Phantom Eavesdropping With Whitened RF Leakage

Shao, Chenglong; Jang, Wonwoo; Park, Hoorin; Sung, Jekyung; Jung, Yeon‐Gil; Lee, Wonjun

doi:10.1109/lwc.2019.2949316

Cited by 7 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacks are based on the captured signals without presence of the auxiliary tag. Since the tag owners are expected to be in various circumstances, the attacker can exploit active eavesdropping outside reader's interrogation range [25], [38].…”

Section: A Adversarial Modelmentioning

confidence: 99%

Rethinking Tag Collisions for Replay and Relay Attack Resistance in Backscatter Networks

Park

Lee

2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

Distinguishable physical layer features of radio frequency have the potential to serve as new fingerprints for authentication in backscatter networks. They have a definite advantage that backscatter tags do not have to run resource-intensive operations that commodity tags rarely implement. However, current physical layer authentication schemes impose substantial burdens on both service providers and users. Since physical layer features are highly susceptible to environmental factors, labor-intensive and timeconsuming fingerprint library establishment is indispensable to make sufficient statistics for authentication. In this paper, we propose TagDuet, a collision-assisted authentication scheme that adopts an auxiliary tag to RFID systems, a typical type of backscatter networks, without the requirement of fingerprint library establishment. TagDuet places an independent backscatter tag in the proximity of a reader and utilizes the features in intended tag collisions to improve wireless security. Our phase cancellation decoding algorithm accurately decodes the collisions, which leads TagDuet fully compatible with the commodity RFID tags. TagDuet provides freshness, the paramount property to resist replay attacks, and robustness to relay attacks under FCC regulations for frequency hopping. We implement a prototype of TagDuet with commodity tags, evaluate the performance in randomized channels by the auxiliary tag, and demonstrate the resilience against replay and relay attacks.

show abstract

Section: A Adversarial Modelmentioning

confidence: 99%

Rethinking Tag Collisions for Replay and Relay Attack Resistance in Backscatter Networks

Park

Lee

2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…1 Due to the broadcast of wireless transmission, both B and E receive confidential messages from A, even though A only wants to convey its confidential messages to B. Since a fraction of the local oscillator signal can leak out from the local oscillator of E [12], A is supposed to have the statistical knowledge of the estimated eavesdropping channels.…”

Section: A System Modelmentioning

confidence: 99%

RIS-Aided AANETs: Security Maximization Relying on Unsupervised Projection-Based Neural Networks

Hoang

Luong

Dong

et al. 2022

IEEE Trans. Veh. Technol.

View full text Add to dashboard Cite

The security aspects of aeronautical ad-hoc networks (AANET) relying on reflective intelligent surface (RIS) are considered. A projection-based deep neural network (DNN) is designed for maximizing the secrecy rate of the proposed RISaided AANET. While the multiple-layer architecture of the DNN enables learning the functional relationship between the target variables of the optimization problem and the ground-air channels, the projection method guarantees that the constraint of the optimization problem is not violated. Our design outperforms the state-of-the-art projected gradient descent algorithms and that the RIS is capable of enhancing the security.

show abstract

“…For our implementation, the legitimate receiver cannot decode the packet with |f a-CFO | ≥ 50 kHz. According to [46], CFO over 600 kHz hinders the legitimate decoding. However, the target signals have consistent CFO for the entire packet, whereas our implementation includes OFDM block-wise CFOs, which require more stringent restrictions.…”

Section: Artificial Cfo-based Covert Channel Attackmentioning

confidence: 99%

“…As A-CFO value increases, the variance of the corresponding distribution also increases. There are noticeable differences when the A-CFO value is injected with the size of 100 kHz and 1 MHz, but the legitimate channel cannot be maintained because the frame cannot be recognized at the legitimate receiver [46]. It is worth noting that the attacker who wants high reliability needs to increase the A-CFO size, but he also should take the high risk of being detected.…”

Section: B Cfo Estimate Distribution Analysismentioning

confidence: 99%

Combating Adversarial Covert Channels in Wi-Fi Networks

et al. 2022

Self Cite

View full text Add to dashboard Cite

Physical layer covert channels exploit the characteristics of radio signals to convey secret messages while remaining inconspicuous within wireless channels. With specifically designed modulation schemes, covert channels effectively disguise secret messages as noise. Since the intentionally embedded noise dissipates when the radio signal is decoded as a bitstream, adversaries can maintain a stealthy breach in communication systems. IoT devices, particularly, often utilize vendor-specific firmware and hardware whose security verification is too complex for everyday users. Hence, these devices can easily be compromised to transmit their data to unauthorized adversaries via the covert channels. To this end, we propose a novel countermeasure system, Ghost-Fi Detector, which detects the covert channels reliably and comprehensively. Our attack models reflect a real-world wireless network technology, Wi-Fi, and cover three aspects of its radio signal characteristics including amplitude, phase, and frequency. Since each model induces distinct manifestations in the received signal, there is no dominant universal detection mechanism that detects all the attack models simultaneously. Instead, Ghost-Fi detector consists of six precisely designed complementary defense mechanisms that perform passive radio-frequency analyses. Evaluation results show that Ghost-Fi Detector achieves an average hit rate of 95% with an almost zero false-positive rate for arbitrary Wi-Fi frames.INDEX TERMS Covert channel detection system, modulation-based covert channel, wireless network security, Wi-Fi network.

show abstract

Phantom Eavesdropping With Whitened RF Leakage

Cited by 7 publications

References 8 publications

Rethinking Tag Collisions for Replay and Relay Attack Resistance in Backscatter Networks

Rethinking Tag Collisions for Replay and Relay Attack Resistance in Backscatter Networks

RIS-Aided AANETs: Security Maximization Relying on Unsupervised Projection-Based Neural Networks

Combating Adversarial Covert Channels in Wi-Fi Networks

Contact Info

Product

Resources

About