Boris Danev scite author profile

Physical-layer device identification aims at identifying wireless devices during radio communication by exploiting unique characteristics of their analog (radio) circuitry. This work systematizes the existing knowledge on this topic in order to enable a better understanding of device identification, its implications on the analysis and design of security solutions in wireless networks and possible applications. We therefore present a systematic review of physical-layer identification systems and provide a summary of current state-of-the-art techniques. We further present a classification of attacks and discuss the feasibility, limitations, and implications in selected applications. We also highlight issues that are still open and need to be addressed in future work.

show abstract

Physical-layer identification of UHF RFID tags

Zanetti

2010

View full text Add to dashboard Cite

In this work, we study physical-layer identification of passive UHF RFID tags. We collect signals from a population of 70 tags using a purpose-built reader and we analyze time domain and spectral features of the collected signals. We show that, based on timing features of the signals, UHF RFID tags can be classified, independently of the location and distance to the reader (evaluated up to 6 meters), with an accuracy of approx. 71% (within our population). Additionally, we show that is possible to uniquely identify a maximum of approx. 2 6 UHF RFID tags independently of the population size. We analyze the implications of these results on tag holder privacy. We further show that, in controlled environments, UHF RFID tags can be uniquely identified based on their signal spectral features with an Equal Error Rate of 0% (within our population); we discuss the application of those techniques to cloning detection in RFID-enabled supply chains.

show abstract

Attacks on physical-layer identification

et al. 2010

View full text Add to dashboard Cite

Detection of reactive jamming in sensor networks

Strasser

Danev

Čapkun

2010

ACM Trans. Sen. Netw.

124

View full text Add to dashboard Cite

Abstract-An integral part of most security-and safety-critical applications is a dependable and timely alarm notification. However, owing to the resource constraints of wireless sensor nodes (i.e., their limited power and spectral diversity), ensuring a timely and jamming-resistant delivery of alarm messages in applications that rely on wireless sensor networks is a challenging task. With current alarm forwarding schemes, blocking of an alarm by jamming is straightforward and jamming is very likely to remain unnoticed. In this work, we propose a novel jamming detection scheme as a solution to this problem. Our scheme is able to identify the cause of bit errors for individual packets by looking at the received signal strength during the reception of these bits and is well-suited for the protection of reactive alarm systems with very low network traffic. We present three different techniques for the identification of bit errors based on: predetermined knowledge, error correcting codes, and limited node wiring. We perform a detailed evaluation of the proposed solution and validate our findings experimentally with Chipcon CC1000 and CC2420 radios. The results show that our solution effectively detects sophisticated jamming attacks that cannot be detected with existing techniques and enables the formation of robust sensor networks for dependable delivery of alarm notifications. Our scheme also meets the high demands on the energy efficiency of reactive surveillance applications as it can operate without introducing additional wireless network traffic.

show abstract

Towards Practical Identification of HF RFID Devices

Danev

Čapkun

Masti

et al. 2012

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

The deployment of RFID poses a number of security and privacy threats such as cloning, unauthorized tracking, etc. Although the literature contains many investigations of these issues on the logical level, few works have explored the security implications of the physical communication layer. Recently, related studies have shown the feasibility of identifying RFID-enabled devices based on physical-layer fingerprints. In this work, we leverage on these findings and demonstrate that physical-layer identification of HF RFID devices is also practical, that is, can achieve high accuracy and stability. We propose an improved hardware setup and enhanced techniques for fingerprint extraction and matching. Our new system enables device identification with an Equal Error Rate as low as 0.005 (0.5%) on a set 50 HF RFID smart cards of the same manufacturer and type. We further investigate the fingerprint stability over an extended period of time and across different acquisition setups. In the latter case, we propose a solution based on channel equalization that preserves the fingerprint quality across setups. Our results strengthen the practical use of physical-layer identification of RFID devices in product and document anti-counterfeiting solutions.

show abstract

Investigation of Signal and Message Manipulations on the Wireless Channel

Pöpper

Tippenhauer

Danev

et al. 2011

View full text Add to dashboard Cite

Abstract. We explore the suitability of Dolev-Yao-based attacker models for the security analysis of wireless communication. The Dolev-Yao model is commonly used for wireline and wireless networks. It is defined on abstract messages exchanged between entities and includes arbitrary, real-time modification of messages by the attacker. In this work, we aim at understanding and evaluating the conditions under which these real-time, covert low-energy signal modifications can be successful. In particular, we focus on the following signal and message manipulation techniques: symbol flipping and signal annihilation. We analyze these techniques theoretically, by simulations, and experiments and show their feasibility for particular wireless channels and scenarios.

show abstract

Enabling secure VM-vTPM migration in private clouds

Danev

Masti

Karame

et al. 2011

View full text Add to dashboard Cite

The integration of Trusted Computing technologies into virtualized computing environments enables the hardware-based protection of private information and the detection of malicious software. Their use in virtual platforms, however, requires appropriate virtualization of their main component, the Trusted Platform Module (TPM) by means of virtual TPMs (vTPM). The challenge here is that the use of TPM virtualization should not impede classical platform processes such as virtual machine (VM) migration.In this work, we consider the problem of enabling secure migration of vTPM-based virtual machines in private clouds. We detail the requirements that a secure VM-vTPM migration solution should satisfy in private virtualized environments and propose a vTPM key structure suitable for VM-vTPM migration. We then leverage on this structure to construct a secure VM-vTPM migration protocol. We show that our protocol provides stronger security guarantees when compared to existing solutions for VM-vTPM migration. We evaluate the feasibility of our scheme via an implementation on the Xen hypervisor and we show that it can be directly integrated within existing hypervisors. Our Xenbased implementation can be downloaded as open-source software. Finally, we discuss how our scheme can be extended to support live-migration of vTPM-based VMs.

show abstract

Physical-layer attacks on chirp-based ranging systems

Ranganathan

Danev

Francillon

et al. 2012

View full text Add to dashboard Cite

Chirp signals have been extensively used in radar and sonar systems to determine distance, velocity and angular position of objects and in wireless communications as a spread spectrum technique to provide robustness and high processing gain. Recently, several standards have adopted chirp spread spectrum (CSS) as an underlying physical-layer scheme for precise, low-power and low-complexity real-time localization. While CSS-based ranging and localization solutions have been implemented and deployed, their security has so far not been analyzed.In this work, we analyze CSS-based ranging and localization systems. We focus on distance decreasing relay attacks that have proven detrimental for the security of proximitybased access control systems (e.g., passive vehicle keyless entry and start systems). We describe a set of distance decreasing attacks realizations and verify their feasibility by simulations and experiments on a commercial ranging system. Our results demonstrate that an attacker is able to effectively reduce the distance measured by chirp-based ranging systems from 150 m to 600 m depending on chirp configuration. Finally, we discuss possible countermeasures against these attacks.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Boris Danev

On physical-layer identification of wireless devices

Physical-layer identification of UHF RFID tags

Attacks on physical-layer identification

Detection of reactive jamming in sensor networks

Towards Practical Identification of HF RFID Devices

Investigation of Signal and Message Manipulations on the Wireless Channel

Enabling secure VM-vTPM migration in private clouds

Physical-layer attacks on chirp-based ranging systems

Contact Info

Product

Resources

About