Christina Pöpper

Anti-jamming broadcast communication using uncoordinated spread spectrum techniques

Jamming-resistant communication is crucial for safety-critical applications such as emergency alert broadcasts or the dissemination of navigation signals in adversarial settings. In such applications, mission-critical messages are broadcast to a large and unknown number of (potentially untrusted) receivers that rely on the availability, integrity, and authenticity of the messages; here, availability primarily refers to the ability to communicate in the presence of jamming. Common techniques to counter jamming-based denial-of-service attacks such as Frequency Hopping (FH) and Direct Sequence Spread Spectrum (DSSS) cannot be applied in such settings because they depend on secret pairwise or group keys shared between the sender and the receivers before the communication. This dependency entails serious or unsolvable scalability and keysetup problems or weak jamming-resistance (a single malicious receiver can compromise the whole system). As a solution, in this work, we propose uncoordinated spread spectrum techniques that enable anti-jamming broadcast communication without shared secrets. Uncoordinated spread spectrum techniques can handle an unlimited amount of (malicious) receivers. We present two instances (Uncoordinated FH and Uncoordinated DSSS) and analyze differences in their performance as well as their combination. We further discuss the applications of these techniques to anti-jamming navigation broadcast, bootstrapping of coordinated spread spectrum communication, and anti-jamming emergency alerts.

A practical investigation of identity theft vulnerabilities in Eduroam

Eduroam offers secure access to the Internet at participating institutions, using authentication via IEEE 802.1X and secure forwarding of authentication data to the authentication server of the users institution. Due to erroneous configuration manuals and a lack of knowledge on the user side, though, a big share of client devices lack the required root CA certificate to authenticate the Eduroam network, yet still being able to access the network. Moreover, deficient software implementations on client devices prevent users from the secure execution of the authentication process. In this paper, we present an attack that exploits this fact and uses the default behavior of wireless devices in order to capture authentication data. This MITM attack is performed in real-time. It is achieved using a modified version of hostapd, which exploits a compatibility setting of the widely used supplicant software wpa_supplicant. It enables an attacker to authenticate users in EAP-TTLS/PAP and in EAP-TTLS/MS-CHAPv2 without the necessity of cracking the user password hash on the fly and thus without inducing suspicious delays. In a practical study with several hundred users we could show that more than half of the tested devices were vulnerable to the attack. Based on the results of the study, we propose countermeasures to prevent the attack and minimize the amount of vulnerable devices.

SkypeLine: Robust Hidden Data Transmission for VoIP

Internet censorship is used in many parts of the world to prohibit free access to online information. Different techniques such as IP address or URL blocking, DNS hijacking, or deep packet inspection are used to block access to specific content on the Internet. In response, several censorship circumvention systems were proposed that attempt to bypass existing filters. Especially systems that hide the communication in different types of cover protocols attracted a lot of attention. However, recent research results suggest that this kind of covert traffic can be easily detected by censors. In this paper, we present SkypeLine, a censorship circumvention system that leverages Direct-Sequence Spread Spectrum (DSSS) based steganography to hide information in Voice-over-IP (VoIP) communication. SkypeLine introduces two novel modulation techniques that hide data by modulating information bits on the voice carrier signal using pseudo-random, orthogonal noise sequences and repeating the spreading operation several times. Our design goals focus on undetectability in presence of a strong adversary and improved data rates. As a result, the hiding is inconspicuous, does not alter the statistical characteristics of the carrier signal, and is robust against alterations of the transmitted packets. We demonstrate the performance of SkypeLine based on two simulation studies that cover the theoretical performance and robustness. Our measurements demonstrate that the data rates achieved with our techniques substantially exceed existing DSSS approaches. Furthermore, we prove the real-world applicability of the presented system with an exemplary prototype for Skype.

Multi-receiver GPS spoofing detection: error models and realization

Spoofing is a serious threat to the widespread use of Global Navigation Satellite Systems (GNSSs) such as GPS and can be expected to play an important role in the security of many future IoT systems that rely on time, location, or navigation information. In this paper, we focus on the technique of multi-receiver GPS spoofing detection, so far only proposed theoretically. This technique promises to detect malicious spoofing signals by making use of the reported positions of several GPS receivers deployed in a fixed constellation. We scrutinize the assumptions of prior work, in particular the error models, and investigate how these models and their results can be improved due to the correlation of errors at co-located receiver positions. We show that by leveraging spatial noise correlations, the false acceptance rate of the countermeasure can be improved while preserving the sensitivity to attacks. As a result, receivers can be placed significantly closer together than previously expected, which broadens the applicability of the countermeasure. Based on theoretical and practical investigations, we build the first realization of a multi-receiver countermeasure and experimentally evaluate its performance both in authentic and in spoofing scenarios.

Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks

The aviation industrys increasing reliance on GPS to facilitate navigation and air traffic monitoring opens new attack vectors with the purpose of hijacking UAVs or interfering with air safety. We propose Crowd-GPS-Sec to detect and localize GPS spoofing attacks on moving airborne targets such as UAVs or commercial airliners. Unlike previous attempts to secure GPS, Crowd-GPS-Sec neither requires any updates of the GPS infrastructure nor of the airborne GPS receivers, which are both unlikely to happen in the near future. In contrast, Crowd-GPS-Sec leverages crowdsourcing to monitor the air traffic from GPS-derived position advertisements that aircraft periodically broadcast for air traffic control purposes. Spoofing attacks are detected and localized by an independent infrastructure on the ground which continuously analyzes the contents and the times of arrival of these advertisements. We evaluate our system with real-world data from a crowdsourced air traffic monitoring sensor network and by simulations. We show that Crowd-GPS-Sec is able to globally detect GPS spoofing attacks in less than two seconds and to localize the attacker up to an accuracy of 150 meters after 15 minutes of monitoring time.

Enabling Short Fragments for Uncoordinated Spread Spectrum Communication

Uncoordinated spread spectrum (USS) protocols have been proposed for anti-jamming communication in wireless settings without shared secrets. The existing USS protocols assume that fragments of hundreds of bits can be transmitted on different channels in order to identify fragments that belong to the same message. However, such long transmissions are susceptible to reactive jamming. To address this problem, we present a protocol that allows the use of short fragments of a few bits only. This makes our scheme resilient to a large class of reactive jammers. We prove that reassembling the fragmented message is not only feasible but also efficient: it can be completed in polynomial time in the size of the message, even if the jammer is computationally resourceful. We demonstrate the protocol efficiency by simulating the reassembly process at the link layer under different design parameters.

DigesTor: Comparing Passive Traffic Analysis Attacks on Tor.

The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is challenging, a fair comparison of passive traffic analysis techniques is hardly possible. In this work, we provide a first comparative evaluation of confirmation attacks and assess their impact on the real world. For this purpose, we release DigesTor, an analysis framework that delivers a foundation for comparability to support future research in this context. The framework runs a virtual private Tor network to generate traffic for representative scenarios, on which arbitrary attacks can be evaluated. Our results show the effects of recent and novel attack techniques and we demonstrate the capabilities of DigesTor using the example of mixing as a countermeasure against traffic analysis attacks.

Forgetting with Puzzles: Using Cryptographic Puzzles to support Digital Forgetting

Digital forgetting deals with the unavailability of content uploaded to web and storage servers after the data has served its purpose. The content on the servers can be deleted manually, but this does not prevent data archival and access at different storage locations. This is problematic since then the data may be accessed for unintended or even malicious purposes long after the owners have decided to abandon the public availability of their data. Approaches which assign a lifetime value to data or use heuristics like interest in data to make it inaccessible after some time have been proposed, but digital forgetting is still in its infancy and there are a number of open problems with the proposed approaches. In this paper, we outline a general use case of cryptographic puzzles in the context of digital forgetting which---to the best of our knowledge---has not been proposed or explored before. One problem with recent proposals for digital forgetting is that attackers could collect or even delete anyones public data during their lifetime. In our approach, we deal with these problems by making it hard for the attacker to delete large quantities of data while making sure that the proposed solutions will not adversely deteriorate user experience in a disturbing manner. As a proof-of-concept, we propose a system with cryptographic (time-lock) puzzles that deals with malicious users while ensuring the permanent deletion of data when interest in it dies down. We have implemented a prototype and evaluate it thoroughly with promising results.

Advancing attacker models of satellite-based localization systems: the case of multi-device attackers

In this paper, we report on recent advancements in attacking satellite-based positioning systems and on shortcomings of proposed countermeasures. Applications based on satellite positioning and navigation systems make use of a deployed infrastructure that is challenging to protect and secure against attacks. Many of the proposed protection mechanisms and solutions in the wild are based on and analyzed with respect to single-antenna attacker models that should in the meantime be considered outdated as they are no longer appropriate. Due to a significant drop in complexity and cost to perform multi-device attacks on these systems, the attacker models need to be adjusted to comprise more powerful adversaries that have recently become a reality. By demonstrating the implementation of a simple yet effective multi-antenna setup, we outline possible attacks against systems that are otherwise considered secure.

POSTER: Localization of Spoofing Devices using a Large-scale Air Traffic Surveillance System

Systems relying on satellite positioning techniques such as GPS can be targeted by spoofing attacks, where attackers try to inject fake positioning information. With the growing spread of flying drones and their usage of GPS for localization, these systems become interesting targets of attacks with the purpose of hijacking or to distract air safety surveillance. The most recent development in air traffic surveillance is the automatic dependent surveillance -- broadcast (ADS-B). Aircraft periodically broadcast their location, speed, or environmental measurements via ADS-B. The open research project OpenSky Network collects ADS-B reports and makes them available for research purposes. This poster presents a concept to detect and localize spoofing devices by utilizing the information provided by a large-scale air traffic surveillance system. We utilize ADS-B reports collected by the OpenSky Network and provide first results on the effectiveness of localizing spoofing sources.