The Internet of Things (IoT) has seen exceptional adoption in recent years, resulting in an unprecedented level of connectivity in personal and industrial domains. In parallel, software-defined radio (SDR) technology has become increasingly powerful, making it a compelling tool for wireless security research across multiple communication protocols. Specifically, SDRs are capable of manipulating the physical layer of protocols in software, which would otherwise be implemented statically in hardware. This flexibility enables research that goes beyond the boundaries of protocol specifications. This dissertation pursues four research directions that are either enabled by software-defined radio technology, or advance its utility for security research.
First, we investigate the anti-tracking mechanisms defined by the Bluetooth Low Energy (BLE) wireless protocol. This protocol, present in virtually all wearable smart devices, implements address randomization in order to prevent unwanted tracking of its users. By analyzing raw advertising data from BLE devices using SDRs, we identify a vulnerability that allows an attacker to track a BLE device beyond the address randomization defined by the protocol.
Second, we implement a compact, SDR-based testbed for physical layer benchmarking of wireless devices. The testbed is capable of emulating multiple data transmissions and produce intentional signal corruption in very precisely defined ways in order to investigate receiver robustness and undefined device behavior in the presence of malformed packets. We subject a range of Wi-Fi and Zigbee devices to specifically crafted packet collisions and "truncated packets" as a way to fingerprinting wireless device chipsets.
Third, we introduce a middleware framework, coined "Snout", to improves accessibility and usability of SDRs. The architecture provides standardized data pipelines as well as an abstraction layer to GNU Radio flowgraphs which power SDR signal processing. This abstraction layer improves usability and maintainability by providing a declarative experiment configuration format instead of requiring constant manipulation of the signal processing code during experimentation. We show that Snout does not result in significant computational overhead, and maintains a predictable and modest memory footprint.
Finally, we address the visibility problem arising from the growing number of IoT protocols across large bands of radio spectrum. We model an SDR-based IoT monitor which is capable of scanning multiple channels (including across multiple protocols), and employs channel switching policies to maximize freshness of information obtained by transmitting devices. We present multiple policies and compare their performance against an optimal Markov Decision Process (MDP) model, as well as through event-based simulation using real-world device traffic.
The results of this work demonstrate the use of SDR technology in privacy and security research of IoT device communication, and open up opportunities for further low-layer protocol discoveries that require the use of software-defined radio as a research tool.
| Identifer | oai:union.ndltd.org:bu.edu/oai:open.bu.edu:2144/44706 |
| Date | 23 May 2022 |
| Creators | Becker, Johannes Karl |
| Contributors | Starobinski, David |
| Source Sets | Boston University |
| Language | en_US |
| Detected Language | English |
| Type | Thesis/Dissertation |
| Rights | Attribution-NonCommercial-NoDerivatives 4.0 International, http://creativecommons.org/licenses/by-nc-nd/4.0/ |
Page generated in 0.0019 seconds