Finished Theses

38 Entries found

RSS


With the proliferation of numerous personal gadgets and smart devices, device pairing has become prominent in introducing security to such a diverse environment. Clearly, the process of secure device pairing is much more ambiguous than previously thought. This stems from the fact that there is no coherent vision of the pairing problem among the research community. To this end, we see that there is a plethora of various pairing protocols that have been proposed many of which are insecure or fail to work in practice. Clearly, there is no single winner in a device pairing race. 

Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.

[Abstract of final thesis] Wireless Multihop Network testbeds are often distributed over large physical areas and have many devices which renders management challenging. A multitude of diverse frameworks are available to assist in the management of such testbeds. Properties like scalability, heterogeneous hardware support and effortless testbed configuration are a self-evident goal for these frameworks. However, this combination is hard to achieve and the exact requirements vary for different testbeds. Instead of providing a completely new and tailored experimentation framework, I propose Panopticon, a service oriented management framework, providing a lower layer to intercept and improve existing functionality. It slices large, distributed testbeds into dynamically sized subunits, offering a granular choice in testbed experimentation frameworks for every slice. Such an exper- imentation framework can be selected regarding the exact experiment’s requirements and not as a compromise between all available testbed components. Panopticon’s list of services can be extended, offering simple entry points for new, custom implementations. It is a framework federating network enabled infrastructures. 

01.06.2016

TETRA Fuzzing

Master Thesis


[Abstract of final thesis] Nowadays, TETRA can be considered as a critical infrastructure as it is used for critical communication services all around the world. Since the TETRA protocol is introduced there has been only few research about the security of the protocol and the mobile stations used. However, the costs, complexity, and the required hardware for this research discourages most of the people from finding vulnerabilities. It has been shown, that for the very similar GSM standard exist many weaknesses in the implementations that can be exploited. Due to the availability of cheap SDR platforms and open-source software that implements the TETRA receiving standard we are able to investigate this and do a practical research on fuzzing those mobile stations. This research gives an overview about the TETRA protocol, implements a transmitter for TETRA DMO in software using GNURadio and a SDR platform called USRP N210, and analyzes the weaknesses of the protocol. The robustness of the implementation of the TETRA protocol on selected mobile stations is tested with a technique called protocol fuzzing. In this thesis the feasibility for fuzzing the different layers of the protocol are discussed and with this practical fuzzing tests are done on text messages which leads to a strange behavior of the mobile stations. During the tests it was possible to cause a Denial of Service (DoS) on the protocol for all participants as well as a selected device which crashes and it was possible to cause a reboot of one of the tested mobile stations.

Todays technologies heavily rely on wireless communications. Our mobile devices connect to infrastructure devices such as wireless routers, perform ad-hoc connections among each other and connect to peripheral devices such as smart watches, fitness tracker and headsets. However, since security is essential in most application scenarios, authentication is a big challenge. To join a wireless network pre-shared credentials are required. Pairing in proximity via bluetooth requires the same pin to be entered on both devices. This proceeding is inconvenient and differs for different kinds of devices. Although, user-friendly and secure pairing mechanisms utilizing multi-modal technologies are proposed, no unified solution exists, yet.




Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471
office@seemoo.tu-darmstadt.de

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang