Distributed Relay/Replay Attacks on GNSS Signals

Lenhart, Malte

January 2022

In modern society, Global Navigation Satellite Systems (GNSSs) are ubiquitously relied upon by many systems, among others in critical infrastructure, for navigation and time synchronization. To overcome the prevailing vulnerable state of civilian GNSSs, many detection schemes for different attack types (i.e., jamming and spoofing) have been proposed in literature over the last decades. With the launch of Galileo Open Service Navigation Message Authentication (OS­NMA), certain, but not all, types of GNSS spoofing are prevented. We therefore analyze the remaining attack surface of relay/replay attacks in order to identify a suitable and effective combination of detection schemes against these. One shortcoming in the evaluation of countermeasures is the lack of available test platforms, commonly limiting evaluation to mathematical description, simulation and/or test against a well defined set of recorded spoofing incidents. In order to allow researchers to test countermeasures against more diverse threats, this degree project investigates relay/replay attacks against GNSS signals in real­world setups. For this, we consider colluding adversaries, relaying/replaying on signal­ and on message­level in real­time, over consumer grade Internet, and with Commercially off the Shelf (COTS) hardware. We thereby highlight how effective and simple relay/replay attacks can be on existent and likely on upcoming authenticated signals. We investigate the requirements for such colluding attacks and present their limitations and impact, as well as highlight possible detection points. / Det moderna samhället förlitar sig på ständigt tillgängliga satellitnavigeringssystem (GNSSs) för navigering och tidssynkronisering i bland annat kritisk infrastruktur. För att åtgärda det rådande såbara tillståndet i civila GNSSs har många detektionssystem för olika attacktyper (dvs. jamming och förfalskning) blivit förslagna i den vetenskapliga litteraturen under de senaste årtiondena. Införandet av Galileo Open Service Navigation Message Authentication (OS NMA) förhindrar vissa, men inte alla typer av förfalskningsattacker. Därför analyserar vi den övriga angreppsytan för replay attacker för att identifiera en kvalificerad och effektiv kombination av detektionssystem emot dem. Ett tillkortakommande i utvärdering av detektionssystemen är bristen på tillgängliga testplattformar, vilket får konsekvensen att utvärderingen ofta är begränsad till matematiska beskrivningar, simuleringar, och/eller testning mot ett väldefinierat set av genererad förfalskningsattacker. För att hjälpa forskarna testa detektionssystemen mot mer varierade angrepp undersöker detta examensarbete replay attacker mot GNSS signaler i realistiska situationer. För dessa syften betraktar vi kollaborerande angripare som utför replay attacker på signal ­ och meddelandennivå i realtid över konsument­kvalité Internet med vanlig hårdvara. Vi framhäver därmed hur effektiva och enkla replay attacker kan vara mot befintliga och kommande autentiserade signaler. Vi undersöker förutsättningar för sådana kollaborerande attacker och presenterar deras begränsningar och verkan, samt möjliga kännetecken.

Spoofing

Relay/Replay Attack

Software Defined Radio (SDR)

Security

Satellitnavigeringssystem

Spoofing

Relay/Replay Attack

Software Defined Radio (SDR)

Säkerhet

Elektroteknik och elektronik

Securing embedded systems based on FPGA technologies / Sécurisation des systèmes embarqués basés sur les technologies FPGA

Devic, Florian

06 July 2012

Les systèmes embarqués peuvent contenir des données sensibles. Elles sont généralement échangées en clair entre le système sur puces et la mémoire, mais aussi en interne. Cela constitue un point faible: un attaquant peut observer cet échange et récupérer des informations ou insérer du code malveillant. L'objectif de la thèse est de fournir une solution dédiée et adaptée à ces problèmes en considérant l'intégralité de la durée de vie du système embarqué (démarrage, mises à jour et exécution) et l'intégralité des données (bitstream du FPGA, noyau du système d'exploitation, code et données critiques). En outre, il est nécessaire d'optimiser les performances des mécanismes matériels de sécurité introduits afin de correspondre aux attentes des systèmes embarqués. Cette thèse se distingue en proposant des solutions innovantes et adaptées au monde des FPGAs. / Embedded systems may contain sensitive data. They are usually exchanged in plaintext between the system on chips and the memory, but also internally. This is a weakness: an attacker can spy this exchange and retrieve information or insert malicious code. The aim of the thesis is to provide a dedicated and suitable solution for these problems by considering the entire lifecycle of the embedded system (boot, updates and execution) and all the data (FPGA bitstream, operating system kernel, critical data and code). Furthermore, it is necessary to optimize the performance of hardware security mechanisms introduced to match the expectations of embedded systems. This thesis is distinguished by offering innovative and suitable solutions for the world of FPGAs.

Fpga

Architecture reconfigurable

Attaque par rejeu

Boot

Système d’exploitation embarqué

Reconfiguration dynamique partielle

Fpga

Reconfigurable architecture

Replay attack

Boot

Embedded operating system

Dynamic partial reconfiguration

Um esquema de segurança para quadros de controle em redes IEEE 802.11

FRANÇA NETO, Ivan Luiz de

14 August 2015

Submitted by Haroudo Xavier Filho (haroudo.xavierfo@ufpe.br) on 2016-03-11T14:34:26Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) DissertacaoIvanFranca.pdf: 1367108 bytes, checksum: 8ceed302b395b606d9ac49b5a05987db (MD5) / Made available in DSpace on 2016-03-11T14:34:26Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) DissertacaoIvanFranca.pdf: 1367108 bytes, checksum: 8ceed302b395b606d9ac49b5a05987db (MD5) Previous issue date: 2015-08-14 / Os quadros de controle IEEE 802.11 desempenham funções importantes na rede sem fio. Dentre elas estão o controle de acesso ao meio de comunicação, a recuperação de quadros armazenados no Ponto de Acesso e a confirmação do recebimento de blocos de quadros ou de certos tipos de quadros. Apesar da importância dos quadros de controle, eles são vulneráveis a ataques de forjação, manipulação e reinjeção devido a inexistência de mecanismos de proteção. Este trabalho propõe um esquema de segurança para quadros de controle em redes IEEE 802.11 a fim de evitar esses ataques. A proposta se diferencia dos trabalhos relacionados por prover um alto grau de segurança em todos os seus módulos com baixo impacto na vazão da rede. Além disso, a proposta não incorre nas fraquezas que eles possuem na contenção dos ataques de reinjeção e no processo de geração e distribuição de chaves. / IEEE 802.11 control frames play important role in the wireless network. Among them are the medium access control, the retrieving of buffered frames in the Access Point, and the acknowledgment of block of frames or certain types of frames. Despite their importance, control frames remain vulnerable to forging, tampering, and replay attacks due to lack of protection mechanisms. This work proposes a security scheme for IEEE 802.11 control frames to prevent such attacks. Our proposal differs from related work by providing a high level of security in all modules along with low impact on network throughput. Furthermore, the proposal avoid the weaknesses that they have in the restraint the replay attacks and in the key generation and distribution process.

Redes sem fio

Quadros de controle

Geração e distribuição de chave

Negação de Serviço

Ataque de replicação

Wireless network

Control frame

Denial of service

Key generation and distribution

Replay attack

Penetration testing of Sesame Smart door lock / Penetrationstest av Sesame Smart dörrlås

Liu, Shuyuan

January 2023

The Internet of things (IoT) device has been widely used in various fields, and its market is expanding rapidly. However, the growing usage of IoT devices also brings more security concerns. The smart door lock is one of the smart home IoT devices that need to be designed securely. This thesis work aims to evaluate and investigate the security aspect of the newest smart door lock. This thesis first provides an introduction and background of penetration testing and creates the threat model. Based on the threat model, some testings are conducted, including state consistency, Man-In-The-Middle (MITM) attack, replay attack, reverse engineering, GPS spoofing, Denial of service (DoS) attack. The result indicates that penetration tests reveal some security problems on the tested device, especially in the access log, traffic between application and server, and the ability of resistance disruption on the WiFi access point. / IoT-enheten har använts i stor utsträckning inom olika områden och dess marknad expanderar snabbt. Den ökande användningen av IoT-enheter medför dock också fler säkerhetsproblem. Det smarta dörrlåset är en av de smarta hem IoT-enheterna som måste utformas säkert. Detta examensarbete syftar till att utvärdera och undersöka säkerhetsaspekten av det nyaste smarta dörrlåset. Denna avhandling ger först en introduktion och bakgrund av penetrationstestning och skapar hotmodellen. Baserat på hotmodellen genomförs vissa tester, inklusive tillståndskonsistens, MITM attack, replay attack, reverse engineering, GPS spoofing, DoS attack. Resultatet indikerar att penetrationstester avslöjar vissa sårbarheter på den testade enheten, särskilt i åtkomstloggen, trafik mellan applikation och server och förmågan till motståndsavbrott på WiFi-åtkomstpunkten.

IoT

Smart door lock

State consistency

MITM attack

Replay attack

Reverse engineering

GPS spoofing

DoS attack

IoT

smart dörrlås

tillståndskonsistens

MITM-attack

Replay-attack

Reverse engineering

GPS-spoofing

DoS attack

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Computer and Information Sciences

Data- och informationsvetenskap

Constructing Provably Secure Identity-Based Signature Schemes

Chethan Kamath, H

January 2013

An identity-based cryptosystem (IBC) is a public-key system where the public key can be represented by any arbitrary string such as an e-mail address. The notion was introduced by Shamir with the primary goal of simplifying certificate management. An identity-based signature(IBS) is the identity-based counter part of a digital signature. In the first (and primary) part of the work, we take a closer look at an IBS due to Galindo and Garcia–GG-IBS, for short. GG-IBS is derived through a simple and elegant concatenation of two Schnorr signatures and, importantly, does not rely on pairing. The security is established through two algorithms (both of) which use the Multiple-Forking(MF) Algorithm to reduce the problem of computing the discrete logarithm to breaking the IBS. Our focus is on the security argument : It turns out that the argument is flawed and, as a remedy, we sketch a new security argument. However, the resulting security bound is still quite loose, chiefly due to the usage of the MF Algorithm. We explore possible avenues for improving this bound and , to this end, introduce two notions pertaining to random oracles termed dependency and independency. Incorporating (in) dependency allows us to launch the nested replay attack far more effectively than in the MF Algorithm leading to a cleaner,(significantly) tighter security argument for GG-IBS, completing the final piece of the GG-IBS jigsaw. The second part of the work pertains to the notion of selective-identity (sID) for IBCs. The focus is on the problem of constructing a fully-secure IBS given an sID-secure IBS without using random oracles and with reasonable security degradation.

Identity Based Signature

Provably Secure sSgnatures

Schnorr Signature

Oracle Replay Attack

Galindo-Garcia Identity Based Signature

Random Oracles

Identity-Based Cryptosystems

Identity Based Signatures - Forking

Provable Security

Selective-Identity Model

Computer Science