Thesis in Progress

17 Entries found

RSS


In recent macOS and iOS devices, Apple includes IEEE 802.11ac chipsets with which it is possible to communicate directly between two peers while remaining connected to an infrastructure WiFi which requires some sort of channel hopping. As a proprietary protocol, Apple Wireless Direct Link (AWDL) is known to be used by AirPlay, AirDrop, and the Multipeer Connectivity Framework.

Reverse engineering AWDL could pave to way for a vendor-independent high-performance device-to-device link layer which would be highly beneficial for use cases such as emergency communication.

Using tools such as Wireshark and IDA Pro:

  • Gain as much information as possible about AWDL (frame format, protocol state machine, ...)
  • Write a Wireshark plugin to document your findings
  • Finally, connect a non-Apple device via AWDL

Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.

Each Broadcom WiFi Chip contains a D11 core that is a programmable state machine used to control the low level WiFi frame handing (you can find more information in the BCM4330 datasheet [3]). For this b43 architecture assemblers and disassemblers already exist [4]. However, it is hard to go through the assembler code to analyze the D11 firmware. In this masterthesis you will create an analysis framework that allows to represent the code in a graph that can be used for further analysis and decompilation or transfer into an immediate representation of the LLVM compiler. You will also create a decompiler and a compiler to convert between program code in C and b43 assembly.

[1] M. Schulz, D. Wegemer, M. Hollick. DEMO: Using NexMon, the C-based WiFi firmware modification framework, Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016, July 2016. [pdf]

[2] M. Schulz, D. Wegemer and M. Hollick. NexMon: A Cookbook for Firmware Modifications on Smartphones to Enable Monitor Mode, CoRR, vol. abs/1601.07077, December 2015. [bibtex]

[3] http://www.cypress.com/file/298016/download

[4] github.com/pfalcon/b43-tools/

 

 

We have a basic fuzzing framework for a digital trunked radio protocol. First tests showed that devices implementing this protocol have severe security issues, for example, freezing and rebooting devices with minor packet modifications is possible. Since this technology is used by emergency services and big companies, these security issues are very critical, and hence need to be revealed and fixed.

Your tasks:

  • Extend the fuzzing framework for more message types.
  • Do a structured analysis of multiple devices implementing the digital trunked radio protocol.

Each Broadcom WiFi Chip contains a D11 core that is a programmable state machine used to control the low level WiFi frame handing (you can find more information in the BCM4330 datasheet [3]). For this b43 architecture assemblers and disassemblers already exist [4]. However, it is hard to go through the assembler code to analyze the D11 firmware. In this masterthesis you will create an analysis framework that allows to represent the code in a graph that can be used for further analysis and decompilation or transfer into an immediate representation of the LLVM compiler. You will also create a decompiler and a compiler to convert between program code in C and b43 assembly.

[1] M. Schulz, D. Wegemer, M. Hollick. DEMO: Using NexMon, the C-based WiFi firmware modification framework, Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016, July 2016. [pdf]

[2] M. Schulz, D. Wegemer and M. Hollick. NexMon: A Cookbook for Firmware Modifications on Smartphones to Enable Monitor Mode, CoRR, vol. abs/1601.07077, December 2015. [bibtex]

[3] http://www.cypress.com/file/298016/download

[4] github.com/pfalcon/b43-tools/

 

 

Next generation wireless networks utilizing millimeter waves (mm-waves) achieve extremely high data rates of multiple GBit/s using narrow signal beams. Featuring a high directivity and being susceptible to blockage by various objects, mm-waves are often assumed to be hard to eavesdrop on. As we have shown in [1], the common belief of inherent security in narrow beams is naive: reflections on small-scale objects facilitate eavesdropping from outside the intended signal beam.  




Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471
office@seemoo.tu-darmstadt.de

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang