Infecting the Wire: Semi-Automatic Wireless Eavesdropping, Packet Injection and Reactive Jamming on Wired IEEE 802.3 Ethernet Networks

Master Thesis



[Abstract of final thesis]

Nowadays, wireless technologies, such as IEEE 802.11 Wi-Fi, UMTS and GSM, provide the mobile communication coverage on the “last mile” to end customers in private households and in companies. How- ever, the backbone of modern networks is wired to provide reliable, high speed and secure communications. Furthermore, due to the con- stant discovery of new security issues, the security of wireless tech- nologies is questionable.

Every electric and electronic device, including the communication lines between systems, generates electromagnetic fields (EMFs) due to their electric circuits and the electric current flow. Thus, wired com- munication systems have characteristics of wireless systems and their security must also be put in question. Additionally, the electromag- netic radiation (EMR) of wired devices and communication lines can reveal information about the data being processed or transmitted— even if they comply with common electromagnetic compatibility (EMC) standards.

This master thesis provides a comprehensive Tempest security analy- sis of wired 10Base-T IEEE 802.3 Ethernet networks, which are based on twisted-pair network cables. Three attacks—wireless eavesdrop- ping, packet injection and reactive jamming—are presented. These attacks are implemented with universally applicable and inexpen- sive software-defined radios (SDRs) and show that even wired IEEE 802.3 Ethernet networks cannot provide sufficient protection against sophisticated adversaries.

The wireless eavesdropping attack demonstrates a successful recon- struction of IEEE 802.3 Ethernet frames by exploiting the EMR of twisted-pair network cables. Hence, conventional twisted-pair net- work cables do not provide sufficient protection against the Tempest security threat. However, the wireless packet injection and reactive jamming attacks show the difficulty of exploiting both the EMR and electromagnetic susceptibility (EMS) of twisted-pair network cables. Thus, for the wireless reactive jamming attack, only the CSMA/CD- based approach is mounted on 10Base-T networks, but it is rarely crowned with success. Attack results are even worse for the wire- less packet injection attack, which is not successfully implemented on 10Base-T IEEE 802.3 Ethernet networks.


Student: Patrick Thomas Michael Klapper

Research Areas: Sichere Mobile Netze



Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471


A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang