement for Apple’s AirDrop protocol based on private set intersection.

In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple “collector” devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as “AirCollect” on GitHub.

Demo: OpenHaystack: a framework for tracking personal bluetooth devices via Apple's massive find my network

Alexander Heinrich¹, Milan Stute¹, and Matthias Hollick¹

¹ Technische Universität Darmstadt

OpenHaystack is an open-source framework for locating personal Bluetooth devices using Apple’s Find My Network. A user can integrate it into Bluetooth-capable devices, such as notebooks, or create custom tracking accessories that can be attached to personal items (key rings, backpacks, etc.). We provide firmware images for the Nordic nRF5 chips and the ESP32. We show that they consume little energy and run from a single coin cell for a year. Our macOS application can locate personal accessories. Finally, we make both application and firmware available on GitHub.

Demo: openwifi CSI fuzzer for authorized sensing and covert channels

Xianjun Jiao¹, Michael Mehari¹, Wei Liu¹, Muhammad Aslam¹, and Ingrid Moerman¹

¹ Gent University - imec

CSI (Channel State Information) of WiFi systems contains the environment channel response between the transmitter and the receiver, so the people/objects and their movement in between can be sensed. To get CSI, the receiver performs channel estimation based on the pre-known training field of the transmitted WiFi signal. CSI related technology is useful in many cases, but it also brings concerns on privacy and security. In this paper, we open sourced a CSI fuzzer to enhance the privacy and security of WiFi CSI applications. It is built and embedded into the transmitter of openwifi, which is an open source full-stack WiFi chip design, to prevent unauthorized sensing without sacrificing the WiFi link performance. The CSI fuzzer imposes an artificial channel response to the signal before it is transmitted, so the CSI seen by the receiver will indicate the actual channel response combined with the artificial response. Only the authorized receiver, that knows the artificial response, can calculate the actual channel response and perform the CSI sensing. Another potential application of the CSI fuzzer is covert channels based on a set of pre-defined artificial response patterns. Our work resolves the pain point of implementing the anti-sensing idea based on the commercial off-the-shelf WiFi devices.

Demo: Relay/replay attacks on GNSS signals

Malte Lenhart¹, Marco Spanghero¹, and Panagiotis Papadimitratos¹

¹ KTH Royal Institute of Technology

Global Navigation Satellite Systems (GNSSs) are ubiquitously relied upon for positioning and timing. Detection and prevention of attacks against GNSS have been researched over the last decades, but many of these attacks and countermeasures were evaluated based on simulation. This work contributes to the experimental investigation of GNSS vulnerabilities, implementing a relay/replay attack with off-the-shelf hardware. Operating at the signal level, this attack type is not hindered by cryptographically protected transmissions, such as Galileo’s Open Service Navigation Message Authentication (OS-NMA). The attack we investigate involves two colluding adversaries, relaying signals over large distances, to effectively spoof a GNSS receiver. We demonstrate the attack using off-the-shelf hardware, we investigate the requirements for such successful colluding attacks, and how they can be enhanced, e.g., allowing for finer adversarial control over the victim receiver.

Poster: AgriAuth: sensor collaboration and corroboration for data confidence in smart farms

Jay Prakash¹, Prathmesh Thorwe ¹, and Tony Q. S. Quek²

¹ Silence Laboratories

² SUTD

This paper envisions cyber-farm systems along the lines of cyber-physical systems. It is imperative for corporates and nations to maintain health of the crops to ensure food security. In order to avoid any adversarial attack on agriculture sensors in farms, we propose a collaborative sensing based authentication protocol. It assures that the spoofing and tampering can be detected with high probability. The data collected from the experimental deployment of sensor nodes supports the solution proposed by the paper.

Poster: Cross-protocol attacks: weaponizing a smartphone by diverting its bluetooth controller

Romain Cayre¹, Florent Galtier², Guillaume Auriol¹, Vincent Nicomette¹, Mohamed Kaâniche², and Géraldine Marconato³

¹ CNRS, LAAS; Univ de Toulouse, INSA, LAAS

² CNRS, LAAS

³ APSYS.Lab

In this paper, we focus on a new type of wireless attacks, named cross-technology pivoting attacks. The main objective of these attacks is to divert the transceivers of compromised devices dedicated to a given protocol to allow them to communicate through another protocol, taking advantage of some similarities in their modulation schemes. The main contribution of this work consists in demonstrating the practical feasibility of pivoting attacks from off-the-shelf devices implementing the Bluetooth 5.0 specification. To our knowledge, this attack has not been explored so far in the state of the art.

Poster: Detecting GNSS misbehaviour with high-precision clocks

Marco Spanghero¹ and Panos Papadimitratos¹

¹ KTH Royal Institute of Technology

To mitigate spoofing attacks targeting global navigation satellite systems (GNSS) receivers, one promising method is to rely on alternative time sources, such as network-based synchronization, in order to detect clock offset discrepancies caused by GNSS attacks. However, in case of no network connectivity, such validation references would not be available. A viable option is to rely on a local time reference; in particular, precision hardware clock ensembles of chip-scale thermally stable oscillators with extended holdover capabilities. We present a preliminary design and results towards a custom device capable of providing a stable reference, with smaller footprint and cost compared to traditional precision clocks. The system is fully compatible with existing receiver architecture, making this solution feasible for most industrial scenarios. Further integration with network-based synchronization can provide a complete time assurance system, with high short- and long-term stability.

Poster: Identifying device type from cross channel probe request behavior

Wyatt Praharenka¹ and Ioanis Nikolaidis¹

¹ University of Alberta

Across different Wi-Fi devices, there exist differences in the probing behavior during active scanning. We conjecture that the behavior is sufficiently distinct to identify individual device types. We propose a feature engineering strategy to training machine learning algorithms for determination of the device type. We propose a concurrent capture across multiple Wi-Fi channels, thus allowing the features to include attributes for the transitions happening between channels during active scanning. Small-scale proof-of-concept results provide encouraging results about the method’s potential.

Poster: Robust deep-learning-based radio fingerprinting with fine-tuning

Haipeng Li¹, Chenggang Wang¹, Nirnimesh Ghose², and Boyang Wang¹

¹ University of Cincinnati

² University of Nebraska-Lincoln