Towards improving security on the wireless medium

Abstract

This thesis investigates security issues in the wireless medium surrounding many of today’s modern devices. Such devices that have analog sensors measuring physical processes also have circuits to amplify the signal before it gets converted into a digital format for processing and communication. Those analog input circuits by their use of low voltage signals are sensitive to electromagnetic interferences (EMI). This work investigates the use of EMI as a method of signal injection into the device. The analog inputs are typically not checked for forged waveforms and can be manipulated wirelessly by an attacker. The fundamental vulnerability of those circuits is explored and bounds are derived for the attack. Solutions are proposed for classes of devices depending on their individual constraints. The next part of this work looks at a subset of wireless communication protocols used by devices, focusing on integrated clinical environments. A corresponding list of security requirements is proposed and used to evaluate currently available standards, revealing large gaps. This section concludes by proposing a direction on composing secure integrated clinical environments based on the requirement list. On a larger scale, this thesis analyzes wireless cellular GSM networks. It first reveals location information leaks on the air interface due to the broadcast methods used to notify phones in a given geographic area that there is an incoming call. This section also proposes solutions to mitigate the information leaks discovered. This work then looks at the difficulty of properly and fairly accounting for bytes transferred on behalf of the application layer. A tradeo↵ point used by current transport layers based on wired networks is guaranteed delivery with increased overhead. This section investigates methods that could exploit transport layer retransmission mechanisms to exhaust the financial resources of a cellular user. This thesis focuses heavily on understanding the attacker and methods to wirelessly exploit vulnerabilities in systems. This is a necessary step in building better future systems and evaluating current systems.