Advanced Topics in Wireless Security (Fall 2018)

Course Description
This inter-disciplinary course focuses on vulnerabilities, attacks, and mitigation techniques in current and emerging wireless systems. The goal is to provide the students with a deep understanding of security issues in wireless systems and an insight into recent research trends. The students will also gain a practical research experience by studying several high-quality research papers and working on a research project that involves software-defined radio (SDR) implementation. The course begins with an overview of wireless communications fundamentals. We then study advanced topics in wireless security, including Wi-Fi security, security at physical-layer, reactive jamming and friendly jamming, covert communications, security issues in IoT and vehicle-to-vehicle (V2V) communications, 4G/LTE cellular networks, etc.

Grading

• Quizzes: 37%
• Class participation: 13%
• Presentations (3): 25%
• Team project: 25%

Tech News Presentations

• Mitsubishi Outlander Car's Theft Alarm Hacked through Wi-Fi. Presenter: Shreyas Machenahalli
• Internet of Things: Fredi Baby Monitor. Presenter: Thomas Slota
• Hackers Turned LG Smart Hom-Bot Into Remote-Controlled Spy Robot. Presenter: Neha Channakeshava
• BrickerBot. Presenter: Ayushi Rathore
• Google's Doors Hacked. Presenter: Siddharth Dongre
• Eavesdropping Attack on MIKROTIK Routers. Presenter: Angad Singh
• BlueBorne! One Year Later. Presenter: Julio Diaz
• New Attack on WPA/WPA2 Protocols. Presenter: Swathi Ramji
• Wi-Fi Protected Access 3 (WPA3). Presenter: Sumayyah Alahmadi
• Tesla Hacked in Seconds! Presenter: Vishal Pokarne
• Hackers Expose Scary Amazon Echo Vulnerability. Presenter: Hans Johnson
• Hackers Mine for Crypto-Coins on IoT Devices. Presenter: Pranusha Soma Reddy
• Hacker Hijacks a $28K Police Drone with $40 Equipment. Presenter: Arpan Abani Sarkar

Course Schedule

• Class 1: Course Overview and Introduction
• Class 2: Introduction to Wireless Communications
• Class 3: IEEE 802.11 (WiFi) Standards
• Class 4: WPA2/WPA3, Intro to cellular networks
• Class 5: Wi-Fi Security 1
  • Assigned reading: T. Xie, G. Tu, C. Li, C. Peng, J. Li, M. Zhang, "The Dark Side of Operational Wi-Fi Calling Services", 6th IEEE Conference Communications and Network Security (CNS), Beijing, China, May 2018.
• Class 6: Wi-Fi Security 2
  • Assigned reading: M. Vanhoef and F. Piessens, "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2", ACM CCS, Dallas, TX, USA, November 2017.
• Class 7: Wi-Fi Security 3
  • Assigned reading: Y. Wang, J. Liu, Y. Chen, M. Gruteser, J. Yang, H. Liu, "E-eyes: Device-free Location-oriented Activity Identification Using Fine-grained WiFi Signatures" ACM MobiCom, Maui, Hawaii, USA, September 2014.
• Class 8: MAC Address Randomization
  • Assigned reading: M. Vanhoefy, C. Mattez, M. Cunchez, L. Cardosoz, F. Piessens, "Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms", ACM Asia CCS, Xi'an, China, June 2016.
• Class 9: Key Generation at PHY Layer
  • Assigned reading: S. Jana, N. Patwari, S. Krishnamurthy, "On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments", ACM MobiCom, Beijing, China, September 2009.
• Class 10: Authentication at PHY Layer
  • Assigned reading: N. Ghose, L. Lazos, and M. Li, "SFIRE: Secret-Free In-band Trust Establishment for COTS Wireless Devices", 6th IEEE Conference Communications and Network Security, Beijing, China, May 2018.
• Class 11: Massive MIMO Security
  • Assigned reading: C. Yeh and E. Knightly, "Feasibility of Passive Eavesdropping in Massive MIMO: An Experimental Approach", 6th IEEE Conference Communications and Network Security, Beijing, China, May 2018.
• Class 12: Wireless Covert Communications 1
  • Assigned readings:
    1. B. Bash, D. Goeckel, D. Towsley, and S. Guha, "Hiding Information in Noise: Fundamental Limits of Covert Wireless Communication", IEEE Communications Magazine, vol. 53, no. 12, pp. 26-31, December 2015.
    2. Z. Yang, Q. Huang, Q. Zhang, "NICScatter: Backscatter as a Covert Channel in Mobile Devices", ACM MobiCom, Snowbird, UT, USA, October 2017.
• Class 13: Wireless Covert Communications 2
  • Assigned reading: J. Classen, M. Schulz, and M. Hollick, "Practical Covert Channels for WiFi Systems", IEEE Conference Communications and Network Security (CNS), San Francisco, CA, USA, October 2015.
• Class 14: Smart Reactive Jamming
  • Assigned reading: H. Rahbari, M. Krunz, and L. Lazos, "Swift Jamming Attack on Frequency Offset Estimation: The Achilles' Heel of OFDM Systems", IEEE Transactions on Mobile Computing, vol. 15, no. 5, May 2016.
• Class 15: Friendly Jamming 1
  • Assigned reading: N. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 2013.
  • Optional reading: S. Gollakota, H. Hassanie, B. Ransford, D. Katabi, and K. Fu, "They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices", ACM SIGCOMM, Toronto, Ontario, Canada, August 2011.
• Class 16: Friendly Jamming 2
  • Assigned reading: W. Shen, P. Ning, X. He, and H. Dai, "Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time", IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 2013.
• Class 17: Friendly Jamming 3
  • Assigned reading: M. Schulz, A. Loch, and M. Hollick, "Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems", NDSS Symposium, San Diego, CA, USA, February 2014.
  • Optional reading: N. Anand, S. Lee, and E. Knightly, "STROBE: Actively Securing Wireless Communications using Zero-Forcing Beamforming", IEEE INFOCOM SIGCOMM, Orlando, FL, USA, March 2012.
• Class 18: V2V Security 1
  • Assigned reading: Q. Chen, Y. Yin, Y. Feng, Z. Mao, and H. Lin, "Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control", IEEE Symposium on Network and Distributed Systems Security (NDSS), San Diego, CA, USA, February 2018.
• Class 19: V2V Security 2
  • Assigned readings:
    1. M. Amoozadeh, A. Raghuramu, C. Chuah, and D. Ghosal, H. Zhang, J. Rowe, and K. Levitt, "Security Vulnerabilities of Connected Vehicle Streams and Their Impact on Cooperative Driving", IEEE Communications Magazine, vol. 53, no. 6, pp. 226-132, June 2015.
    2. S. Kuk, H. Kim, Y. Park, "Detecting False Position Attack in Vehicular Communications Using Angular Check", ACM CarSys, Snowbird, UT, USA, October 2017.
• Class 20: V2V Security 3
  • Assigned readings:
    1. U.S. Department of Transportation, "Security Credential Management System (SCMS) -- Proof of Concept (POC)", 2016.
    2. V. Kumar, J. Petit, W. Whyte, "Binary Hash Tree based Certificate Access Management for Connected Vehicles", ACM WiSec, Boston, MA, USA, July 2017.
• Class 21: V2V Security 4
  • Assigned reading: M. Khodaei and P. Papadimitratos, "Efficient, Scalable, and Resilient Vehicle-Centric Certificate Revocation List Distribution in VANETs", ACM WiSec, Stockholm, Sweden, June 2018.
• Class 22: Wireless IoT Security 1
• Class 23: Wireless IoT Security 2
• Class 24: Wireless IoT Security 3
• Class 25: Wearable Device Security
• Class 26: Cellular Networks Security 1
• Class 27: Cellular Networks Security 2
• Class 28: Cross-Technology Communications Security