Securing Access to Wireless Local Area Networks using a Passive Approach to Device Identification

Corbett, Cherita L.

06 April 2006

IEEE 802.11 wireless networks are plagued with problems of unauthorized access. Left undetected, unauthorized access is the precursor to additional mischief. Current approaches to detecting intruders are invasive or can be evaded by stealthy attackers. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on two functions, active scanning and dynamic rate switching, required by the 802.11 standard that are implemented in the hardware and software of the wireless NIC. We show that the implementation of these functions influence the transmission patterns of a wireless stream that are observable through traffic analysis. Furthermore, differences in the behavior of a wireless stream caused by differences in the implementation of these functions are exploited to establish the identity of a NIC. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning and rate switching. A spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can discern between NICs manufactured by different vendors and NICs within the same manufacturer using the spectral profile.

Access control

Device identification

Wireless security

Reliable SRAM fingerprinting

Kim, Joonsoo, Ph. D.

05 October 2012

Device identification, as human identification has been, has become critical to mitigate growing security problems. In the era of ubiquitous computing, it is important to ensure universal device identities that are versatile in number of ways, for example, to enhance computer security or to enable large-scale data capture, management and analysis. For device identities, simple labeling works only if they are properly managed under a highly controlled environment. We can also impose hard-coded serial numbers into non-volatile memories but it is well known that this is expensive and vulnerable to security attacks. Hence, it is desirable to develop reliable and secure device identification methods using fingerprint-like characteristics of the electronic devices. As technology scales, process variation has become the most critical barrier to overcome for modern chip development. Ironically, there are some research works to exploit the aggressive process variation for the identification of individual devices. They find measurable physical characteristics that are unique to each integrated circuit. Among them, device identification using initial power-up values of SRAM cells, called SRAM fingerprints, has been emphasized lately in part due to the abundant availability of SRAM cells in modern microprocessors. More importantly, since the cross-coupled inverter structure of each SRAM cell amplifies even the small mismatches between two inverter nodes, it is thus very sensitive to and maximizes the effect of random process variation, making SRAM fingerprints to acquire great features as a naturally inherent device ID. Therefore, this work focuses on achieving reliable device identification using SRAM fingerprints. As of date, this dissertation shows the most comprehensive feature characterization of SRAM fingerprints based on the large datasets measured from the real devices under various environmental conditions. SRAM fingerprints in three different process technologies - IBM 32nm SOI technology, IBM 65nm bulk technology, and TSMC 90nm low-k dielectric technology - have been investigated across different temperatures or voltages. By using formal statistical tools, the required features for SRAM fingerprints necessary to be usable as device IDs - uniqueness, randomness, independence, reproducibility, etc. - have been empirically proven. As some of the previous works mentioned, there is an inherent unreliability of the initial states of SRAM cells so that there is always some chance of errors during identification process. It is observed that, under environmental variations, the instability aggravates even more. Most of the previous work, however, ignores the temperature dependence of the SRAM power-up values, which turns out to be critical against our past speculations and becomes a real challenge in realizing a reliable SRAM-based device identification. Note that temperature variation will not be negligible in many situations, for example, authentication of widely distributed sensors. We show that it is possible to achieve SRAM-based device identification system that reliably operates under a wide range of temperatures. The proposed system is composed of three major steps: enrollment, system evaluation, and matching. During the enrollment process, power-up samples of SRAM fingerprints are captured from each manufactured device and the feature information or characterization identifier (CID) is characterized to generate a representative fingerprint value associated with the product device. By collecting the samples and the CIDs, system database gets constructed before distributing devices to the field. During the matching process, we take a single sample fingerprint of a power-cycle experiment, the field identifier (FID), and perform a match against a repository of CID's of all manufactured devices. There is an additional monitoring subsystem, called system evaluation, that estimates the system accuracy with the system database. It controls the system parameters while maintaining the system accuracy requirement. This work delivers a total-package statistical framework that raises design issues of each step and provides systematic solutions to deal with these inter-related issues. We provide statistical methods to determine sample size for the enrollment of chip identities, to generate the representative fingerprint features with the limited number of test samples, and to estimate the system performance along with the proposed system parameter values and the confidence interval of the estimation. A novel matching scheme is proposed to improve the system accuracy and increase population coverage under environmental variations, especially temperature variation. Several advanced mechanisms to exploit the instability for our benefit is also discussed along with supporting state-of-the-art circuit technologies. All these pioneering theoretical frameworks have been validated by the comprehensive empirical analysis based on the real SRAM fingerprint datasets introduced earlier. This dissertation covers a wide range of multidisciplinary research areas including solid-state device physics, computer security, biometrics, statistics, and pattern matching. The main contribution here is that this work provides a comprehensive interdisciplinary framework to enable reliable SRAM fingerprinting, even if the fingerprint, depending on ambient conditions, exhibits nondeterministic behaviors. Furthermore, the interdisciplinary bases introduced in our work are expected to provide generic fundamental methodologies that apply to device fingerprints in general, not just to SRAM fingerprints. / text

SRAM fingerprinting

SRAM PUF

Device identification

Computer security

Identification du système d'acquisition d'images médicales à partir d'analyse du bruit / Identification of the Acquisition System in Medical Images by Noise Analysis

Kharboutly, Anas, Mustapha

13 September 2016

Le traitement d’images médicales a pour but d’aider les médecins dans leur diagnostic et d’améliorer l’interprétation des résultats. Les scanners tomo-densitométriques (scanners X) sont des outils d’imagerie médicale utilisés pour reconstruire des images 3D du corps humain.De nos jours, il est très important de sécuriser les images médicales lors de leur transmission, leur stockage, leur visualisation ou de leur partage entre spécialistes. Par exemple, dans la criminalistique des images, la capacité d’identifier le système d’acquisition d’une image à partir de cette dernière seulement, est un enjeu actuel.Dans cette thèse, nous présentons une première analyse du problème d’identification des scanners X. Pour proposer une solution à ce type de problèmes, nous nous sommes basés sur les méthodes d’identification d’appareils photo. Elles reposent sur l’extraction de l’empreinte des capteurs. L’objectif est alors de détecter sa présence dans les images testées. Pour extraire le bruit, nous utilisons un filtre de Wiener basé sur une transformation en ondelettes. Ensuite, nous nous appuyons sur les propriétés relatives aux images médicales pour proposer des solutions avancées pour l’identification des scanners X. Ces solutions sont basées sur une nouvelle conception de leur empreinte, cette dernière étant définie en trois dimensions et sur les trois couches : os, tissu et air.Pour évaluer notre travail, nous avons généré des résultats sur un ensemble de données réelles acquises avec différents scanners X. Finalement, nos méthodes sont robustes et donnent une précision d’authentification élevée. Nous sommes en mesure d’identifier quelle machine a servi pour l’acquisition d’une image 3D et l’axe selon lequel elle a été effectuée. / Medical image processing aims to help the doctors to improve the diagnosis process. Computed Tomography (CT) Scanner is an imaging medical device used to create cross-sectional 3D images of any part of the human body. Today, it is very important to secure medical images during their transmission, storage, visualization and sharing between several doctors. For example, in image forensics, a current problem consists of being able to identify an acquisition system from only digital images. In this thesis, we present one of the first analysis of CT-Scanner identification problem. We based on the camera identification methods to propose a solution for such kind of problem. It is based on extracting a sensor noise fingerprint of the CT-Scanner device. The objective then is to detect its presence in any new tested image. To extract the noise, we used a wavelet-based Wiener denoising filter. Then, we depend on the properties of medical images to propose advanced solutions for CT-Scanner identification. These solutions are based on new conceptions in the medical device fingerprint that are the three dimension fingerprint and the three layers one. To validate our work, we applied our experiments on multiple real data images of multiple CT-Scanner devices. Finally, our methods that are robust, give high identification accuracy. We were able to identify the acquisition CT-Scanner device and the acquisition axis.

Imagerie médicale

Identification d'appareil

De-Bruitage

Medical Image Forensics

Device Identification

Denoise

Robust Signaling, Scheduling and Authentication in the Multi-User Multiple-Input-Multiple-Output Channel

Shi, Yan

11 July 2011

Multiple-input multiple-output (MIMO) networks are known to be able to achieve throughput performance superior to that available from single-input single-output (SISO) systems. However, when applying MIMO in multi-user networks, achieving this throughput advantage requires efficient precoding and optimal network scheduling. Furthermore, MIMO radios can help ensure security in a multi-user network. Previous work has proposed various precoding techniques for the MIMO broadcast channel, based either on channel state information (CSI) or channel distribution information (CDI), which achieve optimal or near- optimal MIMO channel throughput. The performance of these techniques largely depends on the availability of the channel information at the transmitter that must be fed back from the receiver. However, the past work has not examined the impact of latency caused by feedback of channel information and computation. This research proposes a performance metric to measure the throughput degradation caused by compression and feedback of channel information. We further propose an effective data compression technique based on the Karhunen-Lo`eve (KL) Transform and show that linear precoding (beamforming) based on CDI can achieve superior performance by providing stable channel throughput in both time- varying and frequency-selective channels. Very little prior work exists on optimal scheduling for multi-user MIMO networks, particularly in time-varying channels. One reason for this is that hybrid MIMO channels permit much more complex channel structures, such as broadcast channel (BC) and multiple access channel (MAC), whose capacity is limited not only by random channel noise but also by the multi-user interference. Furthermore, the achieved MIMO channel throughput depends on the spatial characteristics of the multi-user channels, a feature not captured by traditional network models based on signal-to-noise ratio and Doppler. Therefore, achieving near optimal performance requires development of scheduling techniques that depend on detailed channel characteristics. This dissertation proposes a novel parametric representation of the channel that simply describes the complex multi-user MIMO channels and allows for efficient scheduling. Because of the computational and feedback efficiency enabled by this parametric approach, it achieves low latency and therefore excellent performance.Finally, in any network setting, security is an important consideration. Specifically authentication ensures that unauthorized users do not gain network access. Unfortunately, user identity can be relatively easy to forge. This work therefore explores the user of radio- metric fingerprinting that uniquely identifies a device by unique imperfections in its transmitted waveform. This work shows that by applying this fingerprinting technique to MIMO devices, authentication reliability can be dramatically improved. The work also develops an information-theoretic approach to identify the optimal set of radiometric features to use for authentication and further considers the impact of drift in radiometric features on authentication performance.

MIMO

CDI

feedback reduction

link scheduling

device identification

Electrical and Computer Engineering

Design and Implementation of a Digital Traceability System of Implantable Pacemakers in the Care Process / Design och implementering av ett digitalt spårbarhetssytem av implanterbara pacemakers i vårdprocessen

Skärvinge, Emma

January 2022

A major problem in healthcare today is the manual handling of administrative work. Few processes are automated and healthcare professionals are forced to spend a lot of time on paperwork, which means that their time with patients suffers. This has a major negative impact on patient safety. In addition, these manual processes mean that it is often not possible to trace implants in the care process. The purpose of this thesis is to investigate the effect that the implementation of traceability of implantable pacemakers can have on patient safety, on the working environment of healthcare professionals as well as on the financial incentives of hospitals. To answer the questions, a qualitative research strategy was used where first a scientific literature review was conducted; thereafter, interviews were conducted with healthcare professionals from clinics for implantation of active implants, as well as with professionals in the regulation of medical devices and the manufacture of pacemakers; later a regulatory document review was conducted. Lastly, based on the findings obtained, a proposal was formulated for a solution of a digital traceability process. The key results that could be found were that the methods and opportunities for conducting traceability in hospitals in Sweden differ. In addition, the results showed that in many places in the European and Swedish regulations, requirements were made for traceability to be conducted in hospitals, however, information and guidance are lacking on how traceability can be conducted in an efficient manner. Many interviewees also experienced this void of guidance documents and had a unanimous view that an effective digital traceability system would have an entirely positive impact on patient safety, on the healthcare environment's working environment and on hospitals' financial incentives. In summary, a guidance regulatory document is required to standardize traceability processes. In addition, an essential aspect of the possibilities for creating effective digital traceability systems is that there is collaboration at several levels to reach consensus and interoperability between healthcare systems. / Ett stort problem inom sjukvården idag är den manuella hanteringen av administrativt arbete. Få processer är automatiserade och sjukvårdspersonalen tvingas lägga mycket tid på pappersarbete, vilket gör att deras tid med patienter blir lidande. Detta har stor negativ påverkan på patientsäkerheten. Dessutom medför dessa manuella processer att det ofta inte går att spåra implantat i vårdprocessen. Syftet med detta examensarbete är att undersöka vilken effekt införandet av spårbarhet av implanterbara pacemakers kan ha på patientsäkerheten, på sjukvårdspersonalens arbetsmiljö samt på sjukhusens ekonomiska incitament. För att besvara frågeställningarna användes en kvalitativ forskningsstrategi där först en litteraturöversikt utfördes. Därefter genomfördes intervjuer med vårdpersonal inom mottagningar för implantering av aktiva implantat, samt med yrkesverksamma inom regleringen av medicintekniska produkter samt tillverkning av pacemakers. Efter detta utfördes en literaturstudie. Slutligen, baserat på de resultat som erhölls, formulerades ett förslag på en lösning av en digital spårbarhetsprocess. De nyckelresultat som kunde återfinnas var att metoderna och möjlig-heterna för att bedriva spårbarhet på sjukhus i Sverige skiljer sig åt. Dessutom visade resultaten att det på många ställen i de Europeiska och Svenska regelverken ställdes krav på att spårbarhet ska bedrivas på inom sjukvården, däremot så fattas information och vägledning om hur spårbarhet kan bedrivas på ett effektivt sätt. Många intervjudeltagare upplevde också detta tomrum av vägledande dokument och hade en enad uppfattning om att ett effektivt digitalt spårbarhetssystem enbart skulle ha positiv inverkan på patientsäkerheten, på vårdpersonalens arbetsmiljö samt på sjukhusens ekonomiska incitament. Sammanfattningsvis krävs det vägledande regulatoriska dokument för att standardisera processerna för spårbarhet. Dessutom är en väsentlig aspekt av möjligheterna för att skapa effektiva digitala spårbarhetssystem att det sker ett samarbete på ett flertal nivåer för att nå konsensus och interoperabilitet mellan sjukvårdens system.

Implantable Pacemaker

Digital Traceability

Unique Device Identification

Healthcare Process

Patient Safety

Implanterbar pacemaker

digital spårbarhet

unik enhetsidentifiering

vård-process

patientsäkerhet

Medical and Health Sciences

Medicin och hälsovetenskap

Konzepte der internetbasierten Gerätesteuerung

Hoffmann, Gunnar

16 December 2011

Auf dem Gebiet der Gerätesteuerung existieren zahlreiche Insellösungen, die den Anspruch nach generischer Eignung nicht erfüllen. In besonderer Weise defizitär ist der Mangel an ganzheitlichen, offenen Frameworks, bei denen die Autokonfiguration, die Gerätezuordenbarkeit vor Ort, die Geräteüberwachbarkeit, die Inter-Gerätekommunikation und die Automatisierbarkeit von Abläufen Berücksichtigung finden. Vor diesem Hintergrund öffnet die Arbeit mit einer Bestandsaufnahme von Technologien, die Einzelanforderungen der generischen Gerätesteuerung erfüllen. Sie bilden im weiteren Verlauf das potentielle Architekturfundament. Der Betrachtungsrahmen wird hierbei soweit ausgedehnt, dass relevante Verfahrensschritte vom Geräteanschluss bis zur automatisierten Generierung von User Interfaces abgedeckt sind. Unter Rückgriff auf ausgewählte Technologien wird ein zweigliedriger Ansatz vorgestellt, der ein sehr breites Spektrum potentieller Steuergeräte unterstützt und gleichzeitig technologieoffen im Hinblick auf die Autogenerierung von User Interfaces ist. Höchstmögliche Funktionalität wird durch die Beschreibungssprache Device XML (DevXML) erreicht, deren Entwicklung einen Schwerpunkt der Arbeit darstellte. In Anlehnung an die etablierte Petrinetztheorie werden Abhängigkeiten zwischen Zuständen und Funktionen formal beschrieben. Das Sprachvokabular von DevXML ermöglicht hierauf aufbauend Regeldefinitionen mit dem Ziel der Ablaufautomatisierung. Das entworfene Framework wurde anhand von insgesamt elf praktischen Beispielen wie z.B. einem Schalter, einem Heizungsmodul, einem Multimeter bis hin zu virtuellen Geräten erfolgreich verifiziert.

Gerätesteuerung

DevControl

DevXML

DevHTML

Petrinetz

Jini

Zeroconf

UPnP

Autokonfiguration

Gerätezuordenbarkeit

Geräteüberwachung

Inter-Gerätekommunikation

Automatisierung

device control

DevControl

DevXML

DevHTML

Petri net

Jini

Zeroconf

UPnP

auto configuration

device identification

device monitoring

inter device communication

automation

ddc:004

Peripheres Gerät

Framework <Informatik>

Konfiguration <Informatik>

Steuerung

Überwachung

Datenübertragung

XML

Petri-Netz

Identifikace zařízení na základě jejich chování v síti / Behaviour-Based Identification of Network Devices

Polák, Michael Adam

January 2020

Táto práca sa zaoberá problematikou identifikácie sieťových zariadení na základe ich chovania v sieti. S neustále sa zvyšujúcim počtom zariadení na sieti je neustále dôležitejšia schopnosť identifikovať zariadenia z bezpečnostných dôvodov. Táto práca ďalej pojednáva o základoch počítačových sietí a metódach, ktoré boli využívané v minulosti na identifikáciu sieťových zariadení. Následne sú popísané algoritmy využívané v strojovom učení a taktiež sú popísané ich výhody i nevýhody. Nakoniec, táto práca otestuje dva tradičné algorithmy strojového učenia a navrhuje dva nové prístupy na identifikáciu sieťových zariadení. Výsledný navrhovaný algoritmus v tejto práci dosahuje 89% presnosť identifikácii sieťových zariadení na reálnej dátovej sade s viac ako 10000 zariadeniami.

Konzepte der internetbasierten Gerätesteuerung

Hoffmann, Gunnar

05 December 2011

Auf dem Gebiet der Gerätesteuerung existieren zahlreiche Insellösungen, die den Anspruch nach generischer Eignung nicht erfüllen. In besonderer Weise defizitär ist der Mangel an ganzheitlichen, offenen Frameworks, bei denen die Autokonfiguration, die Gerätezuordenbarkeit vor Ort, die Geräteüberwachbarkeit, die Inter-Gerätekommunikation und die Automatisierbarkeit von Abläufen Berücksichtigung finden. Vor diesem Hintergrund öffnet die Arbeit mit einer Bestandsaufnahme von Technologien, die Einzelanforderungen der generischen Gerätesteuerung erfüllen. Sie bilden im weiteren Verlauf das potentielle Architekturfundament. Der Betrachtungsrahmen wird hierbei soweit ausgedehnt, dass relevante Verfahrensschritte vom Geräteanschluss bis zur automatisierten Generierung von User Interfaces abgedeckt sind. Unter Rückgriff auf ausgewählte Technologien wird ein zweigliedriger Ansatz vorgestellt, der ein sehr breites Spektrum potentieller Steuergeräte unterstützt und gleichzeitig technologieoffen im Hinblick auf die Autogenerierung von User Interfaces ist. Höchstmögliche Funktionalität wird durch die Beschreibungssprache Device XML (DevXML) erreicht, deren Entwicklung einen Schwerpunkt der Arbeit darstellte. In Anlehnung an die etablierte Petrinetztheorie werden Abhängigkeiten zwischen Zuständen und Funktionen formal beschrieben. Das Sprachvokabular von DevXML ermöglicht hierauf aufbauend Regeldefinitionen mit dem Ziel der Ablaufautomatisierung. Das entworfene Framework wurde anhand von insgesamt elf praktischen Beispielen wie z.B. einem Schalter, einem Heizungsmodul, einem Multimeter bis hin zu virtuellen Geräten erfolgreich verifiziert.

info:eu-repo/classification/ddc/004

ddc:004

Design Techniques for Secure IoT Devices and Networks

Malin Priyamal Prematilake (12201746)

25 July 2023

<p>The rapid expansion of consumer Internet-of-Things (IoT) technology across various application domains has made it one of the most sought-after and swiftly evolving technologies. IoT devices offer numerous benefits, such as enhanced security, convenience, and cost reduction. However, as these devices need access to sensitive aspects of human life to function effectively, their abuse can lead to significant financial, psychological, and physical harm. While previous studies have examined the vulnerabilities of IoT devices, insufficient research has delved into the impact and mitigation of threats to users' privacy and safety. This dissertation addresses the challenge of protecting user safety and privacy against threats posed by IoT device vulnerabilities. We first introduce a novel IWMD architecture, which serves as the last line of defense against unsafe operations of Implantable and Wearable Medical Devices (IWMDs). We demonstrate the architecture's effectiveness through a prototype artificial pancreas. Subsequent chapters emphasize the safety and privacy of smart home device users. First, we propose a unique device activity-based categorization and learning approach for network traffic analysis. Utilizing this technology, we present a new smart home security framework and a device type identification mechanism to enhance transparency and access control in smart home device communication. Lastly, we propose a novel traffic shaping technique that hinders adversaries from discerning user activities through traffic analysis. Experiments conducted on commercially available IoT devices confirm that our solutions effectively address these issues with minimal overhead.</p>

Digital health

System and network security

Networking and communications

Embedded Systems Security

Implantable Medical Device

internet of things sensors

Internet of Things (loT)

Internet of Things Healthcare Market

Security

Health

device identification

activity identification

Security Framework

Privacy

Safety

Network security.

Computer engineering.

Smart Home Privacy

IMD security

IMD

IWMD

IWMD Security

Traceability of Single-Use Medical Devices through the Hospital Supply Chain. Reflections and Recommendations for Implementation of Single-Use Medical Devices Traceability / Spårbarhet för medicintekniska engångsartiklar genom sjukhusets försörjningskedja. Reflektioner och rekommendationer för implementering av medicintekniska engångsartiklar

Kyrkander, Sara

January 2020

There is an increased need for complete medical device traceability in the healthcare industry. The two main reasons are the healthcare industry's global supply chain and decentralised adverse events reporting, where different laws apply for each country and where each country has their own database for incidents without international governance. The idea of improving traceability procedures in the surgical department at Karolinska University Hospital was formed in the light of a near miss event where guidelines regarding incident management of a Single-Use Medical Device (SUMD) were not followed properly. Hence, this thesis project will investigate the issue of finding an effective way to trace SUMDs at Karolinska University Hospital, in order to improve the incident management process and suggest improvements of patient safety at other Swedish hospitals as well. The collection of data consisted of different data sources; observations at the research site and interviews with relevant participants. By employing multiple sources to this study, a more holistic approach could be achieved. In addition to observing the current situation of device registration, it was of importance to ask individuals with competence and different perspectives on the issue of traceability of SUMDs. To answer the research questions, the acquired data was categorized into the different identified cornerstones of traceability of SUMDs. These were registration process, perioperative supply chain and incidents management. Each section was divided into an investigation of the current process, issues and suggested improvements, in order to clearly answer to the research questions. Furthermore, these acquired answers and insights, from observations and interviews, were translated and summarized to form a basis for the results. Based on the data acquisition and compilation from the different perspectives, key findings and themes are presented in the results. The thesis proposal include a visual representation that show the physical flow of a SUMD from the point of being delivered to the hospital by the distributor, through different entities where registration occur, until it is either discarded or saved for incidents reporting. In order to avoid many of the current issues and to realize the acquired suggestions from this thesis, interoperability between the systems within the healthcare organization as well as between the different entities throughout the entire supply chain is an essential part of the solution, which should be further studied.

Traceability

Registration

Supply Chain

Incident Management

Single-use Medical Devices

Unique Device Identification

Patient Safety

Quality of Healthcare

Healthcare Institution

Social Sciences Interdisciplinary

Medical Engineering

Medicinteknik