Lars Almon, M.Sc.

IoT and LPWAN Security

Contact Information

Pankratiusstr. 2
64289 Darmstadt
lalmon@seemoo.tu-darmstadt.de

Biography

Lars Almon received his master degrees in computer science and IT security from TU Darmstadt in 2015. He started working as a research associate and doctoral candiate at the Secure Mobile Networking Lab in 2015. His research focuses on secure wireless communication protocols for mobile and resource constraint devices. As well as design and management of wireless testbeds.

Offered Theses Topics

Type

Year

No results match your search criteria.

2021 Completed

Security Analysis of Neighbor Awareness Networking-capable Wi-Fi Firmware using Fuzzing

Supervisor: Lars Almon

2020 Completed

Delay-Tolerant LoRaWAN with mobile Gateways and SatCom Backhaul

Supervisor: Lars Almon

2020 Completed

LoRa for Smart Street Lamps

Supervisor: Lars Almon

2019 Completed

Creating an indoor simulation tool witha realistic antenna model for an IEEE 802.11ad 60 GHz devices

Supervisor: Allyson Sim Lars Almon

2019 Completed

Security Analysis of LoRaWAN: An Experimental Evaluation of Attacks

Supervisor: Lars Almon Flor Maria Alvarez Zurita

Read the thesis

Low-power wide-area networks (LPWAN) are becoming the wireless backbone for modern business processes and municipal administration. LoRaWAN, which stands for long-range wide-area network, is a recent medium access control (MAC) layer protocol competing for this market. It stands out by its open operator model and a novel modulation technique. With LoRaWAN and other communication technologies are becoming a dependency for more and more aspects of today's society, the question for their security and reliability comes up. Previous researches on the topic have already revealed vulnerabilities in the first LoRaWAN specification, which have been partly mitigated in the most recent LoRaWAN 1.1. However, related studies often provide only theoretical results or consider practical scenarios only on a specific, small scale. In this thesis, we present a LoRaWAN security evaluation framework that allows field-testing the security and reliability characteristics of actual LoRaWAN deployments. This provides not only reproducible results but also allows making a comparison between defined versions of the specification and LoRaWAN software. Before expounding implementation details, we provide a literature survey on LoRaWAN vulnerabilities and attacks to identify interesting aspects for further evaluation. From our experimental results, we show that jamming is a serious threat to the availability of LoRaWAN networks. Furthermore, we demonstrate the practical applicability of two replay attacks against a selection of LoRaWAN software and illustrate why they will remain relevant for years due to backward compatibility.

2019 Completed

Security Evaluation of LoRaWAN Network Servers using Fuzzing

Supervisor: Lars Almon

Low Power Wide Area Network (LPWAN) technologies like Long Range Wide Area Network (LoRaWAN) are used for creating low maintenance sensor networks in many scenarios. The central part of a LoRaWAN is the Network Server (NS). Previous security research often focused on conceptual security issues in the protocol, this work evaluates fuzzing, the security testing using semi-valid random messages, as a technique to find vulnerabilities in NSs. We investigate the situation of practical network deployments and software in use. Then we derive an approach for a general fuzzing framework for NSs. We present our fuzzer implementation in detail and describe experiments we conducted with an example network server. The results show that this network server was susceptible to a denial of service attack. We therefore conclude that fuzzing is an appropriate tool for making LoRaWANs more secure by uncovering vulnerabilities in NSs.

2019 Completed

Bluetooth Mesh Network Security Analysis: An Experimental Evaluation of Attacks Using Btlejack

Supervisor: Flor Maria Alvarez Zurita Lars Almon

2019 Completed

Intercom Security

Supervisor: Lars Almon Jiska Classen

Intercom security analysis.

2019 Completed

Practical Evaluation of LoRa in Multihop Networks

Supervisor: Lars Almon

Practical Evaluation of LoRa in Multihop Networks

2019 Completed

Implementation of a Linux User-space Neighbor Awareness Networking Protocol Stack

Supervisor: Lars Almon

Implementation of a Linux User-space Neighbor Awareness Networking Protocol Stack

2019 Completed

Practical Performance Analysis of Neighbor Awareness Networking

Supervisor: Lars Almon Milan Stute

2018 Completed

Combining WiFi, Bluetooth and BLE: Limitations and synergy effects of using Google Nearby Connections 2.0

Supervisor: Lars Almon

Now most of the smartphones are equipped with different wireless interfaces namely Wi-Fi, Bluetooth, BLE, Ad-hoc Wi-Fi, and NFC. These different interfaces have different weaknesses and strengths. Bluetooth is suited for low bandwidth and short-range communication. Bluetooth Low Energy(BLE) on the other hand is aimed at devices which have limited power supply and need to transfer data in short intervals. Wi-Fi is well suited for high bandwidth, low-latency communication with increased ranges. By utilizing the combination of these interfaces, we can enhance the performance of offline peer-to-peer connectivity. The number of devices using the Internet is growing at a rapid rate, creating traffic congestion especially by using multimedia services. we can offload and distribute this traffic using high performance peer-to-peer connectivity. With the growing need of Infrastructureless network in the remote or disaster-stricken area, better device-to-device communication could prove to be life-saving. Nearby Connections 2.0 is the new offline peer-to-peer, high bandwidth low latency API from Google. It uses a combination of Wi-Fi Direct, BLE and Bluetooth to create reliable and fast connections. In this thesis, we evaluate Nearby Connections against all three interfaces it uses. We execute 4 experiments with different network parameters to analyze the limitations and benefits of using Nearby Connections. By varying different parameters we maximize the performance of each interface to observe the behavior of Nearby Connections. Our evaluation results indicate that this is in fact not the case with Nearby Connections. It does not adjust itself to get the best out of underlying interfaces. We show the limitations of Nearby Connections API. However, it performed better than both Bluetooth and BLE but against Wi-Fi Direct it performed way below the par.

2018 Completed

Processing and evaluation of the smarter field test about delay-tolerant networks in the event of an disaster

Supervisor: Lars Almon

This thesis is about the processing and evaluation of the data generated by the Smartphone-based Communication Networks for Emergency Response (smarter) project. The smarter project is a research project that investigates the use of Delay Tolerant Networks (DTNs) as a method of communication for the civil population during a disaster situation. During this thesis the recorded data is transferred into a format readable by the simulator The Opportunistic Network Environment Simulator (The ONE), so that the field experiment can be repeated as often as required. This makes it possible to easily compare the data with that of other projects or to combine it with data genera ted by the simulator. The thesis also highlights some difficulties that may occure during the analysis and execution of field experiments.

Publications

Type

Year

Show awards only

No results match your search criteria.

2022 ACM Transactions on Sensor Networks Article

LoRaWAN Security: An Evolvable Survey on Vulnerabilities, Attacks and their Systematic Mitigation

Frank Hessel Lars Almon Matthias Hollick

BibTeX DOI: 10.1145/3561973

Abstract

The changing vulnerability and threat landscape constantly challenge the security of wireless communication standards and protocols. For the Internet of Things (IoT), LoRaWAN is one of the dominant technologies for urban environments, industrial settings, or critical infrastructures due to its low-power and long-range capabilities. LoRaWAN IoT deployments are expected to operate for multiple years or even decades. Hence, it is imperative to maintain operational security at all times while continuously evolving the security of the standard and its implementations. We survey LoRaWAN security and follow a systematic and evolvable approach that can be dynamically updated. To this end, we propose a novel methodology to create evolvable surveys which relate the analyzed critical security concepts, thus allowing IT security experts to reason about LoRaWAN security properties over time. With this, we provide a tool to hardware manufacturers, software developers and providers, and network operators to achieve sustainable security for IoT deployments.

2021 19th ACM International Symposium on Mobility Management and Wireless Access (MobiWac’21) Conference

Desynchronization and MitM Attacks Against Neighbor Awareness Networking Using OpenNAN

Lars Almon Arno Krause Oliver Fietze Matthias Hollick

PDF BibTeX DOI: 10.1145/3479241.3486689

2021 19th Annual International Conference on Mobile Systems, Applications, and Services Conference

FastZIP: faster and more secure zero-interaction pairing

Mikhail Fomichev Julia Hesse Lars Almon Timm Lippert Jun Han Matthias Hollick

BibTeX DOI: 10.1145/3458864.3467883

Abstract

With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.

2021 IEEE Transactions on Dependable and Secure Computing Article

RESCUE: A Resilient and Secure Device-to-Device Communication Framework for Emergencies

Milan Stute Florian Kohnhauser Lars Baumgärtner Lars Almon Matthias Hollick Stefan Katzenbeisser Bernd Freisleben

PDF BibTeX DOI: 10.26083/tuprints-00017838

Abstract

During disasters, existing telecommunication infrastructures are often congested or even destroyed. In these situations, mobile devices can form a backup communication network for civilians and emergency services using disruption-tolerant networking (DTN) principles. Unfortunately, such distributed and resource-constrained networks are particularly susceptible to a wide range of attacks such as terrorists trying to cause more harm. In this paper, we present RESCUE, a resilient and secure device-to-device communication framework for emergency scenarios that provides comprehensive protection against common attacks. RESCUE features a minimalistic DTN protocol that, by design, is secure against notable attacks such as routing manipulations, dropping, message manipulations, blackholing, or impersonation. To further protect against message flooding and Sybil attacks, we present a twofold mitigation technique. First, a mobile and distributed certificate infrastructure particularly tailored to the emergency use case hinders the adversarial use of multiple identities. Second, a message buffer management scheme significantly increases resilience against flooding attacks, even if they originate from multiple identities, without introducing additional overhead. Finally, we demonstrate the effectiveness of RESCUE via large-scale simulations in a synthetic as well as a realistic natural disaster scenario. Our simulation results show that RESCUE achieves very good message delivery rates, even under flooding and Sybil attacks.

2020 Transactions on Dependable and Secure Computing Article

RESCUE: A Resilient and Secure Device-to-Device Communication Framework for Emergencies

Milan Stute Florian Kohnhäuser Lars Baumgärtner Lars Almon Matthias Hollick Stefan Katzenbeisser Bernd Freisleben

PDF BibTeX DOI: 10.1109/TDSC.2020.3036224

2020 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Frank Hessel Lars Almon Flor Álvarez

PDF BibTeX DOI: 10.1145/3395351.3399423

2020 IEEE DCOSS 2020: International Conference on Distributed Computing in Sensor Systems Conference

Concurrent Wireless Cut-Through Forwarding: Ultra Low-Latency Multi-Hop Communication for the IoT

Nicolás Himmelmann Dingwen Yuan Lars Almon Matthias Hollick

PDF BibTeX

2020 IEEE International Conference on Communications (icc2020) Conference

NEAT-TCP: Generation of TCP Congestion Control Through Neuroevolution of Augmenting Topologies

Kay Luis Wallaschek Robin Klose Lars Almon Matthias Hollick

PDF BibTeX

Abstract

We present NEAT-TCP, a novel technique to automatically generate congestion control algorithms in a data-driven fashion while optimizing towards a specified global system utility. NEAT-TCP employs an artificial neural network (ANN) in each node and generates a population of ANNs by means of an evolutionary algorithm called NEAT. The ANNs run independently from each other at the communication endpoints and take only features as inputs that are locally available at these nodes. We define the system utility as a combined maximization of overall throughput and throughput fairness between flows according to Jain's fairness index. The nodes are deployed in a grid topology in ns-3 simulations, which makes it particularly difficult to maximize the utility due to different interference levels for the data flows. In our experiments, NEAT-TCP achieves 69 % more fairness, 66 % less mean end-to-end delay and 71 % less packet loss in relation to TCP New Reno at the cost of 19 % less overall throughput, which meets our multi-criteria objective.

2019 Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) Article

Perils of Zero-Interaction Security in the Internet of Things

Mikhail Fomichev Max Maass Lars Almon Alejandro Molina Matthias Hollick

PDF BibTeX DOI: 10.1145/3314397

Abstract

The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations. In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%.

2019 2019 IEEE 44nd Conference on Local Computer Networks (LCN) Conference

The King is Dead Long Live the King! Towards Systematic Performance Evaluation of Heterogeneous Bluetooth Mesh Networks in Real World Environments

Lars Almon Flor Álvarez Laurenz Kamp Matthias Hollick

BibTeX

Abstract

Wireless networks based on Bluetooth mesh (BM) promise a variety of Internet of Things applications from health- care monitoring to smart buildings. BM introduces a novel network concept that supports up to 32767 devices and 127 hops. So far no readily available dataset or toolset exists to perform systematic in-depth performance analysis of this standard. In this paper, we present insights on the performance and practical usability of BM. We conduct realistic smart office experiments with heterogeneous devices distributed throughout an area of approximately 1100m2. By varying network pa- rameters and BM node features, we collect the first public available BM dataset. Based on our experience, the use of current implementations is error-prone due to the complexity of BM. To facilitate researchers to conduct further experiments, we propose a toolset to configure and systematically evaluate BM performance. Finally we discuss several pitfalls that should be avoided in designing and deploying such networks.

2019 Security Standardisation Research Conference 2019 (ACM CCS Workshop) Conference

Toxic Friends in Your Network: Breaking the Bluetooth Mesh Friendship Concept

Flor Álvarez Lars Almon Ann-Sophie Hahn Matthias Hollick

BibTeX

Abstract

Bluetooth Low Energy is the dominant wireless technology empowering the Internet-of-Things. It has recently been amended with Bluetooth Mesh, which promises secure low energy multi-hop wireless connectivity with a software-only upgrade to existing Bluetooth devices. Bluetooth Mesh claims to be suitable for building large-scale multi-hop sensor networks with thousands of devices and up to 127 hops. In particular, it introduces the friendship concept, allowing low power Internet-of-Things devices to save energy by going into sleep mode, while their associated friend node caches their packets. In this paper, we show that the security model underlying the friendship concept introduces a number of simplifying assumptions that can be harnessed against the Bluetooth Mesh network. We demonstrate three fundamental vulnerabilities in the security model that lead to denial-of-service and impersonation attacks. Furthermore, we experimentally proof that our denial-of-service attack significantly affects the battery life of low power Internet-of-Things devices from a normal duration of two years to just few days. In addition, we introduce btlemesh, an open-source tool to analyze Bluetooth Mesh and perform the aforementioned security tests in practice. Finally, we discuss possible countermeasures to mitigate these vulnerabilities.

2019 9th IEEE Global Humanitarian Technology Conference (IEEE GHTC 2019) Conference

Bluemergency: Mediating Post-disaster Communication Systems using the Internet of Things and Bluetooth Mesh

Flor Álvarez Lars Almon Hauke Radtki Matthias Hollick

BibTeX

Abstract

Mobile devices have shown to be very useful during and post disaster. If the communication infrastructure breaks down, however, they become almost useless as most services rely on Internet connectivity. Building post-disaster networks based purely on smartphones remains a challenging task, and, as of today, no practical solutions exist. The rapidly growing Internet of Things (IoT) offers the possibility to improve this situation. With an increase in smart spaces such as smart homes and smart offices, we move towards digital cities that are deeply penetrated by IoT technology. Many IoT devices are battery powered and can aid in mediating an emergency network. In scenarios where the electrical grid is still operational, yet communication infrastructure failed, non-battery powered IoT devices can similarly help to relief congestion or build a backup network in case of cyber attacks. With the recent release of the Bluetooth Mesh standard, a common interface between mobile devices and the IoT has become available. The key idea behind this standard is to allow existing and new devices to build large-scale multi-hop sensor networks. By enabling hundreds of devices to communicate with each other, Bluetooth Mesh (BT MESH) becomes a practical technical solution for enabling communication post disaster. In this paper, we propose a novel emergency network concept that utilizes the parts of digital cities that remains operational in case of disaster, thus mediating large- scale post-disaster device-to-device communication. Since the Bluetooth Mesh standard is backwards compatible to Bluetooth 4.0, most of today’s mobile devices can join such a network. No special hardware or software modifications are necessary, especially no jail-breaking of the smartphones.

2018 Die Fortentwicklung des Datenschutzes Other

Ad-Hoc-Kommunikation – Gesellschaftlich wünschenswert, rechtlich ungeregelt

Lars Almon Flor Álvarez Patrick Lieser Tobias Meuser Fabian Schaller

BibTeX DOI: 10.1007/978-3-658-23727-1_5

2018 CHANTS '18 - 13th Workshop on Challenged Networks Conference

Conducting a Large-scale Field Test of a Smartphone-based Communication Network for Emergency Response

Flor Álvarez Lars Almon Patrick Lieser Tobias Meuser Yannick Dylla Björn Richerzhagen Matthias Hollick Ralf Steinmetz

PDF BibTeX DOI: 10.1145/3264844.3264845

Abstract

Smartphone-based communication networks form a basis for services in emergency response scenarios, where communication infrastructure is impaired or overloaded. Still, their design and evaluation are largely based on simulations that rely on generic mobility models and weak assumptions regarding user behavior. For a realistic assessment, scenario-specific models are essential. To this end, we conducted a large-scale field test of a set of emergency services that relied solely on ad hoc communication. Over the course of one day, we gathered data from smartphones distributed to 125 participants in a scripted disaster event. In this paper, we present the scenario, measurement methodology, and a first analysis of the data. Our work provides the first trace combining user interaction, mobility, and additional sensor readings of a large-scale emergency response scenario, facilitating future research.

2017 IEEE Conference on Local Computer Networks (LCN) Conference

SEDCOS: A Secure Device-to-Device Communication System for Disaster Scenarios

Florian Kohnhäuser Milan Stute Lars Baumgärtner Lars Almon Stefan Katzenbeisser Matthias Hollick Bernd Freisleben

BibTeX

2017 IEEE International Workshop on Practical Issues in Building Sensor Network Applications Conference Postprint

SEDCOS: A Secure Device-to-Device Communication System for Disaster Scenarios

Florian Kohnhäuser Milan Stute Lars Baumgärtner Lars Almon Stefan Katzenbeisser Matthias Hollick Bernd Freisleben

PDF BibTeX DOI: 10.25534/tuprints-00013329

Abstract

During disasters, existing telecommunication infrastructures are often congested or even destroyed. In these situations, mobile devices can be interconnected using wireless ad hoc and disruption-tolerant networking to establish a backup emergency communication system for civilians and emergency services. However, such communication systems entail serious security risks, since adversaries may attempt to steal confidential data, fake notifications of emergency services, or perform denial-of-service (DoS) attacks. In this paper, we present SEDCOS, a secure device-to-device communication system for disaster scenarios. SEDCOS allows new users to join the network during disasters, mitigates flooding DoS attacks, and offers role revocation for detected adversaries to withdraw their permissions and exclude them from group communication. SEDCOS mitigates flooding DoS attacks and offers role revocation for detected adversaries to withdraw their permissions and exclude them from group communication. SEDCOS mitigates flooding DoS attacks and offers role revocation for detected adversaries to withdraw their permissions. We demonstrate the effectiveness of SEDCOS by large-scale network simulations.

2017 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Conference

Lightweight Detection of Denial-of-Service Attacks on Wireless Sensor Networks Revisited

Michael Riecker Lars Almon Matthias Hollick

PDF BibTeX DOI: 10.1109/LCN.2017.110

Abstract

The resource-constrained nature of sensor nodes makes wireless sensor networks (WSNs) especially susceptible to denial-of-service (DoS) attacks. Due to the wireless communication medium, it is difficult to prevent attacks such as jamming. Hence, mechanisms to detect attacks during operation are required. The current generation of intrusion detection systems are still rather heavyweight, as some form of collaboration is typically needed. In this paper, we study the behavior of a large number of node-centric metrics under jamming and blackhole attacks, by applying a logistic regression. In our experiments, we vary several parameters, such as traffic intensity, transmission power, and attacker location. We consider the most common topologies in wireless sensor networks such as central data collection and meshed multi-hop networks by using the collection tree and the mesh protocol. The created regression models are then used to implement a fully localized intrusion detection system requiring no collaboration, showing that certain models can be generalized to different networks.