Hanno Wirtz

6LoWPAN fragmentation attacks and mitigation mechanisms

6LoWPAN is an IPv6 adaptation layer that defines mechanisms to make IP connectivity viable for tightly resource-constrained devices that communicate over low power, lossy links such as IEEE 802.15.4. It is expected to be used in a variety of scenarios ranging from home automation to industrial control systems. To support the transmission of IPv6 packets exceeding the maximum frame size of the link layer, 6LoWPAN defines a packet fragmentation mechanism. However, the best effort semantics for fragment transmissions, the lack of authentication at the 6LoWPAN layer, and the scarce memory resources of the networked devices render the design of the fragmentation mechanism vulnerable. In this paper, we provide a detailed security analysis of the 6LoWPAN fragmentation mechanism. We identify two attacks at the 6LoWPAN design-level that enable an attacker to (selectively) prevent correct packet reassembly on a target node at considerably low cost. Specifically, an attacker can mount our identified attacks by only sending a single protocol-compliant 6LoWPAN fragment. To counter these attacks, we propose two complementary, lightweight defense mechanisms, the content chaining scheme and the split buffer approach. Our evaluation shows the practicality of the identified attacks as well as the effectiveness of our proposed defense mechanisms at modest trade-offs.

Tailoring end-to-end IP security protocols to the Internet of Things

Recent standardization efforts focus on a number of lightweight IP security protocol variants for end-to-end security in the Internet of Things (IoT), most notably DTLS, HIP DEX, and minimal IKEv2. These protocol variants commonly consider public-key-based cryptographic primitives in their protocol design for peer authentication and key agreement. In this paper, we identify several performance and security issues that originate from these public-key-based operations on resource-constrained IoT devices. To illustrate their impact, we additionally quantify these protocol limitations for HIP DEX. Most importantly, we find that public-key-based operations significantly hamper a peers availability and response time during the protocol handshake. Hence, IP security protocols in the IoT must be tailored to reduce the need for expensive cryptographic operations, to protect resource-constrained peers against DoS attacks targeting these cryptographic operations, and to account for high message processing times. To this end, we present three complementary, lightweight protocol extensions for HIP DEX: i) a comprehensive session resumption mechanism, ii) a collaborative puzzle-based DoS protection mechanism, and iii) a refined retransmission mechanism. Our focus on common protocol functionality allows to generalize our proposed extensions to the wider scope of DTLS and IKE. Finally, our evaluation confirms the considerable achieved improvements at modest trade-offs.

Collaborative municipal Wi-Fi networks - challenges and opportunities

Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.

Hidden Markov model-based 3D path-matching using raytracing-generated Wi-Fi models

We propose an efficient approach to probabilistic 3D indoor path-matching and localization based on Wi-Fi-signal measurements using Hidden Markov Model-based (HMM) algorithms. Given a 3D model of the building, we derive high-resolution emission probabilities and transition probabilities from raytracing-generated Wi-Fi signal propagations. Therefore we use both the generated signal-strength values and the geometric information of the 3D model. Based on the emission and transition probabilities and a sequence of Wi-Fi signal measurements provided by the client, the HMM-based algorithm computes the most probable path through the building.

On-demand content-centric wireless networking

Typical scenarios in the city or on campus, show a high proliferation of wireless communication devices such as smartphones, laptops or netbooks. Wireless 802.11 networks between these devices allow for a spontaneous exchange of content or provision of services without the need for infrastructure-based services. However, the above mentioned proliferation of devices and therefore large number of networks hinders users in identifying and selecting the network that serves a specific request. We propose an approach to client-driven content-centric wireless networking in which the user specifically signals his request for a user, content item or service via 802.11 management frames. Upon reception of these frames, wireless devices that serve this request establish a dedicated wireless network on-demand. Our approach seamlessly integrates into the 802.11 association process and therefore provides support for unmodified wireless devices. Furthermore, by leveraging the wireless broadcast medium, we achieve pervasive service and peer discovery without the overhead of iterating through existing networks or running a traditional service discovery protocol.

Efficient online estimation of bursty wireless links

Rapidly changing link conditions make it difficult to accurately estimate the quality of wireless links and predict the fate of future transmissions. In particular bursty links pose a major challenge to online link estimation due to strong fluctuations in their transmission success rates at short time scales. Therefore, the prevalent approach in routing algorithms is to employ a long term link estimator that selects only consistently stable links — PRR > 90% — for packet transmissions. The use of bursty links is thus disregarded although these links provide considerable additional resources for the routing process. Based on significant empirical evidence of over 100,000 transmissions over each link in widely used 802.15.4 and 802.11 testbeds, we propose two metrics, Expected Future Transmissions (EFT) and MAC3, for runtime estimation of bursty wireless links. We introduce the Bursty Link Estimator (BLE) that, based on these two metrics, accurately estimates bursty links in the network rendering them available for packet transmissions.

Analyzing Metropolitan-Area Networking within Public Transportation Systems for Smart City Applications

In the scope of smart cities, mobile participatory sensing and metropolitan area networking on top of public transportation systems for communication offers widespread dissemination of information in both time and spatial domains. Specifically, the transportation network naturally reflects urban human mobility patterns between places of interest and interconnects hotspots where information is created and consumed by city- wide applications. Previous work has targeted communication exclusively between users of the public transportation system. In this paper, we provide an analysis of metropolitan networking within the transportation system itself. Instead of relying on user-generated contact traces purely between mobile entities, i.e., busses, we build on a comprehensive data set that contains the schedules and location data of busses as well as the location of infrastructure elements, such as bus stops. Our analysis shows the general feasibility of such a network as well as the, previously not considered, impact of infrastructure elements for information dissemination. The latter motivates delay-tolerant and location- driven communication, as well as participatory sensing using the transport system as a communication infrastructure.

Enabling ubiquitous interaction with smart things

Within the Internet of Things (IoT), Smart Things (STs) promise to permeate all contexts of daily life, offering digital access to their physical functionality. Mobile users then would be able to ubiquitously and spontaneously interact with things they encounter, enabling a wealth of diverse usage scenarios and applications. Currently, however, ST interaction requires a pre-controlled Internet or network connection as well as the prior installation of the ST-specific interaction interface, i.e., smartphone app. Users can thus only interact with known things, in contrast to the vision of spontaneous, ubiquitous discovery and interaction. We thus propose STIF (Smart Things Interaction Framework), enabling local wireless discovery of STs spontaneously via Wi-Fi, Bluetooth Low Energy, Visible Light Communication, or Acoustic Communication. STIF allows STs to transmit their interaction interface directly to users and supports interaction based on user input via touch and AR GUIs as well as motion and speech recognition. We implement STIF for Android phones as well as Arduino and Raspberry Pi things and demonstrate the real-life applicability of the supported communication and interaction techniques.

Portable wireless-networking protocol evaluation

Abstract Multi-hop wireless networks, such as sensor-, ad hoc- and mesh-nets, can be differentiated in terms of participating devices and usage scenarios. However they share strong characteristics and requirements, such as node cooperation to enable multi-hop forwarding and dynamic routing protocols to deliver packets. As a result of these similarities, protocols designed for all these wireless networks revolve around a common core of functionality, for example coping with link and node dynamics. They differ only in additional network-specific functionality, such as tree routing structures in sensornets, and parameterization, for example buffer sizes. This convergence of functionality and design goals, as well as the sheer number of proposed protocols in each network class, motivates the idea of applying protocols to more than just their one original class. However, network-layer protocols are usually developed for and tested in only one class of wireless network due to the lack of a platform that allows testing of protocols across different classes of networks. As a result, we unnecessarily constrain the range of settings and scenarios in which we test network protocols. In this article, we propose a platform for protocol testing and evaluation in multiple, heterogeneous networks and discuss the requirements and challenges of such a solution. As a first step and case study, we present the detailed architecture of TinyWifi, a platform for executing native sensornet protocols on Linux-driven wireless devices as found in wireless mesh and mobile ad-hoc networks (MANETs). TinyWifi builds on nesC code base that abstracts from TinyOS and enables the execution of nesC-based protocols in Linux. Using this abstraction, we expand the applicability and means of protocol execution from one class of wireless network to another without re-implementation. We demonstrate the generality of TinyWifi by evaluating four well-established protocols on IEEE 802.11 and 802.15.4 based testbeds using a single implementation. Based on the experience of building TinyWifi and the presented evaluation, we deduce the feasibility of a cross-network evaluation platform and sketch the requirements for inclusion of further network classes.

Mesh-DHT: A locality-based distributed look-up structure for Wireless Mesh Networks

Distributed Hash Tables (DHTs) offer an elegant and fully distributed solution for reliably storing and retrieving data. Wireless Mesh Networks (WMNs) envision a fully decentralized fashion, and as such require efficient decentralized mechanisms for service discovery, mobility support and data storage and retrieval. Hence, DHTs and WMNs seem to complement each other nicely and even share common traits and challenges, such as multi-path routing and dynamic membership of unreliable nodes. Existing Internet-based DHT approaches are designed to emphasize performance and stability in Internet scenarios and do not consider the special conditions in WMNs. In particular, they do not focus on the impact of the physical neighbor relations of DHT nodes and assume efficient global connectivity. In contrast, in a WMN, locality of communication is essential to avoid unnecessary multi-hop data transmissions and congestion on the wireless link. We present Mesh-DHT, an approach for building a scalable DHT in WMNs that puts special emphasis on the locality of nodes and links. We construct a stable, location-aware overlay network that enables fully distributed organization of information. By design, our DHT geometry is closely aligned to the network topology of the WMN to emphasize local communication. We show that our approach preserves locality in the overlay construction, is robust against node failure, and makes efficient use of local information. These properties make our approach scalable even in the presence of hundreds of mesh nodes.