Poster and Demo Session

DEMO: Far Away and Yet Nearby – a Framework for Practical Distance Fraud on Proximity Services for Mobile Devices
Tobias Schultes, Markus Grau, Daniel Steinmetzer, Matthias Hollick

Proximity services are widely used in mobile applications for fast and easy data transfer and control of various systems within a defined range. Authorization is achieved by proximity detection mechanisms that surrogate extensive pairing processes. In this work, we present our Nearby Distance Fraud Framework (NeDiFF) to investigate distance fraud on various proximity services. NeDiFF cheats on proximity checks in services as Google Nearby Messages, Chromecast guest mode and Android device location. Our results emphasize that proximity services currently used for mobile devices are prone to relay attacks and should not be used in security-sensitive applications.


DEMO: Panoptiphone: How Unique is Your Wi-Fi Device?
Célestin Matte, Mathieu Cunche

MAC address randomization in Wi-Fi-enabled devices has recently been adopted to prevent passive tracking of mobile devices. However, Wi-Fi frames still contain fields that can be used to fingerprint devices and potentially allow tracking. Panoptiphone is a tool inspired by the web browser fingerprinting tool Panopticlick, which aims to show the identifying information that can be found in the frames broadcast by a Wi-Fi-enabled device. Information is passively collected from devices that have their Wi-Fi interface enabled, even if they are not connected to an access point. Panoptiphone uses this information to create a fingerprint of the device and empirically evaluate its uniqueness among a database of fingerprints. The user is then shown how much identifying information its device is leaking through Wi-Fi and how unique it is.


DEMO: Demonstrating Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems
Matthias Schulz, Adrian Loch, Matthias Hollick

After being widely studied in theory, physical layer security schemes are getting closer to enter the consumer market. Still, a thorough practical analysis of their resilience against attacks is missing. In this work, we use software-defined radios to implement such a physical layer security scheme, namely, orthogonal blinding. To this end, we use orthogonal frequency-division multiplexing (OFDM) as a physical layer, similarly to WiFi. In orthogonal blinding, a multi-antenna transmitter overlays the data it transmits with noise in such a way that every node except the intended receiver is disturbed by the noise. Still, our known-plaintext attack can extract the data signal at an eavesdropper by means of an adaptive filter trained using a few known data symbols. Our demonstrator illustrates the iterative training process at the symbol level, thus showing the practicability of the attack.


DEMO: Using NexMon, the C-based WiFi Firmware Modification Framework
Matthias Schulz, Daniel Wegemer, Matthias Hollick

FullMAC WiFi chips have the potential to realize modifications to WiFi implementations that exceed the limits of current standards or to realize the implementation of new standards, such as 802.11p, on off-the-shelve hardware. As a developer, one, however, needs access to the firmware source code to implement these modifications. In general, WiFi firmwares are closed source and do not allow any modifications. With our C-based programming framework, NexMon, we allow the extension of existing firmware of Broadcom’s FullMAC WiFi chips. In this work, we demonstrate how to get started by running existing example projects and by creating a new project to transmit arbitrary frames with a Nexus 5 smartphone.


Poster: Design Ideas for Privacy-aware User Interfaces for Mobile Devices
Neel Tailor, Ying He, Isabel Wagner

Privacy in mobile applications is an important topic, especially when it concerns applications that gather and process health data. Using MyFitnessPal as an example eHealth app, we analyze how privacy-aware its user interface is, i.e. how well users are informed about privacy and how much control they have. We find several issues with the current interface and develop five design ideas that make the interface more privacy-aware. In a small pilot user study, we find that most of the design ideas seem to work well and enhance end users’ understanding and awareness of privacy.


Poster: Assessing the Impact of 802.11 Vulnerabilities using Wicability
Pieter Robyns, Bram Bonné, Peter Quax, Wim Lamotte

Wicability is an open platform created for researchers, that aims to provide insights into the spatial and temporal impact of both novel and past 802.11 security vulnerabilities. This is achieved through the automated collection and analysis of large datasets containing 802.11 Information Elements (IEs) transmitted by access points and stations. The results of this analysis are anonymized and provided free of charge to researchers through a web interface.


Poster: Friend or Foe? Context Authentication for Trust Domain Separation in IoT Environments
Markus Miettinen, Jialin Huang, Thien Duc Nguyen, N. Asokan, Ahmad-Reza Sadeghi

The Internet of Things (IoT) is rapidly emerging, resulting in a growing demand for guaranteeing its security and privacy. Imagine the following scenario: In a not so distant future you have just purchased a number of Internet-of-Things (IoT) appliances for your smart home. You are standing in your living room and would like to have these new devices wirelessly connect to each other and your home network. The set of your own devices in your network constitute your trust domain. Most IoT devices are equipped with environmental sensors, e.g., for monitoring ambient luminosity, audio, or temperature. A breach in your trust domain could leak such sensor data, and hence potentially sensitive private information about your behavior and habits, to outsiders.

Therefore, you want to make sure that none of your devices accidentally connect to your neighbor’s home network. You also want to make sure that only your own devices are granted access to your trust domain. The devices could use appropriate service discovery and key exchange protocols to establish secure communication links with each other and other devices like the home WiFi router. But how can your devices distinguish between other devices that belong to your trust domain and devices of your neighbors that happen to lie within wireless communication range? That is, how can devices in a trust domain (e.g., your home) authenticate each other?


Poster: Security Design Patterns With Good Usability
Hans-Joachim Hof, Gudrun Socher

This poster presents work-in-progress in the field of usable security. The usability of security mechanisms is crucial to avoid unintended misuse of security mechanisms which lowers the security level of a system. It is the goal of the work presented in this poster to identify security design patterns with good usability. Requirements for security design patterns with good usability stem from existing usable security design guidelines. A collection of security usability failures is presented as well as examples of how misuse anti-patterns can be derived from these failures. Misuse cases will be used in future work to identify security design patterns with good usability.


Poster: Experimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps
Lucky Onwuzurike, Emiliano De Cristofaro

As social networking takes to the mobile world, smartphone apps provide users with ever-changing ways to interact with each other. Over the past couple of years, an increasing number of apps have entered the market offering end-to-end encryption, self-destructing messages, or some degree of anonymity. However, little work thus far has examined the properties they offer. We present a taxonomy of 18 of these apps: we first look at the features they promise in their appeal to broaden their reach and focus on 8 of the more popular ones. We present a technical evaluation, based on static and dynamic analysis, and identify a number of gaps between the claims and reality of their promises.


Poster: Toward a Secure and Scalable Attestation
Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, Matthias Schunter

Large numbers of smart devices are permeating our environment to collect data and act on the insight derived. Examples of such devices include smart homes, factories, cars, or wearables. For privacy, security, and safety, ensuring correctness of the configuration of these devices is essential. One key mechanism to protect the software integrity of these devices is attestation.

In this paper, we analyze the requirements for efficient attestation of large numbers of interconnected embedded systems. We present the first collective attestation protocol which allows attesting an unlimited number of devices. Simulation results show a run-time of 5.3 seconds in networks of 50,000 low-end embedded devices.


Poster: Exploiting Dynamic Partial Reconfiguration for Improved Resistance Against Power Analysis Attacks on FPGAs
Ghada Dessouky, Ahmad-Reza Sadeghi

FPGA devices are increasingly deployed in wireless and heterogeneous networks in-field due to their re-programmable nature and high performance. Modern FPGA devices can have part of their logic partially reconfigured at run-time operation, which we propose to exploit to realize a general-purpose, flexible and reconfigurable DPA countermeasure that can be integrated into any FPGA-based system, irrespective of the cryptographic algorithm or implementation. We propose a real-time dynamic closed-loop on-chip noise generation countermeasure which consists of an on-chip power monitor coupled with a low-overhead Gaussian noise generator. The noise generator is reconfigured continuously to update its generated noise amplitude and variance so that is sufficiently hides the computation power consumption. Our scheme and its integration onto an SoC is presented as well as our proposal for evaluating its effectiveness and overhead.