Finished Theses

31 Entries found

RSS


[Abstract of final thesis] Wireless Multihop Network testbeds are often distributed over large physical areas and have many devices which renders management challenging. A multitude of diverse frameworks are available to assist in the management of such testbeds. Properties like scalability, heterogeneous hardware support and effortless testbed configuration are a self-evident goal for these frameworks. However, this combination is hard to achieve and the exact requirements vary for different testbeds. Instead of providing a completely new and tailored experimentation framework, I propose Panopticon, a service oriented management framework, providing a lower layer to intercept and improve existing functionality. It slices large, distributed testbeds into dynamically sized subunits, offering a granular choice in testbed experimentation frameworks for every slice. Such an exper- imentation framework can be selected regarding the exact experiment’s requirements and not as a compromise between all available testbed components. Panopticon’s list of services can be extended, offering simple entry points for new, custom implementations. It is a framework federating network enabled infrastructures. 

01.06.2016

TETRA Fuzzing

Master Thesis


[Abstract of final thesis] Nowadays, TETRA can be considered as a critical infrastructure as it is used for critical communication services all around the world. Since the TETRA protocol is introduced there has been only few research about the security of the protocol and the mobile stations used. However, the costs, complexity, and the required hardware for this research discourages most of the people from finding vulnerabilities. It has been shown, that for the very similar GSM standard exist many weaknesses in the implementations that can be exploited. Due to the availability of cheap SDR platforms and open-source software that implements the TETRA receiving standard we are able to investigate this and do a practical research on fuzzing those mobile stations. This research gives an overview about the TETRA protocol, implements a transmitter for TETRA DMO in software using GNURadio and a SDR platform called USRP N210, and analyzes the weaknesses of the protocol. The robustness of the implementation of the TETRA protocol on selected mobile stations is tested with a technique called protocol fuzzing. In this thesis the feasibility for fuzzing the different layers of the protocol are discussed and with this practical fuzzing tests are done on text messages which leads to a strange behavior of the mobile stations. During the tests it was possible to cause a Denial of Service (DoS) on the protocol for all participants as well as a selected device which crashes and it was possible to cause a reboot of one of the tested mobile stations.

Todays technologies heavily rely on wireless communications. Our mobile devices connect to infrastructure devices such as wireless routers, perform ad-hoc connections among each other and connect to peripheral devices such as smart watches, fitness tracker and headsets. However, since security is essential in most application scenarios, authentication is a big challenge. To join a wireless network pre-shared credentials are required. Pairing in proximity via bluetooth requires the same pin to be entered on both devices. This proceeding is inconvenient and differs for different kinds of devices. Although, user-friendly and secure pairing mechanisms utilizing multi-modal technologies are proposed, no unified solution exists, yet.

[Abstract of final thesis] The position of mobile devices and base stations of digital trunked radio systems is critical information, because it allows to localize participants or to gain physical access to network infrastructure. Therefore the location of these devices should be confidential.

In this master thesis it is shown that the location privacy of components of the digital trunked radio system TETRA can be broken by determining the locations of transmitting components by means of their emitted signals. In trunked radio networks, management data is transmitted frequently in addition to user data, which can be used to localize and potentially track participants.

The feasibility of localizing transmitting TETRA devices is analyzed practically. To this end a localization system based on Angle of Arrival using phase differences is implemented for TETRA. The practical implementation is based on Ettus Research N210 USRP and GNU Radio.

The implemented system for angle estimation is evaluated in testbed and field experiments. In testbed experiments the system achieves an accuracy of ±10° for single angle measurements. In this case the system has a systematic symmetric estimation error. The estimation accuracy can be enhanced by fully rotating the antenna array and averaging the estimated angle while compensating the rotation angle of the antenna array. Using this technique the angle estimation error can be decreased below ±4°. In addition, the system is also validated to work with TETRA signals in field experiments. Consequently, transmitting devices of TETRA networks can be localized in case of LOS through the measurement of at least two angles of arrival of signals at different known positions.

[Abstract of final thesis] Secure network protocols use cryptography to protect payload data against attacks by adversaries. Such protocols differ in their functionality, compatibility and performance, making it reasonable to either use multiple protocols at the same time for different purposes or to exchange the active protocol with another one during operation, depending on changes in the network environment.

Secure protocols require cryptographic keys. If multiple secure protocols are used on the same system, the effort for providing keys to protocols increases. On a system that allows switching to protocols at runtime that are not known in advance, manual key distribution becomes impossible and a generic, automatic key management mechanism is required.

In this work, we design and implement a key distribution system that can automatically provide keys to multiple protocols if at least one initial key is available. The initial key has to be supplied by the administrator to our implementation or directly to a protocol. We show how to transform symmetric to asymmetric keys and vice versa, how to handle different key lengths and different or unknown key formats.

We connect our implementation with a set of protocols (SSH, OpenVPN, TLS) and discuss switches at runtime from one protocol to another one. In case of directly obtaining a symmetric key from our system, the delay during the protocol switch is reduced, compared to always renegotiate a key with asymmetric cryptografy after a switch. 




Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471
office@seemoo.tu-darmstadt.de

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang