Technologie MIMO ve standardu IEEE 802.11ac / MIMO technology in IEEE 802.11ac standard

Kvasnička, Jaroslav

January 2017

The object of this work is to study the IEEE 802.11ac standard, paying attention to the issue of the physical layer standard, to study in detail the use of MIMO and implement this technology into framework of WIFI simulator.

IoT security and privacy assessment using software-defined radios

Becker, Johannes Karl

23 May 2022

The Internet of Things (IoT) has seen exceptional adoption in recent years, resulting in an unprecedented level of connectivity in personal and industrial domains. In parallel, software-defined radio (SDR) technology has become increasingly powerful, making it a compelling tool for wireless security research across multiple communication protocols. Specifically, SDRs are capable of manipulating the physical layer of protocols in software, which would otherwise be implemented statically in hardware. This flexibility enables research that goes beyond the boundaries of protocol specifications. This dissertation pursues four research directions that are either enabled by software-defined radio technology, or advance its utility for security research. First, we investigate the anti-tracking mechanisms defined by the Bluetooth Low Energy (BLE) wireless protocol. This protocol, present in virtually all wearable smart devices, implements address randomization in order to prevent unwanted tracking of its users. By analyzing raw advertising data from BLE devices using SDRs, we identify a vulnerability that allows an attacker to track a BLE device beyond the address randomization defined by the protocol. Second, we implement a compact, SDR-based testbed for physical layer benchmarking of wireless devices. The testbed is capable of emulating multiple data transmissions and produce intentional signal corruption in very precisely defined ways in order to investigate receiver robustness and undefined device behavior in the presence of malformed packets. We subject a range of Wi-Fi and Zigbee devices to specifically crafted packet collisions and "truncated packets" as a way to fingerprinting wireless device chipsets. Third, we introduce a middleware framework, coined "Snout", to improves accessibility and usability of SDRs. The architecture provides standardized data pipelines as well as an abstraction layer to GNU Radio flowgraphs which power SDR signal processing. This abstraction layer improves usability and maintainability by providing a declarative experiment configuration format instead of requiring constant manipulation of the signal processing code during experimentation. We show that Snout does not result in significant computational overhead, and maintains a predictable and modest memory footprint. Finally, we address the visibility problem arising from the growing number of IoT protocols across large bands of radio spectrum. We model an SDR-based IoT monitor which is capable of scanning multiple channels (including across multiple protocols), and employs channel switching policies to maximize freshness of information obtained by transmitting devices. We present multiple policies and compare their performance against an optimal Markov Decision Process (MDP) model, as well as through event-based simulation using real-world device traffic. The results of this work demonstrate the use of SDR technology in privacy and security research of IoT device communication, and open up opportunities for further low-layer protocol discoveries that require the use of software-defined radio as a research tool.

Computer engineering

Bluetooth

Communication

Internet of Things

Physical layer

SDR

Wireless

Wireless Physical-Layer Security Performance of Uwb systems

Ko, Miyong

01 January 2011

Traditionally, spread-spectrum systems have been employed to provide low probability-of-intercept (LPI) and low probability-of-detection (LPD) performances at the physical layer, but the messages transmitted over such a system are still encrypted with a powerful cipher to protect their secrecy. Our challenge is to find a solution to provide an additional level of security at the physical layer so that simple systems such as RFID tags with limited resources can be secure without using standard encryption. It has recently been suggested that the cryptographic security of the system can be enhanced by exploiting physical properties of UWB signals. With an eavesdropper observing the communications over multipath channels between two legitimate partners sharing a secret key of a limited length, we consider both coherent and reference-based UWB schemes to enhance security. The security of the legitimate nodes is achieved by signal attributes based on the secret key, conferring an advantage over the adversary. We propose UWB signaling schemes to improve physical layer security when the transmission is intended for coherent reception and TR reception. Among possible improvements, we consider removing the frame structure of the UWB coherent signaling scheme, resulting in pulses that can be located anywhere in the symbol period. Our proposed signaling schemes could potentially suggest a solution for applications relying on conventional cryptography, especially for low-data rate RFID systems.

UWB

security

wireless

physical layer

Signal Processing

Systems and Communications

Konzeption und prototypische Implementierung zukunftsfähiger Feldgeräte mit PROFINET over APL zum Einsatz in der Prozessindustrie

Lehr, David, Fischer, Peter

13 February 2024

Die wachsende Leistungsfähigkeit moderner Automatisierungssysteme hat einen prägenden Einfluss auf den geforderten Funktionsumfang sensorischer Feldgeräte. Diese müssen über moderne Kommunikationsstandards mit überlagerten Ebenen des Steuerungssystems kommunizieren. Im Kontext der Prozessindustrie ist das Industrial Ethernet Protokoll Process Field Network (PROFINET) mit dem PA-Profil auf Basis des Ethernet Advanced Physical Layer (APL) als bedeutsamer Standard zu nennen. Im Rahmen der angewandten Forschung und Entwicklung im Bereich der Prozessindustrie entwickeln die Technische Hochschule Aschaffenburg und der Feldgerätehersteller WIKA Alexander Wiegand SE & Co. KG (WIKA) gemeinsam einen Demonstrator eines zukunftsfähigen Feldgerätes, das PROFINET über APL unterstützt. Der Hauptfokus in diesem Projekt liegt darauf, das PA-Profil 4.0 auf dem Demonstrator zu implementieren. Das PA-Profil definiert über die PROFINET-Funktionalität hinaus generisch die Grundfunktionalität und das Verhalten von Geräten im Feld der Prozessindustrie wie beispielsweise Anwendungs-, Diagnose-, Wartungs- und Engineeringparameter für verschiedene definierte Einsatzgebiete. Bei der Entwicklung des Demonstrators steht insbesondere eine zukunftsfähige Systemarchitektur im Vordergrund. Die technische Grundlage ist dabei ein APLEvaluationsboard inkl. eines Mikrocontrollers sowie ein bestehendes Sensormodul der Firma WIKA. Dieser Beitrag stellt den Stand der Technik des Einsatzes von Industrial Ethernet im Kontext der Prozessindustrie mit Fokus auf PROFINET over APL dar und erläutert die konkrete Umsetzung am Beispiel eines Demonstrators. Die praktische Anwendung verdeutlicht die Zukunftsfähigkeit und den Mehrwert der vorgestellten Technologie für Feldgeräte der Prozessindustrie. Im Ausblick wird auf das Konzept der offenen Systemarchitektur der Interessengemeinschaft Automatisierungstechnik der Prozessindustrie e.V. (NAMUR) verwiesen.

Attacks and Counterattacks on Physical Layer Primitives

QIAO, YUE

23 October 2017

No description available.

Computer Science

wireless system

physical layer security

wireless channel

New Method for Directional Modulation Using Beamforming: Applications to Simultaneous Wireless Information and Power Transfer and Increased Secrecy Capacity

Yamada, Randy Matthew

20 October 2017

The proliferation of connected embedded devices has driven wireless communications into commercial, military, industrial, and personal systems. It is unreasonable to expect privacy and security to be inherent in these networks given the spatial density of these devices, limited spectral resources, and the broadcast nature of wireless communications systems. Communications for these systems must have sufficient information capacity and secrecy capacity while typically maintaining small size, light weight, and minimized power consumption. With increasing crowding of the electromagnetic spectrum, interference must be leveraged as an available resource. This work develops a new beamforming method for direction-dependent modulation that provides wireless communications devices with enhanced physical layer security and the ability to simultaneously communicate and harvest energy by exploiting co-channel interference. We propose a method that optimizes a set of time-varying array steering vectors to enable direction-dependent modulation, thus exploiting a new degree of freedom in the space-time-frequency paradigm. We formulate steering vector selection as a convex optimization problem for rapid computation given arbitrarily positioned array antenna elements. We show that this method allows us to spectrally separate co-channel interference from an information-bearing signal in the analog domain, enabling the energy from the interference to be diverted for harvesting during the digitization and decoding of the information-bearing signal. We also show that this method provides wireless communications devices with not only enhanced information capacity, but also enhanced secrecy capacity in a broadcast channel. By using the proposed method, we can increase the overall channel capacity in a broadcast system beyond the current state-of-the-art for wireless broadcast channels, which is based on static coding techniques. Further, we also increase the overall secrecy capacity of the system by enabling secrecy for each user in the system. In practical terms, this results in higher-rate, confidential messages delivered to multiple devices in a broadcast channel for a given power constraint. Finally, we corroborate these claims with simulation and experimental results for the proposed method. / PHD / The proliferation of connected devices has driven wireless communications into commercial, military, industrial, and personal systems. It is unreasonable to expect privacy and security to be inherent in these networks given the spatial density of these devices, limited available resources, and the broadcast nature of wireless communications systems. Communications for these systems need not only sufficient information capacity, but also the assurance that the available information capacity remains confidential while typically maintaining small size, light weight, and minimized power consumption. With increasing crowding of the electromagnetic spectrum due to the numerous connected devices, interference between them must be leveraged as an available resource. This work develops a new method for electrically steering an array of antennas to overlay or encode information onto a signal in a way that is direction-dependent and provides wireless communications devices with enhanced security and the ability to simultaneously communicate and harvest energy from interfering devices. We propose a method that optimizes a set of time-varying array steering vectors to enable direction-dependent modulation, thus exploiting a new degree of freedom in the traditional space-time-frequency paradigm. We formulate the selection of steering vectors as a convex optimization problem for rapid computation given arbitrarily positioned array antenna elements in three dimensions. We show that this method allows us to separate interference from an information-bearing signal in the analog domain, enabling the energy from the interference to be diverted for harvesting during the digitization and decoding of the information-bearing signal. We also show that this method provides broadcast wireless communications devices with not only increased information capacity, but also assured secrecy. By using the proposed time-varying method, we can increase the overall channel capacity in a broadcast system beyond the current state-of-the-art, which is based on static encoding techniques. Further, we also increase the overall secrecy capacity of the system by ensuring that each user in the system receives separate and confidential signals. In practical terms, this results in higher-rate, confidential messages delivered to multiple devices in a broadcast channel for a given power constraint. Finally, we corroborate these claims with simulation and experimental results for the proposed method.

Directional Modulation

Physical Layer Security

Beamforming

Array

Broadcast Channel

Secrecy

Extensions to Radio Frequency Fingerprinting

Andrews, Seth Dixon

05 December 2019

Radio frequency fingerprinting, a type of physical layer identification, allows identifying wireless transmitters based on their unique hardware. Every wireless transmitter has slight manufacturing variations and differences due to the layout of components. These are manifested as differences in the signal emitted by the device. A variety of techniques have been proposed for identifying transmitters, at the physical layer, based on these differences. This has been successfully demonstrated on a large variety of transmitters and other devices. However, some situations still pose challenges: Some types of fingerprinting feature are very dependent on the modulated signal, especially features based on the frequency content of a signal. This means that changes in transmitter configuration such as bandwidth or modulation will prevent wireless fingerprinting. Such changes may occur frequently with cognitive radios, and in dynamic spectrum access networks. A method is proposed to transform features to be invariant with respect to changes in transmitter configuration. With the transformed features it is possible to re-identify devices with a high degree of certainty. Next, improving performance with limited data by identifying devices using observations crowdsourced from multiple receivers is examined. Combinations of three types of observations are defined. These are combinations of fingerprinter output, features extracted from multiple signals, and raw observations of multiple signals. Performance is demonstrated, although the best method is dependent on the feature set. Other considerations are considered, including processing power and the amount of data needed. Finally, drift in fingerprinting features caused by changes in temperature is examined. Drift results from gradual changes in the physical layer behavior of transmitters, and can have a substantial negative impact on fingerprinting. Even small changes in temperature are found to cause drift, with the oscillator as the primary source of this drift (and other variation) in the fingerprints used. Various methods are tested to compensate for these changes. It is shown that frequency based features not dependent on the carrier are unaffected by drift, but are not able to distinguish between devices. Several models are examined which can improve performance when drift is present. / Doctor of Philosophy / Radio frequency fingerprinting allows uniquely identifying a transmitter based on characteristics of the signal it emits. In this dissertation several extensions to current fingerprinting techniques are given. Together, these allow identification of transmitters which have changed the signal sent, identifying using different measurement types, and compensating for variation in a transmitter's behavior due to changes in temperature.

Device Fingerprinting

Physical layer identification

transfer learning

anomaly detection

Shuffled Faster Than Nyquist Signaling For Spectrally Efficient And Secure Wireless Communication

Gharib, John

01 June 2024

This thesis investigates the implementation and performance of Shuffled Faster than Nyquist (SFTN) signaling, a communication method that enhances spectral efficiency and provides physical layer security (PLS) in wireless communications. In Faster than Nyquist signaling, the Nyquist inter-symbol interference (ISI) criterion is exceeded, thereby increasing spectral efficiency. By varying the transmission rate of symbols above the Nyquist rate, SFTN signaling is able to obfuscate the timing of transmitted symbols with ISI. The work in this thesis evaluates the performance of SFTN in Additive White Gaussian Noise (AWGN) channels and the MATLAB 802.11ax fading channels. Results show that while SFTN signaling offers the ability to introduce PLS, the sensitivity of the waveform is significantly influenced by the choice of symbol transmission rates and channel conditions.

Security

Spectral Efficiency

Digital Communication

Physical Layer Security

Systems and Communications

Physical Layer Data Integrity Attacks and Defenses in Cyber-Physical Systems

Mohammed, Abdullah Zubair

24 January 2025

Loss of data integrity in a safety-critical cyber-physical system (CPS), such as healthcare or intelligent transport, has a severe impact on its operation that can potentially lead to life-threatening consequences. This work investigates the vulnerability of CPS to physical-layer data integrity attacks and proposes countermeasures to enhance system resilience. Software-based cybersecurity approaches may not be efficient in mitigating threats aimed at the physical layer, leaving CPS particularly susceptible to manipulation through methods that exploit hardware vectors such as electromagnetic interference and data transmission medium. This work begins with a focus on using intentional electromagnetic interference (IEMI) to manipulate data and further explores other physical layer characteristics that can be exploited to conduct physical-layer attacks across various CPS environments. In the first phase of the research, the use of IEMI to induce controlled bit flips in widely used serial digital communication protocols is examined. In contrast to state-of-the-art IEMI attacks that use a narrow-band sinusoid as an attack signal, a complex, wideband, rectangular waveform is designed to improve the attack success rate from less than 50% to 75%. Further, the vulnerabilities of printed circuit board (PCB) traces to IEMI in highly safety-critical applications, such as electric vehicle (EV) charging, is addressed. On PCBs, IEMI attacks exploit the signal-carrying traces, that act as unintentional antennas under an adversarial electromagnetic field. Experiments demonstrated that such attacks are more challenging due to the PCB's structure but are still feasible with sufficient attacker power. A suite of passive countermeasures is evaluated, including differential signaling, via-fencing, and optical fiber interconnects, along with a novel multiplexer-based defense that dynamically modifies signal paths to evade detection. Each countermeasure is extensively evaluated and ranked based on its effectiveness, and adaptive attack strategies are analyzed to address potential future threats. In the IoT domain, this work presented a preliminary investigation on a novel "wireless spiking" technique on smart locks, that enables attackers to bypass standard security measures and unlock/lock with no physical contact. Using IEMI, the control circuitry is manipulated to unlock devices remotely. The methodology, involving hardware reverse engineering and attack point identification, is presented, which applies to other IoT devices in smart home environments. In the field of automotive cybersecurity, bit manipulation attacks targeting the Controller Area Network (CAN) bus are investigated. By exploiting its transmission line nature, these attacks challenge the fundamental assumptions of the CAN's physical layer and are capable of inducing bidirectional bit flips, from recessive to dominant (R→D) and significantly difficult dominant to recessive (D→R). The flips are further made undetectable to CAN's standard error-checking mechanisms. These attacks are simulated and validated in both lab and real-world vehicle environments. Finally, a defense mechanism for vehicle identification security in intelligent transportation systems using device fingerprinting is proposed. This approach utilizes inductive loop detectors (ILD) to capture unique electromagnetic signatures of vehicles, achieving up to 93% accuracy in identifying their make, model, and year. The ILD-based technique secures access control in automated systems and provides a cost-effective, drop-in solution for existing infrastructure, mitigating risks such as unauthorized vehicle impersonation and charging station exploitation. This work establishes a systematic framework for understanding, detecting, and defending against physical-layer data integrity attacks in CPS. Through the development of novel attack vectors and robust countermeasures, this research enhances the field of CPS security, emphasizing the need for comprehensive defenses that extend beyond conventional software-based approaches. / Doctor of Philosophy / In our increasingly connected world, cyber-physical systems (CPS)—technologies that combine digital and physical processes—are essential to modern life. These systems, from smart homes to intelligent vehicles, integrate sensors, actuators, and controllers to manage everything from personal security to automated transportation. While they bring convenience and efficiency, these systems are also vulnerable to attacks that can alter their data and disrupt operations, specifically at the hardware level, posing serious risks to safety and security. The adversary can attack the communication channels between sensors/actuators and the controller seeking to manipulate the signals and falsify data. Incorrect decision-making based on manipulated data leads to safety risks or system failure. Unlike typical cyberattacks, which often exploit software vulnerabilities, these threats target the hardware layer directly, bypassing conventional cybersecurity defenses designed only to protect software. This work investigates attacks against data integrity, where attackers use intentional electromagnetic interference (IEMI) to corrupt data exchanged between CPS components. For instance, it is demonstrated that attackers can, without physical access, interfere with communication channels in industrial and automotive systems, altering data exchanged between sensors and controllers. By sending precisely crafted electromagnetic signals, an attacker can inject or modify data in real-time, allowing them to influence system behavior wirelessly. In addition to IEMI, this work also highlights how vulnerabilities in hardware could compromise critical systems in modern automobiles. For example, we demonstrate how attackers could subtly alter messages on a vehicle's communication network (the controller area network), interfering with safety-critical functions. These attacks evade standard error-checking systems, further underscoring the need for hardware-level defenses that software cannot address. Additionally, we tackle the growing challenge of vehicle identification security in intelligent transportation systems. Unauthorized access to restricted areas or privileges, such as electric vehicle (EV) charging stations, could be exploited if attackers impersonate legitimate vehicles. To counter this, we propose a new method that "fingerprints" each vehicle based on its unique physical characteristics, helping ensure only authorized vehicles gain access. Through extensive testing, we validate our proposed countermeasures across different CPS environments, offering practical defenses against these physical-layer attacks. By providing solutions that secure both communication and identification in CPS, this work lays the groundwork for a safer and more resilient future where these critical systems are better protected from physical-layer attacks.

IEMI

Device Fingerprinting

Physical Layer Security

Automotive secuirty

Apport de la gestion des interférences aux réseaux sans-fil multi-sauts. Le cas du Physical-Layer Network Coding / Interference management in multi-hop wireless networks

Naves, Raphaël

19 November 2018

Fréquemment exploités pour venir en complément aux réseaux mobiles traditionnels, les réseaux sans-fil multi-sauts, aussi appelés réseaux ad-hoc, sont particulièrement mis à profit dans le domaine des communications d'urgence du fait de leur capacité à s'affranchir de toute infrastructure. Néanmoins, la capacité de ces réseaux étant limitée dès lors que le nombre d'utilisateurs augmente, la communauté scientifique s'efforce à en redéfinir les contours afin d'étendre leur utilisation aux communications civiles. La gestion des interférences, considérée comme l'un des principaux défis à relever pour augmenter les débits atteignables dans les réseaux sans-fil multi-sauts, a notamment connu un changement de paradigme au cours des dernières années. Alors qu'historiquement cette gestion est régie par les protocoles de la couche d'accès dont l'objectif consiste à éviter les interférences entre utilisateurs, il est désormais possible, grâce à différentes techniques avancées de communication numérique, de traiter ces interférences, et même de les exploiter. Ces techniques de transmission, dites techniques de gestion des interférences, viennent alors concurrencer les mécanismes d'ordonnancement traditionnels en autorisant plusieurs transmissions simultanées et dans la même bande de fréquence vers un même récepteur. Dans cette thèse, nous nous intéressons à l'une de ces techniques, le Physical-Layer Network Coding (PLNC), en vue de son intégration dans des réseaux ad-hoc composés de plusieurs dizaines de nœuds. Les premiers travaux se concentrant principalement sur des petites topologies, nous avons tout d'abord développé un framework permettant d'évaluer les gains en débit à large échelle du PLNC par rapport à des transmissions traditionnelles sans interférence. Motivés par les résultats obtenus, nous avons ensuite défini un nouveau cadre d'utilisation à cette technique visant à élargir sa sphère d'application. Le schéma de PLNC proposé, testé à la fois sur de vrais équipements radio et par simulation, s'est alors révélé offrir des gains significatifs en débit et en fiabilité en comparaison aux solutions existantes. / Frequently used to complement the traditional mobile networks, multi-hop wireless networks, also referred to as ad-hoc networks, are particularly useful in emergency situations due to the fact that they do not rely on any infrastructure. Nevertheless, as the capacity of such networks does not scale with the number of users, the scientific community has strived to rethink their use in order to extend their application to civil communications. For instance, long considered as one of the most formidable challenges in multi-hop wireless networks, interference management has recently undergone a paradigm shift. While interference management is traditionally carried out by the access layer protocols whose objective is to avoid interference between users, it is now possible to exploit the interference thanks to new advanced communication techniques. These transmission techniques, so-called interference management techniques, go against the communication paradigm underlying existing scheduling mechanisms by allowing multiple simultaneous transmissions to a common receiver in the same frequency band. In this thesis, we focus on one of these techniques, namely the Physical-Layer Network (PLNC), with the objective of integrating it in ad-hoc networks. Mostly studied from both the theoretical and practical perspective in small topologies, we first design a framework for quantifying the large-scale PLNC gains over the traditional interference-free transmissions. Driven by the obtained results, we introduce a solution to increase the PLNC sphere of operation in large multi-hop wireless networks. Our comprehensive evaluation methodology, including experimental testbed validations for credibility, as well as realistic simulations, show that the proposed PLNC scheme brings important gains in terms of throughput and reliability when compared to state-of-the-art approaches.

Réseaux sans-fil multi-sauts

Gestion des interférences

Physical-Layer Network Coding

Multi-hop wireless networks

Interference management

Physical-Layer Network Coding