skip to main content


Title: AuthCTC: Defending Against Waveform Emulation Attack in Heterogeneous IoT Environments
Widely deployed IoT devices have raised serious concerns for the spectrum shortage and the cost of multi-protocol gateway deployment. Recent emerging Cross-Technology Communication (CTC) technique can alleviate this issue by enabling direct communication among heterogeneous wireless devices, such as WiFi, Bluetooth, and ZigBee on 2.4 GHz. However, this new paradigm also brings security risks, where an attacker can use CTC to launch wireless attacks against IoT devices. Due to limited computational capability and different wireless protocols being used, many IoT devices are unable to use computationally-intensive cryptographic approaches for security enhancement. Therefore, without proper detection methods, IoT devices cannot distinguish signal sources before executing command signals. In this paper, we first demonstrate a new defined physical layer attack in the CTC scenario, named as waveform emulation attack, where a WiFi device can overhear and emulate the ZigBee waveform to attack ZigBee IoT devices. Then, to defend against this new attack, we propose a physical layer defensive mechanism, named as AuthCTC, to verify the legitimacy of CTC signals. Specifically, at the sender side, an authorization code is embedded into the packet preamble by leveraging the dynamically changed cyclic prefix. A WiFi-based detector is used to verify the authorization code at the receiver side. Extensive simulations and experiments using off-the-shelf devices are conducted to demonstrate both the feasibility of the attack and the effectiveness of our defensive mechanism.  more » « less
Award ID(s):
1947065 1949640 1949639
NSF-PAR ID:
10206786
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security
Page Range / eLocation ID:
20 to 32
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The emerging Cross-Technology Communication (CTC) has enabled the direct communication among different protocols, which will greatly enhance the spectrum efficiency. However, it will also bring security challenges to end IoT devices since the attacks can be from heterogeneous devices. Current deployed security mechanisms cannot be applied among heterogeneous devices. This work proposes a new mechanism to verify the legitimacy of signal source so that only the signals from legal CTC devices can be further processed. We verify the legitimacy of devices by embedding authorization codes into the packets at the sender side and verify them at the receiver side. Theoretical analysis and experiments show that this mechanism can provide effective protection on heterogeneous communication pairs. 
    more » « less
  2. null (Ed.)
    The resource-constrained nature of the Internet of Things (IoT) edges, poses a challenge in designing a secure and high-performance communication for this family of devices. Although side-channel resistant ciphers (either block or stream) could guarantee the security of the communication, the energy intensive nature of these ciphers makes them undesirable for lightweight IoT solutions. In this paper, we introduce ExTru, an encrypted communication protocol based on stream ciphers that adds a configurable switching & toggling network (CSTN) to not only boost the performance of the communication in these devices, it also consumes far less energy than the conventional side-channel resistant ciphers. Although the overall structure of the proposed scheme is leaky against physical attacks, we introduce a dynamic encryption mechanism that removes this vulnerability. We demonstrate how each communicated message in the proposed scheme reduces the level of trust. Accordingly, since a specific number of messages, N, could break the communication and extract the key, by using the dynamic encryption mechanism, ExTru can re-initiate the level of trust periodically after T messages where T <; N, to protect the communication against side-channel and scan-based attacks (e.g. SAT attack). Furthermore, we demonstrate that by properly configuring the value of T, ExTru not only increases the strength of security from per “device” to per “message”, it also significantly improves energy saving as well as throughput vs. an architecture that only uses a conventional side-channel resistant block/stream cipher. 
    more » « less
  3. ZigBee is a popular wireless communication standard for Internet of Things (IoT) networks. Since each ZigBee network uses hop-by-hop network-layer message authentication based Yanchao Zhang Arizona State University Star E E Tree E E R E Mesh E E R E E E on a common network key, it is highly vulnerable to packetC E injection attacks, in which the adversary exploits the compromised network key to inject arbitrary fake packets from any spoofed address to disrupt network operations and conCoordinator C R E sume the network/device resources. In this paper, we present PhyAuth, a PHY hop-by-hop message authentication frameE E C R R E E E R R C R E E Router E E E End Device Figure 1: ZigBee network topologies. work to defend against packet-injection attacks in ZigBee networks. The key idea of PhyAuth is to let each ZigBee E The coordinator acts as a central node responsible for mantransmitter embed into its PHY signals a PHY one-time password (called POTP) derived from a device-specific secret key and an efficient cryptographic hash function. An authentic POTP serves as the transmitter’s PHY transmission permission for the corresponding packet. PhyAuth provides three schemes to embed, detect, and verify POTPs based on different features of ZigBee PHY signals. In addition, PhyAuth involves lightweight PHY signal processing and no change to the ZigBee protocolstack. Comprehensive USRP experiments confirm that PhyAuth can efficiently detect fake packets with very low false-positive and false-negative rates while having a negligible negative impact on normal data transmissions. 
    more » « less
  4. With the exponentially increasing number of Inter- net of Things (IoT) devices and the huge volume of data generated by these devices, there is a pressing need to investigate a more efficient communication method in both frequency and time domains at the edge of the IoT networks. In this paper, we present Amphista, a novel cross-layer design for IoT communication and data forwarding that can more efficiently utilize the ever increas- ingly crowded 2.4 GHz spectrum near the gateway. Specifically, by using a single ZigBee data stream, Amphista enables a ZigBee device to send out two different pieces of information to both the WiFi gateway and another ZigBee device. We further leverage this unique feature and design a novel forwarding protocol that can simultaneously forward uplink (e.g., collecting sensing data) and downlink (e.g., disseminating software updates) data by using a single ZigBee data stream. Our extensive experimental results show that Amphista significantly improves throughput (by up to 400x) and reduces the latency. 
    more » « less
  5. null (Ed.)
    Low-power wireless mesh networks (LPWMNs) have been widely used in wireless monitoring and control applications. Although LPWMNs work satisfactorily most of the time thanks to decades of research, they are often complex, inelastic to change, and difficult to manage once the networks are deployed. Moreover, the deliveries of control commands, especially those carrying urgent information such as emergency alarms, suffer long delay, since the messages must go through the hop-by-hop transport. Recent studies show that adding low-power wide-area network radios such as LoRa onto the LPWMN devices (e.g., ZigBee) effectively overcomes the limitation. However, users have shown a marked reluctance to embrace the new heterogeneous communication approach because of the cost of hardware modification. In this article, we introduce LoRaBee, a novel LoRa to ZigBee cross-technology communication (CTC) approach, which leverages the energy emission in the Sub-1 GHz bands as the carrier to deliver information. Although LoRa and ZigBee adopt distinct modulation techniques, LoRaBee sends information from LoRa to ZigBee by putting specific bytes in the payload of legitimate LoRa packets. The bytes are selected such that the corresponding LoRa chirps can be recognized by the ZigBee devices through sampling the received signal strength. Experimental results show that our LoRaBee provides reliable CTC communication from LoRa to ZigBee with the throughput of up to 281.61 bps in the Sub-1 GHz bands. 
    more » « less