Dr.-Ing. Milan Stute

Security of Apple's Wireless Ecosystem / Availability by Design

Contact Information

Pankratiusstraße 2
64289 Darmstadt
mstute@seemoo.tu-darmstadt.de
Homepage

Biography

Milan Stute is a postdoctoral researcher at the Secure Mobile Networking Lab and was acting managing director of the LOEWE center emergenCITY. His research focuses on denial-of-service attacks and prevention mechanisms for distributed wireless networks as well as analyzing Apple's wireless ecosystem. He received the B.Sc. (2012), M.Sc. (2014), and Ph.D. (2020) degrees from Technical University of Darmstadt. He is recipient of several awards including outstanding Bachelor and Master thesis awards as well as ACM MobiCom Best Community Paper and Demo Awards.

Offered Theses Topics

Type

Year

No results match your search criteria.

2020 Completed

Analysis of Apple's crowdsourced location tracking system

Supervisor: Milan Stute

2020 Completed

Wi-Fi Sharing for All: Reverse Engineering and Breaking the Apple Wi-Fi Password Sharing Protocol

Supervisor: Milan Stute

Modern devices provide more and more functionality, simplifying everyday tasks. Obscured from the user are the complex, proprietary, and undocumented protocol stacks, most of them always listening in the background. In this thesis, we take a look at one of these features, Apple Wi-Fi Password Sharing, which enables users to share the Wi-Fi password to guests in their home. We publish documentation of involved frameworks, describe the actual protocol, and search for vulnerabilities. Besides one implementation bug, we find multiple small flaws in the protocol and user interface, which we combine into two attacks, a denial-of-service attack, which crashes the iOS settings app, and a man-in-the-middle attack, which spoofs the victim into an attacker-controlled Wi-Fi network.

2019 Completed

Analyzing Apple’s Private Wireless Communication Protocols with a Focus on Security and Privacy

Supervisor: Milan Stute

2019 Completed

Practical Performance Analysis of Neighbor Awareness Networking

Supervisor: Lars Almon Milan Stute

2018 Completed

Security Aspects of the Apple Wireless Direct Link Protocol

Supervisor: Milan Stute

2018 Completed

Desynchronization Attacks and Mitigations for the Apple Wireless Direct Link Protocol

Supervisor: Milan Stute

2018 Completed

Draining Mallory and Sybil: DoS-resistant Disruption-Tolerant Networks

Supervisor: Milan Stute

Description Disruption-Tolerant Networks (DTNs) can be used as a communication means in the emergency context when communication infrastructure is unavailable. In DTNs, mobile user devices such as smartphones act as “data mules”: they store, carry and forward messages. Unfortunately, the “storing” part is especially vulnerable to denial-of-service (DoS) attacks since an attacker can flood the network with bogus information and, thus, replace or purge valid messages from a node’s buffer. In this thesis, you will implement and evaluate a novel, DoS-resistant buffer management scheme in IBR-DTN [1], DTN implementation written in C++, which also runs on standard Android smartphones. [1] IBR-DTN. https://github.com/ibrdtn/ibrdtn.

2018 Completed

Practical Defense Against Pollution Attacks in Network Coding-based Systems

Supervisor: Milan Stute

Motivation Network Coding has many positives properties that make it especially suitable for Wireless Multihop Networks [1]. Network Coding can be used to increase the effective capacity of the network, by coding (simplest form: bit-wise XOR) together packets of different flows and forwarding them in a single broadcast transmission to their intended receivers, e.g., [2]. It can also be used within a single flow to improve forward error correction (FEC) and, thus, increase transmission reliability, e.g., [3]. Unfortunately, systems based on Network Coding are easy targets for a number of attacks, and even easier to disrupt than protocols based on traditional forwarding [4]. Goal In this thesis, you will familiarize yourself with the concept of Network Coding and analyize potential threats to both inter- and intra-flow Network Coding. Based on this, you will design and implement practical security measures. The design should then be validated against a number of different attacks.

2018 Completed

Experimental Evaluation of Mobile Attacks on Ad hoc Routing Protocols

Supervisor: Milan Stute

2017 Completed

Understanding the Apple Auto Unlock Protocol

Supervisor: Milan Stute

Description Abstract of final thesis: The Apple Watch provides the ability to automatically unlock a device running macOS when in proximity. The underlying proprietary protocol is called Auto Unlock (AU) and differs from other smart locking techniques. It uses a combination of two wireless technologies: Bluetooth Low Energy (BLE) and IEEE 802.11, to facilitate secure proximity detection. In this work we analyze the protocol by using reverse engineering and dynamic debugging. We show that AU uses both standardized protocols as well as proprietary techniques to implement a secure distance bounding protocol. With this knowledge, we discuss attack vectors and conduct a successful Man-in-the-Middle (MitM) attack on the protocol. Furthermore, we provide a starting point to allow implementations on other platforms by specifying the protocol and establish the foundation for further attacks.

2017 Completed

Reverse Engineering the Apple Wireless Direct Link Protocol

Supervisor: Milan Stute Flor Maria Alvarez Zurita

Apple Wireless Direct Link (AWDL) is a proprietary and undocumented 802.11 based peer-to-peer protocol. It is implemented in all of Apple's operating systems. In this thesis a reverse engineering method using binary analysis complemented by runtime analysis with traces and logs was applied. We found that each device in AWDL provides its own channel sequence. An elected master node is used to synchronize these sequences. Outside these windows of time, devices can use their wireless radio for other protocols or save energy by turning it off. Each node adapts its channel sequence, e.g. depending on network load, shifting the ratio between infrastructure and peer-to-peer Wi-Fi. This thesis also provides a first analysis of AWDL, includes the frame format documentation and presents a Wireshark dissector and a prototype implementation for AWDL.

2017 Completed

Neighbor Discovery and Maintenance under Mobility in mmWave-based Mesh Networks

Supervisor: Daniel Steinmetzer Milan Stute

2017 Completed

Design, Implementation and Evaluation of Realistic Scenarios and Movement Models for Natural Disasters Using Simulations for Delay Tolerant Networks

Supervisor: Milan Stute Max Maass

Description Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.

2016 Completed

Energy efficient WiFi analysis framework on smartphones

Supervisor: Milan Stute

Publications

Type

Year

Show awards only

No results match your search criteria.

2022 30th USENIX Security Symposium (USENIX Security 21) Conference

Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

Milan Stute Alexander Heinrich Jannik Lorenz Matthias Hollick

PDF BibTeX DOI: 10.26083/tuprints-00020603

Abstract

Apple controls one of the largest mobile ecosystems, with 1.5 billion active devices worldwide, and offers twelve proprietary wireless Continuity services. Previous works have unveiled several security and privacy issues in the involved protocols. These works extensively studied AirDrop while the coverage of the remaining vast Continuity service space is still low. To facilitate the cumbersome reverse-engineering process, we describe the first guide on how to approach a structured analysis of the involved protocols using several vantage points available on macOS. Also, we develop a toolkit to automate parts of this otherwise manual process. Based on this guide, we analyze the full protocol stacks involved in three Continuity services, in particular, Handoff (HO), Universal Clipboard (UC), and Wi-Fi Password Sharing (PWS). We discover several vulnerabilities spanning from Bluetooth Low Energy (BLE) advertisements to Apple's proprietary authentication protocols. These flaws allow for device tracking via HO's mDNS responses, a denial-of-service (DoS) attack on HO and UC, a DoS attack on PWS that prevents Wi-Fi password entry, and a machine-in-the-middle (MitM) attack on PWS that connects a target to an attacker-controlled Wi-Fi network. Our PoC implementations demonstrate that the attacks can be mounted using affordable off-the-shelf hardware ($20 micro:bit and a Wi-Fi card). Finally, we suggest practical mitigations and share our findings with Apple, who have started to release fixes through iOS and macOS updates.

2022 30th USENIX Security Symposium (USENIX Security 21) Conference

PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Alexander Heinrich Matthias Hollick Thomas Schneider Milan Stute Christian Weinert

PDF BibTeX DOI: 10.26083/tuprints-00020599

Abstract

Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

2022 The 21st Privacy Enhancing Technologies Symposium Conference

Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System

Alexander Heinrich Milan Stute Tim Kornhuber Matthias Hollick

PDF BibTeX DOI: 10.26083/tuprints-00020598

Abstract

Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called o~ine finding (OF). OF leverages online finder devices to detect the presence of missing o~ine devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, prevent tracking of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user’s top locations with an error in the order of 10 meters in urban areas. While we find that OF’s design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.

2021 30th USENIX Security Symposium Conference

PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Alexander Heinrich Matthias Hollick Thomas Schneider Milan Stute Christian Weinert

PDF BibTeX

Abstract

2021 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

AirCollect: Efficiently Recovering Hashed Phone Numbers Leaked via Apple AirDrop

Alexander Heinrich Matthias Hollick Thomas Schneider Milan Stute Christian Weinert

PDF BibTeX DOI: 10.1145/3448300.3468252

Abstract

Apple’s file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user’s own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security’21, we theoretically describe two attacks to exploit these vulnerabilities and propose “PrivateDrop” as a privacy-preserving drop-in replacement for Apple’s AirDrop protocol based on private set intersection. In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple “collector” devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as “AirCollect” on GitHub.

2021 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple's Massive Find My Network

Alexander Heinrich Milan Stute Matthias Hollick

BibTeX DOI: 10.1145/3448300.3468251

Abstract

OpenHaystack is an open-source framework for locating personal Bluetooth devices using Apple’s Find My Network. A user can integrate it into Bluetooth-capable devices, such as notebooks, or create custom tracking accessories that can be attached to personal items (key rings, backpacks, etc.). We provide firmware images for the Nordic nRF5 chips and the ESP32. We show that they consume little energy and run from a single coin cell for a year. Our macOS application can locate personal accessories. Finally, we make both application and firmware available on GitHub.

2021 30th USENIX Security Symposium Conference

Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

Milan Stute Alexander Heinrich Jannik Lorenz Matthias Hollick

PDF BibTeX

Abstract

2021 Proceedings on Privacy Enhancing Technologies Article

Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System

Alexander Heinrich Milan Stute Tim Kornhuber Matthias Hollick

BibTeX DOI: 10.2478/popets-2021-0045

2021 WiSec '20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference Postprint

DEMO: BTLEmap: Nmap for Bluetooth Low Energy

Alexander Heinrich Milan Stute Matthias Hollick

PDF BibTeX DOI: 10.26083/tuprints-00017839

Abstract

The market for Bluetooth Low Energy (BLE) devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, Generic Attribute Profile (GATT) service discovery, and device fingerprinting. It also features a BLE advertisement dissector, data exporter, and a user-friendly UI including a proximity view. BTLEmap currently runs on iOS and macOS using Apple's CoreBluetooth API but also accepts alternative data inputs such as a Raspberry Pi to overcome the restricted vendor API. The open-source project is under active development and will provide more advanced capabilities such as long-term device tracking (in spite of MAC address randomization) in the future.

2021 IEEE Transactions on Dependable and Secure Computing Article

RESCUE: A Resilient and Secure Device-to-Device Communication Framework for Emergencies

Milan Stute Florian Kohnhauser Lars Baumgärtner Lars Almon Matthias Hollick Stefan Katzenbeisser Bernd Freisleben

PDF BibTeX DOI: 10.26083/tuprints-00017838

Abstract

During disasters, existing telecommunication infrastructures are often congested or even destroyed. In these situations, mobile devices can form a backup communication network for civilians and emergency services using disruption-tolerant networking (DTN) principles. Unfortunately, such distributed and resource-constrained networks are particularly susceptible to a wide range of attacks such as terrorists trying to cause more harm. In this paper, we present RESCUE, a resilient and secure device-to-device communication framework for emergency scenarios that provides comprehensive protection against common attacks. RESCUE features a minimalistic DTN protocol that, by design, is secure against notable attacks such as routing manipulations, dropping, message manipulations, blackholing, or impersonation. To further protect against message flooding and Sybil attacks, we present a twofold mitigation technique. First, a mobile and distributed certificate infrastructure particularly tailored to the emergency use case hinders the adversarial use of multiple identities. Second, a message buffer management scheme significantly increases resilience against flooding attacks, even if they originate from multiple identities, without introducing additional overhead. Finally, we demonstrate the effectiveness of RESCUE via large-scale simulations in a synthetic as well as a realistic natural disaster scenario. Our simulation results show that RESCUE achieves very good message delivery rates, even under flooding and Sybil attacks.

2020 Transactions on Dependable and Secure Computing Article

RESCUE: A Resilient and Secure Device-to-Device Communication Framework for Emergencies

Milan Stute Florian Kohnhäuser Lars Baumgärtner Lars Almon Matthias Hollick Stefan Katzenbeisser Bernd Freisleben

PDF BibTeX DOI: 10.1109/TDSC.2020.3036224

2020 IEEE Internet of Things Journal Article

LIDOR: A Lightweight DoS-Resilient Communication Protocol for Safety-Critical IoT Systems

Milan Stute Pranay Agarwal Abhinav Kumar Arash Asadi Matthias Hollick

PDF BibTeX DOI: 10.1109/JIOT.2020.2985044

2020 WiSec 2020: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

DEMO: BTLEmap: Nmap for Bluetooth Low Energy

Alexander Heinrich Milan Stute Matthias Hollick

PDF BibTeX DOI: 10.1145/3395351.3401796

2020 Technische Universität Darmstadt PhD thesis

Availability by Design: Practical Denial-of-Service-Resilient Distributed Wireless Networks

Milan Stute

PDF BibTeX DOI: 10.25534/tuprints-00011457

Abstract

Distributed wireless networks (DWNs) where devices communicate directly without relying on Internet infrastructure are on the rise, driving new applications and paradigms such as multimedia, authentication, payment, Internet of things (IoT), vehicular communication, and emergency response. However, the increased societal reliance on technology and the resulting “always-on” expectations of the users increase the risk of denial-of-service (DoS) attacks as they can leverage disruption in new ways beyond extortions (ransomware) that are common in today’s Internet ecosystem. These new risks extend to our physical world, directly impacting our daily lives, e.g., by being locked out of a smart home or by disrupting vehicular collision avoidance systems. As a research community, we need to protect those new applications that—as we find—can be mapped to a total of three distinct networking scopes: neighbor, island, and archipelago. In this thesis, we advance the field in each of these scopes. First, we analyze two proprietary neighbor communication protocols, Apple Wireless Direct Link (AWDL) and Apple AirDrop, that are deployed on more than 1.4 billion devices worldwide. During the process, we uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a machine-in-the-middle (MitM) attack on AirDrop, a DoS attack on AWDL preventing communication, and DoS attacks enabling crashing of neighboring devices. In addition, we found privacy leaks that enable user identification and long-term tracking. All attacks can be mounted using low-cost off-the-shelf hardware. In total, we disclose eight distinct vulnerabilities that we mitigate in collaboration with Apple. Second, we design and implement a new island communication protocol tailored to IoT scenarios, which provides provable protections against previously neglected risks such as wormhole- and replay-supported greyhole attacks. We support our analytical findings with testbed experiments. Third, we propose an archipelago-scope communication framework for emergencies that achieves resiliency against flooding and Sybil attacks. We evaluate our design using an original expert knowledge-based simulation that models human mobility during the aftermath of the 2013 Typhoon Haiyan in the Philippines. Finally, and to nourish future research, we provide a guide for analyzing Apple’s wireless ecosystem and publish several software artifacts, including an AWDL Wireshark dissector, open AWDL and AirDrop implementations, a prototype of our IoT communication protocol, and our natural disaster mobility model.

2020 IEEE Internet of Things Journal Article Postprint

LIDOR: A Lightweight DoS-Resilient Communication Protocol for Safety-Critical IoT Systems

Milan Stute Pranay Agarwal Abhinav Kumar Arash Asadi Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013320

Abstract

IoT devices penetrate different aspects of our life including critical services, such as health monitoring, public safety, and autonomous driving. Such safety-critical IoT systems often consist of a large number of devices and need to withstand a vast range of known Denial-of-Service (DoS) network attacks to ensure a reliable operation while offering low-latency information dissemination. As the first solution to jointly achieve these goals, we propose LIDOR, a secure and lightweight multihop communication protocol designed to withstand all known variants of packet dropping attacks. Specifically, LIDOR relies on an end-to-end feedback mechanism to detect and react on unreliable links and draws solely on efficient symmetric-key cryptographic mechanisms to protect packets in transit. We show the overhead of LIDOR analytically and provide the proof of convergence for LIDOR which makes LIDOR resilient even to strong and hard-to-detect wormhole-supported grayhole attacks. In addition, we evaluate the performance via testbed experiments. The results indicate that LIDOR improves the reliability under DoS attacks by up to 91% and reduces network overhead by 32% compared to a state-of-the-art benchmark scheme.

2020 24th Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2018) Conference Postprint

Demo: Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link

Milan Stute David Kreitschmann Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013316

Abstract

Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless ad hoc protocol that Apple introduced around 2014 and which is the base for applications such as AirDrop and AirPlay. We have reverse engineered the protocol and explain its frame format and operation in our MobiCom '18 paper "One Billion Apples' Secret Sauce: Recipe of the Apple Wireless Direct Link Ad hoc Protocol." AWDL builds on the IEEE 802.11 standard and implements election, synchronization, and channel hopping mechanisms on top of it. Furthermore, AWDL features an IPv6-based data path which enables direct communication. To validate our own work, we implement a working prototype of AWDL on Linux-based systems. Our implementation is written in C, runs in userspace, and makes use of Linux's Netlink API for interactions with the system's networking stack and the pcap library for frame injection and reception. In our demonstrator, we show how our Linux system synchronizes to an existing AWDL cluster or takes over the master role itself. Furthermore, it can receive data frames from and send them to a MacBook or iPhone via AWDL. We demonstrate the data exchange via ICMPv6 echo request and replies as well as sending and receiving data over a TCP connection.

2020 International Journal of Disaster Risk Reduction Article

Empirical insights for designing Information and Communication Technology for International Disaster Response

Milan Stute Max Maass Tom Schons Marc-André Kaufhold Christian Reuter Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013309

Abstract

Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.

2020 24th Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2018) Conference Postprint

One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol

Milan Stute David Kreitschmann Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013315

Abstract

Apple Wireless Direct Link (AWDL) is a proprietary and undocumented IEEE 802.11-based ad hoc protocol. Apple first introduced AWDL around 2014 and has since integrated it into its entire product line, including iPhone and Mac. While we have found that AWDL drives popular applications such as AirPlay and AirDrop on more than one billion end-user devices, neither the protocol itself nor potential security and Wi-Fi coexistence issues have been studied. In this paper, we present the operation of the protocol as the result of binary and runtime analysis. In short, each AWDL node announces a sequence of Availability Windows (AWs) indicating its readiness to communicate with other AWDL nodes. An elected master node synchronizes these sequences. Outside the AWs, nodes can tune their Wi-Fi radio to a different channel to communicate with an access point, or could turn it off to save energy. Based on our analysis, we conduct experiments to study the master election process, synchronization accuracy, channel hopping dynamics, and achievable throughput. We conduct a preliminary security assessment and publish an open source Wireshark dissector for AWDL to nourish future work.

2020 IFIP Networking Conference Postprint

SEMUD: Secure multi-hop device-to-device communication for 5G public safety networks

Milan Schmittner Arash Asadi Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013324

Abstract

Multi-hop Device-to-Device (D2D) communication has emerged as a key enabler for public safety applications in 5G networks. A failure of these applications would be catastrophic since they control vital human-in-the-loop services. As a result, it is of utmost importance to identify and mitigate security risks prior to commercial deployment. To this end, we devise SEMUD, the first secure multi-hop D2D solution for 5G mobile networks. It enables robust and secure communication even in the absence of supporting infrastructure. We design SEMUD to be compliant with 3GPP Proximity-based Services, the standard to implement D2D communications. We implement SEMUD in the ns-3 simulator and our testbed. Via extensive simulation, we assert its resilience against strong adversaries and attacks. Furthermore, we show the energy efficiency and achievable throughput of our proposal on real devices.

2020 28th USENIX Security Symposium (USENIX Security 19) Conference

A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link

Milan Stute Sashank Narain Alex Mariotto Alexander Heinrich David Kreitschmann Guevara Noubir Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013264

Abstract

Apple Wireless Direct Link (AWDL) is a key protocol in Apple's ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop. We conduct the first security and privacy analysis of AWDL and its integration with BLE. We uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a man-in-the-middle (MitM) attack enabling stealthy modification of files transmitted via AirDrop, denial-of-service (DoS) attacks preventing communication, privacy leaks that enable user identification and long-term tracking undermining MAC address randomization, and DoS attacks enabling targeted or simultaneous crashing of all neighboring devices. The flaws span across AirDrop's BLE discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. Our analysis is based on a combination of reverse engineering of protocols and code supported by analyzing patents. We provide proof-of-concept implementations and demonstrate that the attacks can be mounted using a low-cost ($20) micro:bit device and an off-the-shelf Wi-Fi card. We propose practical and effective countermeasures. While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services.

2019 GetMobile: Mobile Computing and Communications Article

Reverse Engineering and Evaluating the Apple Wireless Direct Link Protocol

Milan Stute David Kreitschmann Matthias Hollick

BibTeX DOI: 10.1145/3351422.3351432

2019 28th USENIX Security Symposium (USENIX Security '19) Conference

A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link

Milan Stute Sashank Narain Alex Mariotto Alexander Heinrich David Kreitschmann Guevara Noubir Matthias Hollick

PDF BibTeX

Abstract

2018 12th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH '18) Conference

TPy: A Lightweight Framework for Agile Distributed Network Experiments

Daniel Steinmetzer Milan Stute Matthias Hollick

PDF BibTeX DOI: 10.1145/3267204.3267214

Abstract

Experimental validation of novel network solutions, protocols, and applications gains increasing importance. The complexity of today's network systems makes evaluations in physical testbeds mandatory to capture real-world effects. However, this causes methodological and technical issues and challenges researchers in handling their agile testbed deployments. In contrast to Internet-scale testbeds, most agile experiments require specific topologies, specialized hardware, or a custom environment. They typically run only a few times and demand live user interaction. Existing management systems for Internet-scale testbeds do not accommodate these needs due to their complexity and maintenance overhead. In this paper, we present TPy, a lightweight and flexible framework to conduct distributed network experiments. TPy is written in Python and extendable via modules. To demonstrate its versatility and ease-of-use, we use TPy to perform experiments in the domains of millimeter-wave and secure multi-hop communications. We share TPy as open source software to support the community of experimental evaluation.

2018 The 24th Annual International Conference on Mobile Computing and Networking (MobiCom '18) Conference

Demo: Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link

Milan Stute David Kreitschmann Matthias Hollick

PDF BibTeX DOI: 10.1145/3241539.3267716

Abstract

2018 The 24th Annual International Conference on Mobile Computing and Networking (MobiCom '18) Conference

One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol

Milan Stute David Kreitschmann Matthias Hollick

PDF BibTeX DOI: 10.1145/3241539.3241566

Abstract

2018 2018 ACM International Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization (WiNTECH'18) Conference Postprint

TPy: A Lightweight Framework for Agile Distributed Network Experiments

Daniel Steinmetzer Milan Stute Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013317

Abstract

2017 2017 IEEE Global Humanitarian Technology Conference Conference Postprint

Emergency Communication in Challenged Environments via Unmanned Ground and Aerial Vehicles

Lars Baumgärtner Stefan Kohlbrecher Juliane Euler Tobias Ritter Milan Stute Christian Meurisch Max Mühlhäuser Matthias Hollick Oskar von Stryk Bernd Freisleben

PDF BibTeX DOI: 10.25534/tuprints-00013328

Abstract

Unmanned ground vehicles (UGVs) and unmanned aerial vehicles (UAVs) are promising assets to support rescue operations in natural or man-made disasters. Most UGVs and UAVs deployed in the field today depend on human operators and reliable network connections to the vehicles. However, network connections in challenged environments are often lost, thus control can no longer be exercised. In this paper, we present a novel approach to emergency communication where semi-autonomous UGVs and UAVs cooperate with humans to dynamically form communication islands and establish communication bridges between these islands. Humans typically form an island with their mobile devices if they are in physical proximity; UGVs and UAVs extend an island's range by carrying data to a neighboring island. The proposed approach uses delay/disruption-tolerant networking for non-time critical tasks and direct mesh connections for prioritized tasks that require real-time feedback. The developed communication platform runs on rescue robots, commodity mobile devices, and various drones, and supports our operations and control center software for disaster management.

2017 IEEE GLOBECOM Conference

Temporal Coverage Analysis of Router-based Cloudlets Using Human Mobility Patterns

Christian Meurisch Julien Gedeon Artur Gogel The An Binh Nguyen Fabian Kaup Florian Kohnhäuser Lars Baumgärtner Milan Schmittner Max Mühlhäuser

BibTeX

2017 20th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems Conference

Reverse Engineering Human Mobility in Large-scale Natural Disasters

Milan Stute Max Maass Tom Schons Matthias Hollick

PDF BibTeX DOI: 10.1145/3127540.3127542

Abstract

Delay/Disruption-Tolerant Networks (DTNs) have been around for more than a decade and have especially been proposed to be used in scenarios where communication infrastructure is unavailable. In such scenarios, DTNs can offer a best-effort communication service by exploiting user mobility. Natural disasters are an important application scenario for DTNs when the cellular network is destroyed by natural forces. To assess the performance of such networks before deployment, we require appropriate knowledge of human mobility. In this paper, we address this problem by designing, implementing, and evaluating a novel mobility model for large-scale natural disasters. Due to the lack of GPS traces, we reverse-engineer human mobility of past natural disasters (focusing on 2010 Haiti earthquake and 2013 Typhoon Haiyan) by leveraging knowledge of 126 experts from 71 Disaster Response Organizations (DROs). By means of simulation-based experiments, we compare and contrast our mobility model to other well-known models, and evaluate their impact on DTN performance. Finally, we make our source code available to the public.

2017 IEEE Global Humanitarian Technology Conference (GHTC) Conference

A Practical and Secure Social Media Facility for Internet-Deprived Populations

Jeremy Lakeman Matthew Lloyd Romana Challans Angus Wallace Paul Gardner-Stephen Milan Stute Matthias Hollick

BibTeX

2017 IEEE Conference on Local Computer Networks (LCN) Conference

SEDCOS: A Secure Device-to-Device Communication System for Disaster Scenarios

Florian Kohnhäuser Milan Stute Lars Baumgärtner Lars Almon Stefan Katzenbeisser Matthias Hollick Bernd Freisleben

BibTeX

2017 International Conference on Computer Communications and Networks (ICCCN'17): Posters Conference

Upgrading Wireless Home Routers as Emergency Cloudlet and Secure DTN Communication Bridge

Christian Meurisch The An Binh Nguyen Julien Gedeon Florian Kohnhäuser Milan Schmittner Stefan Niemczyk Stefan Wullkotte Max Mühlhäuser

BibTeX

2017 16th International IFIP TC6 Networking Conference Conference

SEMUD: Secure Multi-hop Device-to-Device Communication for 5G Public Safety Networks

Milan Schmittner Arash Asadi Matthias Hollick

BibTeX DOI: 10.23919/IFIPNetworking.2017.8264846

2017 IEEE International Workshop on Practical Issues in Building Sensor Network Applications Conference Postprint

SEDCOS: A Secure Device-to-Device Communication System for Disaster Scenarios

Florian Kohnhäuser Milan Stute Lars Baumgärtner Lars Almon Stefan Katzenbeisser Matthias Hollick Bernd Freisleben

PDF BibTeX DOI: 10.25534/tuprints-00013329

Abstract

During disasters, existing telecommunication infrastructures are often congested or even destroyed. In these situations, mobile devices can be interconnected using wireless ad hoc and disruption-tolerant networking to establish a backup emergency communication system for civilians and emergency services. However, such communication systems entail serious security risks, since adversaries may attempt to steal confidential data, fake notifications of emergency services, or perform denial-of-service (DoS) attacks. In this paper, we present SEDCOS, a secure device-to-device communication system for disaster scenarios. SEDCOS allows new users to join the network during disasters, mitigates flooding DoS attacks, and offers role revocation for detected adversaries to withdraw their permissions and exclude them from group communication. SEDCOS mitigates flooding DoS attacks and offers role revocation for detected adversaries to withdraw their permissions and exclude them from group communication. SEDCOS mitigates flooding DoS attacks and offers role revocation for detected adversaries to withdraw their permissions. We demonstrate the effectiveness of SEDCOS by large-scale network simulations.

2016 IEEE Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM) Conference

Xcastor: Secure and Scalable Group Communication in Ad Hoc Networks

Milan Schmittner Matthias Hollick

BibTeX

Abstract

Mobile ad hoc networks (MANETs) are emerging as a practical technology for emergency response communication in the case a centralized infrastructure malfunctions or is not available. Using smartphones as communication devices, MANETs may be readily established among the civilian population of affected areas. Beneficiaries would be civilian first responders, which may form small collaborating groups. Communication in such groups must be reliable for disaster response to be effective. In this paper, we address the issue of reliable group communication on the network layer. We design and implement the first secure explicit multicast routing protocol called Xcastor, in which we extend the secure and scalable routing concept of the Castor unicast routing protocol towards supporting reliable communication for large numbers of small groups. By simulation, we show significant performance improvements over Castor.

2016 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Conference Postprint

Xcastor: Secure and scalable group communication in ad hoc networks

Milan Schmittner Matthias Hollick

PDF BibTeX DOI: 10.25534/tuprints-00013322

Abstract