More Like this

1. Enabling Second Factor Authentication for Drones in 5G using Network Slicing

   https://doi.org/10.1109/GCWkshps50303.2020.9367441  

   Abdel-Malek, Mai A. ; Akkaya, Kemal ; Bhuyan, Arupjyoti ; Cebe, Mumin ; Ibrahim, Ahmed S. ( March 2021 , 2020 IEEE Globecom Workshops (GC Wkshps))

   null (Ed.)

   As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones. 

   more » « less
2. Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Authentication

   Golaszewski, Enis ; Sherman, Alan T. ; Zieglar, Edward ( July 2023 , ACM CCS (submitted))

   s a case study in cryptographic binding, we present a formal-methods analysis of the Fast IDentity Online (FIDO) Universal Authentication Framework (UAF) authentication protocol's cryptographic channel binding mechanisms. First, we show that UAF's channel bindings fail to mitigate protocol interaction by a Dolev-Yao (DY) adversary, enabling the adversary to transfer the server's authentication challenge to alternate sessions of the protocol. As a result, in some contexts, the adversary can masquerade as a client and establish an authenticated session with a server, which might be a bank server. Second, we implement a proof-of-concept man-in-the-middle attack against eBay's open source FIDO UAF implementation. Third, we propose and verify an improvement of UAF channel binding that better resists protocol interaction, in which the client and the server, rather than the client alone, bind the server's challenge to the session. The weakness we analyze is similar to the vulnerability discovered in the Needham-Schroeder protocol over 25 years ago. That this vulnerability appears in FIDO UAF highlights the strong need for protocol designers to bind messages properly and to analyze their designs with formal-methods tools. UAF's channel bindings fail for four reasons: channel binding is optional; the client cannot authenticate the server's challenge, even when channel binding is used; the standard permits the server to accept incorrect channel bindings; and the protocol binds only to the communication endpoints and not to the protocol session. We carry out our analysis of the standard and our suggested improvement using the Cryptographic Protocol Shapes Analyzer (CPSA). To our knowledge, we are first to carry out a formal-methods analysis of channel binding in FIDO UAF, first to identify the structural weakness resulting from improper binding, and first to exhibit details of an attack resulting from this weakness. In FIDO UAF, the client can cryptographically bind protocol data (including a server-generated authentication challenge) to the underlying authenticated communication channel. To facilitate the protocol's adoption, the FIDO Alliance makes the channel binding optional and allows a server to accept incorrect channel bindings, such as when the client communicates through a network perimeter proxy. Practitioners should be aware that, when omitting channel binding or accepting incorrect channel bindings, FIDO UAF is vulnerable to a protocol-interaction attack in which the adversary tricks the client and authenticator to act as confused deputies to sign an authentication challenge for the adversary. In addition to enabling the server to verify the client's binding of the challenge to the channel, our improved mandatory dual channel-binding mechanism provides the following two advantages: (1) By binding the challenge to the channel, the server provides an opportunity for the client to verify this binding. By contrast, in the current standard, the client cannot authenticate the server's challenge. (2) It performs binding at the server where the authentication challenge is created, hindering an adversary from transplanting the challenge into another protocol execution. Our case study illustrates the importance of cryptographically binding context to protocol messages to prevent an adversary from misusing messages out of context. 

   more » « less
3. Optimal Access Point Placement for Multi-AP mmWave WLANs

   https://doi.org/10.1145/3345768.3355914  

   Liu, Yuchen ; Jian, Yubing ; Sivakumar, Raghupathy ; Blough, Douglas M. ( January 2019 , Proceedings of the 22nd International ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems)

   mmWave communication in 60GHz band has been recognized as an emerging technology to support various bandwidth-hungry applications in indoor scenarios. To maintain ultra-high throughputs while addressing potential blockage problems for mmWave signals, maintaining line-of-sight (LoS) communications between client devices and access points (APs) is critical. To maximize LoS communications, one approach is to deploy multiple APs in the same room. In this paper, we investigate the optimal placement of multiple APs using both analytical methods and simulations. Considering the uncertainty of obstacles and clients, we focus on two typical indoor settings: random-obstacle-random-client (RORC) scenarios and fixed-obstacle-random-client (FORC) scenarios. In the first case, we analytically derive the optimal positions of APs by solving a thinnest covering problem. This analytical result is used to show that deploying up to 5 APs in a specific room brings substantial performance gains. For the FORC scenario, we propose the shadowing-elimination search (SES) algorithm based on an analytic model to efficiently determine the placement of APs. We show, through simulations, that with only a few APs, the network can achieve blockage-free operation in the presence of multiple obstacles and also demonstrate that the algorithm produces near-optimal deployments. Finally, we perform ns-3 simulations based on the IEEE 802.11ad protocol at mmWave frequency to validate our analytical results. The ns-3 results show that proposed multi-AP deployments produce significantly higher aggregate performance as compared to other common AP placements in indoor scenarios. 

   more » « less
4. Reliable Digital Forensics in the Air: Exploring an RF-based Drone Identification System

   https://doi.org/10.1145/3534598  

   Li, Zhengxiong ; Chen, Baicheng ; Chen, Xingyu ; Xu, Chenhan ; Chen, Yuyang ; Lin, Feng ; Li, Changzhi ; Dantu, Karthik ; Ren, Kui ; Xu, Wenyao ( July 2022 , Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies)

   As the drone becomes widespread in numerous crucial applications with many powerful functionalities (e.g., reconnaissance and mechanical trigger), there are increasing cases related to misused drones for unethical even criminal activities. Therefore, it is of paramount importance to identify these malicious drones and track their origins using digital forensics. Traditional drone identification techniques for forensics (e.g., RF communication, ID landmarks using a camera, etc.) require high compliance of drones. However, malicious drones will not cooperate or even spoof these identification techniques. Therefore, we present an exploration for a reliable and passive identification approach based on unique hardware traits in drones directly (e.g., analogous to the fingerprint and iris in humans) for forensics purposes. Specifically, we investigate and model the behavior of the parasitic electronic elements under RF interrogation, a particular passive parasitic response modulated by an electronic system on drones, which is distinctive and unlikely to counterfeit. Based on this theory, we design and implement DroneTrace, an end-to-end reliable and passive identification system toward digital drone forensics. DroneTrace comprises a cost-effective millimeter-wave (mmWave) probe, a software framework to extract and process parasitic responses, and a customized deep neural network (DNN)-based algorithm to analyze and identify drones. We evaluate the performance of DroneTrace with 36 commodity drones. Results show that DroneTrace can identify drones with the accuracy of over 99% and an equal error rate (EER) of 0.009, under a 0.1-second sensing time budget. Moreover, we test the reliability, robustness, and performance variation under a set of real-world circumstances, where DroneTrace maintains accuracy of over 98%. DroneTrace is resilient to various attacks and maintains functionality. At its best, DroneTrace has the capacity to identify individual drones at the scale of 104 with less than 5% error. 

   more » « less
5. IEEE 802.11ay based mmWave WLANs: Design Challenges and Solutions

   https://doi.org/10.1109/COMST.2018.2816920  

   Zhou, Pei ; Cheng, Kaijun ; Han, Xiao ; Fang, Xuming ; Fang, Yuguang ; He, Rong ; Long, Yan ; Liu, Yanping ( January 2018 , IEEE Communications Surveys & Tutorials)

   Millimeter-wave (mmWave) with large spectrum available is considered as the most promising frequency band for future wireless communications. The IEEE 802.11ad and IEEE 802.11ay operating on 60 GHz mmWave are the two most expected wireless local area network (WLAN) technologies for ultra-high-speed communications. For the IEEE 802.11ay standard still under development, there are plenty of proposals from companies and researchers who are involved with the IEEE 802.11ay task group. In this survey, we conduct a comprehensive review on the medium access control layer (MAC) related issues for the IEEE 802.11ay, some cross-layer between physical layer (PHY) and MAC technologies are also included. We start with MAC related technologies in the IEEE 802.11ad and discuss design challenges on mmWave communications, leading to some MAC related technologies for the IEEE 802.11ay. We then elaborate on important design issues for IEEE 802.11ay. Specifically, we review the channel bonding and aggregation for the IEEE 802.11ay, and point out the major differences between the two technologies. Then, we describe channel access and channel allocation in the IEEE 802.11ay, including spatial sharing and interference mitigation technologies. After that, we present an in-depth survey on beamforming training (BFT), beam tracking, single-user multiple-input-multiple-output (SU-MIMO) beamforming and multi-user multiple-input-multiple-output (MU-MIMO) beamforming. Finally, we discuss some open design issues and future research directions for mmWave WLANs. We hope that this paper provides a good introduction to this exciting research area for future wireless systems. 

   more » « less