Secure Mobile Networking Lab Exercise /
Project
Summer 2013
Kick-off meeting
Prof. Dr.-Ing. Matthias Hollick
Technische Universität Darmstadt
Secure Mobile Networking Lab - SEEMOO
Department of Computer Science
Center for Advanced Security Research Darmstadt - CASED
Prof. Dr.-Ing. Matthias Hollick
[email protected]
Mornewegstr. 32
D-64293 Darmstadt, Germany
Tel.+49 6151 16-70922, Fax. +49 6151 16-70921
http://seemoo.de or http://www.seemoo.tu-darmstadt.de
Overview
Lab Exercise (“Praktikum”)
 Focus on practical implementations
 Improve hands-on technique and experience
 But also improve theoretical knowledge
 Ideally in small groups of 2-3 students
 Expected work per week per student: 4 hours
Project (“Projektpraktikum”)
 More work than Lab Exercise
 Expected work per week per student: 6 hours
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
2
Organizational Issues
Schedule and deadlines
23.04.2013 (Tuesday), 16:30 Kick-off meeting (Room S4/14 3.2.01)
26.04.2013 (Friday), 23:59 Confirmation of topic with advisor
04.06.2013 (Tuesday), 16:30 Design workshop (Room S4/14 3.2.01)
16.07.2013 (Tuesday), 16:30 Final presentation (Room S4/14
3.2.01)
• 23.07.2013 (Tuesday), Code review with advisors
• 28.07.2013 (Sunday), 23:59 Submit project report (~6 pages
ACM/IEEE format)
•
•
•
•
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
3
Topics
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Effects of cover traffic on a wireless delay-tolerant network (Topic AB1)
Implement an Innovative Participative or Privacy-related App (Topic DC1)
Attack detection on WMNs employing mobile phones (Topic RDC1)
Curved paths: finding a way through enemy territory (Topic AL1)
OFDMA: enabling simultaneous medium access in WMNs (Topic AL2)
Neither shouting nor whispering: semi-automatic gain control (Topic AL3)
Catch me if you can: Intrusion Detection System for a WSN (Topic MR1)
Liars and Outliers: Detection of False Data in WSN (Topic MR2)
Implementing a Modular Physical Layer in a FPGA (Topic MS1)
Hacking the Wireless Spectrum (Topic MS2)
Burning the Mesh (Topic MW1)
GUI for Click Modular Router (Topic MW2)
Mesh Attacks with Click (Topic MW3)
Integrate Glossy into TDMA (Topic DY1)
Software Defined Radio meets Real Sensor Nodes (Topic DY2)
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
4
Effects of cover traffic on a wireless
delay-tolerant network (Topic AB1)
What is a wireless (mobile) DTN
 Nodes can move in and out of range and become isolated
 Neighbors are only temporary, perhaps only once in the network's lifetime
 Network graph can split, but nodes can still bridge the “islands”
 Therefore: end-to-end connection is intermittent, usual approaches may fail
Why we want to analyze the effects of cover traffic
 Goal: to hide the true sender and the true receiver of a message
 Idea: generate noise to prevent only real messages to be sent
 However, it may kill the network
Your Tasks:
 Get acquainted with the ONE simulator
Group task: Group of up to 3 students
 Modify it to behave as intended
 Measure parameters such as throughput, delay, …
with varying loads of cover traffic
Contact:
Msc. Ana Barroso
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
[email protected]
5
Implement an Innovative Participative or
Privacy-related App (Topic DC1)
Your Task:
 Design and develop an app in which users:
contribute e.g. sensor readings
to help the community
or
visualize how their privacy is
protected/endangered
 Implementation on Android or iOS
 Implemented functionalities depend on the
number of students
Group task: Group of up to 5 students
Contact:
Dr-Ing. Delphine Christin
[email protected]
sitetalk-info.de
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
6
Attack detection on WMNs employing
mobile phones (Topic RDC1)
• Get involved with the WMNs’ basics and understand the standard IEEE 802.11s
• Investigate about attacks on WMNs and MANETs in general
• Using the mesh network available in the lab, and the mobile phones with an IDS
application deployed (I’ll provide you more details), think of either a) the
deployment of an existing attack and a detection using these mobile devices,
or b) think and deploy a new attack and suggest how to detect it using mobile
phones.
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
7
Curved paths: finding a way through
enemy territory (Topic AL1)
Sending packets over secure routes




Bad nodes can manipulate the routing process in WMNs
Security mechanisms can identify and locate attackers
Face routing allows curves as reference paths
Curves can be defined in order to bypass bad areas
Your Task:
Given the position of the misbehaving nodes, which might
be globally known or only known to nodes close to the
attackers, find a curve connecting a random pair of nodes
that avoids all dangerous areas. Task in detail:
 Design algorithms for finding valid parametric curves.
 Curves can change dynamically as packets are relayed
 Implement and evaluate the algorithms in NetSim 2
Individual or group task; up to 2
students
Contact:
Adrian Loch
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
8
OFDMA: enabling simultaneous medium
access in WMNs (Topic AL2)
Orthogonal Frequency Division Multiple Access
Traditional WMNs are built on the 802.11 MAC protocol,
which leads to poor performance in a multihop scenario
OFDMA is a promising approach used in next generation
cellular networks, but suitable also for WMNs
A key advantage of OFDMA is that it allows simultaneous
transmissions at nodes, either sending or receiving
Your Task:
Implement OFDMA in a small toy WMN scenario using the
Wireless Open Access Research Platform Software Defined
Radio (WARP SDR). Task in detail:
 Understand how OFDMA works
 Excellent FPGA knowledge is essential
 Implement realtime OFDMA on WARP
Group task; up to 3-4 students
Contact:
Adrian Loch
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
9
Neither shouting nor whispering: semiautomatic gain control (Topic AL3)
Gain Control in Wireless Networks
Gain control is crucial for avoiding too large (shouting) as
well as too small (whispering) signals at receivers
Automatic gain control exists, but can cause unexpected
behaviors in a prototyping/test environment
Problem becomes harder when concurrent transmissions
are performed, as multiple gains need to be adjusted
Your Task:
Implement a script which empirically determines the best
gains for the case of multiple senders transmitting to
multiple receivers. Task in detail:
 Learn about WARPLab (plenty of examples available)
 Identify automatically too large and too small signals
 Implement a script for empirical gain adjustment
Individual or group task; up to 2
students
Contact:
Adrian Loch
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
10
Catch me if you can: Intrusion Detection
System for a WSN (Topic MR1)
Prevention is not everything
 Crypto could be broken
 Insider attacks
 Novel attacks
…
Your Task:
 Get an overview of IDS architectures
 Design your IDS and implement it
 Evaluate the IDS
Group task: Group of up to 3 students
Contact:
Dipl. Wirtsch.-Inf. Michael Riecker
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
11
Liars and Outliers: Detection of False
Data in WSN (Topic MR2)
 WSNs are used to…
 Monitor critical infrastructure
 Automate industrial processes
 What about false data?
Your Task:
Group task: Group of up to 3 students
Contact:
Dipl. Wirtsch.-Inf. Michael Riecker
[email protected]
 Get an overview of outlier detection techniques
 Design a local algorithm to detect false data
 Implement and evaluate the algorithm
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
12
Implementing a Modular Physical
Layer in a FPGA (Topic MS1)
Your Task:
• Implement a real time physical layer in
hardware using Xilinx System
Generator for Simulink
• connect your design to a MicroBlaze
processor
Previous Knowledge in either:
• FPGA Design/System on Chip
• Communication Systems (Layer 1)
• Low Level Programming in C
• MATLAB/Simulink/DSP
• Software Defined Radios
Contact: Matthias Schulz
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
13
Hacking the Wireless Spectrum
(Topic MS2)
Your Task:
• Use Software Defined Radios to
attack wireless systems:
eavesdropping, jamming, forging,
wormholeing, …
Previous Knowledge in either:
• RTLSDR, USRP, WARP
• GnuRadio, Simulink, DSP
• Digital/Analog Modulations
• Reverse Engineering
Contact: Matthias Schulz
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
14
Burning the Mesh (Topic MW1)
 Ad hoc and wireless mesh networks are
evolving fast
 Protecting those networks is hard as there is
no central authority
 Distributed firewalls can help defend the
network
 Your mission:
Analyze current research on protecting wireless mesh networks
Implement a distributed firewall system using the Click framework (Lab)
Contrast firewalls against other protection measures
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
15
GUI for Click Modular Router
(Topic MW2)
 Click is a Modular Network Framework
 Configurations are composed of modules
 Each configuration is a directed graph
 Configurations are stored in text files
 Your mission:
Work your way into the features of the Click configuration language
Design an application to create, edit and view Click configurations
Implement your application design using state of the art
software engineering methods
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
16
Mesh Attacks with Click (Topic
MW3)
 Traditional mesh routing protocols are prone to
several attacks
 Click is a Modular Network Framework which
can be used to create a own networking stack
 Your mission:
Analyze state of the art attacks on mesh networks
Create an attack system using the Click Framework
Evaluate your attack system in our mesh testbed
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
17
Integrate Glossy into TDMA (Topic DY1)
Requirement of TDMA
 A centralized scheduling, for varying deadline
requirements, varying topology
 Accurate time synchronization
What Glossy provides
 Synchronous transmissions for fast network
flooding
 Constructive interference for high reliability
 Free time synchronization
Your Task:
Group task: Group of up to 3 students
 Get familiar with Glossy
 Write a TDMA with changing topology
 Use Glossy to download scheduling
Contact:
Msc. Dingwen Yuan
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
[email protected]
18
Software Defined Radio meets Real
Sensor Nodes (Topic DY2)
USRP N210
 Simple device composed of ADC, DAC and FPGA
 Can implement arbitrary radio protocol in
software
 A new radio protocol = code recompilation
Better link quality estimation
 Continuous measurement of RSSI and LQI
Your Task:
 Get familiar with USRP and GNU Radio
Group task: Group of up to 3 students
 Make USRP and TelosB nodes talk with each
other
Contact:
Dingwen Yuan
 Implement continuous link quality measurement. Msc.
[email protected]
April 2013 | Dept. of Computer Science | SEEMOO | Prof. Dr.-Ing. Matthias Hollick
19