Global ETD Search

61	Perspectives of Jamming, Mitigation and Pattern Adaptation of OFDM Pilot Signals for the Evolution of Wireless Networks Rao, Raghunandan M. 28 September 2016 (has links) Wireless communication networks have evolved continuously over the last four decades in order to meet the traffic and security requirements due to the ever-increasing amount of traffic. However this increase is projected to be massive for the fifth generation of wireless networks (5G), with a targeted capacity enhancement of 1000× w.r.t. 4G networks. This enhanced capacity is possible by a combination of major approaches (a) overhaul of some parts and (b) elimination of overhead and redundancies of the current 4G. In this work we focus on OFDM reference signal or pilot tones, which are used for channel estimation, link adaptation and other crucial functions in Long-Term Evolution (LTE). We investigate two aspects of pilot signals pertaining to its evolution - (a) impact of targeted interference on pilots and its mitigation and (b) adaptation of pilot patterns to match the channel conditions of the user. We develop theoretical models that accurately quantify the performance degradation at the user’s receiver in the presence of a multi-tone pilot jammer. We develop and evaluate mitigation algorithms to mitigate power constrained multi-tone pilot jammers in SISO- and full rank spatial multiplexing MIMO-OFDM systems. Our results show that the channel estimation performance can be restored even in the presence of a strong pilot jammer. We also show that full rank spatial multiplexing in the presence of a synchronized pilot jammer (transmitting on pilot locations only) is possible when the channel is flat between two pilot locations in either time or frequency. We also present experimental results of multi-tone broadcast pilot jamming (Jamming of Cell Specific Reference Signal) in the LTE downlink. Our results show that full-band jamming of pilots needs 5 dB less power than jamming the entire downlink signal, in order to cause Denial of Service (DoS) to the users. In addition to this, we have identified and demonstrated a previously unreported issue with LTE termed ‘Channel Quality Indicator (CQI) Spoofing’. In this scenario, the attacker tricks the user terminal into thinking that the channel quality is good, by transmitting interference transmission only on the data locations, while deliberately avoiding the pilots. This jamming strategy leverages the dependence of the adaptive modulation and coding (AMC) schemes on the CQI estimate in LTE. Lastly, we investigate the idea of pilot pattern adaptation for SISO- and spatial multiplexing MIMO-OFDM systems. We present a generic heuristic algorithm to predict the optimal pilot spacing and power in a nonstationary doubly selective channel (channel fading in both time and frequency). The algorithm fits estimated channel statistics to stored codebook channel profiles and uses it to maximize the upper bound on the constrained capacity. We demonstrate up to a 30% improvement in ergodic capacity using our algorithm and describe ways to minimize feedback requirements while adapting pilot patterns in multi-band carrier aggregation systems. We conclude this work by identifying scenarios where pilot adaptation can be implemented in current wireless networks and provide some guidelines to adapt pilots for 5G. / Master of Science Pilot Pattern Adaptation OFDM systems Multi-tone Pilot Jamming Channel Quality Indicator (CQI) Spoofing Mitigation
62	Paving the Path of LTE Toward 5G: Physical Layer Assurance and Operation in the Unlicensed Spectrum Labib, Mina Salah Said 28 September 2020 (has links) Long-Term Evolution (LTE) is the fourth generation (4G) wireless communications standard and its evolution is paving the path for the fifth generation (5G) technology. LTE is also considered for supporting public safety networks, Machine-to-Machine (M2M) communications, and many other applications. Hence, it is critical to ensure that the LTE system performs effectively even in harsh signaling environments. Unfortunately, LTE is vulnerable to intentional interference at the physical layer. We define the term LTE control channel spoofing, which refers to the case when an adversary sets a fake LTE-like base station (evolved NodeB or eNodeB) that transmits a partial or full LTE downlink frame to deceive LTE devices and hinder them from attaching to a real cell. Based on analyzing the initial cell selection process in the LTE specifications, we identify three different level of LTE control channel spoofing. We have built a testbed to demonstrate the feasibility of such an attack. The experimental results show that LTE control channel spoofing can cause permanent denial of service for LTE devices during the cell selection process. We propose effective mitigation techniques to enhance the immunity of LTE systems against all the three forms of LTE control channel spoofing, and ensure that it is secure and available when and where needed. Moreover, the commercial success of LTE and the resulting growth in mobile data demand have motivated cellular network operators to strive for new innovations. LTE-Unlicensed has been recently proposed to allow cellular network operators to offload some of their data traffic by accessing the unlicensed 5 GHz frequency band. There are three variants of LTE-Unlicensed that have been proposed in the industry. These variants differ in their operational features, but they enhance the capacity of LTE and represent a big milestone in its evolution toward 5G. However, LTE-Unlicensed faces several challenges when operating in the 5 GHz bands, as this spectrum is mainly occupied by Wi-Fi and by various radar systems. Therefore, we analyze the algorithms proposed in the industry for the LTE-Unlicensed and Wi-Fi coexistence, and we develop a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems. In order to analyze LTE-Unlicensed and Wi-Fi coexistence, we first explain the technical details of each of the three variants of LTE-Unlicensed, and we provide a comparative analysis of them in terms of their operational features. Then we develop an unbiased and objective evaluation of their proposed coexistence mechanisms with Wi-Fi systems, and numerically compare their performance. In order to emphasize the need for developing a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems, we first present the different regulatory requirements for the 5 GHz unlicensed bands in several world regions, and we perform a comprehensive survey on the different radar types within the 5 GHz sub-bands. Then we develop a novel spectrum sharing technique based on chance-constrained stochastic optimization to allow the LTE-Unlicensed eNodeB to share the spectrum efficiently with a radar system. The optimization problem is formulated to guarantee the minimum performance criteria for the radar operation, and at the same time allows the LTE-Unlicensed eNodeB to control its transmit power to maximize the performance for the serving LTE-Unlicensed device. A mathematical model is used to transform the stochastic optimization problem into a deterministic one, and an exhaustive search is used to solve the resulting optimization problem. Due to the power control mechanism resulting from the proposed algorithm, numerical results show a significant reduction in the protection distance required between the radar and the LTE-Unlicensed network for the two to coexist, as the proposed algorithm can allow the two systems to operate effectively with a protection distance of only 3.95% of the one imposed by the regulations. LTE LTE-A LTE-U LAA MulteFire LTE security Jamming LTE control channel spoofing Spectrum sharing LTE and Wi-Fi coexistence LTE and radar coexistence
63	Detekce síťových útoků pomocí nástroje Tshark / Detection of Network Attacks Using Tshark Dudek, Jindřich January 2018 (has links) This diploma thesis deals with the design and implementation of a tool for network attack detection from a captured network communication. It utilises the tshark packet analyser, the meaning of which is to convert the input file with the captured communications to the PDML format. The objective of this conversion being, increasing the flexibility of input data processing. When designing the tool, emphasis has been placed on the ability to expand it to detect new network attacks and on integrating these additions with ease. For this reason, the thesis also includes the design of a complex declarative descriptions for network attacks in the YAML serialization format. This allows us to specify the key properties of the network attacks and the conditions for their detection. The resulting tool acts as an interpreter of proposed declarative descriptions allowing it to be expanded with new types of attacks.
64	Penetration testing of Sesame Smart door lock / Penetrationstest av Sesame Smart dörrlås Liu, Shuyuan January 2023 (has links) The Internet of things (IoT) device has been widely used in various fields, and its market is expanding rapidly. However, the growing usage of IoT devices also brings more security concerns. The smart door lock is one of the smart home IoT devices that need to be designed securely. This thesis work aims to evaluate and investigate the security aspect of the newest smart door lock. This thesis first provides an introduction and background of penetration testing and creates the threat model. Based on the threat model, some testings are conducted, including state consistency, Man-In-The-Middle (MITM) attack, replay attack, reverse engineering, GPS spoofing, Denial of service (DoS) attack. The result indicates that penetration tests reveal some security problems on the tested device, especially in the access log, traffic between application and server, and the ability of resistance disruption on the WiFi access point. / IoT-enheten har använts i stor utsträckning inom olika områden och dess marknad expanderar snabbt. Den ökande användningen av IoT-enheter medför dock också fler säkerhetsproblem. Det smarta dörrlåset är en av de smarta hem IoT-enheterna som måste utformas säkert. Detta examensarbete syftar till att utvärdera och undersöka säkerhetsaspekten av det nyaste smarta dörrlåset. Denna avhandling ger först en introduktion och bakgrund av penetrationstestning och skapar hotmodellen. Baserat på hotmodellen genomförs vissa tester, inklusive tillståndskonsistens, MITM attack, replay attack, reverse engineering, GPS spoofing, DoS attack. Resultatet indikerar att penetrationstester avslöjar vissa sårbarheter på den testade enheten, särskilt i åtkomstloggen, trafik mellan applikation och server och förmågan till motståndsavbrott på WiFi-åtkomstpunkten. IoT Smart door lock State consistency MITM attack Replay attack Reverse engineering GPS spoofing DoS attack IoT smart dörrlås tillståndskonsistens MITM-attack Replay-attack Reverse engineering GPS-spoofing DoS attack Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
65	GNSS Safety and Handling Björklund, Axel January 2022 (has links) Satellite navigation (such as GPS) has become widely successful and is used by billions of users daily. Accuratepositioning and timing has a wide range of applications and is increasingly being integrated in safety criticalsystems such as autonomous operations, traffic management, navigation for airplanes and other vehicles. Thesecurity and vulnerabilities of satellite navigation is however often not considered in the same way as for exampledata security, even though the high efficacy of spoofing with off-the-self software-defined radio (SDR) has beendemonstrated repeatedly. The lack of concern comes partially from the lack of options as satellite navigationauthentication has not previously existed in the civil domain.This work benchmarks the anti-spoofing and signal level measurements of commercial receivers in both simulatedand real-world scenarios and implements additional anti-spoofing measures. The additional anti-spoofingmeasures are implemented using no additional information than what the receiver should already have accessto in any modern commercial vehicle. Upcoming EU regulation 2021/1228 for vehicles used in internationaltransport will also mandate the use of these three anti-spoofing measures by August 2023. Here receiver time isverified by the means of Network Time Protocol (NTP) and real time clock (RTC); receiver motion is verifiedby the means of dead reckoning and inertial measurement unit (IMU); receiver navigation data is verified by themeans of asymmetric cryptography and Galileo Open Service Navigation Message Authentication (OSNMA).The computational overhead is analyzed as well as cost and worldwide Market feasibility. We estimate thateven basic timing devices would only have to perform one NTP request every 17 days and a microcontrollerpowerful enough to do OSNMA costs less than $2. Finally, the benefits of multi-band receivers and futuredevelopments in both the user and space segments are discussed. Navigation GNSS GPS Galileo OSNMA TESLA protocol SHA-256 jamming spoofing SDR GPS-SDR-SIM Smart Tachograph dead reckoning U-blox Volvo Group Volvo FH Information Systems
66	thesis.pdf Jianliang Wu (15926933) 30 May 2023 (has links) <p>Bluetooth is the de facto standard for short-range wireless communications. Besides Bluetooth Classic (BC), Bluetooth also consists of Bluetooth Low Energy (BLE) and Bluetooth Mesh (Mesh), two relatively new protocols, paving the way for its domination in the era of IoT and 5G. Meanwhile, attacks against Bluetooth, such as BlueBorne, BleedingBit, KNOB, BIAS, and BThack, have been booming in the past few years, impacting the security and privacy of billions of devices. These attacks exploit both design issues in the Bluetooth specification and vulnerabilities of its implementations, allowing for privilege escalation, remote code execution, breaking cryptography, spoofing, device tracking, etc.</p> <p><br></p> <p>To secure Bluetooth, researchers have proposed different approaches for both Bluetooth specification (e.g., formal analysis) and implementation (e.g., fuzzing). However, existing analyses of the Bluetooth specification and implementations are either done manually, or the automatic approaches only cover a small part of the targets. As a consequence, current research is far from complete in securing Bluetooth.</p> <p><br></p> <p>Therefore, in this dissertation, we propose the following research to provide missing pieces in prior research toward completing Bluetooth security research in terms of both Bluetooth specification and implementations. (i) For Bluetooth security at the specification level, we start from one protocol in Bluetooth, BLE, and focus on the previously unexplored reconnection procedure of two paired BLE devices. We conduct a formal analysis of this procedure defined in the BLE specification to provide security guarantees and identify new vulnerabilities that allow spoofing attacks. (ii) Besides BLE, we then formally verify other security-critical protocols in all Bluetooth protocols (BC, BLE, and Mesh). We provide a comprehensive formal analysis by covering the aspects that prior research fails to include (i.e., all possible combinations of protocols and protocol configurations) and considering a more realistic attacker model (i.e., semi-compromised device). With this model, we are able to rediscover five known vulnerabilities and reveal two new issues that affect BC/BLE dual-stack devices and Mesh devices, respectively. (iii) In addition to the formal analysis of specification security, we propose and build a comprehensive formal model to analyze Bluetooth privacy (i.e., device untraceability) at the specification level. In this model, we convert device untraceability into a reachability problem so that it can be verified using existing tools without introducing false results. We discover four new issues allowed in the specification that can lead to eight device tracking attacks. We also evaluate these attacks on 13 Bluetooth implementations and find that all of them are affected by at least two issues. (iv) At the implementation level, we improve Bluetooth security by debloating (i.e., removing code) Bluetooth stack implementations, which differs from prior automatic approaches, such as fuzzing. We keep only the code of needed functionality by a user and minimize their Bluetooth attack surface by removing unneeded Bluetooth features in both the host stack code and the firmware. Through debloating, we can remove 20 known CVEs and prevent a wide range of attacks again Bluetooth. With the research presented in this thesis, we improve Bluetooth security and privacy at both the specification and implementation levels.</p> System and network security Mobile computing Bluetooth low-energy Security & privacy factors Bluetooth Classic Bluetooth Mesh Man-in-the-middle (MITM) attacks Device tracking Formal Analysis Program Analysis Debloating Spoofing attacks Reflection attacks
67	Evaluation of FMCW Radar Jamming Sensitivity Snihs, Ludvig January 2023 (has links) In this work, the interference sensitivity of an FMCW radar has been evaluated by studying the impact on a simulated detection chain. A commercially available FMCW radar was first characterized and its properties then laid the foundation for a simulation model implemented in Matlab. Different interference methods have been studied and a selection was made based on the results of previous research. One method aims to inject a sufficiently large amount of energy in the form of pulsed noise into the receiver. The second method aims to deceive the radar into seeing targets that do not actually exist by repeating the transmitted signal and thus giving the radar a false picture of its surroundings. The results show that if it is possible to synchronize with the transmitted signal then repeater jamming can be effective in misleading the radar. In one scenario the false target even succeeded in hiding the real target by exploiting the Cell-Averaging CFAR detection algorithm. The results suggests that without some smart countermeasures the radar has no way of distinguishing a coherent repeater signal, but just how successful the repeater is in creating a deceptive environment is highly dependent on the detection algorithm used. Pulsed noise also managed to disrupt the radar and with a sufficiently high pulse repetition frequency the detector could not find any targets despite a simulated object in front of the radar. On the other hand, a rather significant effective radiated power level was required for the pulse train to achieve any meaningful effect on the radar, which may be due to an undersampled signal in the simulation. It is therefore difficult based on this work to draw any conclusions about how suitable pulsed noise is in a non-simulated interference context and what parameter values to use. FMCW FMCW radar radar frequency-modulated radar noise jamming FMCW Jamming Jamming Pulse Train Pulse Jamming Spoofing Attack Spoofing Deception Repeater Jamming Repeater Automotive Radar CFAR sensor jamming constant false alarm rate electronic warfare EW FMCW FMCW radar frekvensmodulerad dopplerradar dopplerradar radar brusstörning radarstörning pulsstörning pulståg falskmål vilseledning repeterstörning bilradar sensorstörning CFAR Annan elektroteknik och elektronik
68	Automatické testování projektu JavaScript Restrictor / Automatic Testing of JavaScript Restrictor Project Bednář, Martin January 2020 (has links) The aim of the thesis was to design, implement and evaluate the results of automatic tests for the JavaScript Restrictor project, which is being developed as a web browser extension. The tests are divided into three levels - unit, integration, and system. The Unit Tests verify the behavior of individual features, the Integration Tests verify the correct wrapping of browser API endpoints, and the System Tests check that the extension does not suppress the desired functionality of web pages. The System Tests are implemented for parallel execution in a distributed environment which has succeeded in achieving an almost directly proportional reduction in time with respect to the number of the tested nodes. The benefit of this work is detection of previously unknown errors in the JavaScript Restrictor extension and provision of the necessary information that allowed to fix some of the detected bugs.
69	The regulation of unsolicited electronic communications (SPAM) in South Africa : a comparative study Tladi, Sebolawe Erna Mokowadi 06 1900 (has links) The practice of spamming (sending unsolicited electronic communications) has been dubbed “the scourge of the 21st century” affecting different stakeholders. This practice is also credited for not only disrupting electronic communications but also, it overloads electronic systems and creates unnecessary costs for those affected than the ones responsible for sending such communications. In trying to address this issue nations have implemented anti-spam laws to combat the scourge. South Africa not lagging behind, has put in place anti-spam provisions to deal with the scourge. The anti-spam provisions are scattered in pieces of legislation dealing with diverse issues including: consumer protection; direct marketing; credit laws; and electronic transactions and communications. In addition to these provisions, an Amendment Bill to one of these laws and two Bills covering cybercrimes and cyber-security issues have been published. In this thesis, a question is asked on whether the current fragmented anti-spam provisions are adequate in protecting consumers. Whether the overlaps between these pieces of legislation are competent to deal with the ever increasing threats on electronic communications at large. Finally, the question as to whether a multi-faceted approach, which includes a Model Law on spam would be a suitable starting point setting out requirements for the sending of unsolicited electronic communications can be sufficient in protecting consumers. And as spam is not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations in order to combat spam at a global level. / Mercantile Law / LL. D. Anti-spam laws Commercial electronic messages Consumers Consent Direct marketing Dictionary attacks Disguising of headers (spoofing) Electronic communications Electronic mail (e-mail) Harvesting and sale of e-mail addresses International cooperation Opt-out mechanism Opt-in mechanism Personal information Spam Unsolicited bulk email Unsolicited commercial communications Unsolicited electronic communications 343.9944068 Privacy, Right of -- South Africa
70	Odposlech moderních šifrovaných protokolů / Interception of Modern Encrypted Protocols Marček, Ján January 2012 (has links) This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.

Search results