Global ETD Search

61	HASH STAMP MARKING SCHEME FOR PACKET TRACEBACK NEIMAN, ADAM M. January 2005 (has links) No description available. Computer Science hash message authentication code MAC hash-keyed message authentication HMAC Internet Protocol IP spoofing packet stamping packet marking traceback computer network security denial of service DoS
62	Paving the Path of LTE Toward 5G: Physical Layer Assurance and Operation in the Unlicensed Spectrum Labib, Mina Salah Said 28 September 2020 (has links) Long-Term Evolution (LTE) is the fourth generation (4G) wireless communications standard and its evolution is paving the path for the fifth generation (5G) technology. LTE is also considered for supporting public safety networks, Machine-to-Machine (M2M) communications, and many other applications. Hence, it is critical to ensure that the LTE system performs effectively even in harsh signaling environments. Unfortunately, LTE is vulnerable to intentional interference at the physical layer. We define the term LTE control channel spoofing, which refers to the case when an adversary sets a fake LTE-like base station (evolved NodeB or eNodeB) that transmits a partial or full LTE downlink frame to deceive LTE devices and hinder them from attaching to a real cell. Based on analyzing the initial cell selection process in the LTE specifications, we identify three different level of LTE control channel spoofing. We have built a testbed to demonstrate the feasibility of such an attack. The experimental results show that LTE control channel spoofing can cause permanent denial of service for LTE devices during the cell selection process. We propose effective mitigation techniques to enhance the immunity of LTE systems against all the three forms of LTE control channel spoofing, and ensure that it is secure and available when and where needed. Moreover, the commercial success of LTE and the resulting growth in mobile data demand have motivated cellular network operators to strive for new innovations. LTE-Unlicensed has been recently proposed to allow cellular network operators to offload some of their data traffic by accessing the unlicensed 5 GHz frequency band. There are three variants of LTE-Unlicensed that have been proposed in the industry. These variants differ in their operational features, but they enhance the capacity of LTE and represent a big milestone in its evolution toward 5G. However, LTE-Unlicensed faces several challenges when operating in the 5 GHz bands, as this spectrum is mainly occupied by Wi-Fi and by various radar systems. Therefore, we analyze the algorithms proposed in the industry for the LTE-Unlicensed and Wi-Fi coexistence, and we develop a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems. In order to analyze LTE-Unlicensed and Wi-Fi coexistence, we first explain the technical details of each of the three variants of LTE-Unlicensed, and we provide a comparative analysis of them in terms of their operational features. Then we develop an unbiased and objective evaluation of their proposed coexistence mechanisms with Wi-Fi systems, and numerically compare their performance. In order to emphasize the need for developing a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems, we first present the different regulatory requirements for the 5 GHz unlicensed bands in several world regions, and we perform a comprehensive survey on the different radar types within the 5 GHz sub-bands. Then we develop a novel spectrum sharing technique based on chance-constrained stochastic optimization to allow the LTE-Unlicensed eNodeB to share the spectrum efficiently with a radar system. The optimization problem is formulated to guarantee the minimum performance criteria for the radar operation, and at the same time allows the LTE-Unlicensed eNodeB to control its transmit power to maximize the performance for the serving LTE-Unlicensed device. A mathematical model is used to transform the stochastic optimization problem into a deterministic one, and an exhaustive search is used to solve the resulting optimization problem. Due to the power control mechanism resulting from the proposed algorithm, numerical results show a significant reduction in the protection distance required between the radar and the LTE-Unlicensed network for the two to coexist, as the proposed algorithm can allow the two systems to operate effectively with a protection distance of only 3.95% of the one imposed by the regulations. LTE LTE-A LTE-U LAA MulteFire LTE security Jamming LTE control channel spoofing Spectrum sharing LTE and Wi-Fi coexistence LTE and radar coexistence
63	Perspectives of Jamming, Mitigation and Pattern Adaptation of OFDM Pilot Signals for the Evolution of Wireless Networks Rao, Raghunandan M. 28 September 2016 (has links) Wireless communication networks have evolved continuously over the last four decades in order to meet the traffic and security requirements due to the ever-increasing amount of traffic. However this increase is projected to be massive for the fifth generation of wireless networks (5G), with a targeted capacity enhancement of 1000× w.r.t. 4G networks. This enhanced capacity is possible by a combination of major approaches (a) overhaul of some parts and (b) elimination of overhead and redundancies of the current 4G. In this work we focus on OFDM reference signal or pilot tones, which are used for channel estimation, link adaptation and other crucial functions in Long-Term Evolution (LTE). We investigate two aspects of pilot signals pertaining to its evolution - (a) impact of targeted interference on pilots and its mitigation and (b) adaptation of pilot patterns to match the channel conditions of the user. We develop theoretical models that accurately quantify the performance degradation at the user’s receiver in the presence of a multi-tone pilot jammer. We develop and evaluate mitigation algorithms to mitigate power constrained multi-tone pilot jammers in SISO- and full rank spatial multiplexing MIMO-OFDM systems. Our results show that the channel estimation performance can be restored even in the presence of a strong pilot jammer. We also show that full rank spatial multiplexing in the presence of a synchronized pilot jammer (transmitting on pilot locations only) is possible when the channel is flat between two pilot locations in either time or frequency. We also present experimental results of multi-tone broadcast pilot jamming (Jamming of Cell Specific Reference Signal) in the LTE downlink. Our results show that full-band jamming of pilots needs 5 dB less power than jamming the entire downlink signal, in order to cause Denial of Service (DoS) to the users. In addition to this, we have identified and demonstrated a previously unreported issue with LTE termed ‘Channel Quality Indicator (CQI) Spoofing’. In this scenario, the attacker tricks the user terminal into thinking that the channel quality is good, by transmitting interference transmission only on the data locations, while deliberately avoiding the pilots. This jamming strategy leverages the dependence of the adaptive modulation and coding (AMC) schemes on the CQI estimate in LTE. Lastly, we investigate the idea of pilot pattern adaptation for SISO- and spatial multiplexing MIMO-OFDM systems. We present a generic heuristic algorithm to predict the optimal pilot spacing and power in a nonstationary doubly selective channel (channel fading in both time and frequency). The algorithm fits estimated channel statistics to stored codebook channel profiles and uses it to maximize the upper bound on the constrained capacity. We demonstrate up to a 30% improvement in ergodic capacity using our algorithm and describe ways to minimize feedback requirements while adapting pilot patterns in multi-band carrier aggregation systems. We conclude this work by identifying scenarios where pilot adaptation can be implemented in current wireless networks and provide some guidelines to adapt pilots for 5G. / Master of Science / Wireless communications have evolved continuously over the last four decades in order to meet the ever-increasing number of users. The next generation of wireless networks, named 5G, is expected to interconnect a massive number of devices called the Internet of Things (IoT). Compared to the current generation of wireless networks (termed 4G), 5G is expected to provide a thousandfold increase in data rates. In addition to this, the security of these connected devices is also a challenging issue that needs to be addressed. Hence in the event of an attack, even if a tiny fraction of the total number of users are affected, this will still result in a large number of users who are impacted. The central theme of this thesis is the evolution of <i>Orthogonal Frequency Division Multiplexing (OFDM) pilot signals</i> on the road from 4G to 5G wireless networks. In OFDM, pilot signals are sent in parallel to data in order to aid the receiver in mitigating the impairments of the wireless channel. In this thesis, we look at two perspectives of the evolution of pilots: a) targeted interference on pilot signals, termed as ‘Multi-tone pilot jamming’ and b) adapting pilot patterns to optimize throughput. In the first part of the thesis, we investigate the (a) impact of multi-tone pilot jamming and (b) propose and evaluate strategies to counter multi-tone pilot jamming. In particular, we propose methods that (a) have the potential to be implemented in the Third Generation Partnership Project Long-Term Evolution (3GPP LTE) standard, and (b) have the ability to maintain high data rates with a multi-antenna receiver, in the presence of a multi-tone pilot jammer. We also experiment and analyze the behavior of LTE in the presence of such targeted interference. In the second half of the thesis, we explore the idea of adapting the density of pilots to optimize throughput. Increasing the pilot density improves the signal reception capabilities, but reduces the resources available for data and hence, data rate. Hence we propose and evaluate strategies to balance between these two conflicting requirements in a wireless communication system. In summary, this thesis provides and evaluates ideas to mitigate interference on pilot signals, and design data rate-maximizing pilot patterns for future OFDM-based wireless networks. Pilot Pattern Adaptation OFDM systems Multi-tone Pilot Jamming Channel Quality Indicator (CQI) Spoofing Mitigation
64	Detekce síťových útoků pomocí nástroje Tshark / Detection of Network Attacks Using Tshark Dudek, Jindřich January 2018 (has links) This diploma thesis deals with the design and implementation of a tool for network attack detection from a captured network communication. It utilises the tshark packet analyser, the meaning of which is to convert the input file with the captured communications to the PDML format. The objective of this conversion being, increasing the flexibility of input data processing. When designing the tool, emphasis has been placed on the ability to expand it to detect new network attacks and on integrating these additions with ease. For this reason, the thesis also includes the design of a complex declarative descriptions for network attacks in the YAML serialization format. This allows us to specify the key properties of the network attacks and the conditions for their detection. The resulting tool acts as an interpreter of proposed declarative descriptions allowing it to be expanded with new types of attacks.
65	Penetration testing of Sesame Smart door lock / Penetrationstest av Sesame Smart dörrlås Liu, Shuyuan January 2023 (has links) The Internet of things (IoT) device has been widely used in various fields, and its market is expanding rapidly. However, the growing usage of IoT devices also brings more security concerns. The smart door lock is one of the smart home IoT devices that need to be designed securely. This thesis work aims to evaluate and investigate the security aspect of the newest smart door lock. This thesis first provides an introduction and background of penetration testing and creates the threat model. Based on the threat model, some testings are conducted, including state consistency, Man-In-The-Middle (MITM) attack, replay attack, reverse engineering, GPS spoofing, Denial of service (DoS) attack. The result indicates that penetration tests reveal some security problems on the tested device, especially in the access log, traffic between application and server, and the ability of resistance disruption on the WiFi access point. / IoT-enheten har använts i stor utsträckning inom olika områden och dess marknad expanderar snabbt. Den ökande användningen av IoT-enheter medför dock också fler säkerhetsproblem. Det smarta dörrlåset är en av de smarta hem IoT-enheterna som måste utformas säkert. Detta examensarbete syftar till att utvärdera och undersöka säkerhetsaspekten av det nyaste smarta dörrlåset. Denna avhandling ger först en introduktion och bakgrund av penetrationstestning och skapar hotmodellen. Baserat på hotmodellen genomförs vissa tester, inklusive tillståndskonsistens, MITM attack, replay attack, reverse engineering, GPS spoofing, DoS attack. Resultatet indikerar att penetrationstester avslöjar vissa sårbarheter på den testade enheten, särskilt i åtkomstloggen, trafik mellan applikation och server och förmågan till motståndsavbrott på WiFi-åtkomstpunkten. IoT Smart door lock State consistency MITM attack Replay attack Reverse engineering GPS spoofing DoS attack IoT smart dörrlås tillståndskonsistens MITM-attack Replay-attack Reverse engineering GPS-spoofing DoS attack Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Computer and Information Sciences Data- och informationsvetenskap
66	GNSS Safety and Handling Björklund, Axel January 2022 (has links) Satellite navigation (such as GPS) has become widely successful and is used by billions of users daily. Accuratepositioning and timing has a wide range of applications and is increasingly being integrated in safety criticalsystems such as autonomous operations, traffic management, navigation for airplanes and other vehicles. Thesecurity and vulnerabilities of satellite navigation is however often not considered in the same way as for exampledata security, even though the high efficacy of spoofing with off-the-self software-defined radio (SDR) has beendemonstrated repeatedly. The lack of concern comes partially from the lack of options as satellite navigationauthentication has not previously existed in the civil domain.This work benchmarks the anti-spoofing and signal level measurements of commercial receivers in both simulatedand real-world scenarios and implements additional anti-spoofing measures. The additional anti-spoofingmeasures are implemented using no additional information than what the receiver should already have accessto in any modern commercial vehicle. Upcoming EU regulation 2021/1228 for vehicles used in internationaltransport will also mandate the use of these three anti-spoofing measures by August 2023. Here receiver time isverified by the means of Network Time Protocol (NTP) and real time clock (RTC); receiver motion is verifiedby the means of dead reckoning and inertial measurement unit (IMU); receiver navigation data is verified by themeans of asymmetric cryptography and Galileo Open Service Navigation Message Authentication (OSNMA).The computational overhead is analyzed as well as cost and worldwide Market feasibility. We estimate thateven basic timing devices would only have to perform one NTP request every 17 days and a microcontrollerpowerful enough to do OSNMA costs less than $2. Finally, the benefits of multi-band receivers and futuredevelopments in both the user and space segments are discussed. Navigation GNSS GPS Galileo OSNMA TESLA protocol SHA-256 jamming spoofing SDR GPS-SDR-SIM Smart Tachograph dead reckoning U-blox Volvo Group Volvo FH Information Systems
67	thesis.pdf Jianliang Wu (15926933) 30 May 2023 (has links) <p>Bluetooth is the de facto standard for short-range wireless communications. Besides Bluetooth Classic (BC), Bluetooth also consists of Bluetooth Low Energy (BLE) and Bluetooth Mesh (Mesh), two relatively new protocols, paving the way for its domination in the era of IoT and 5G. Meanwhile, attacks against Bluetooth, such as BlueBorne, BleedingBit, KNOB, BIAS, and BThack, have been booming in the past few years, impacting the security and privacy of billions of devices. These attacks exploit both design issues in the Bluetooth specification and vulnerabilities of its implementations, allowing for privilege escalation, remote code execution, breaking cryptography, spoofing, device tracking, etc.</p> <p><br></p> <p>To secure Bluetooth, researchers have proposed different approaches for both Bluetooth specification (e.g., formal analysis) and implementation (e.g., fuzzing). However, existing analyses of the Bluetooth specification and implementations are either done manually, or the automatic approaches only cover a small part of the targets. As a consequence, current research is far from complete in securing Bluetooth.</p> <p><br></p> <p>Therefore, in this dissertation, we propose the following research to provide missing pieces in prior research toward completing Bluetooth security research in terms of both Bluetooth specification and implementations. (i) For Bluetooth security at the specification level, we start from one protocol in Bluetooth, BLE, and focus on the previously unexplored reconnection procedure of two paired BLE devices. We conduct a formal analysis of this procedure defined in the BLE specification to provide security guarantees and identify new vulnerabilities that allow spoofing attacks. (ii) Besides BLE, we then formally verify other security-critical protocols in all Bluetooth protocols (BC, BLE, and Mesh). We provide a comprehensive formal analysis by covering the aspects that prior research fails to include (i.e., all possible combinations of protocols and protocol configurations) and considering a more realistic attacker model (i.e., semi-compromised device). With this model, we are able to rediscover five known vulnerabilities and reveal two new issues that affect BC/BLE dual-stack devices and Mesh devices, respectively. (iii) In addition to the formal analysis of specification security, we propose and build a comprehensive formal model to analyze Bluetooth privacy (i.e., device untraceability) at the specification level. In this model, we convert device untraceability into a reachability problem so that it can be verified using existing tools without introducing false results. We discover four new issues allowed in the specification that can lead to eight device tracking attacks. We also evaluate these attacks on 13 Bluetooth implementations and find that all of them are affected by at least two issues. (iv) At the implementation level, we improve Bluetooth security by debloating (i.e., removing code) Bluetooth stack implementations, which differs from prior automatic approaches, such as fuzzing. We keep only the code of needed functionality by a user and minimize their Bluetooth attack surface by removing unneeded Bluetooth features in both the host stack code and the firmware. Through debloating, we can remove 20 known CVEs and prevent a wide range of attacks again Bluetooth. With the research presented in this thesis, we improve Bluetooth security and privacy at both the specification and implementation levels.</p> System and network security Mobile computing Bluetooth low-energy Security & privacy factors Bluetooth Classic Bluetooth Mesh Man-in-the-middle (MITM) attacks Device tracking Formal Analysis Program Analysis Debloating Spoofing attacks Reflection attacks
68	Evaluation of FMCW Radar Jamming Sensitivity Snihs, Ludvig January 2023 (has links) In this work, the interference sensitivity of an FMCW radar has been evaluated by studying the impact on a simulated detection chain. A commercially available FMCW radar was first characterized and its properties then laid the foundation for a simulation model implemented in Matlab. Different interference methods have been studied and a selection was made based on the results of previous research. One method aims to inject a sufficiently large amount of energy in the form of pulsed noise into the receiver. The second method aims to deceive the radar into seeing targets that do not actually exist by repeating the transmitted signal and thus giving the radar a false picture of its surroundings. The results show that if it is possible to synchronize with the transmitted signal then repeater jamming can be effective in misleading the radar. In one scenario the false target even succeeded in hiding the real target by exploiting the Cell-Averaging CFAR detection algorithm. The results suggests that without some smart countermeasures the radar has no way of distinguishing a coherent repeater signal, but just how successful the repeater is in creating a deceptive environment is highly dependent on the detection algorithm used. Pulsed noise also managed to disrupt the radar and with a sufficiently high pulse repetition frequency the detector could not find any targets despite a simulated object in front of the radar. On the other hand, a rather significant effective radiated power level was required for the pulse train to achieve any meaningful effect on the radar, which may be due to an undersampled signal in the simulation. It is therefore difficult based on this work to draw any conclusions about how suitable pulsed noise is in a non-simulated interference context and what parameter values to use. FMCW FMCW radar radar frequency-modulated radar noise jamming FMCW Jamming Jamming Pulse Train Pulse Jamming Spoofing Attack Spoofing Deception Repeater Jamming Repeater Automotive Radar CFAR sensor jamming constant false alarm rate electronic warfare EW FMCW FMCW radar frekvensmodulerad dopplerradar dopplerradar radar brusstörning radarstörning pulsstörning pulståg falskmål vilseledning repeterstörning bilradar sensorstörning CFAR Annan elektroteknik och elektronik
69	Automatické testování projektu JavaScript Restrictor / Automatic Testing of JavaScript Restrictor Project Bednář, Martin January 2020 (has links) The aim of the thesis was to design, implement and evaluate the results of automatic tests for the JavaScript Restrictor project, which is being developed as a web browser extension. The tests are divided into three levels - unit, integration, and system. The Unit Tests verify the behavior of individual features, the Integration Tests verify the correct wrapping of browser API endpoints, and the System Tests check that the extension does not suppress the desired functionality of web pages. The System Tests are implemented for parallel execution in a distributed environment which has succeeded in achieving an almost directly proportional reduction in time with respect to the number of the tested nodes. The benefit of this work is detection of previously unknown errors in the JavaScript Restrictor extension and provision of the necessary information that allowed to fix some of the detected bugs.
70	Machine Learning Approaches for Speech Forensics Amit Kumar Singh Yadav (19984650) 31 October 2024 (has links) <p dir="ltr">Several incidents report misuse of synthetic speech for impersonation attacks, spreading misinformation, and supporting financial frauds. To counter such misuse, this dissertation focuses on developing methods for speech forensics. First, we present a method to detect compressed synthetic speech. The method uses comparatively 33 times less information from compressed bit stream than used by existing methods and achieve high performance. Second, we present a transformer neural network method that uses 2D spectral representation of speech signals to detect synthetic speech. The method shows high performance on detecting both compressed and uncompressed synthetic speech. Third, we present a method using an interpretable machine learning approach known as disentangled representation learning for synthetic speech detection. Fourth, we present a method for synthetic speech attribution. It identifies the source of a speech signal. If the speech is spoken by a human, we classify it as authentic/bona fide. If the speech signal is synthetic, we identify the generation method used to create it. We examine both closed-set and open-set attribution scenarios. In a closed-set scenario, we evaluate our approach only on the speech generation methods present in the training set. In an open-set scenario, we also evaluate on methods which are not present in the training set. Fifth, we propose a multi-domain method for synthetic speech localization. It processes multi-domain features obtained from a transformer using a ResNet-style MLP. We show that with relatively less number of parameters, the proposed method performs better than existing methods. Finally, we present a new direction of research in speech forensics <i>i.e.</i>, bias and fairness of synthetic speech detectors. By bias, we refer to an action in which a detector unfairly targets a specific demographic group of individuals and falsely labels their bona fide speech as synthetic. We show that existing synthetic speech detectors are gender, age and accent biased. They also have bias against bona fide speech from people with speech impairments such as stuttering. We propose a set of augmentations that simulate stuttering in speech. We show that synthetic speech detectors trained with proposed augmentation have less bias relative to detector trained without it.</p> Speech recognition Audio processing Computer vision Image processing Digital forensics Deep learning media forensic speech forensics Anti-spoofing Deepfake Detection speech processing and recognition fair machine learning Deep learning autoencoders Transformer Neural Network Spectrogram analysis Self-Supervised Learning Disentangled representation learning synthetic speech attribution synthetic speech detection Multimedia Forensics

Search results