Research on efficiency and privacy issues in wireless communication

Rathinakumar, Saravana Manickam

January 2018

Wireless spectrum is a limited resource that must be used efficiently. It is also a broadcast medium, hence, additional procedures are required to maintain communication over the wireless spectrum private. In this thesis, we investigate three key issues related to efficient use and privacy of wireless spectrum use. First, we propose GAVEL, a truthful short-term auction mechanism that enables efficient use of the wireless spectrum through the licensed shared access model. Second, we propose CPRecycle, an improved Orthogonal Frequency Division Multiplexing (OFDM) receiver that retrieves useful information from the cyclic prefix for interference mitigation thus improving spectral efficiency. Third and finally, we propose WiFi Glass, an attack vector on home WiFi networks to infer private information about home occupants. First we consider, spectrum auctions. Existing short-term spectrum auctions do not satisfy all the features required for a heterogeneous spectrum market. We discover that this is due to the underlying auction format, the sealed bid auction. We propose GAVEL, a truthful auction mechanism, that is based on the ascending bid auction format, that avoids the pitfalls of existing auction mechanisms that are based on the sealed bid auction format. Using extensive simulations we observe that GAVEL can achieve better performance than existing mechanisms. Second, we study the use of cyclic prefix in Orthogonal Frequency Division Multiplexing. The cyclic prefix does contain useful information in the presence of interference. We discover that while the signal of interest is redundant in the cyclic prefix, the interference component varies significantly. We use this insight to design CPRecycle, an improved OFDM receiver that is capable of using the information in the cyclic prefix to mitigate various types of interference. It improves spectral efficiency by decoding packets in the presence of interference. CPRecycle require changes to the OFDM receiver and can be deployed in most networks today. Finally, home WiFi networks are considered private when encryption is enabled using WPA2. However, experiments conducted in real homes, show that the wireless activity on the home network can be used to infer occupancy and activity states such as sleeping and watching television. With this insight, we propose WiFi Glass, an attack vector that can be used to infer occupancy and activity states (limited to three activity classes), using only the passively sniffed WiFi signal from the home environment. Evaluation with real data shows that in most of the cases, only about 15 minutes of sniffed WiFi signal is required to infer private information, highlighting the need for countermeasures.

A Comparison of the Resiliency Against Attacks Between Virtualised Environments and Physical Environments

Tellez Martinez, Albert, Steinhilber, Dennis Dirk

January 2020

Virtualisation is a technology that is more and more applied due to its advantages regarding cost and operation. It is often believed that it provides a better security for an IT environment since it enables centralisation of hardware. However, virtualisation changes an IT environment fundamentally and contains new vulnerabilities that must be considered. It is of interest to evaluate whether the belief that virtual environments provide a better security for an IT environment is true or not. In this project, the resiliency against attacks for physical environments and virtual environments is analysed to determine which one provides a higher resiliency and why. Therefore, the physical and digital attack surfaces of all entities are analysed to reveal the relevant vulnerabilities that could be exploited. Beside a theoretical research, a physical and a virtual environment have been established to test chosen attacks practically. The results show that virtual environments are less resilient than physical environments, especially to common attacks. This shows that virtualisation is still a technology that is new to many companies and the vulnerabilities it has must be taken seriously.

Physical environment

virtual environment

hypervisor

attack surface

attack vector

resiliency

fat client

thin client

virtualisation

virtual machine

Computer Sciences

Datavetenskap (datalogi)

A Literature Review of Connected and Automated Vehicles : Attack Vectors Due to Level of Automation

Kero, Chanelle

January 2020

The manufacturing of connected and automated vehicles (CAVs) is happening and they are aiming at providing an efficient, safe, and seamless driving experience. This is done by offering automated driving together with wireless communication to and from various objects in the surrounding environment. How automated the vehicle is can be classified from level 0 (no automation at all) to level 5 (fully automated). There is many potential attack vectors of CAVs for attackers to take advantage of and these attack vectors may change depending on what level of automation the vehicle have. There are some known vulnerabilities of CAVs where the security has been breached, but what is seemed to be lacking in the academia in the field of CAVs is a place where the majority of information regarding known attack vectors and cyber-attacks on those is collected. In addition to this the attack vectors may be analyzed for each level of automation the vehicles may have. This research is a systematic literature review (SLR) with three stages (planning, conducting, and report) based on literature review methodology presented by Kitchenham (2004). These stages aim at planning the review, finding articles, extracting information from the found articles, and finally analyzing the result of them. The literature review resulted in information regarding identified cyberattacks and attack vectors the attackers may use as a path to exploit vulnerabilities of a CAV. In total 24 types of attack vectors were identified. Some attack vectors like vehicle communication types, vehicle applications, CAN bus protocol, and broadcasted messages were highlighted the most by the authors. When the attack vectors were analyzed together with the standard of ‘Levels of Driving Automation’ it became clear that there are more vulnerabilities to consider the higher level of automation the vehicle have. The contributions of this research are hence (1) a broad summary of attack vectors of CAVs and (2) a summary of these attack vectors for every level of driving automation. This had not been done before and was found to be lacking in the academia.

Attack Vector

CAV

Connected and Automated Vehicle

Cyber-Attacks

Cyber-Security

ITS

Levels of Driving Automation

VANET

Vehicular Communication

Computer and Information Sciences

Data- och informationsvetenskap

Information Systems