Ivan Martinovic

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

We investigate whether a classifier can continuously authenticate users based on the way they interact with the touchscreen of a smart phone. We propose a set of 30 behavioral touch features that can be extracted from raw touchscreen logs and demonstrate that different users populate distinct subspaces of this feature space. In a systematic experiment designed to test how this behavioral pattern exhibits consistency over time, we collected touch data from users interacting with a smart phone using basic navigation maneuvers, i.e., up-down and left-right scrolling. We propose a classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen. The classifier achieves a median equal error rate of 0% for intrasession authentication, 2%-3% for intersession authentication, and below 4% when the authentication test was carried out one week after the enrollment phase. While our experimental findings disqualify this method as a standalone authentication mechanism for long-term authentication, it could be implemented as a means to extend screen-lock time or as a part of a multimodal biometric authentication system.

Short paper: reactive jamming in wireless networks: how realistic is the threat?

In this work, we take on the role of a wireless adversary and investigate one of its most powerful tools---radio frequency jamming. Although different jammer designs are discussed in the literature, reactive jamming, i.e., targeting only packets that are already on the air, is generally recognized as a stepping stone in implementing optimal jamming strategies. The reason is that, while destroying only selected packets, the adversary minimizes its risk of being detected. One might hope for reactive jamming to be too challenging or uneconomical for an attacker to conceive and implement due to its strict real-time requirements. Yet, in this work we disillusion from such hopes as we demonstrate that flexible and reliable software-defined reactive jamming is feasible by designing and implementing a reactive jammer against IEEE 802.15.4 networks. First, we identify the causes of loss at the physical layer of 802.15.4 and show how to achieve the best performance for reactive jamming. Then, we apply these insights to our USRP2-based reactive jamming prototype, enabling a classification of transmissions in real-time, and reliable and selective jamming. The prototype achieves a reaction time in the order of microseconds, a high precision (such as targeting individual symbols), and a 97.6% jamming rate in realistic indoor scenarios for a single reactive jammer, and over 99.9% for two concurrent jammers.

Experimental analysis of attacks on next generation air traffic communication

This work studies the security of next generation air traffic surveillance technology based on Automatic Dependent Surveillance --- Broadcast (ADS-B). ADS-B is already supported by a majority of international aircraft and will become mandatory in 2020 for most airspaces worldwide. While it is known that ADS-B might be susceptible to different spoofing attacks, the complexity and impact of launching these attacks has been debated controversially by the air traffic control community. Yet, the literature remains unclear on the requirements of launching ADS-B attacks in real-world environments, and on the constraints which affect their feasibility. In this paper, we take a scientific approach to systematically evaluate realistic ADS-B attacks. Our objective is to shed light on the practicability of different threats and to quantify the main factors that impact the success of such attacks. Our results reveal some bad news: attacks on ADS-B can be inexpensive and highly successful. Using a controlled experimental design, we offer insights from a real-world feasibility analysis that leads to the conclusion that any safety-critical air traffic decision process should not rely exclusively on the ADS-B system.

Jamming for good: a fresh approach to authentic communication in WSNs

While properties of wireless communications are often considered as a disadvantage from a security perspective, this work demonstrates how multipath propagation, a broadcast medium, and frequency jamming can be used as valuable security primitives. Instead of conventional message authentication by receiving, verifying, and then discarding fake data, sensor nodes are prevented from receiving fake data at all. The erratic nature of signal propagation distributes the jamming activity over the network which hinders an adversary in predicting jamming nodes and avoids selective battery-depletion attacks. By conducting real-world measurements, we justify the feasibility of such a security design and provide details on implementing it within a realistic wireless sensor network.

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next-generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, in addition to being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, particularly with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts that have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures that have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.

Realities and challenges of nextgen air traffic management: the case of ADS-B

Air traffic is continuously increasing worldwide, with both manned and unmanned aircraft looking to coexist in the same airspace in the future. Next generation air traffic management systems are crucial in successfully handling this growth and improving the safety of billions of future passengers. The Automatic Dependent Surveillance Broadcast (ADS-B) system is a core part of this future. Unlike traditional radar systems, this technology empowers aircraft to automatically broadcast their locations and intents, providing enhanced situational awareness. This article discusses important issues with the current state of ADS-B as it is being rolled out. We report from our OpenSky sensor network in Central Europe, which is able to capture about 30 percent of the European commercial air traffic. We analyze the 1090 MHz communication channel to understand the current state and its behavior under the increasing traffic load. Furthermore, the article considers important security challenges faced by ADS-B. Our insights are intended to help identify open research issues, furthering new interest and developments in this field.

Secure Key Generation in Sensor Networks Based on Frequency-Selective Channels

Key management in wireless sensor networks faces several unique challenges. The scale, resource limitations, and new threats such as node capture suggest the use of in-network key generation. However, the cost of such schemes is often high because their security is based on computational complexity. Recently, several research contributions justified experimentally that the wireless channel itself can be used to generate information-theoretic secure keys. By exchanging sampling messages during device movement, a bit string is derived known only to the two involved entities. Yet, movement is not the only option to generate randomness: the channel response strongly depends on the signal frequency as well. In this work, we introduce a key generation protocol based on the frequency-selectivity of multipath fading channels. The practical advantage of this approach is that it does not require device movement during key establishment. Thus the frequent case of a sensor network with static nodes is supported. We show the protocols applicability by implementing it on MICAz motes, and evaluating its robustness and security through experiments and analysis. The error correction property of the protocol mitigates the effects of measurement errors and temporal effects, giving rise to an agreement rate of over 97 %.

Secret keys from entangled sensor motes: implementation and analysis

Key management in wireless sensor networks does not only face typical, but also several new challenges. The scale, resource limitations, and new threats such as node capture and compromise necessitate the use of an on-line key generation, where secret keys are generated by the nodes themselves. However, the cost of such schemes is high since their secrecy is based on computational complexity. Recently, several research contributions justified that the wireless channel itself can be used to generate information-theoretic secure keys between two parties. By exchanging sampling messages during movement, a bit string can be derived that is only known to the involved entities. Yet, movement is not the only possibility to generate randomness. The channel response is also strongly dependent on the frequency of the transmitted signal. In our work, we introduce a protocol for key generation based on the frequency-selectivity of channel fading. The great practical advantage of this approach is that we do not rely on node movement as the source of randomness. Thus, the frequent case of a sensor network with static motes is supported. Furthermore, the error correction property of the proposed protocol mitigates the effects of measurement errors and other temporal effects, giving rise to a key agreement rate of over 97%. We show the applicability of our protocol by implementing it on MICAz motes, and evaluate its robustness and secrecy through experiments and analysis.

A survey on dependable routing in sensor networks, ad hoc networks, and cellular networks

The class of wireless and mobile networks features a dissimilar set of characteristics and constraints compared to traditional fixed networks. The various dimensions of these characteristics/constraints strongly influence the routing system, which is often regarded as the glue of a network. We introduce the concept of routing dependability describing the trustworthiness of a routing system such that reliance can justifiably be placed on the consistency of behavior and performance of the routing service delivered. We investigate this concept by analyzing the basic characteristics of various networks. Subsequently, we derive the most important attributes and impairments that contribute to routing dependability in sensor networks, ad hoc networks, and infrastructure-based cellular networks. Departing from state-of-the-art network designs, we extend our survey to cover future network architectures as well. We finish by briefly investigating possible directions and means that allow mitigating the deprivation of dependability.

A Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols

Generating secret keys using physical properties of the wireless channel has recently become a popular research area. The main security assumption of these protocols is that a sufficiently distant adversary is unable to guess a generated secret due to the unpredictable behavior of multipath signal propagation. In this paper, we introduce a practical and efficient man-in-the-middle attack against such protocols. Using this attack, we demonstrate: (i) intentional sabotaging of key generation schemes, which leads to a high key disagreement rate, and (ii) a key recovery that reveals up to 47% of the generated secret bits. We analyze statistical countermeasures (often proposed in related work) and show that attempting to detect such attacks results in a high false positive rate, questioning the overall benefit of such schemes. We implement and experimentally validate the attacks using off-the-shelf hardware, without assuming any technological advantage for the adversary.